{"id":20934460,"url":"https://github.com/elysium-suite/aeacus","last_synced_at":"2025-05-13T20:31:22.563Z","repository":{"id":37022066,"uuid":"246715223","full_name":"elysium-suite/aeacus","owner":"elysium-suite","description":"🔐 Vulnerability remediation scoring system","archived":false,"fork":false,"pushed_at":"2023-10-30T06:33:30.000Z","size":5772,"stargazers_count":122,"open_issues_count":4,"forks_count":31,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-02T07:41:27.103Z","etag":null,"topics":["cyberpatriot","cybersecurity","elysium-suite","go","linux","vulnerability-assessment","windows"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elysium-suite.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.md","support":null,"governance":null}},"created_at":"2020-03-12T01:20:19.000Z","updated_at":"2025-03-30T00:13:18.000Z","dependencies_parsed_at":"2023-02-09T20:15:58.216Z","dependency_job_id":"08c91498-241a-4470-9102-ef80f67cc523","html_url":"https://github.com/elysium-suite/aeacus","commit_stats":{"total_commits":219,"total_committers":22,"mean_commits":9.954545454545455,"dds":0.730593607305936,"last_synced_commit":"fa7ee1ef5e08b12971748eceaf620809524a28ff"},"previous_names":["sourque/aeacus"],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elysium-suite%2Faeacus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elysium-suite%2Faeacus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elysium-suite%2Faeacus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elysium-suite%2Faeacus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elysium-suite","download_url":"https://codeload.github.com/elysium-suite/aeacus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254020903,"owners_count":22000806,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyberpatriot","cybersecurity","elysium-suite","go","linux","vulnerability-assessment","windows"],"created_at":"2024-11-18T22:09:26.679Z","updated_at":"2025-05-13T20:31:19.516Z","avatar_url":"https://github.com/elysium-suite.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aeacus [![Go Report Card](https://goreportcard.com/badge/github.com/elysium-suite/aeacus)](https://goreportcard.com/report/github.com/elysium-suite/aeacus)\n\n\u003cimg align=\"right\" width=\"200\" src=\"assets/img/logo.png\" alt=\"aeacus logo\"/\u003e\n\n`aeacus` is a vulnerability scoring engine for Windows and Linux, with an emphasis on simplicity.\n\n## V2\n\n`aeacus` has recently been updated to version 2.0.0! To view the breaking changes, refer to [./docs/v2.md](./docs/v2.md).\n\n## Installation\n\n0. **Extract the release** into `/opt/aeacus` (Linux) or `C:\\aeacus\\` (Windows).\n\n\t\u003e Try compiling it yourself! Or, you can [download the releases here](https://github.com/elysium-suite/aeacus/releases).\n\n1. **Set up the environment.**\n\n\t- Put your **config** in `/opt/aeacus/scoring.conf` or`C:\\aeacus\\scoring.conf`.\n\n\t\t- _Don't have a config? See the example below._\n\n\t- Put your **README data** in `ReadMe.conf`.\n\n2. **Check that your config is valid.**\n\n```\n./aeacus --verbose check\n```\n\n\u003e Check out what you can do with `aeacus` with `./aeacus --help`!\n\n3. **Score the image with the current config to verify your checks work as expected.**\n\n```\n./aeacus --verbose score\n```\n\n\u003e The TeamID is read from `/opt/aeacus/TeamID.txt` or `C:\\aeacus\\TeamID.txt`.\n\n4. **Check your README and make sure it is to your liking!**\n\n```\n./aeacus --verbose readme\n```\n\n\u003e The ReadMe file will be placed in `/opt/aeacus/assets/ReadMe.html` or `C:\\aeacus\\assets\\ReadMe.html`\n\n4. **Prepare the image for release.**\n\n\u003e **WARNING**: This will remove `scoring.conf`. Back it up somewhere if you want to save it! It will also remove the `aeacus` executable and other sensitive files.