From 008daaf6f4ac2310f8b6fcc7be67f4e1f569f393 Mon Sep 17 00:00:00 2001 From: Jake H Date: Sat, 12 Oct 2024 04:07:21 +0100 Subject: [PATCH] T1486 Improvements (#2950) * Updates to Encrypt files using ccrypt (FreeBSD/Linux) - Modified atomic logic to encrypt a copy of the target file rather than the target - Tidied the prereq management to ensure the atomic is repeatable - Supplied the encryption key as an argument to prevent the atomic from hanging during execution - Cleaning encrypted file * Updates to Encrypt files using openssl (FreeBSD/Linux) - Included the which command in the executor to ensure the variable is available during single execution without getting prereqs --------- Co-authored-by: Hare Sudhan --- atomics/T1486/T1486.yaml | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/atomics/T1486/T1486.yaml b/atomics/T1486/T1486.yaml index c8ae2df3..5432b0eb 100644 --- a/atomics/T1486/T1486.yaml +++ b/atomics/T1486/T1486.yaml @@ -79,44 +79,40 @@ atomic_tests: - name: Encrypt files using ccrypt (FreeBSD/Linux) auto_generated_guid: 08cbf59f-85da-4369-a5f4-049cffd7709f description: | - Attempts to encrypt data on target systems as root to simulate an inturruption authentication to target system. If root permissions are not available then attempts to encrypt data within user's home directory. + Attempts to encrypt data on target systems as root to simulate an interruption authentication to target system. If root permissions are not available then attempts to encrypt data within user's home directory. supported_platforms: - linux input_arguments: cped_file_path: - description: path where you want your copied file to be + description: Path where you want your copied file to be type: path default: /tmp/passwd root_input_file_path: - description: path to the file that you want to be encrypted if you are root - user + description: Path the target file to be encrypted. File will be copied to /tmp/ before encrypting type: path default: /etc/passwd - user_input_file_path: - description: path to file that you want to be encrypted if you are normal user - type: path - default: ~/.bash_history - impact_command: - description: command to show impact of encryption + pwd_for_encrypted_file: + description: Password to use for encryption type: string - default: sudo su + default: passwd dependency_executor_name: sh dependencies: - description: | - Finds where ccencrypt and ccdecrypt is located and copies input file + Finds where ccencrypt and ccdecrypt are located prereq_command: | which_ccencrypt=`which ccencrypt` which_ccdecrypt=`which ccdecrypt` - if [ $USER == "root" ]; then cp #{root_input_file_path} #{cped_file_path}; else cp #{user_input_file_path} #{cped_file_path}; fi get_prereq_command: | (which pkg && pkg install -y ccript)||(which yum && yum -y install epel-release ccrypt)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y ccrypt) executor: name: sh elevation_required: false command: | - if [ $USER == "root" ]; then $which_ccencrypt #{root_input_file_path}; file #{root_input_file_path}.cpt; #{impact_command}; else $which_ccencrypt #{user_input_file_path}; file #{user_input_file_path}.cpt; #{impact_command}; fi + which_ccencrypt=`which ccencrypt` + cp #{root_input_file_path} #{cped_file_path}; + $which_ccencrypt -T -K #{pwd_for_encrypted_file} #{cped_file_path} cleanup_command: | - if [ $USER == "root" ]; then mv #{cped_file_path} #{root_input_file_path}; else cp #{cped_file_path} #{user_input_file_path}; fi + rm #{cped_file_path}.cpt - name: Encrypt files using openssl (FreeBSD/Linux) auto_generated_guid: 142752dc-ca71-443b-9359-cf6f497315f1 @@ -156,6 +152,7 @@ atomic_tests: name: sh elevation_required: false command: | + which_openssl=`which openssl` $which_openssl genrsa -out #{private_key_path} #{encryption_bit_size} $which_openssl rsa -in #{private_key_path} -pubout -out #{public_key_path} $which_openssl rsautl -encrypt -inkey #{public_key_path} -pubin -in #{input_file_path} -out #{encrypted_file_path}