README.md
Rendering markdown...
#!/bin/bash
# Made with ✨ Magic ©️ Nur Mukhammad Agus (https://github.com/madfxr), 2024. Free and Open Source Software (FOSS).
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
WHITE='\033[0;97m'
NC='\033[0m'
os_name=""
os_version=""
kernel_version=""
nftables_status=""
nft_list_tables="None"
nft_set_rbtree_status=""
affected_status=""
kernel_detected=false
nftables_active=false
cvss_score="${RED}7.8 High${NC}"
cve_id="${RED}https://nvd.nist.gov/vuln/detail/CVE-2024-26581${NC}"
echo -e "${YELLOW}
██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗ ██████╗ ██████╗ ███████╗ █████╗ ██╗
██╔════╝██║ ██║██╔════╝ ╚════██╗██╔═████╗╚════██╗██║ ██║ ╚════██╗██╔════╝ ██╔════╝██╔══██╗███║
██║ ██║ ██║█████╗█████╗ █████╔╝██║██╔██║ █████╔╝███████║█████╗ █████╔╝███████╗ ███████╗╚█████╔╝╚██║
██║ ╚██╗ ██╔╝██╔══╝╚════╝██╔═══╝ ████╔╝██║██╔═══╝ ╚════██║╚════╝██╔═══╝ ██╔═══██╗╚════██║██╔══██╗ ██║
╚██████╗ ╚████╔╝ ███████╗ ███████╗╚██████╔╝███████╗ ██║ ███████╗╚██████╔╝███████║╚█████╔╝ ██║
╚═════╝ ╚═══╝ ╚══════╝ ╚══════╝ ╚═════╝ ╚══════╝ ╚═╝ ╚══════╝ ╚═════╝ ╚══════╝ ╚════╝ ╚═╝
✦✦✦ VULNERABILITY CHECKER FOR BGN INTERNAL ✦✦✦
${NC}"
is_vulnerable() {
local major=$1
local minor=$2
local patch=$3
kernel_version=$(uname -r | cut -d'-' -f1)
kernel_major=$(echo "$kernel_version" | cut -d'.' -f1)
kernel_minor=$(echo "$kernel_version" | cut -d'.' -f2)
kernel_patch=$(echo "$kernel_version" | cut -d'.' -f3)
if [ "$kernel_major" -gt "$major" ]; then
return 0
elif [ "$kernel_major" -eq "$major" ]; then
if [ "$kernel_minor" -gt "$minor" ]; then
return 0
elif [ "$kernel_minor" -eq "$minor" ]; then
if [ "$kernel_patch" -ge "$patch" ]; then
return 0
fi
fi
fi
return 1
}
detect_distro() {
echo -e "${YELLOW}[DEBUG] Display OS Information...${NC}"
if [ -f /etc/os-release ]; then
. /etc/os-release
os_name="${GREEN}$NAME${NC}"
os_version="${GREEN}$VERSION${NC}"
else
os_name="${RED}OS Name Not Found${NC}"
os_version="${RED}OS Version Not Found${NC}"
fi
}
get_kernel_version() {
echo -e "${YELLOW}[DEBUG] Display the Current Kernel Version...${NC}"
kernel_version="${GREEN}$(uname -r)${NC}"
if [ -n "$kernel_version" ]; then
kernel_detected=true
echo -e "${GREEN}[DEBUG] Output: $kernel_version${NC}"
else
echo -e "${RED}[ERROR] Kernel Version Not Detected${NC}"
fi
}
check_nftables() {
echo -e "${YELLOW}[DEBUG] Checking the Status of nftables...${NC}"
if command -v nft >/dev/null 2>&1; then
if systemctl is-active --quiet nftables; then
nftables_status="${RED}Active${NC}"
nftables_active=true
else
nftables_status="${GREEN}Inactive${NC}"
nft_list_tables="${GREEN}None${NC}"
fi
if [ "$nftables_active" = true ]; then
echo -e "${YELLOW}[DEBUG] Display the nftables List Tables...${NC}"
nft_list_tables="${RED}$(nft list tables 2>/dev/null)${NC}"
if [ -z "$nft_list_tables" ]; then
nft_list_tables="${GREEN}None${NC}"
fi
fi
else
nftables_status="${RED}nft Command Not Found${NC}"
fi
}
check_nft_set_rbtree() {
echo -e "${YELLOW}[DEBUG] Checking the Kernel Configuration for nft_set_rbtree...${NC}"
config_file="/boot/config-$(uname -r)"
if [ -f "$config_file" ]; then
if grep -i CONFIG_NFT_RBTREE "$config_file" >/dev/null 2>&1; then
nft_set_rbtree_status="${RED}Set${NC}"
else
nft_set_rbtree_status="${GREEN}Not Set${NC}"
fi
else
nft_set_rbtree_status="${RED}Kernel Configuration File Not Found${NC}"
fi
}
check_vulnerability() {
echo -e "${YELLOW}[DEBUG] Checking for Vulnerabilities Based on Kernel Version...${NC}"
if (is_vulnerable 5 5 0 && ! is_vulnerable 5 10 210) || \
(is_vulnerable 5 11 0 && ! is_vulnerable 5 15 149) || \
(is_vulnerable 5 16 0 && ! is_vulnerable 6 1 78) || \
(is_vulnerable 6 2 0 && ! is_vulnerable 6 6 17) || \
(is_vulnerable 6 7 0 && ! is_vulnerable 6 7 5); then
affected_status="${RED}Affected${NC}"
elif (is_vulnerable 2 6 27 && ! is_vulnerable 5 4 269) || \
(is_vulnerable 5 10 210) || \
(is_vulnerable 5 15 149) || \
(is_vulnerable 6 1 78) || \
(is_vulnerable 6 6 17) || \
(is_vulnerable 6 7 5 && ! is_vulnerable 6 12 0); then
affected_status="${GREEN}Not Affected${NC}"
else
affected_status="${GREEN}Not Affected${NC}"
fi
}
echo -e "${GREEN}[DEBUG] Started Checking for CVE-2024-26581...${NC}"
detect_distro
get_kernel_version
check_nftables
check_nft_set_rbtree
check_vulnerability
echo -e "${GREEN}[DEBUG] Checking Completed!${NC}"
echo -e "${GREEN}[SUMMARY] Display of Checking Results:${NC}"
if [ "$kernel_detected" = true ]; then
echo -e "‣ ${WHITE}OS Name:${NC} ${os_name}"
echo -e "‣ ${WHITE}OS Version:${NC} ${os_version}"
echo -e "‣ ${WHITE}Kernel Version:${NC} ${kernel_version}"
echo -e "‣ ${WHITE}nftables Status:${NC} ${nftables_status}"
echo -e "‣ ${WHITE}nftables List Tables:${NC} ${nft_list_tables}"
echo -e "‣ ${WHITE}nft_set_rbtree Status:${NC} ${nft_set_rbtree_status}"
echo -e "‣ ${WHITE}Vulnerability Status:${NC} ${affected_status}"
if [ "$affected_status" = "${RED}Affected${NC}" ]; then
echo -e "‣ ${WHITE}CVSS Score:${NC} ${cvss_score}"
echo -e "‣ ${WHITE}CVE ID:${NC} ${cve_id}"
fi
else
echo -e "${RED}[ERROR] Kernel Version Not Detected${NC}"
fi