\n\n```\n./aeacus --verbose release\n```\n\n## Screenshots\n\n### Scoring Report:\n\n![Scoring Report](./misc/gh/ScoringReport.png)\n\n### ReadMe:\n\n![ReadMe](./misc/gh/ReadMe.png)\n\n## Features\n\n-   Robust yet simple vulnerability scorer\n-   Image preparation (cleanup, README, etc)\n-   Remote score reporting\n\n\u003e Note: `aeacus` ships with weak crypto on purpose. You should implement your own crypto functions if you want to make it harder to crack with static analysis. See [Adding Crypto](/docs/crypto.md) for more information.\n\n## Compiling\n\nOnly Linux development environments are officially supported. Ubuntu virtual machines work great.\n\nMake sure you have a recent version of `go` installed, as well as `git` and `make`. If you want to compile Windows and Linux, install all dependencies using `go get -v -d -t ./...`. Then to compile, use `go build`, OR make:\n\n- Building for `Linux`: `make lin`\n- Building for `Windows`: `make win`\n\n### Development\n\nIf you're developing for `aeacus`, compile with these commands to leave debug symbols in the binaries:\n\n- Building for `Linux`: `make lin-dev`\n- Building for `Windows`: `make win-dev`\n\n### Releases\n\nYou can build release files (e.g., `aeacus-linux.zip`). These will have auto-randomized `crypto.go` files.\n\n- Building both platforms: `make release`\n\n## Documentation\n\nAll check condition types (with examples and notes) [are documented here](docs/checks.md).\n\nOther documentation:\n- [Non-Check Scoring Configuration](docs/config.md)\n- [Condition Precedence](docs/conditions.md)\n- [Adding Hints](docs/hints.md)\n- [Crypto](docs/crypto.md)\n- [Security Model](docs/security.md)\n- [Remote Reporting](docs/remote.md)\n- [Windows Security Policy](docs/securitypolicy.md)\n\n## Remote Endpoint\n\nSet the `remote` field in the configuration, and your image will use remote scoring. If you want remote scoring, you will need to host a remote scoring endpoint. The authors of this project recommend using [sarpedon](https://github.com/elysium-suite/sarpedon). See [this example remote configuration for Linux aeacus](docs/examples/linux-remote.conf).\n\n## Configuration\n\nThe configuration is written in TOML. Here is a minimal example:\n\n```toml\nname = \"ubuntu-18-supercool\"            # Image name\ntitle = \"CoolCyberStuff Practice Round\" # Round title\nos = \"Ubuntu 18.04\"                     # OS, used for README\nuser = \"coolUser\"                       # Main user for the image\n\n# Set the aeacus version of this scoring file. Set this to the version\n# of aeacus you are using. This is used to make sure your configuration,\n# if re-used, is compatible with the version of aeacus being used.\n#\n# You can print your version of aeacus with ./aeacus version.\nversion = \"2.1.1\"\n\n[[check]]\nmessage = \"Removed insecure sudoers rule\"\npoints = 10\n\n\t[[check.pass]]\n\ttype = \"FileContainsNot\"\n\tpath = \"/etc/sudoers\"\n\tvalue = \"NOPASSWD\"\n\n[[check]]\n# If no message is specified, one is auto-generated\npoints = 20\n\n\t[[check.pass]]\n\ttype = \"PathExistsNot\"\n\tpath = \"/usr/bin/ufw-backdoor\"\n\n\t[[check.pass]]       # You can code multiple pass conditions, but\n\ttype = \"FirewallUp\"  # they must ALL succeed for the check to pass!\n\n[[check]]\nmessage = \"Malicious user 'user' can't read /etc/shadow\"\n# If no points are specified, they are auto-calculated out of 100.\n\n\t[[check.pass]]\n\ttype = \"PermissionIsNot\"\n\tpath = \"/etc/shadow\"\n\tvalue = \"??????r??\"\n\n\t[[check.pass]]          # \"pass\" conditions are logically AND with other pass\n\ttype = \"UserInGroupNot\" # conditions. This means they all must pass for a check\n\tuser = \"user\"           # to be considered successful.