API tools faq
paste
Advertisement
xrxrxr

lynis scan

xrxrxr
Jan 29th, 2015
265
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.08 KB | None | 0 0
raw download clone embed print report
  1. - Checking /usr/local/libexec... [ NOT FOUND ]
  2. - Checking /usr/libexec... [ FOUND ]
  3. - Checking /usr/sfw/bin... [ NOT FOUND ]
  4. - Checking /usr/sfw/sbin... [ NOT FOUND ]
  5. - Checking /usr/sfw/libexec... [ NOT FOUND ]
  6. - Checking /opt/sfw/bin... [ NOT FOUND ]
  7. - Checking /opt/sfw/sbin... [ NOT FOUND ]
  8. - Checking /opt/sfw/libexec... [ NOT FOUND ]
  9. - Checking /usr/xpg4/bin... [ NOT FOUND ]
  10. - Checking /usr/css/bin... [ NOT FOUND ]
  11. - Checking /usr/ucb... [ NOT FOUND ]
  12. - Checking /usr/X11R6/bin... [ FOUND ]
  13.  
  14. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  15. Unable to find Digest::SHA or Digest::SHA::PurePerl
  16.  
  17. [+] Boot and services
  18. ------------------------------------
  19. - Checking boot loaders
  20. - Checking presence GRUB... [ NOT FOUND ]
  21. - Checking presence LILO... [ NOT FOUND ]
  22. - Checking boot loader SILO [ NOT FOUND ]
  23. - Checking boot loader YABOOT [ NOT FOUND ]
  24. - Check startup files (permissions)... [ OK ]
  25.  
  26. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  27.  
  28. [+] Kernel
  29. ------------------------------------
  30. - Checking default runlevel [ UNKNOWN ]
  31. - Checking CPU support (NX/PAE)
  32. CPU support: No PAE or NoeXecute supported [ NONE ]
  33. - Checking kernel version and release [ DONE ]
  34. - Checking kernel type [ DONE ]
  35. - Checking loaded kernel modules [ DONE ]
  36. Found 58 active modules
  37. - Checking Linux kernel configuration file... [ NOT FOUND ]
  38. - Checking core dumps configuration... [ DISABLED ]
  39. - Checking setuid core dumps configuration... [ DEFAULT ]
  40.  
  41. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  42.  
  43.  
  44. [+] Memory and processes
  45. ------------------------------------
  46. - Checking /proc/meminfo... [ FOUND ]
  47. - Searching for dead/zombie processes... [ OK ]
  48. - Searching for IO waiting processes... [ OK ]
  49.  
  50. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  51.  
  52.  
  53. [+] Users, Groups and Authentication
  54. ------------------------------------
  55. - Search administrator accounts... [ OK ]
  56. - Checking consistency of group files (grpck)... [ WARNING ]
  57. - Checking non unique group ID's... [ WARNING ]
  58. - Checking non unique group names... [ WARNING ]
  59. - Checking password file consistency... [ WARNING ]
  60. - Query system users (non daemons)... [ DONE ]
  61. - Checking NIS+ authentication support [ NOT ENABLED ]
  62. - Checking NIS authentication support [ NOT ENABLED ]
  63. - Checking sudoers file [ FOUND ]
  64. - Check sudoers file permissions [ WARNING ]
  65. - Checking PAM password strength tools [ SUGGESTION ]
  66. - Checking PAM configuration file (pam.conf) [ NOT FOUND ]
  67. - Checking PAM configuration files (pam.d) [ FOUND ]
  68. - Checking PAM modules [ FOUND ]
  69. - Checking accounts without expire date [ OK ]
  70. - Checking accounts without password [ OK ]
  71. - Checking Linux single user mode authentication [ WARNING ]
  72. - Determining default umask
  73. - Checking umask (/etc/profile) [ UNKNOWN ]
  74. - Checking LDAP authentication support [ NOT ENABLED ]
  75.  
  76. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  77.  
  78.  
