Skip to content

Improve a bit modules/post/linux/gather/enum_protections.rb #19982

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 11, 2025
Merged

Improve a bit modules/post/linux/gather/enum_protections.rb #19982

merged 1 commit into from
Apr 11, 2025

Conversation

jvoisin
Copy link
Contributor

@jvoisin jvoisin commented Mar 23, 2025
edited by bwatters-r7
Loading

Based on a suggestion from @messede-degod

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • Get a shell on a Linux system
  • use post/linux/gather/enum_protections
  • run
  • Verify that it doesn't crash
  • Verify that it now detects a bunch of EDR

cgranleese-r7
cgranleese-r7 reviewed Mar 27, 2025
View reviewed changes
@bwatters-r7 bwatters-r7 self-assigned this Apr 9, 2025
@bwatters-r7 bwatters-r7 added the rn-enhancement release notes enhancement label Apr 9, 2025
bwatters-r7
bwatters-r7 reviewed Apr 9, 2025
View reviewed changes
@bwatters-r7
Copy link
Contributor

bwatters-r7 commented Apr 9, 2025
edited
Loading

I noticed this fails on a Raspi when it hits an error; I put up a PR to wrap each call into a rescue so that if a check fails, it does not stop the rest.
jvoisin#1

bwatters-r7
bwatters-r7 reviewed Apr 10, 2025
View reviewed changes
@jvoisin @bwatters-r7
Improve a bit modules/post/linux/gather/enum_protections.rb
c3c62e5 
- Use proper names instead of executable names
- Add a file-based detection method, with the list taken from hackerschoice/hackshell#6

Co-authored-by: Brendan <bwatters@rapid7.com>
@bwatters-r7 bwatters-r7 merged commit 3166d07 into rapid7:master Apr 11, 2025
18 checks passed
@bwatters-r7
Copy link
Contributor

Release Notes

Updates the Linux enum_protections module to use proper names instead of executable names and add a file-based detection method.

@jvoisin jvoisin deleted the find_apps branch April 11, 2025 19:49
bcoles
bcoles reviewed Apr 27, 2025
View reviewed changes
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@bcoles bcoles bcoles left review comments

@cgranleese-r7 cgranleese-r7 cgranleese-r7 left review comments

@bwatters-r7 bwatters-r7 bwatters-r7 approved these changes

+1 more reviewer

@logman12oge logman12oge logman12oge approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@bwatters-r7 bwatters-r7

Labels
rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jvoisin @bwatters-r7 @bcoles @cgranleese-r7 @logman12oge