diff --git a/atomics/T1040/T1040.yaml b/atomics/T1040/T1040.yaml index 237229b8..02e9cce4 100644 --- a/atomics/T1040/T1040.yaml +++ b/atomics/T1040/T1040.yaml @@ -21,7 +21,7 @@ atomic_tests: prereq_command: | if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command -v tshark)" ]; then exit 1; else exit 0; fi; get_prereq_command: | - (which yum && yum -y epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark) + (which yum && yum -y install epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark) executor: command: | tcpdump -c 5 -nnni #{interface} @@ -48,7 +48,7 @@ atomic_tests: prereq_command: | if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command -v tshark)" ]; then exit 1; else exit 0; fi; get_prereq_command: | - (which yum && yum -y epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark) + (which yum && yum -y install epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark) executor: command: | sudo tcpdump -c 5 -nnni #{interface} diff --git a/atomics/T1046/T1046.yaml b/atomics/T1046/T1046.yaml index 9efe6ac3..47d3200e 100644 --- a/atomics/T1046/T1046.yaml +++ b/atomics/T1046/T1046.yaml @@ -46,7 +46,7 @@ atomic_tests: prereq_command: | if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1; fi; get_prereq_command: | - (which yum && yum -y epel-release nmap)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap) + (which yum && yum -y install epel-release nmap)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap) executor: command: | nmap -sS #{network_range} -p #{port} diff --git a/atomics/T1087.001/T1087.001.yaml b/atomics/T1087.001/T1087.001.yaml index cd7b0c60..ef8f4fe5 100644 --- a/atomics/T1087.001/T1087.001.yaml +++ b/atomics/T1087.001/T1087.001.yaml @@ -69,6 +69,14 @@ atomic_tests: command: | username=$(id -u -n) && lsof -u $username name: sh + dependency_executor_name: sh + dependencies: + - description: | + check if lsof exists + prereq_command: | + which lsof + get_prereq_command: | + (which yum && yum -y install lsof)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y lsof) - name: Show if a user account has ever logged in remotely auto_generated_guid: 0f0b6a29-08c3-44ad-a30b-47fd996b2110 description: | diff --git a/atomics/T1135/T1135.yaml b/atomics/T1135/T1135.yaml index 5873a7c7..9609941d 100644 --- a/atomics/T1135/T1135.yaml +++ b/atomics/T1135/T1135.yaml @@ -32,7 +32,7 @@ atomic_tests: package_installer: description: Package installer command. Debian - apt install samba type: String - default: (which yum && yum -y epel-release samba)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y samba) + default: (which yum && yum -y install epel-release samba)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y samba) dependency_executor_name: bash dependencies: - description: | diff --git a/atomics/T1486/T1486.yaml b/atomics/T1486/T1486.yaml index bdf7a69b..411fefe8 100644 --- a/atomics/T1486/T1486.yaml +++ b/atomics/T1486/T1486.yaml @@ -32,7 +32,7 @@ atomic_tests: prereq_command: | which_gpg=`which gpg` get_prereq_command: | - (which yum && yum -y epel-release gpg)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y gpg) + (which yum && yum -y install epel-release gpg)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y gpg) executor: name: bash elevation_required: false @@ -110,7 +110,7 @@ atomic_tests: which_ccdecrypt=`which ccdecrypt` if [[ $USER == "root" ]]; then cp #{root_input_file_path} #{cped_file_path}; else cp #{user_input_file_path} #{cped_file_path}; fi get_prereq_command: | - (which yum && yum -y epel-release ccrypt)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y ccrypt) + (which yum && yum -y install epel-release ccrypt)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y ccrypt) executor: name: bash elevation_required: false diff --git a/atomics/T1560.001/T1560.001.yaml b/atomics/T1560.001/T1560.001.yaml index 407b0f30..40c94efe 100644 --- a/atomics/T1560.001/T1560.001.yaml +++ b/atomics/T1560.001/T1560.001.yaml @@ -175,7 +175,7 @@ atomic_tests: prereq_command: | if [ $(ls #{input_files} | wc -l) > 0 ] && [ -x $(which zip) ] ; then exit 0; else exit 1; fi; get_prereq_command: | - (which yum && yum -y epel-release zip)||(which apt-get && apt-get install -y zip) + (which yum && yum -y install epel-release zip)||(which apt-get && apt-get install -y zip) echo Please set input_files argument to include files that exist executor: name: sh @@ -263,7 +263,7 @@ atomic_tests: prereq_command: | if [ ! -x "$(command -v gpg)" ] || [ ! -x "$(command -v zip)" ]; then exit 1; fi; get_prereq_command: | - (which yum && yum -y epel-release zip gpg)||(which apt-get && apt-get install -y zip gpg) + (which yum && yum -y install epel-release zip gpg)||(which apt-get && apt-get install -y zip gpg) executor: name: sh elevation_required: false diff --git a/atomics/T1562.001/T1562.001.yaml b/atomics/T1562.001/T1562.001.yaml index dd5c75ff..8421e1e0 100644 --- a/atomics/T1562.001/T1562.001.yaml +++ b/atomics/T1562.001/T1562.001.yaml @@ -15,7 +15,7 @@ atomic_tests: package_installer: description: Package installer command for linux. Default yum type: String - default: (which yum && yum -y epel-release rsyslog)||(which apt-get && apt-get install -y rsyslog) + default: (which yum && yum -y install epel-release rsyslog)||(which apt-get && apt-get install -y rsyslog) flavor_command: description: Command to disable syslog collection. Default newer rsyslog commands. i.e older command = service rsyslog stop ; chkconfig off rsyslog type: String