Tony M Lambert
33 lines
886 B
YAML
33 lines
886 B
YAML
---
|
|
attack_technique: T1206
|
|
display_name: Sudo Caching
|
|
|
|
atomic_tests:
|
|
- name: Unlimited sudo cache timeout
|
|
description: |
|
|
Sets sudo caching timestamp_timeout to a value for unlimited. This is dangerous to modify without using 'visudo', do not do this on a production system.
|
|
|
|
supported_platforms:
|
|
- macos
|
|
- linux
|
|
|
|
executor:
|
|
name: sh
|
|
command: |
|
|
sudo sed -i 's/env_reset.*$/env_reset,timestamp_timeout=-1/' /etc/sudoers
|
|
sudo visudo -c -f /etc/sudoers
|
|
|
|
- name: Disable tty_tickets for sudo caching
|
|
description: |
|
|
Sets sudo caching tty_tickets value to disabled. This is dangerous to modify without using 'visudo', do not do this on a production system.
|
|
|
|
supported_platforms:
|
|
- macos
|
|
- linux
|
|
|
|
executor:
|
|
name: sh
|
|
command: |
|
|
sudo sh -c "echo Defaults "'!'"tty_tickets >> /etc/sudoers"
|
|
sudo visudo -c -f /etc/sudoers
|