0

Background:

when run on a unix box Tenable.io (nessus) will try to create a tag file in /etc/ with a unique string. Presumably so it can identify the machine if the hostname or IP changes.

It does this by

"sh -c \"echo 35374e09cc444b058c65267613804fa4 > /etc/tenable_tag && echo OK\""

The problem is that it needs root privilege to do this. The standard way of allowing tenable to elevate privilege is to use sudo and add the handful of commands that it needs to an sudoer file. Whitelisting sh is equivalent to whitelisting everything something we would rather not do!

So I am trying to figure out some simple way of dumping text into a file that does not involve a shell "builtin"

The crucial thing is that the whole command will be executed with sudo so things that pipe something to sudo won't work.

in this post someone suggested

sudo ex +'$put =\"some string\"' -cwq foo.txt

which works but prepends a blank line (at least on my ubuntu box)

Russell Fulton
  • 201
  • 1
  • 3
  • 17
  • Do you want something like `echo "Some String" | sudo tee foo.txt`? See http://manpages.ubuntu.com/manpages/bionic/man1/tee.1.html for more information on the `tee` command. – nthnchu Oct 23 '20 at 01:17
  • Ah! there is a factor that I neglected to include (now fixed) and that is that nessus executes the command with sudo so pipelines that include sudo don't work. – Russell Fulton Oct 23 '20 at 02:06
  • I'm not sure I understand. If the whole script is run as root what about just `echo "Some String" | tee foo.txt`? – nthnchu Oct 23 '20 at 02:16
  • I think I see what you want: a command like this: "sudo ". Is that right? – nthnchu Oct 23 '20 at 13:02

1 Answers1

0
sudo ex +'put =\"some string\"' -cwq foo.txt

i.e. removing the $ which is actually a regular expression that matches the end of the buffer which is what causes the blank line to be inserted.

Russell Fulton
  • 201
  • 1
  • 3
  • 17