Linux srv25.usacloudserver.us 5.14.0-570.39.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Sep 4 05:08:52 EDT 2025 x86_64
LiteSpeed
Server IP : 23.137.84.82 & Your IP : 216.73.216.127
Domains :
Cant Read [ /etc/named.conf ]
User : epicgamerzoneco
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
opt /
cpguard /
3rdparty /
lynis /
include /
Delete
Unzip
Name
Size
Permission
Date
Action
binaries
38.55
KB
-rw-r--r--
2025-04-01 06:33
consts
10.62
KB
-rw-r--r--
2025-04-01 06:33
data_upload
13.46
KB
-rw-r--r--
2025-04-01 06:33
functions
159.25
KB
-rw-r--r--
2025-04-01 06:33
helper_audit_dockerfile
7.81
KB
-rw-r--r--
2025-04-01 06:33
helper_configure
3.66
KB
-rw-r--r--
2025-04-01 06:33
helper_generate
7.38
KB
-rw-r--r--
2025-04-01 06:33
helper_show
22.29
KB
-rw-r--r--
2025-04-01 06:33
helper_system_remote_scan
3.54
KB
-rw-r--r--
2025-04-01 06:33
helper_update
3.58
KB
-rw-r--r--
2025-04-01 06:33
osdetection
44.8
KB
-rw-r--r--
2025-04-01 06:33
parameters
16.48
KB
-rw-r--r--
2025-04-01 06:33
profiles
26.89
KB
-rw-r--r--
2025-04-01 06:33
report
17.25
KB
-rw-r--r--
2025-04-01 06:33
tests_accounting
25.33
KB
-rw-r--r--
2025-04-01 06:33
tests_authentication
84.05
KB
-rw-r--r--
2025-04-01 06:33
tests_banners
8.36
KB
-rw-r--r--
2025-04-01 06:33
tests_boot_services
54.72
KB
-rw-r--r--
2025-04-01 06:33
tests_containers
11.17
KB
-rw-r--r--
2025-04-01 06:33
tests_crypto
19
KB
-rw-r--r--
2025-04-01 06:33
tests_custom.template
6.78
KB
-rw-r--r--
2025-04-01 06:33
tests_databases
24.28
KB
-rw-r--r--
2025-04-01 06:33
tests_dns
3.39
KB
-rw-r--r--
2025-04-01 06:33
tests_file_integrity
22.18
KB
-rw-r--r--
2025-04-01 06:33
tests_file_permissions
3.11
KB
-rw-r--r--
2025-04-01 06:33
tests_filesystems
49.8
KB
-rw-r--r--
2025-04-01 06:33
tests_firewalls
31.51
KB
-rw-r--r--
2025-04-01 06:33
tests_hardening
7.02
KB
-rw-r--r--
2025-04-01 06:33
tests_homedirs
9.17
KB
-rw-r--r--
2025-04-01 06:33
tests_insecure_services
26.88
KB
-rw-r--r--
2025-04-01 06:33
tests_kerberos
7.87
KB
-rw-r--r--
2025-04-01 06:33
tests_kernel
59.96
KB
-rw-r--r--
2025-04-01 06:33
tests_kernel_hardening
5.62
KB
-rw-r--r--
2025-04-01 06:33
tests_ldap
3.96
KB
-rw-r--r--
2025-04-01 06:33
tests_logging
32.93
KB
-rw-r--r--
2025-04-01 06:33
tests_mac_frameworks
14.71
KB
-rw-r--r--
2025-04-01 06:33
tests_mail_messaging
21.45
KB
-rw-r--r--
2025-04-01 06:33
tests_malware
20.56
KB
-rw-r--r--
2025-04-01 06:33
tests_memory_processes
7.16
KB
-rw-r--r--
2025-04-01 06:33
tests_nameservices
34.53
KB
-rw-r--r--
2025-04-01 06:33
tests_networking
40.73
KB
-rw-r--r--
2025-04-01 06:33
tests_php
29.07
KB
-rw-r--r--
2025-04-01 06:33
tests_ports_packages
81.71
KB
-rw-r--r--
2025-04-01 06:33
tests_printers_spoolers
13.86
KB
-rw-r--r--
2025-04-01 06:33
tests_scheduling
15.75
KB
-rw-r--r--
2025-04-01 06:33
tests_shells
13.32
KB
-rw-r--r--
2025-04-01 06:33
tests_snmp
4.17
KB
-rw-r--r--
2025-04-01 06:33
tests_squid
16.75
KB
-rw-r--r--
2025-04-01 06:33
tests_ssh
17.6
KB
-rw-r--r--
2025-04-01 06:33
tests_storage
3.59
KB
-rw-r--r--
2025-04-01 06:33
tests_storage_nfs
8.4
KB
-rw-r--r--
2025-04-01 06:33
tests_system_integrity
2.05
KB
-rw-r--r--
2025-04-01 06:33
tests_time
32.63
KB
-rw-r--r--
2025-04-01 06:33
tests_tooling
22.09
KB
-rw-r--r--
2025-04-01 06:33
tests_usb
21.05
KB
-rw-r--r--
2025-04-01 06:33
tests_virtualization
1.95
KB
-rw-r--r--