  79. [+] Shells
  80. ------------------------------------
  81. - Checking shells from /etc/shells...
  82. Result: found 3 shells (valid shells: 3).
  83.  
  84. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  85.  
  86.  
  87. [+] File systems
  88. ------------------------------------
  89. - Checking mount points
  90. - Checking /tmp mount point... [ OK ]
  91. - Checking for old files in /tmp... [ OK ]
  92. - Checking /tmp sticky bit... [ OK ]
  93. tune2fs: No such file or directory while trying to open /dev/root
  94. Couldn't find valid filesystem superblock.
  95. - ACL support root file system... [ DISABLED ]
  96. - Checking Locate database... [ NOT FOUND ]
  97.  
  98. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  99.  
  100.  
  101. [+] Storage
  102. ------------------------------------
  103. - Checking usb-storage driver (modprobe config)... [ NOT DISABLED ]
  104. - Checking firewire ohci driver (modprobe config)... [ NOT DISABLED ]
  105.  
  106. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  107.  
  108.  
  109. [+] NFS
  110. ------------------------------------
  111. - Check running NFS daemon... [ NOT FOUND ]
  112.  
  113. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  114.  
  115.  
  116. [+] Software: name services
  117. ------------------------------------
  118. - Checking default DNS search domain... [ NONE ]
  119. - Checking search domains... [ FOUND ]
  120. - Checking /etc/resolv.conf options... [ NONE ]
  121. - Searching DNS domain name... [ UNKNOWN ]
  122. - Checking nscd status... [ NOT FOUND ]
  123. - Checking BIND status... [ NOT FOUND ]
  124. - Checking PowerDNS status... [ NOT FOUND ]
  125. - Checking ypbind status... [ NOT FOUND ]
  126. - Checking /etc/hosts
  127. - Checking /etc/hosts (duplicates) [ OK ]
  128. - Checking /etc/hosts (hostname) [ OK ]
  129. - Checking /etc/hosts (localhost) [ SUGGESTION ]
  130.  
  131. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  132.  
  133.  
  134. [+] Ports and packages
  135. ------------------------------------
  136. - Searching package managers...
  137. - Searching RPM package manager... [ FOUND ]
  138. - Querying RPM package manager...
  139. /bin/rpm: invalid option -- 'a'
  140. BusyBox v1.21.0 (2013-02-18 15:57:06 WST) multi-call binary.
  141.  
  142. Usage: rpm -i PACKAGE.rpm; rpm -qp[ildc] PACKAGE.rpm
  143.  
  144. Manipulate RPM packages
  145.  
  146. Commands:
  147. -i Install package
  148. -qp Query package
  149. -i Show information
  150. -l List contents
  151. -d List documents
  152. -c List config files
  153.  
  154. - Searching dpkg package manager... [ FOUND ]
  155. - Querying package manager...
  156. - Query unpurged packages... [ NONE ]
  157. - Checking package audit tool... [ NONE ]
  158.  
  159. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  160.  
  161.  
  162. [+] Networking
  163. ------------------------------------
  164. - Checking configured nameservers...
  165. - Testing nameservers...
  166. Nameserver: 192.168.1.1... [ SKIPPED ]
  167. - Minimal of 2 responsive nameservers... [ SKIPPED ]
  168. - Checking default gateway... [ DONE ]
  169. - Getting listening ports (TCP/TCP)... [ DONE ]
  170. * Found 1 ports
  171.  
  172. - Checking promiscuous interfaces... [ OK ]
  173. - Checking waiting connections... [ OK ]
  174. - Checking status DHCP client... [ NOT ACTIVE ]
  175.  
  176. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  177.  
  178. [+] Printers and Spools
  179. ------------------------------------
  180. - Checking cups daemon... [ RUNNING ]
  181. - Checking cups configuration file... [ OK ]
  182. - Checking CUPS addresses/sockets... [ FOUND ]
  183.  
  184. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  185.  
  186.  
