Worklet: Disable LLMNR (Security Risk) - Linux

Hi Automox Alive Community!

Previously, I added a worklet for addressing LLMNR security risk for Windows, and now I’m adding the same for Linux considerations. If you are unfamiliar, LLMNR stands for Link-Local Multicast Name Resolution and is a favorite vector among pen-testers and malicious threat actors for conducting man-in-the-middle attacks.

Evaluation:

#!/bin/bash





# LLMNR - Evaluation : This will check whether LLMNR has been disabled.


test_val='^LLMNR=no'


test_cfg='/etc/systemd/resolved.conf'





# Case-insensitvely check for value


if ($(grep -qi "$test_val" $test_cfg)); then


  # Compliant


  exit 0


else


  # Non-Compliant


  exit 1


fi

Remediation:

#!/bin/bash





# LLMNR - Remediation : This will disable LLMNR. (restart required)


test_val='^LLMNR=no'


test_cfg='/etc/systemd/resolved.conf'





sed -i 's/.*LLMNR=.*/LLMNR=no/g' $test_cfg





# Case-insensitvely check for value


if ($(grep -qi "$test_val" $test_cfg)); then


  # Compliant


  exit 0


else


  # Non-Compliant


  echo "LLMNR could not be toggled off."


  exit 1


fi

I’ve also added this script to my GitHub.

Be the first to reply!

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded