Skip to content

Home

Jump to bottom
morpheuslord edited this page Mar 31, 2024 · 7 revisions

Startup SBOM

The objective of the project is to examine the startup process and establish connections between all the packages that initiate during boot and the corresponding services associated with them. The project aims to ensure clarity regarding the execution of packages and executables, as well as their potential impact on the system. This effort is particularly valuable for streamlining the investigation process in reverse engineering vulnerable packages.

Table of content

What does the tool do?

The tool delves into the intricacies of the systemd boot process, meticulously documenting and enumerating all conceivable executable packages initiated by systemd. By doing so, it significantly diminishes the pool of packages necessitating analysis for critical vulnerabilities or undergoing reverse engineering, especially in comprehending the contents of the mounted volume during boot.

In essence, the tool serves as a pivotal asset in the arsenal of cybersecurity professionals, offering comprehensive visibility, actionable insights, and enhanced defense capabilities against emerging threats in the dynamic landscape of system security.

Advantages of this process

In addition to scrutinizing startup processes, the tool serves a multifaceted purpose:

  • Comprehensive Startup Analysis: It offers an exhaustive examination of the packages executed during the boot phase, providing a comprehensive overview of the system's initialization sequence.

  • Executable Identification: Not only does it identify the executables launched during startup, but it also catalogs their respective paths, aiding in precise pinpointing and subsequent analysis.

  • Insightful Execution Insights: The tool extends its functionality by offering insights into the execution mechanisms of these packages, particularly through CHROOT, elucidating the context and conditions under which they are invoked.

  • Graphical Representation: Utilizing graphical visualization techniques, the tool presents a visually intuitive depiction of package outputs, facilitating a deeper understanding and analysis of system boot processes.

  • Automated Reporting: It streamlines the reporting process by generating detailed reports encompassing all findings, thereby expediting decision-making processes and enhancing overall system security posture.

  • Enhanced Security Posture: By enabling more focused and efficient analysis, the tool contributes to bolstering the security posture of systems, empowering administrators to preemptively identify and mitigate potential vulnerabilities before they can be exploited.

  • Streamlined Reverse Engineering: In the realm of reverse engineering, the tool serves as a catalyst for expediting the process, providing crucial insights into package execution paths and behaviors, thus accelerating the identification and remediation of vulnerabilities.

  • Customization and Extensibility: With customizable features and extensible functionalities, the tool can be tailored to suit specific organizational requirements and adapted to evolving threat landscapes, ensuring continued efficacy in safeguarding system integrity.

Process Overview

CHROOT Analysis:

The CHROOT analysis feature of the tool involves a comprehensive examination of the systemd boot process within a CHROOT environment. Here's a detailed breakdown of the process:

  1. Execution Procedure: The tool initiates the CHROOT analysis by executing the systemd-analyze command within the CHROOT shell environment.

  2. SVG Output Parsing: It captures the SVG output generated by systemd-analyze within the CHROOT shell. This output contains valuable information about service files and their respective startup times.

  3. Data Extraction: The tool meticulously extracts relevant data from the SVG output, focusing particularly on service files and their associated startup times.

  4. Graphical Representation: Utilizing this extracted data, the tool then proceeds to graphically plot the service files and map out their startup times. This graphical representation offers a visual overview of the systemd boot process within the CHROOT environment.

  5. Detailed Documentation: For further insight and reference, detailed documentation regarding the CHROOT analysis feature is provided, outlining its functionalities, usage instructions, and potential applications.

For more comprehensive information on CHROOT analysis, refer to the detailed documentation provided in the Chroot Analysis documentation

STATIC Analysis:

The STATIC analysis functionality of the tool encompasses two distinct methods: service and info. Here's a detailed elucidation of each method:

  1. Service Method:

    • Basis of Analysis: This method utilizes the .service files located in the /lib/systemd/system directory as the foundation for conducting static analysis.
    • Procedure: The tool systematically parses through these .service files, extracting relevant information about service configurations, dependencies, and other pertinent details.
    • Analysis Output: The output of this analysis provides insights into the systemd services configured on the system, facilitating a comprehensive understanding of their functionalities and interdependencies.

  2. Info Method:

    • Data Source: In contrast to the service method, the info method leverages the .list files located in the /var/lib/dpkg/info directory for conducting static analysis.
    • Analysis Scope: By analyzing these .list files, the tool gathers information regarding installed packages, their associated files, and related metadata.
    • Insight Generation: The output derived from this analysis offers insights into the installed packages on the system, their components, and relevant configuration details.

For further exploration and reference, detailed documentation elucidating the STATIC analysis feature is provided through the Static Analysis documentation

Want to connect:

Clone this wiki locally