Security scripts *** 3.2.3, 2008.09.10.09.30 ***Tue Mar 20 20:20:03 GMT 2012

1. Security scripts *** 3.2.3, 2008.09.10.09.30 ***
2. Tue Mar 20 20:20:03 GMT 2012
3. 20:20> Beginning security report for Jamie (2012 Linux 3.2.9-blackout).
4.  
5. # Performing check of passwd files...
6. # Checking entries from /etc/passwd.
7. --WARN-- [pass013w] Username `root' is not using an acceptable password hash
8. (x).
9. --WARN-- [pass013w] Username `daemon' is not using an acceptable password hash
10. (x).
11. --WARN-- [pass013w] Username `bin' is not using an acceptable password hash
12. (x).
13. --WARN-- [pass013w] Username `sys' is not using an acceptable password hash
14. (x).
15. --WARN-- [pass013w] Username `sync' is not using an acceptable password hash
16. (x).
17. --WARN-- [pass015w] Login ID sync does not have a valid shell (/bin/sync).
18. --WARN-- [pass013w] Username `games' is not using an acceptable password hash
19. (x).
20. --WARN-- [pass013w] Username `man' is not using an acceptable password hash
21. (x).
22. --WARN-- [pass013w] Username `lp' is not using an acceptable password hash
23. (x).
24. --WARN-- [pass013w] Username `mail' is not using an acceptable password hash
25. (x).
26. --WARN-- [pass013w] Username `news' is not using an acceptable password hash
27. (x).
28. --WARN-- [pass013w] Username `uucp' is not using an acceptable password hash
29. (x).
30. --WARN-- [pass013w] Username `proxy' is not using an acceptable password hash
31. (x).
32. --WARN-- [pass013w] Username `www-data' is not using an acceptable password
33. hash (x).
34. --WARN-- [pass013w] Username `backup' is not using an acceptable password hash
35. (x).
36. --WARN-- [pass013w] Username `list' is not using an acceptable password hash
37. (x).
38. --WARN-- [pass013w] Username `irc' is not using an acceptable password hash
39. (x).
40. --WARN-- [pass013w] Username `gnats' is not using an acceptable password hash
41. (x).
42. --WARN-- [pass013w] Username `nobody' is not using an acceptable password hash
43. (x).
44. --WARN-- [pass013w] Username `libuuid' is not using an acceptable password
45. hash (x).
46. --WARN-- [pass013w] Username `Debian-exim' is not using an acceptable password
47. hash (x).
48. --WARN-- [pass013w] Username `statd' is not using an acceptable password hash
49. (x).
50. --WARN-- [pass013w] Username `sshd' is not using an acceptable password hash
51. (x).
52. --WARN-- [pass015w] Login ID sshd does not have a valid shell
53. (/usr/sbin/nologin).
54. --WARN-- [pass013w] Username `michael' is not using an acceptable password
55. hash (x).
56. --WARN-- [pass013w] Username `game' is not using an acceptable password hash
57. (x).
58. --WARN-- [pass013w] Username `ftp' is not using an acceptable password hash
59. (x).
60. --WARN-- [pass013w] Username `messagebus' is not using an acceptable password
61. hash (x).
62. --WARN-- [pass013w] Username `znc' is not using an acceptable password hash
63. (x).
64. --WARN-- [pass013w] Username `mumble-server' is not using an acceptable
65. password hash (x).
66.  
67. # Performing check of group files...
68.  
69. # Performing check of user accounts...
70. # Checking accounts from /etc/passwd.
71. --WARN-- [acc006w] Login ID mail's home directory (/var/mail) has group `4096'
72. write access.
73. --WARN-- [acc022w] Login ID nobody home directory (/nonexistent) is not
74. accessible.
75. --WARN-- [acc006w] Login ID libuuid's home directory (/var/lib/libuuid) has
76. group `4096' write access.
77.  
78. # Performing check of /etc/hosts.equiv and .rhosts files...
79.  
80. # Checking accounts from /etc/passwd...
81.  
82. # Performing check of .netrc files...
83.  
84. # Checking accounts from /etc/passwd...
85.  
86. # Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...
87.  
88. # Performing check of PATH components...
89. # Only checking user 'root'
90. --WARN-- [path002w] /usr/bin/bsd-write in root's PATH from default is not
91. owned by root (owned by tty).
92. --WARN-- [path002w] /usr/bin/chage in root's PATH from default is not owned by
93. root (owned by shadow).
94. --WARN-- [path002w] /usr/bin/crontab in root's PATH from default is not owned
95. by root (owned by crontab).
96. --WARN-- [path002w] /usr/bin/dotlockfile in root's PATH from default is not
97. owned by root (owned by mail).
98. --WARN-- [path002w] /usr/bin/expiry in root's PATH from default is not owned
99. by root (owned by shadow).
100. --WARN-- [path002w] /usr/bin/locate in root's PATH from default is not owned
101. by root (owned by mlocate).
102. --WARN-- [path002w] /usr/bin/lockfile in root's PATH from default is not owned
103. by root (owned by mail).
104. --WARN-- [path002w] /usr/bin/mlocate in root's PATH from default is not owned
105. by root (owned by mlocate).
106. --WARN-- [path002w] /usr/bin/mutt_dotlock in root's PATH from default is not
107. owned by root (owned by mail).
108. --WARN-- [path002w] /usr/bin/screen in root's PATH from default is not owned
109. by root (owned by utmp).
110. --WARN-- [path002w] /usr/bin/ssh-agent in root's PATH from default is not
111. owned by root (owned by ssh).
112. --WARN-- [path002w] /usr/bin/twistedcat in root's PATH from default is not
113. owned by root (owned by game).
114. --WARN-- [path002w] /usr/bin/wall in root's PATH from default is not owned by
115. root (owned by tty).
116. --WARN-- [path002w] /usr/bin/write in root's PATH from default is not owned by
117. root (owned by tty).
118.  
119. # Performing check of anonymous FTP...
120.  
121. # Performing checks of mail aliases...
122. # Checking aliases from /etc/aliases.
123.  
124. # Performing check of `cron' entries...
125. --WARN-- CRON file `' is owned by crontab.
126. --WARN-- Found cron file for unknown user .
127. --WARN-- [cron004w] Root crontab does not exist
128. --WARN-- [cron005w] Use of cron is not restricted
129.  
130. # Performing check of 'services' ...
131. # Checking services from /etc/services.
132. --WARN-- [inet003w] The port for service pop-2 is also assigned to service
133. pop2.
134. --WARN-- [inet003w] The port for service x400-snd is also assigned to service
135. acr-nema.
136.  
137. # Performing NFS exports check...
138.  
139. # Performing check of system file permissions...
140. --ERROR-- [init004e] `/usr/lib/tiger/systems/default/gen_mounts' is not executable (command GET_MOUNTS).
141.  
142. # Checking for known intrusion signs...
143. --ERROR-- [init004e] `/usr/lib/tiger/systems/default/gen_mounts' is not executable (command GET_MOUNTS).
144.  
145. # Performing check for rookits...
146. # Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...
147. --ALERT-- [rootkit005a] Chkrootkit has found a file which seems to be infected
148. because of a rootkit
149. --ALERT-- [rootkit009a] A rootkit seems to be installed in the system
150. INFECTED (PORTS: 31337)
151.  
152. # Performing system specific checks...
153.  
154. # Performing check of root directory...
155.  
156. # Checking device permissions...
157. --WARN-- [dev003w] The directory /dev/block resides in a device directory.
158. --WARN-- [dev003w] The directory /dev/bsg resides in a device directory.
159. --WARN-- [dev003w] The directory /dev/char resides in a device directory.
160. --WARN-- [dev003w] The directory /dev/cpu resides in a device directory.
161.  
162. # Checking for existence of log files...
163. --FAIL-- [logf005f] Log file /var/log/wtmp permission should be 644
164. --FAIL-- [logf005f] Log file /var/log/btmp permission should be 600
165. --FAIL-- [logf005f] Log file /var/run/utmp permission should be 644
166.  
167. # Checking for correct umask settings...
168. --FAIL-- [misc022f] The umask setting in /etc/profile is insecure
169.  
170. # Checking listening processes
171. --WARN-- [lin003w] The process `exim4' is listening on socket TCP (0t0 on TCP
172. interface) is run by Debian-exim.
173. --WARN-- [lin003w] The process `murmurd' is listening on socket TCP (0t0 on
174. TCP interface) is run by mumble-server.
175. --WARN-- [lin003w] The process `murmurd' is listening on socket UDP (0t0 on
176. UDP interface) is run by mumble-server.
177. --WARN-- [lin003w] The process `portmap' is listening on socket TCP (0t0 on
178. TCP interface) is run by daemon.
179. --WARN-- [lin003w] The process `portmap' is listening on socket UDP (0t0 on
180. UDP interface) is run by daemon.
181. --WARN-- [lin003w] The process `rpc.statd' is listening on socket TCP (0t0 on
182. TCP interface) is run by statd.
183. --WARN-- [lin003w] The process `rpc.statd' is listening on socket UDP (0t0 on
184. UDP interface) is run by statd.
185. --WARN-- [lin003w] The process `srcds_lin' is listening on socket TCP (0t0 on
186. TCP interface) is run by game.
187. --WARN-- [lin003w] The process `srcds_lin' is listening on socket UDP (0t0 on
188. UDP interface) is run by game.
189. --WARN-- [lin003w] The process `sshd' is listening on socket TCP (0t0 on TCP
190. interface) is run by root.
191. --WARN-- [lin003w] The process `vsftpd' is listening on socket TCP (0t0 on TCP
192. interface) is run by root.
193. --WARN-- [lin003w] The process `znc' is listening on socket TCP (0t0 on TCP
194. interface) is run by znc.
195.  
196. # Checking sshd_config configuration files...
197. --WARN-- [ssh004w] The PasswordAuthentication directive in
198. /etc/ssh/sshd_config is set to the unapproved defult value: yes.
199.  
200. # Checking printer configuration files...
201. --ERROR-- [init006e] `/etc/printcap' does not exist (file definition src).
202. --ERROR-- [init006e] `/etc/printcap' does not exist (file definition infile).
203.  
204. # Performing common access checks for root...
205.  
206. # Checking ntpd configuration...
207. --ERROR-- [init001e] Don't have required command NETSTAT.
208. --ERROR-- [init004e] `/usr/lib/tiger/systems/default/getdisks' is not executable (command GETDISKS).
209.  
210. # Performing check of embedded pathnames...
211. 20:20> Security report completed for Jamie.