Hi Automox Alive Community!
Previously, I added a worklet for addressing LLMNR security risk for Windows, and now I’m adding the same for Linux considerations. If you are unfamiliar, LLMNR stands for Link-Local Multicast Name Resolution and is a favorite vector among pen-testers and malicious threat actors for conducting man-in-the-middle attacks.
#!/bin/bash # LLMNR - Evaluation : This will check whether LLMNR has been disabled. test_val='^LLMNR=no' test_cfg='/etc/systemd/resolved.conf' # Case-insensitvely check for value if ($(grep -qi "$test_val" $test_cfg)); then # Compliant exit 0 else # Non-Compliant exit 1 fi
#!/bin/bash # LLMNR - Remediation : This will disable LLMNR. (restart required) test_val='^LLMNR=no' test_cfg='/etc/systemd/resolved.conf' sed -i 's/.*LLMNR=.*/LLMNR=no/g' $test_cfg # Case-insensitvely check for value if ($(grep -qi "$test_val" $test_cfg)); then # Compliant exit 0 else # Non-Compliant echo "LLMNR could not be toggled off." exit 1 fi
I’ve also added this script to my GitHub.