From 2f2c3039bf0cba13ffcaa35e14923021799164e6 Mon Sep 17 00:00:00 2001 From: m-1-k-3 Date: Mon, 21 Oct 2024 15:12:30 +0200 Subject: [PATCH 1/2] debian check --- config/distri_id.cfg | 2 +- modules/S06_distribution_identification.sh | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/config/distri_id.cfg b/config/distri_id.cfg index f8f025f4c..d7917883b 100644 --- a/config/distri_id.cfg +++ b/config/distri_id.cfg @@ -7,9 +7,9 @@ supermicrox11-bmc;/sbin/net-snmp-config; grep -E "x11.*AST2400.*arm-linux.*PLATF OpenWRT;/etc/openwrt_release;grep -a -o -E -e "^DISTRIB_ID=.*" -a -o -E -e "^DISTRIB_RELEASE=.*[0-9].*" -a -o -E -e "^DISTRIB_REVISION=.*";sed 's/DISTRIB_ID=//g' | sed 's/DISTRIB_RELEASE=//g' | sed 's/DISTRIB_REVISION=//g' OpenWRT;/etc/openwrt_version;grep -E -e "[0-9]+\.[0-9]+";sed -e 's/^/OpenWrt\ /g' buildroot;/etc/os-release;grep -a -o -E -e "^NAME=.*" -a -o -E -e "^VERSION_ID=[0-9].*";sed 's/NAME=//g' | sed 's/VERSION_ID=//g' +debian-Linux;/etc/debian_version;grep -a -o -E -e "[0-9]+(\.[0-9]+)+?";sed 's/^/debian\ /' os-release-Linux;/etc/os-release;grep -a -o -E -e "^ID=.*" -a -o -E -e "^VERSION_ID=.*";sed 's/VERSION_ID=//g' | sed 's/ID=//g' lsb-release-Linux;/etc/lsb-release;grep -a -o -E -e "^DISTRIB_ID=.*" -a -o -E -e "^DISTRIB_RELEASE=.*";sed 's/DISTRIB_ID=//g' | sed 's/DISTRIB_RELEASE=//g' -debian-Linux;/etc/debian_version;grep -a -o -E -e "[0-9]+(\.[0-9]+)+?";sed 's/^/debian\ /' DD-WRT;/etc/motd;grep -a -o -E "DD-WRT v[0-9]+(-sp[0-9])?";sort -u # DD-WRT build #23 DD-WRT;/etc/motd;grep -a -o -E "DD-WRT build.\#[0-9][0-9]";sort -u diff --git a/modules/S06_distribution_identification.sh b/modules/S06_distribution_identification.sh index a037164e7..7a4f52fa5 100755 --- a/modules/S06_distribution_identification.sh +++ b/modules/S06_distribution_identification.sh @@ -48,6 +48,14 @@ S06_distribution_identification() lSEARCH_FILE="$(safe_echo "${CONFIG}" | cut -d\; -f2)" # echo "lSEARCH_FILE: $lSEARCH_FILE" # echo "FIRMWARE_PATH: $FIRMWARE_PATH" + if [[ "${lSEARCH_FILE}" == *"os_release"* ]] || [[ "${lSEARCH_FILE}" == *"lsb-release"* ]]; then + # lets check if we have already a valid debian entry -> if so, we can skip this test + # this usually happens if we have already found an os_release or lsb-release file + if grep -qE "debian_linux:[0-9]+" "${S06_CSV_LOG}"; then + print_output "[*] Already identified Debian Linux version -> skipping further tests now" "no_log" + continue + fi + fi mapfile -t lFOUND_FILES_ARR < <(find "${FIRMWARE_PATH}" -xdev -iwholename "*${lSEARCH_FILE}" || true) for lFILE in "${lFOUND_FILES_ARR[@]}"; do # print_output "lFILE: ${lFILE}" From 0028dcf7c5067b4ba963f2f7ec9937c205ba6321 Mon Sep 17 00:00:00 2001 From: m-1-k-3 Date: Tue, 22 Oct 2024 09:31:19 +0200 Subject: [PATCH 2/2] fix update check --- helpers/helpers_emba_dependency_check.sh | 7 ++++--- modules/S06_distribution_identification.sh | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/helpers/helpers_emba_dependency_check.sh b/helpers/helpers_emba_dependency_check.sh index 50d2619f3..21644687e 100755 --- a/helpers/helpers_emba_dependency_check.sh +++ b/helpers/helpers_emba_dependency_check.sh @@ -133,7 +133,7 @@ check_nvd_db() { local REMOTE_HASH="${1:-}" local LOCAL_HASH="" if [[ -d "${EXT_DIR}"/nvd-json-data-feeds ]] ; then - LOCAL_HASH="$(head -c 8 "${EXT_DIR}"/nvd-json-data-feeds/.git/refs/heads/main)" + LOCAL_HASH="$(head "${EXT_DIR}"/nvd-json-data-feeds/.git/refs/heads/main)" if [[ "${REMOTE_HASH}" == "${LOCAL_HASH}" ]]; then echo -e " CVE database version - ${GREEN}ok${NC}" @@ -147,7 +147,7 @@ check_epss_db() { local REMOTE_HASH="${1:-}" local LOCAL_HASH="" if [[ -d "${EXT_DIR}"/EPSS-data ]] ; then - LOCAL_HASH="$(head -c 8 "${EXT_DIR}"/EPSS-data/.git/refs/heads/main)" + LOCAL_HASH="$(head "${EXT_DIR}"/EPSS-data/.git/refs/heads/main)" if [[ "${REMOTE_HASH}" == "${LOCAL_HASH}" ]]; then echo -e " EPSS database version - ${GREEN}ok${NC}" @@ -161,7 +161,8 @@ check_git_hash() { local REMOTE_HASH="${1:-}" local LOCAL_HASH="" if git rev-parse --is-inside-work-tree >/dev/null 2>&1 ; then - LOCAL_HASH="$(git describe --always)" + LOCAL_HASH="$(head .git/refs/heads/master)" + # LOCAL_HASH="$(git describe --always)" if [[ "${REMOTE_HASH}" == "${LOCAL_HASH}" ]]; then echo -e " EMBA github version - ${GREEN}ok${NC}" diff --git a/modules/S06_distribution_identification.sh b/modules/S06_distribution_identification.sh index 7a4f52fa5..ef6bd80e9 100755 --- a/modules/S06_distribution_identification.sh +++ b/modules/S06_distribution_identification.sh @@ -48,9 +48,10 @@ S06_distribution_identification() lSEARCH_FILE="$(safe_echo "${CONFIG}" | cut -d\; -f2)" # echo "lSEARCH_FILE: $lSEARCH_FILE" # echo "FIRMWARE_PATH: $FIRMWARE_PATH" - if [[ "${lSEARCH_FILE}" == *"os_release"* ]] || [[ "${lSEARCH_FILE}" == *"lsb-release"* ]]; then + if [[ "${lSEARCH_FILE}" == *"os-release"* ]] || [[ "${lSEARCH_FILE}" == *"lsb-release"* ]]; then # lets check if we have already a valid debian entry -> if so, we can skip this test # this usually happens if we have already found an os_release or lsb-release file + # echo "Check for debian - os_release / lsb-release" if grep -qE "debian_linux:[0-9]+" "${S06_CSV_LOG}"; then print_output "[*] Already identified Debian Linux version -> skipping further tests now" "no_log" continue