mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-08 02:18:53 +00:00
471d5faaa0
The vtabel report : - path: full path of the file - unix_user: name of the owner (if not available display the uid) - unix_group: name of the groupe (if not available display the gid) - permissions: report suid or guid * S for suid bin * G for guid bin Example : osquery> select * from suid_bin; +----------------------------------------------------------------------------------------------------+-----------+---------------+-------------+ | path | unix_user | unix_group | permissions | +----------------------------------------------------------------------------------------------------+-----------+---------------+-------------+ | "/bin/ps" | root | wheel | S | | "/bin/rcp" | root | wheel | S | | "/Users/vmauge/suid_test" | vmauge | 999 | SG | | "/usr/bin/at" | root | wheel | S | | "/usr/bin/atq" | root | wheel | S | | "/usr/bin/atrm" | root | wheel | S | | "/usr/bin/batch" | root | wheel | S | | "/usr/bin/crontab" | root | wheel | S | | "/usr/bin/ipcs" | root | wheel | S | | "/usr/bin/lockfile" | root | mail | G | | "/usr/bin/login" | root | wheel | S | | "/usr/bin/newgrp" | root | wheel | S | | "/usr/bin/procmail" | root | mail | G | | "/usr/bin/quota" | root | wheel | S | | "/usr/bin/rlogin" | root | wheel | S | | "/usr/bin/rsh" | root | wheel | S | | "/usr/bin/su" | root | wheel | S | | "/usr/bin/sudo" | root | wheel | S | | "/usr/bin/top" | root | wheel | S | | "/usr/bin/wall" | root | tty | G | | "/usr/bin/write" | root | tty | G | | "/usr/sbin/postdrop" | root | _postdrop | G | | "/usr/sbin/postqueue" | root | _postdrop | G | | "/usr/sbin/rpc.net" | root | wheel | S | | "/usr/sbin/rpcset" | root | wheel | S | | "/usr/sbin/traceroute" | root | wheel | S | | "/usr/sbin/traceroute6" | root | wheel | S | +----------------------------------------------------------------------------------------------------+-----------+---------------+-------------+ This commit fixes issue #253.
71 lines
2.0 KiB
C++
71 lines
2.0 KiB
C++
// Copyright 2004-present Facebook. All Rights Reserved.
|
|
|
|
#include <ctime>
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
#include <sys/stat.h>
|
|
#include <boost/lexical_cast.hpp>
|
|
#include <boost/filesystem.hpp>
|
|
#include "osquery/database.h"
|
|
|
|
using std::string;
|
|
using boost::lexical_cast;
|
|
|
|
namespace osquery {
|
|
namespace tables {
|
|
|
|
QueryData genSuidBin() {
|
|
Row r;
|
|
QueryData results;
|
|
struct stat info;
|
|
|
|
boost::filesystem::recursive_directory_iterator it =
|
|
boost::filesystem::recursive_directory_iterator(
|
|
boost::filesystem::path("/"));
|
|
boost::filesystem::recursive_directory_iterator end;
|
|
|
|
while (it != end) {
|
|
boost::filesystem::path path = *it;
|
|
try {
|
|
if (boost::filesystem::is_regular_file(path) &&
|
|
((it.status().permissions() & 04000) == 04000 ||
|
|
(it.status().permissions() & 02000) == 02000)) {
|
|
// store path
|
|
r["path"] = boost::lexical_cast<std::string>(path);
|
|
|
|
// store user and group
|
|
if (stat(path.c_str(), &info) == 0) {
|
|
struct passwd *pw = getpwuid(info.st_uid);
|
|
struct group *gr = getgrgid(info.st_gid);
|
|
// get user name
|
|
r["unix_user"] = pw ? boost::lexical_cast<std::string>(pw->pw_name)
|
|
: boost::lexical_cast<std::string>(info.st_uid);
|
|
// get group
|
|
r["unix_group"] = gr ? boost::lexical_cast<std::string>(gr->gr_name)
|
|
: boost::lexical_cast<std::string>(info.st_gid);
|
|
|
|
// get permission
|
|
r["permissions"] = "";
|
|
r["permissions"] +=
|
|
(it.status().permissions() & 04000) == 04000 ? "S" : "";
|
|
r["permissions"] +=
|
|
(it.status().permissions() & 02000) == 02000 ? "G" : "";
|
|
|
|
results.push_back(r);
|
|
}
|
|
}
|
|
} catch (...) {
|
|
// handle invalid files like /dev/fd/3
|
|
}
|
|
try {
|
|
++it;
|
|
} catch (std::exception &ex) {
|
|
it.no_push(); // handle permission error.
|
|
}
|
|
}
|
|
|
|
return results;
|
|
}
|
|
}
|
|
}
|