\n\tgroup = \"sudo\"\n\n\t[[check.passoverride]]  # If you want a check to succeed when any condition\n\ttype = \"UserExistsNot\"  # passes, regardless of other pass checks, use\n\tuser = \"user\"           # an override pass (passoverride). This is a logical OR.\n\t                        # passoverride is overridden by fail conditions.\n\n\t[[check.fail]]          # If any fail conditions succeed, the entire check will fail.\n\ttype = \"PathExistsNot\"\n\tpath = \"/etc/shadow\"\n\n[[check]]\nmessage = \"Administrator has been removed\"\npoints = -5 # This check is now a penalty, because it has negative points\n\n\t[[check.pass]]\n\ttype = \"UserExistsNot\"\n\tuser = \"coolAdmin\"\n\n```\n\nSee more in-depth examples, including remote reporting, [here](https://github.com/elysium-suite/aeacus/tree/master/docs/examples).\n\n## ReadMe Configuration\n\nPut your README in `ReadMe.conf`. Here's a commented template:\n\n```html\n\u003c!-- Put your comments/additions to the normal ReadMe here! --\u003e\n\u003cp\u003e\n\tUncomplicated Firewall (UFW) is the only company approved Firewall for use\n\ton Linux machines at this time.\n\u003c/p\u003e\n\n\u003c!-- You can add as many \u003cp\u003e\u003c/p\u003e notes as you want! This HTML is simply imported into the existing ReadMe template. --\u003e\n\u003cp\u003e\n\tCongratulations! You just recruited a promising new team member. Create a\n\tnew Standard user account named \"bobbington\" with a temporary password of\n\tyour choosing.\n\u003c/p\u003e\n\n\u003c!-- Put your critical services here! --\u003e\n\u003cp\u003e\u003cb\u003eCritical Services:\u003c/b\u003e\u003c/p\u003e\n\u003cul\u003e\n\t\u003cli\u003eOpenSSH Server (sshd)\u003c/li\u003e\n\t\u003cli\u003eOther cool service\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003c!-- Put your users here! --\u003e\n\u003ch2\u003eAuthorized Administrators and Users\u003c/h2\u003e\n\n\u003cpre\u003e\n\u003cb\u003eAuthorized Administrators:\u003c/b\u003e\ncoolUser (you)\n\tpassword: coolPassword\nbob\n\tpassword: bob\n\n\u003cb\u003eAuthorized Users:\u003c/b\u003e\ncoolFriend\nawesomeUser\nradUser\ncoolGuy\nniceUser\n\u003c/pre\u003e\n```\n\n## Information Gathering\n\nThe `aeacus` binary supports gathering information (on **Windows** only) in cases where it's tough to gather what the scoring system can see.\n\nPrint information with `./aeacus info type` where `type` is one the following (NOTE: this is deprecated and will be removed in a future release):\n\n### Windows\n\n-   `programs` (shows installed programs)\n-   `users` (shows local users)\n-   `admins` (shows local administrator users)\n\n## Tips and Tricks\n\n-   Easily change the branding by replacing `assets/img/logo.png`.\n-   Test your scoring configuration in a loop:\n``` bash\nwhile true; do ./aeacus -v; sleep 20; done\n```\n-   Set all .desktop files as launchable on Ubuntu+GNOME:\n```bash\nfor i in $HOME/Desktop/*.desktop; do\n    # Try \"yes\" rather than true on Ubuntu \u003c20\n    gio set \"$i\" \"metadata::trusted\" true\n    chmod +x \"$i\"\ndone\n```\n\n## Contributing and Disclaimer\n\nA huge thanks to the project contributors for help adding code and features, and to many others for help with feedback, usability, and finding bugs!\n\nIf you have anything you would like to add or fix, please make a pull request! No improvement or fix is too small, and help is always appreciated.\n\nThanks to UTSA CIAS and the CyberPatriot program for putting together such a cool competition, and for the inspiration to make this project.\n\nThis project is in no way affiliated with or endorsed by the Air Force Association, University of Texas San Antonio, or the CyberPatriot program.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felysium-suite%2Faeacus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felysium-suite%2Faeacus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felysium-suite%2Faeacus/lists"}