From 201459202fcc71bd09155d2e6aab86351afc8303 Mon Sep 17 00:00:00 2001 From: Brian Thacker Date: Tue, 18 May 2021 13:40:29 -0500 Subject: [PATCH] Update T1562.004.yaml Test 1 edits: Simplified name, put commands into input variables to make test more versatile and not just for CentOS. Added cleanup commands using same method. --- atomics/T1562.004/T1562.004.yaml | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/atomics/T1562.004/T1562.004.yaml b/atomics/T1562.004/T1562.004.yaml index 99dd3dc6..e123cf1b 100644 --- a/atomics/T1562.004/T1562.004.yaml +++ b/atomics/T1562.004/T1562.004.yaml @@ -1,25 +1,28 @@ attack_technique: T1562.004 display_name: 'Impair Defenses: Disable or Modify System Firewall' atomic_tests: -- name: Disable iptables firewall +- name: Disable firewall auto_generated_guid: 80f5e701-f7a4-4d06-b140-26c8efd1b6b4 description: | - Disables the iptables firewall + Disables the firewall supported_platforms: - linux + input_arguments: + flavor_command: + description: Command to disable firewall. Default firewalld. ufw (Ubuntu) command = ufw disable + type: String + default: systemctl stop firewalld ; systemctl disable firewalld + cleanup_command: + description: Command to enable firewall. Default firewalld. ufw (Ubuntu) command = ufw enable + type: String + default: systemctl enable firewalld ; systemctl start firewalld executor: command: | - if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "6" ]; - then - service iptables stop - chkconfig off iptables - service ip6tables stop - chkconfig off ip6tables - else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "7" ]; - systemctl stop firewalld - systemctl disable firewalld - fi + #{flavor_command} + cleanup_command: | + #{cleanup_command} name: sh + elevation_required: true - name: Disable Microsoft Defender Firewall auto_generated_guid: 88d05800-a5e4-407e-9b53-ece4174f197f description: |