  187. [+] Software: e-mail and messaging
  188. ------------------------------------
  189. - Checking Exim status... [ NOT FOUND ]
  190. - Checking Postfix status... [ NOT FOUND ]
  191. - Checking Qmail smtpd status... [ NOT FOUND ]
  192.  
  193. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  194.  
  195.  
  196. [+] Software: firewalls
  197. ------------------------------------
  198. - Checking iptables kernel module [ FOUND ]
  199. - Checking for empty ruleset [ OK ]
  200. - Checking for unused rules [ WARNING ]
  201. Status pf [ NOT FOUND ]
  202. - Checking host based firewall [ ACTIVE ]
  203.  
  204. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  205.  
  206.  
  207. [+] Software: webserver
  208. ------------------------------------
  209. httpd: bind: Address already in use
  210. - Checking Apache (binary /usr/sbin/httpd)... [ NO MATCH ]
  211. - Checking nginx... [ NOT FOUND ]
  212.  
  213. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  214.  
  215.  
  216. [+] SSH Support
  217. ------------------------------------
  218. - Checking running SSH daemon... [ NOT FOUND ]
  219.  
  220. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  221.  
  222.  
  223. [+] SNMP Support
  224. ------------------------------------
  225. - Checking running SNMP daemon... [ NOT FOUND ]
  226.  
  227. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  228.  
  229.  
  230. [+] Databases
  231. ------------------------------------
  232. - MySQL process status... [ NOT FOUND ]
  233. - PostgreSQL processes status... [ NOT FOUND ]
  234. - Oracle processes status... [ NOT FOUND ]
  235.  
  236. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  237.  
  238.  
  239. [+] LDAP Services
  240. ------------------------------------
  241. - Checking OpenLDAP instance... [ NOT FOUND ]
  242.  
  243. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  244.  
  245.  
  246. [+] Software: PHP
  247. ------------------------------------
  248. - Checking PHP... [ NOT FOUND ]
  249.  
  250. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  251.  
  252.  
  253. [+] Squid Support
  254. ------------------------------------
  255.  
  256.  
  257.  
  258. - Checking running Squid daemon... [ NOT FOUND ]
  259.  
  260.  
  261.  
  262.  
  263.  
  264.  
  265.  
  266.  
  267. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  268.  
  269.  
  270. [+] Logging and files
  271. ------------------------------------
  272.  
  273.  
  274. - Checking for a running log daemon... [ OK ]
  275.  
  276.  
  277.  
  278.  
  279. - Checking Syslog-NG status [ NOT FOUND ]
  280. - Checking Metalog status [ NOT FOUND ]
  281. - Checking RSyslog status [ NOT FOUND ]
  282. - Checking RFC 3195 daemon status [ NOT FOUND ]
  283. - Checking klogd [ FOUND ]
  284. - Checking minilogd instances [ NONE ]
  285. - Checking logrotate presence [ WARNING ]
  286. - Checking log directories (static list) [ DONE ]
  287. - Checking open log files [ DONE ]
  288. - Checking deleted files in use [ DONE ]
  289.  
  290. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  291.  
  292. [+] Insecure services
  293. ------------------------------------
  294. - Checking inetd status... [ NOT ACTIVE ]
  295.  
  296. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  297.  
  298. [+] Banners and identification
  299. ------------------------------------
  300. - /etc/motd... [ NOT FOUND ]
  301. - /etc/issue... [ FOUND ]
  302. - /etc/issue contents... [ WEAK ]
  303. - /etc/issue.net... [ NOT FOUND ]
  304.  
  305. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  306.  
  307. [+] Scheduled tasks
  308. ------------------------------------
  309. - Checking crontab/cronjob [ DONE ]
  310. - Checking atd status [ NOT RUNNING ]
  311.  
  312. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  313.  
  314. [+] Accounting
  315. ------------------------------------
  316. - Checking accounting information... [ NOT FOUND ]
  317. - Checking auditd [ NOT FOUND ]
  318.  
