Lynis - NEW Security and system auditing tool - Sicurezza Informatica

[15:54:01] ### Starting Lynis 1.1.0 with PID 28867, build date 9 April 2008 ### [15:54:01] ### Copyright 2007-2008 - Michael Boelen, htt*://[www].rootkit.nl/ ### [15:54:01] Program version: 1.1.0 [15:54:01] Operating system: Linux [15:54:02] Operating system version: 2.6.24-12-generic [15:54:02] Kernel version: 2.6.24-12-generic [15:54:02] Hardware platform: i686 [15:54:02] Hostname: ubuntu [15:54:02] Auditor: [Unknown] [15:54:02] Profile: default.prf [15:54:02] Log file: /var/log/lynis.log [15:54:02] Report file: /var/log/lynis-report.dat [15:54:02] Report version: 1.0 [15:54:02] ===-------------------------------------------------=== [15:54:03] Reading profile/configuration default.prf [15:54:03] ===-------------------------------------------------=== [15:54:03] Test: Checking for program update... [15:54:04] Current installed version : 110 [15:54:04] Latest stable version : 110 [15:54:04] No Lynis update available. [15:54:04] ===-------------------------------------------------=== [15:54:04] Start scanning for available audit binaries and tools... [15:54:04] Found /bin/ip [15:54:04] Found /bin/ls [15:54:04] Found /bin/lsmod [15:54:04] Found /bin/netstat [15:54:04] Found /bin/ps [15:54:04] Found /sbin/ip [15:54:04] Found /sbin/ifconfig [15:54:04] Found /sbin/lsmod [15:54:04] Found /usr/bin/find [15:54:04] Found /usr/bin/locate [15:54:04] Found /usr/bin/lsattr [15:54:04] Found /usr/bin/lsof [15:54:04] Found /usr/bin/lynx [15:54:04] Found /usr/bin/md5sum [15:54:04] Found /usr/bin/nmap [15:54:04] Found /usr/bin/openssl (version 0.9.8g) [15:54:04] Found /usr/bin/perl (version 5.8.8) [15:54:04] Found /usr/bin/rkhunter [15:54:04] Found /usr/bin/stat [15:54:04] Found /usr/bin/strings [15:54:04] Found /usr/bin/wget [15:54:04] Found /usr/sbin/chkrootkit [15:54:04] Found /usr/sbin/exim (version 4.69) [15:54:04] Found /usr/sbin/grpck [15:54:04] ===-------------------------------------------------=== [15:54:04] Test: Checking for presence grub conf file (/boot/grub/grub.conf or /boot/grub/menu.lst)... [15:54:04] Found file /boot/grub/menu.lst, proceeding with tests. [15:54:04] GRUB has password protection. [15:54:04] ===-------------------------------------------------=== [15:54:04] Test: checking for presence LILO configuration file... [15:54:04] Result: LILO configuration file not found. [15:54:04] ===-------------------------------------------------=== [15:54:04] Result: No chkconfig binary available, so skipping test [15:54:04] ===-------------------------------------------------=== [15:54:04] Checking default Linux run level... [15:54:04] Found default run level 'password --md5 $1$DIoES$b7e2***************** password --md5 $1$DIoES$b7e2*****************' [15:54:04] ===-------------------------------------------------=== [15:54:04] Checking CPU options (NX/PAE)... [15:54:04] Result: PAE and NoExecute found. [15:54:04] Suggestion: make sure a PAE enabled kernel is used when possible to gain native NX support. [15:54:04] ===-------------------------------------------------=== [15:54:04] Searching apt-cache, to determine if a newer Debian kernel is available [15:54:04] Using apt-cache to determine if there is an update available [15:54:04] Debian kernel installed: [15:54:04] Debian kernel candidate: [15:54:04] No kernel update available [15:54:04] ===-------------------------------------------------=== [15:54:04] Test: Searching /proc/meminfo [15:54:05] Result: Found 2595892 kB memory [15:54:05] ===-------------------------------------------------=== [15:54:07] Test: Searching accounts with UID 0 [15:54:07] Result: No accounts found with UID 0 other than root. [15:54:07] ===-------------------------------------------------=== [15:54:07] Test: Checking for grpck binary... [15:54:07] Result: grpck binary didn't find any errors in the group files [15:54:07] ===-------------------------------------------------=== [15:54:07] Test: Checking for non unique group ID's in /etc/group [15:54:07] Result: All group ID's are unique [15:54:08] ===-------------------------------------------------=== [15:54:08] Test: Checking for non unique group names in /etc/group [15:54:08] Result: All group names are unique [15:54:08] ===-------------------------------------------------=== [15:54:10] Test: History files type check [15:54:10] Description: History files type check [15:54:10] Result: Ok, history files are type 'file'. [15:54:10] Remarks: History files are normally of the type 'file'. Symbolic links and other types can be riskful [15:54:10] ===-------------------------------------------------=== [15:54:10] Test: Searching for /etc/shells... [15:54:10] Result: Found /etc/shells file [15:54:10] Test: Reading available shells from /etc/shells [15:54:10] Shell /bin/csh not installed. Probably a dummy or non existing shell. [15:54:10] Found installed shell: /bin/sh [15:54:10] Shell /usr/bin/es not installed. Probably a dummy or non existing shell. [15:54:10] Shell /usr/bin/ksh not installed. Probably a dummy or non existing shell. [15:54:10] Shell /bin/ksh not installed. Probably a dummy or non existing shell. [15:54:10] Shell /usr/bin/rc not installed. Probably a dummy or non existing shell. [15:54:10] Shell /usr/bin/tcsh not installed. Probably a dummy or non existing shell. [15:54:10] Shell /bin/tcsh not installed. Probably a dummy or non existing shell. [15:54:10] Shell /usr/bin/esh not installed. Probably a dummy or non existing shell. [15:54:10] Found installed shell: /bin/dash [15:54:10] Found installed shell: /bin/bash [15:54:10] Found installed shell: /bin/rbash [15:54:10] Found installed shell: /usr/bin/screen [15:54:10] ===-------------------------------------------------=== [15:54:12] Test: Searching for old files in /tmp... [15:54:12] Result: no files found in /tmp which are older than 3 months [15:54:12] ===-------------------------------------------------=== [15:54:12] Searching skel directory /etc/skel... [15:54:12] Result: Directory found, scanning for unsafe file permissions [15:54:12] Warning: The following files do have non restrictive permissions: /etc/skel/.bash_logout /etc/skel/.bashrc /etc/skel/.profile [15:54:12] Suggestion: remove the read, write or execute bit from these files (chmod o-rwx) [15:54:12] Status: BAD [15:54:12] Impact: MEDIUM [15:54:12] ===-------------------------------------------------=== [15:54:12] Searching skel directory /usr/share/skel... [15:54:12] Result: Skel directory (/usr/share/skel) not found [15:54:12] ===-------------------------------------------------=== [15:54:12] Test: Checking for sticky bit on /tmp directory. [15:54:12] Sticky bit (t) found on /tmp directory [15:54:12] Status: OK [15:54:12] ===-------------------------------------------------=== [15:54:14] Searching for security.debian.org/ubuntu[.com] in /etc/apt/sources.list file [15:54:14] Found deb htt*://security.ubuntu[.com]/ubuntu hardy-security main restricted deb-src htt*://security.ubuntu[.com]/ubuntu hardy-security main restricted deb htt*://security.ubuntu[.com]/ubuntu hardy-security universe deb-src htt*://security.ubuntu[.com]/ubuntu hardy-security universe deb htt*://security.ubuntu[.com]/ubuntu hardy-security multiverse deb-src htt*://security.ubuntu[.com]/ubuntu hardy-security multiverse in /etc/apt/sources.list [15:54:14] Status: OK [15:54:14] ===-------------------------------------------------=== [15:54:14] Searching pkg_info binary [15:54:14] Result: pkg_info can NOT be found on this system [15:54:14] ===-------------------------------------------------=== [15:54:14] Searching rpm binary [15:54:14] Result: rpm can NOT be found on this system [15:54:14] ===-------------------------------------------------=== [15:54:14] Searching dpkg binary [15:54:14] Found dpkg binary [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /usr/local/sbin [15:54:41] Directory /usr/local/sbin exists. Starting directory scanning... [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /usr/local/libexec [15:54:41] Directory /usr/local/libexec does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /usr/libexec [15:54:41] Directory /usr/libexec does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /usr/sfw/bin [15:54:41] Directory /usr/sfw/bin does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /usr/sfw/sbin [15:54:41] Directory /usr/sfw/sbin does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /usr/sfw/libexec [15:54:41] Directory /usr/sfw/libexec does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /opt/sfw/bin [15:54:41] Directory /opt/sfw/bin does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /opt/sfw/sbin [15:54:41] Directory /opt/sfw/sbin does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /opt/sfw/libexec [15:54:41] Directory /opt/sfw/libexec does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /usr/xpg4/bin [15:54:41] Directory /usr/xpg4/bin does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking binaries in directory /usr/css/bin [15:54:41] Directory /usr/css/bin does NOT exist. [15:54:41] ===-------------------------------------------------=== [15:54:41] Scanned directories: , /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, /usr/local/sbin [15:54:41] ===-------------------------------------------------=== [15:54:41] Test: Checking file permissions [15:54:41] Using profile default.prf for baseline. [15:54:41] Checking /etc/inetd.conf [15:54:41] Expected permissions: rw------- [15:54:41] Actual permissions: rw-r--r-- [15:54:41] Result: BAD [15:54:41] Checking /etc/lilo.conf [15:54:41] Expected permissions: rw------- [15:54:41] Actual permissions: rw-r--r-- [15:54:41] Result: FILE_NOT_FOUND [15:54:41] Checking /root/.ssh [15:54:41] Expected permissions: rw------- [15:54:41] Actual permissions: rw-r--r-- [15:54:41] Result: FILE_NOT_FOUND [15:54:41] ===-------------------------------------------------=== [15:54:42] Test: Searching for a logging daemon... [15:54:43] Result: Found a logging daemon [15:54:43] Status: OK [15:54:43] ===-------------------------------------------------=== [15:54:43] Test: Searching for a NTP daemon or client... [15:54:43] - Checking NTP client (ntpdate or rdate) in crontab file [15:54:43] Result: Found a time syncing daemon/client. [15:54:43] Status: OK [15:54:43] ===-------------------------------------------------=== [15:54:43] Test: Testing existence /etc/motd [15:54:43] Result: Test skipped [15:54:43] ===-------------------------------------------------=== [15:54:44] Test: Read real system users from /etc/passwd... [15:54:44] Linux real users output (ID > 500, but not 65534): [15:54:44] Real user: root,0 [15:54:44] Real user: altf4,1000 [15:54:44] Real user: avg,1001 [15:54:44] ===-------------------------------------------------=== [15:54:46] Lynis 1.1.0 ended successfully

Sembra che hai attivato AdBlock.

Sappiamo che le pubblicita' possono essere noiose. Ma questo e' il modo in cui paghiamo i nostri server per fornire contenuti gratuiti!.

Disattivalo per proseguire nella visualizzazione del sito