Skip to content

Commit

Permalink
Revert "Atomic sudo"
Browse files Browse the repository at this point in the history
  • Loading branch information
@clr2of8
clr2of8 authored Apr 27, 2024
1 parent dbce611 commit 5aec8a8
Show file tree
Hide file tree
Showing 6 changed files with 9 additions and 77 deletions.
1 change: 0 additions & 1 deletion Invoke-AtomicRedTeam.psd1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@
'New-AtomicTestDependency',
'Start-AtomicGUI',
'Stop-AtomicGUI',
'Set-Sudo'
'Invoke-SetupAtomicRunner',
'Invoke-GenerateNewSchedule',
'Invoke-RefreshExistingSchedule',
Expand Down
13 changes: 3 additions & 10 deletions Private/Invoke-ExecuteCommand.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,11 @@
function Invoke-ExecuteCommand ($finalCommand, $executor, $elevationreq, $can_sudo, $executionPlatform, $TimeoutSeconds, $session = $null, $interactive) {
function Invoke-ExecuteCommand ($finalCommand, $executor, $executionPlatform, $TimeoutSeconds, $session = $null, $interactive) {
$null = @(
if ($null -eq $finalCommand) { return 0 }
$finalCommand = $finalCommand.trim()
Write-Verbose -Message 'Invoking Atomic Tests using defined executor'
if ($executor -eq "command_prompt" -or $executor -eq "sh" -or $executor -eq "bash") {
if (($executor -eq "sh" -or $executor -eq "bash") -and ($elevationreq -eq $true) -and ($can_sudo -eq $true)) {
$execExe = "$(which sudo)"
$execPrefix = "$(which $executor) -c"
}
else {
$execExe = $executor
$execPrefix = "-c"
}

$execPrefix = "-c"
$execExe = $executor
if ($executor -eq "command_prompt") {
$execPrefix = "/c";
$execExe = "cmd.exe";
Expand Down
7 changes: 1 addition & 6 deletions Public/Invoke-AtomicRunner.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,13 +95,8 @@ function Invoke-AtomicRunner {
LogRunnerMsg "exiting script because $($artConfig.stopFile) exists"
exit
}

if ($IsLinux) {
# Check if linux Host can use sudo without a password.
$can_sudo = Set-Sudo($false)
if($can_sudo){
if ($shouldRename) { Invoke-Expression $("sudo hostnamectl set-hostname $newHostName") }
Invoke-Expression $("sudo shutdown -r now")
}
if ($shouldRename) { Invoke-Expression $("hostnamectl set-hostname $newHostName") }
Invoke-Expression $("shutdown -r now")
}
Expand Down
9 changes: 1 addition & 8 deletions Public/Invoke-AtomicTest.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -429,8 +429,6 @@ function Invoke-AtomicTest {

Write-Debug -Message 'Gathering final Atomic test command'

# Check if linux Host can use sudo without a password.
$can_sudo = Set-Sudo($false)

if ($CheckPrereqs) {
Write-KeyValue "CheckPrereq's for: " $testId
Expand All @@ -443,12 +441,7 @@ function Invoke-AtomicTest {
}
Write-KeyValue "GetPrereq's for: " $testId
if ( $test.executor.elevation_required -and -not $isElevated) {
if ($can_sudo -eq $true) {
Write-Host -ForegroundColor Yellow "Elevation required but not provided, but host supports passwordless sudo"
}
else{
Write-Host -ForegroundColor Red "Elevation required but not provided"
}
}
if ($nul -eq $test.dependencies) { Write-KeyValue "No Preqs Defined"; continue }
foreach ($dep in $test.dependencies) {
Expand Down Expand Up @@ -491,7 +484,7 @@ function Invoke-AtomicTest {
$startTime = Get-Date
$final_command = Merge-InputArgs $test.executor.command $test $InputArgs $PathToPayloads
if (Get-Command 'Invoke-ARTPreAtomicHook' -errorAction SilentlyContinue) { Invoke-ARTPreAtomicHook $test $InputArgs }
$res = Invoke-ExecuteCommand $final_command $test.executor.name $test.executor.elevation_required $can_sudo $executionPlatform $TimeoutSeconds $session -Interactive:$Interactive
$res = Invoke-ExecuteCommand $final_command $test.executor.name $executionPlatform $TimeoutSeconds $session -Interactive:$Interactive
Write-Host "Exit code: $($res.ExitCode)"
if (Get-Command 'Invoke-ARTPostAtomicHook' -errorAction SilentlyContinue) { Invoke-ARTPostAtomicHook $test $InputArgs }
$stopTime = Get-Date
Expand Down
23 changes: 4 additions & 19 deletions Public/Invoke-SetupAtomicRunner.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,7 @@ function Invoke-SetupAtomicRunner {
}
else {
# linux and macos check - doesn't auto-elevate
# Check if current user has passwordless sudo privleges. If not, attempt to configure it for current user.
$can_sudo = Set-Sudo($true)
if ($can_sudo -eq $true -and (sudo id -u) -ne 0 ) {
Throw "You must run the Invoke-SetupAtomicRunner script as root"
exit
}
elseif ($can_sudo -eq $false -and (id -u) -ne 0 ) {
if ((id -u) -ne 0 ) {
Throw "You must run the Invoke-SetupAtomicRunner script as root"
exit
}
Expand Down Expand Up @@ -92,31 +86,22 @@ function Invoke-SetupAtomicRunner {
}
}
else {

# sets cronjob string using basepath from config.ps1
$pwshPath = which pwsh
$job = "@reboot $env:USER sleep 60;$pwshPath -Command Invoke-KickoffAtomicRunner"
$job = "@reboot root sleep 60;$pwshPath -Command Invoke-KickoffAtomicRunner"
$exists = cat /etc/crontab | Select-String -Quiet "KickoffAtomicRunner"
#checks if the Kickoff-AtomicRunner job exists. If not appends it to the system crontab.
if ($null -eq $exists -and $can_sudo -eq $true) {
$(Write-Output "$job" | sudo tee -a /etc/crontab)
write-host "setting cronjob"
}
elseif ($null -eq $exists -and $can_sudo -eq $false) {
if ($null -eq $exists) {
$(Write-Output "$job" >> /etc/crontab)
write-host "setting cronjob"
}
}
else {
write-host "cronjob already exists"
}
}

# Add Import-Module statement to the PowerShell profile
$root = Split-Path $PSScriptRoot -Parent
if($IsLinux -or $IsMacOS){
mkdir (Split-Path $PROFILE)
touch $PROFILE
}
$pathToPSD1 = Join-Path $root "Invoke-AtomicRedTeam.psd1"
$importStatement = "Import-Module ""$pathToPSD1"" -Force"
New-Item $PROFILE -ErrorAction Ignore
Expand Down
33 changes: 0 additions & 33 deletions Public/Set-Sudo.ps1
View file

This file was deleted.

0 comments on commit 5aec8a8

Please sign in to comment.