From 4374aa465a4201fa632b02c4c47420d1955781fd Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Fri, 11 Jun 2021 02:47:58 +0200 Subject: [PATCH] start --- building/sensitive_files.yaml | 291 ++++++++++++++++++++++++++++++++++ 1 file changed, 291 insertions(+) create mode 100644 building/sensitive_files.yaml diff --git a/building/sensitive_files.yaml b/building/sensitive_files.yaml new file mode 100644 index 0000000..0735b80 --- /dev/null +++ b/building/sensitive_files.yaml @@ -0,0 +1,291 @@ +root_folders: + - applications #common + - etc #common + - home #common + - lib + - mnt #common + - opt #common + - private #common + - run + - snap #common + - sys + - system + - systemd + - tmp #common + - usr #common + - var #common + +common_file_folders: "applications etc home mnt opt private snap tmp usr var" +common_directory_folders: "applications etc home mnt opt private tmp usr var" + + +defaults: + auto_check: False #The builder will generate a ceck for the file + bad_regex: "" #The regex used to color red and grep lines (if only_bad_lines and no line_grep) + check_extra_path: "" #Check if the found files are in a specific path + good_regex: "" #The regex to color green + line_grep: "" #The regex to grep lines in a file (if only_bad_lines), by default bad_regex is used here if empty + only_bad_lines: False #Only print lines containing something red + regex_remove: "" #Extra regex to remove some lines + remove_empty_lines : False #Remove empty lines + + dir_file_list: True #List specific files searched inside a found directory + dir_file_cat: False #Cat specific files searched inside a found directory + + +#Files & folders to search +search: + Systemd: + ? "*.service" + : + type: f + search_in: + - all + + Timer: + ? "*.timer" + : + type: f + search_in: + - all + + Socket: + ? "*.socket" + : + type: f + search_in: + - all + + DBus: + ? "system.d" + : + type: d + search_in: + - etc + + ? "system.d" + : + type: d + search_in: + - etc + + MySQL: + mysql: + type: d + search_in: + - common_directory_folders + + PostgreSQL: + ? "pgadmin*.db" + : + type: f + search_in: + - common_file_folders + + ? "pg_hba.conf" + : + type: f + search_in: + - common_file_folders + + ? "postgresql.conf" + : + type: f + search_in: + - common_file_folders + + ? "pgsql.conf" + : + type: f + search_in: + - common_file_folders + + Apache: + ? "sites-enabled" + : + type: d + search_in: + - common_directory_folders + + ? "000-default" + : + type: f + search_in: + - common_file_folders + + PHP_files: + ? "sess_*" + : + type: f + search_in: + - common_file_folders + + ? "*config*.php" + : + type: f + search_in: + - common_file_folders + + ? "database.php" + : + type: f + search_in: + - common_file_folders + + ? "db.php" + : + type: f + search_in: + - common_file_folders + + ? "storage.php" + : + type: f + search_in: + - common_file_folders + + Wordpress: + ? "wp-config.php" + : + auto_check: True + bad_regex: "PASSWORD|USER|NAME|HOST" + only_bad_lines: True + type: f + search_in: + - common_file_folders + + Drupal: + ? "settings.php" + : + auto_check: True + bad_regex: "drupal_hash_salt|'database'|'username'|'password'|'host'|'port'|'driver'|'prefix'" + check_extra_path: "/default/settings.php" + only_bad_lines: True + type: f + search_in: + - common_file_folders + + Moodle: + ? "config.php" + : + auto_check: True + bad_regex: "dbtype|dbhost|dbuser|dbhost|dbpass|dbport" + check_extra_path: "moodle/config.php" + only_bad_lines: True + type: f + search_in: + - common_file_folders + + Tomcat: + ? "tomcat-users.xml" + : + auto_check: True + bad_regex: "dbtype|dbhost|dbuser|dbhost|dbpass|dbport" + check_extra_path: "username=|password=" + only_bad_lines: True + type: f + search_in: + - common_file_folders + + Mongo: + ? "mongod*.conf" + : + type: f + search_in: + - common_file_folders + + Supervisord: + ? "supervisord.conf" + : + auto_check: True + bad_regex: "port.*=|username.*=|password.*=" + type: f + search_in: + - common_file_folders + + Cesi: + ? "cesi.conf" + : + auto_check: True + bad_regex: "username.*=|password.*=|host.*=|port.*=|database.*=" + type: f + search_in: + - common_file_folders + + Rsync: + ? "rsyncd.conf" + : + auto_check: True + bad_regex: "secrets.*|auth.*users.*=" + type: f + remove_line: True + remove_regex: '"\W+\#|^#"' + search_in: + - common_file_folders + + ? "rsyncd.secrets" + : + auto_check: True + bad_regex: ".*" + type: f + search_in: + - common_file_folders + + Hostapd: + ? "hostapd.conf" + : + auto_check: True + bad_regex: "passphrase.*=" + type: f + search_in: + - common_file_folders + + Anaconda-ks: + ? "anaconda-ks.cfg" + : + auto_check: True + bad_regex: "rootpw.*" + only_bad_lines: True + type: f + search_in: + - common_file_folders + + VNC: + ? ".vnc" + : + auto_check: True + files: + ? "passwd" + : + dir_file_list: True + dir_file_cat: False + type: d + search_in: + - common_directory_folders + + Ldap: + ? "ldap" + : + auto_check: True + files: + ? "*.bdb" + : + dir_file_list: True + dir_file_cat: True + bad_regex: "administrator|password|ADMINISTRATOR|PASSWORD|Password|Administrator" + line_grep: '-i -a -E -o "description.*"' + type: d + search_in: + - common_directory_folders + + Anaconda-ks: + ? "*.ovpn" + : + auto_check: True + bad_regex: "auth-user-pass.*" + only_bad_lines: True + type: f + search_in: + - common_file_folders + + SSH: \ No newline at end of file