  319. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  320.  
  321. [+] Time and Synchronization
  322. ------------------------------------
  323. - Checking running NTP daemon (ntpd)... [ NOT FOUND ]
  324. - Checking running NTP daemon (timed)... [ NOT FOUND ]
  325.  
  326. - Checking running NTP daemon (dntpd)... [ NOT FOUND ]
  327. - Checking NTP client in cron.d files... [ NOT FOUND ]
  328. - Checking for a running NTP daemon or client... [ WARNING ]
  329.  
  330. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  331.  
  332. [+] Cryptography
  333. ------------------------------------
  334. - Checking SSL certificate expiration... [ OK ]
  335.  
  336. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  337.  
  338. [+] Virtualization
  339. ------------------------------------
  340.  
  341. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  342.  
  343. [+] Security frameworks
  344. ------------------------------------
  345. - Checking presence AppArmor [ NOT FOUND ]
  346. - Checking presence SELinux [ NOT FOUND ]
  347. - Checking presence grsecurity [ NOT FOUND ]
  348. - Checking for implemented MAC framework [ NONE ]
  349.  
  350. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  351.  
  352. [+] Software: file integrity
  353. ------------------------------------
  354. - Checking file integrity tools...
  355. - AFICK... [ NOT FOUND ]
  356. - AIDE... [ NOT FOUND ]
  357. - Osiris... [ NOT FOUND ]
  358. - Samhain... [ NOT FOUND ]
  359. - Tripwire... [ NOT FOUND ]
  360. - OSSEC (syscheck)... [ NOT FOUND ]
  361. - Checking presence integrity tool... [ NOT FOUND ]
  362.  
  363. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  364.  
  365. [+] Software: Malware scanners
  366. ------------------------------------
  367. - Checking chkrootkit... [ NOT FOUND ]
  368. - Checking Rootkit Hunter... [ NOT FOUND ]
  369. - Checking ClamAV scanner... [ NOT FOUND ]
  370. - Checking ClamAV daemon... [ NOT FOUND ]
  371.  
  372. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  373.  
  374. [+] System Tools
  375. ------------------------------------
  376. - Starting file permissions check...
  377. /etc/lilo.conf [ NOT FOUND ]
  378. /root/.ssh [ NOT FOUND ]
  379.  
  380. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  381.  
  382. [+] Home directories
  383. ------------------------------------
  384. find: `/home': No such file or directory
  385. - Checking shell history files... [ OK ]
  386.  
  387. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  388.  
  389. [+] Kernel Hardening
  390. ------------------------------------
  391. - Comparing sysctl key pairs with scan profile...
  392. - kernel.core_uses_pid (exp: 1) [ DIFFERENT ]
  393. - kernel.ctrl-alt-del (exp: 0) [ OK ]
  394. - net.ipv4.conf.all.accept_redirects (exp: 0) [ DIFFERENT ]
  395. - net.ipv4.conf.all.accept_source_route (exp: 0) [ OK ]
  396. - net.ipv4.conf.all.bootp_relay (exp: 0) [ OK ]
  397. - net.ipv4.conf.all.forwarding (exp: 0) [ OK ]
  398. - net.ipv4.conf.all.log_martians (exp: 1) [ DIFFERENT ]
  399. - net.ipv4.conf.all.mc_forwarding (exp: 0) [ OK ]
  400. - net.ipv4.conf.all.proxy_arp (exp: 0) [ OK ]
  401. - net.ipv4.conf.all.rp_filter (exp: 1) [ OK ]
  402. - net.ipv4.conf.all.send_redirects (exp: 0) [ DIFFERENT ]
  403. - net.ipv4.conf.default.accept_redirects (exp: 0) [ DIFFERENT ]
  404. - net.ipv4.conf.default.accept_source_route (exp: 0) [ DIFFERENT ]
  405. - net.ipv4.conf.default.log_martians (exp: 1) [ DIFFERENT ]
  406. - net.ipv4.icmp_echo_ignore_broadcasts (exp: 1) [ OK ]
  407. - net.ipv4.icmp_ignore_bogus_error_responses (exp: 1) [ OK ]
  408. - net.ipv4.tcp_syncookies (exp: 1) [ OK ]
  409. - net.ipv4.tcp_timestamps (exp: 0) [ DIFFERENT ]
  410.  
