Well it’s been a while, but the latest (0.5 experimental) release of LinEnum is now available.
A few more scans have been added, which include password policy checks, reading of the umask setting and checking the ownership of binaries associated with inetd.conf (and variants). There will be plenty more additions in this area in the *very* near future.
However, the biggest changes have been made in the functionality of the script. The reporting functionality has been altered so it should work on legacy systems (although, admittedly ‘tee’ is a dependency). Additionally, by default, the script now runs just basic/quick checks. A ‘thorough’ tests switch (-t) has been added, which allows the user to choose if they wish to run lengthy scans (such as file permission checks, SUID/GUID file searches and so on).
The biggest addition is the introduction of ‘export’ functionality (experimental stages). If a scan is run with this switch (-e) all ‘interesting’ files (/etc/password, user history, SSH files etc.) will be copied to a location of the users choosing. Essentially these files, along with the LinEnum report (-r), should allow for easier offline analysis.
A quick peek at the help menu highlights the changes/additions:
The Github repository has been updated with this latest addition and is available from here.
A more detailed version of the changelog can be found here and the associated ‘readme’ file here.
If you have any suggestions/improvements/criticisms re LinEnm please do contact me and I’ll try to address these in the next release – otherwise please feel free to contribute to the project!