2025-04-01 06:33
tests_webservers
33.18
KB
-rw-r--r--
2025-04-01 06:33
tool_tips
2.15
KB
-rw-r--r--
2025-04-01 06:33
Save
Rename
#!/bin/sh InsertSection "${SECTION_KERBEROS}" # ######################################################################### # # Test : KRB-1000 # Description : Check that Kerberos principals have passwords that expire Register --test-no KRB-1000 --weight L --network NO --description "Check for Kerberos KDC tools" if [ -n "${KADMINLOCALBINARY}" ] && [ -n "${KDB5UTILBINARY}" ] then PREQS_MET="YES" # Make sure krb5 debugging doesn't mess up the output unset KRB5_TRACE PRINCS="$(${KADMINLOCALBINARY} listprincs 2>/dev/null | ${TRBINARY:-tr} '\n' ' ')" if [ -z "${PRINCS}" ] then PREQS_MET="NO" fi else PREQS_MET="NO" fi if [ "${PREQS_MET}" = "YES" ]; then Display --indent 2 --text "- Check for Kerberos KDC and principals" --result "${STATUS_FOUND}" --color GREEN else Display --indent 2 --text "- Check for Kerberos KDC and principals" --result "${STATUS_NOT_FOUND}" --color WHITE fi # Test : KRB-1010 # Description : Check that Kerberos principals have passwords that expire Register --test-no KRB-1010 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check that Kerberos principals have passwords that expire" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 for I in ${PRINCS} do FIND="$(${KADMINLOCALBINARY} getprinc "${I}" | ${GREPBINARY} '^Password expiration date:')" if [ "${FIND}" = "Password expiration date: [never]" ] then LogText "Result: Kerberos principal ${I} has a password/key that never expires" FOUND=1 fi done if [ ${FOUND} -eq 1 ]; then Display --indent 4 --text "- Principals without expiring password" --result "${STATUS_WARNING}" --color RED ReportSuggestion "${TEST_NO}" "Make sure all your Kerberos principals have expiring passwords" else Display --indent 4 --text "- Principals without expiring password" --result "${STATUS_OK}" --color GREEN fi fi # ################################################################################# # # Test : KRB-1020 # Description : Check last password change for Kerberos principals Register --test-no KRB-1020 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check last password change for Kerberos principals" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 for I in ${PRINCS} do FIND="$(${KADMINLOCALBINARY} getprinc "${I}" | ${SEDBINARY} -n '/^Last password change:\s\+/s/^Last password change:\s\+//p')" if [ "${FIND}" = "[never]" ] then LogText "Result: Kerberos principal ${I} has a password/key that has never been changed" FOUND=1 else J="$(date -d "${FIND}" +%s)" if [ ${J} -lt $((NOW - 60 * 60 * 24 * 365)) ] then LogText "Result: Kerberos principal ${I} has had a password/key change over a year ago" FOUND=1 fi fi done if [ ${FOUND} -eq 1 ]; then Display --indent 4 --text "- Principals with late password change" --result "${STATUS_WARNING}" --color RED ReportSuggestion "${TEST_NO}" "Enforce frequent password/key change for your Kerberos principals" else Display --indent 4 --text "- Principals with late password change" --result "${STATUS_OK}" --color GREEN fi fi # ################################################################################# # # Test : KRB-1030 # Description : Check that Kerberos principals have a policy associated to them Register --test-no KRB5-1030 