  411. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  412.  
  413. [+] Hardening
  414. ------------------------------------
  415. - Installed compiler(s)... [ NOT FOUND ]
  416. - Installed malware scanner... [ NOT FOUND ]
  417.  
  418. [ Press [ENTER] to continue, or [CTRL]+C to stop ]
  419.  
  420. [+] Custom Tests
  421. ------------------------------------
  422. - Running custom tests... [ SKIPPED ]
  423.  
  424. ================================================================================
  425.  
  426. -[ Lynis 1.3.9 Results ]-
  427.  
  428. Tests performed: 142
  429.  
  430. Warnings:
  431. ----------------------------
  432. - grpck binary found errors in one or more group files [test:AUTH-9216]
  433. - Found multiple groups with same group ID [test:AUTH-9222]
  434. - Found inconsistencies in group file (multiple occurences of a single group) [test:AUTH-9226]
  435. - pwck found one or more errors/warnings in the password file [test:AUTH-9228]
  436. - No password set for single mode [test:AUTH-9308]
  437. - Found possible unused iptables rules (2 1 1 2) [test:FIRE-4513]
  438. - No logrotate configuration has been found [test:LOGG-2146]
  439. - No running NTP daemon or available client found [test:TIME-3104]
  440.  
  441. Suggestions:
  442. ----------------------------
  443. - Use a PAE enabled kernel when possible to gain native No eXecute/eXecute Disable support [test:KRNL-5677]
  444. - Run grpck manually and check your group files [test:AUTH-9216]
  445. - Check your /etc/group file and correct inconsistencies [test:AUTH-9222]
  446. - Check your /etc/group file and correct inconsistencies [test:AUTH-9226]
  447. - Run pwck manually and correct found issues. [test:AUTH-9228]
  448. - Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [test:AUTH-9262]
  449. - Set password for single user mode to minimize physical access attack surface [test:AUTH-9308]
  450. - The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [test:FILE-6410]
  451. - Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
  452. - Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
  453. - Split resolving between localhost and the hostname of the system [test:NAME-4406]
  454. - Install a package audit tool to determine vulnerable packages [test:PKGS-7398]
  455. - Check iptables rules to see which rules are currently not used (iptables --list --numeric --verbose) [test:FIRE-4513]
  456. - Check if files are properly rotated by a some tool instead of logrotate [test:LOGG-2146]
  457. - Add a legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126]
  458. - Enable auditd to collect audit information [test:ACCT-9628]
  459. - Check if any NTP daemon is running or a NTP client gets executed daily, to prevent big time differences and avoid problems with services like kerberos, authentication or logging differences. [test:TIME-3104]
  460. - Install a file integrity tool [test:FINT-4350]
  461. - One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000]
  462. - Harden the system by installing one or malware scanners to perform periodic file system scans [test:HRDN-7230]
  463. ================================================================================
  464. Files:
  465. - Test and debug information : /var/log/lynis.log
  466. - Report data : /var/log/lynis-report.dat
  467. ================================================================================
  468. Hardening index : [59] [########### ]
  469.  
  470. Enterprise support and plugins available via CISOfy - http://cisofy.com
  471. ================================================================================
  472. Tip: Disable all tests which are not relevant or are too strict for the
  473. purpose of this particular machine. This will remove unwanted suggestions
  474. and also boost the hardening index. Each test should be properly analyzed
  475. to see if the related risks can be accepted, before disabling the test.
  476. ================================================================================
  477. Lynis 1.3.9
  478. Copyright 2007-2014 - Michael Boelen, http://cisofy.com
  479. ================================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!