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check that Kerberos principals have a policy associated to them" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 for I in ${PRINCS} do FIND="$(${KADMINLOCALBINARY} getprinc "${I}" | ${GREPBINARY} '^Policy:')" if [ "${FIND}" = "Policy: [none]" ] then LogText "Result: Kerberos principal ${I} does not have a policy associated to it" FOUND=1 fi done if [ ${FOUND} -eq 1 ]; then Display --indent 4 --text "- Principals without associated policy" --result "${STATUS_WARNING}" --color RED ReportSuggestion "${TEST_NO}" "Make sure all your Kerberos principals have a policy associated to them" else Display --indent 4 --text "- Principals without associated policy" --result "${STATUS_OK}" --color GREEN fi fi # ################################################################################# # # Test : KRB-1040 # Description : Check various attributes for Kerberos principals Register --test-no KRB5-1040 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check various attributes for Kerberos principals" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 for I in ${PRINCS} do J="$(${KADMINLOCALBINARY} getprinc "${I}" | ${SEDBINARY} -n 's/^Attributes:\s\+\(.\+\)$/\1/p')" if ContainsString "^K/M@" "${I}" || \ ContainsString "^kadmin/admin@" "${I}" || \ ContainsString "^kadmin/changepw@" "${I}" || \ ContainsString "^krbtgt/" "${I}" then if ! ContainsString "\bLOCKDOWN_KEYS\b" "${J}" then LogText "Result: Sensitive Kerberos principal ${I} does not have the lockdown_keys attribute" FOUND=1 fi elif ContainsString "/admin@" "${I}" then if ! ContainsString "\bDISALLOW_TGT_BASED\b" "${J}" then LogText "Result: Kerberos admin principal ${I} does not have the disallow_tgt_based attribute" FOUND=1 fi elif ContainsString "^[^/$]+@" "${I}" then if ! ContainsString "\bREQUIRES_PRE_AUTH\b.+\bDISALLOW_SVR\b" "${J}" then LogText "Result: Regular Kerberos user principal ${I} does not have the requires_pre_auth and/or the disallow_svr attribute" FOUND=1 fi fi done if [ ${FOUND} -eq 1 ]; then Display --indent 4 --text "- Checking principals for various attributes" --result "${STATUS_WARNING}" --color RED ReportSuggestion "${TEST_NO}" "Harden your Kerberos principals with appropriate attributes" else Display --indent 4 --text "- Checking principals for various attributes" --result "${STATUS_OK}" --color GREEN fi fi # ################################################################################# # # Test : KRB-1050 # Description : Check for weak crypto Register --test-no KRB-1050 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for weak crypto" if [ ${SKIPTEST} -eq 0 ]; then FIND=$(${KDB5UTILBINARY} tabdump keyinfo | ${AWKBINARY} '$4 ~ /(des|arcfour|cbc|sha1)/{print$1,$4}') if [ -n "${FIND}" ]; then while read I J do LogText "Result: Kerberos principal ${I} has a key with weak cryptographic algorithm ${J}" done << EOF ${FIND} EOF Display --indent 4 --text "- Principals with weak crypto" --result "${STATUS_WARNING}" --color RED ReportSuggestion "${TEST_NO}" "Remove weak (des|arcfour|cbc|sha1) cryptographic keys from principals" else Display --indent 4 --text "- Principals with weak crypto" --result "${STATUS_OK}" --color GREEN fi fi # ################################################################################# # unset PRINCS unset I unset J #EOF