You are not logged in.
Pages: 1
Hi,
I tried to do a security check, for the first time ever . Any comment on the security report is welcome
Security scripts *** undetermined ***
Tue Jun 9 19:43:07 MSD 2009
19:43> Beginning security report for stovepipebox.localdomain (2009 Linux 2.6.29-ARCH).
# Performing check of passwd files...
# Checking entries from /etc/passwd.
--WARN-- [pass016w] User avahi has / as home directory
--WARN-- [pass016w] User dbus has / as home directory
--WARN-- [pass016w] User hal has / as home directory
--WARN-- [pass016w] User nobody has / as home directory
--WARN-- [pass016w] User policykit has / as home directory
--WARN-- [pass012w] Home directory / exists multiple times (5) in /etc/passwd.
--WARN-- [pass006w] Integrity of password files questionable (/usr/sbin/pwck
-r).
# Performing check of group files...
# Performing check of user accounts...
# Checking accounts from /etc/passwd.
--WARN-- [acc021w] Login ID http appears to be a dormant account.
--WARN-- [acc006w] Login ID mail's home directory (/var/spool/mail) has world
write access.
--WARN-- [acc021w] Login ID ntp appears to be a dormant account.
--WARN-- [acc021w] Login ID tomcat appears to be a dormant account.
# Performing check of /etc/hosts.equiv and .rhosts files...
# Checking accounts from /etc/passwd...
# Performing check of .netrc files...
# Checking accounts from /etc/passwd...
# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...
# Performing check of PATH components...
# Only checking user 'root'
# Performing check of anonymous FTP...
--WARN-- [ftp006w] Anonymous FTP enabled, but directory does not exist.
# Performing checks of mail aliases...
# Performing check of `cron' entries...
--WARN-- Unusual cron file `/var/spool/cron/root.pacsave' found.
--WARN-- [cron005w] Use of cron is not restricted
# Performing check of 'services' ...
# Checking services from /etc/services.
--WARN-- [inet003w] The port for service postgres is also assigned to service
postgresql.
--WARN-- [inet003w] The port for service postgres is also assigned to service
postgresql.
--WARN-- [inet003w] The port for service sane is also assigned to service
sane-port.
# Performing NFS exports check...
# Performing check of system file permissions...
# Checking for known intrusion signs...
# Testing for promiscuous interfaces with /sbin/ifconfig
# Testing for backdoors in inetd.conf
# Performing check of files in system mail spool...
# Performing check for rookits...
# Running chkrootkit (/usr/bin/chkrootkit) to perform further checks...
# Performing system specific checks...
# Performing checks for Linux/2...
# Checking for single user-mode password...
# Checking boot loader file permissions...
--WARN-- [boot01] The configuration file lilo.conf has group permissions
--FAIL-- [boot01] The configuration file lilo.conf has other permissions
--WARN-- [boot04] The bootloader lilo is not configured with a password
--WARN-- [boot02] The configuration file /boot/grub/menu.lst has group
permissions. Should be 0600
--FAIL-- [boot02] The configuration file /boot/grub/menu.lst has world
permissions. Should be 0600
--WARN-- [boot06] The Grub bootloader does not have a password configured.
# Checking for vulnerabilities in inittab configuration...
# Checking for correct umask settings for init scripts...
# Checking Logins not used on the system ...
# Checking network configuration
--WARN-- [lin012w] The system accepts ICMP redirection messages
--FAIL-- [lin014f] The system permits the transmission of IP packets with
invalid addresses
--FAIL-- [lin016f] The system permits source routing from incoming packets
--WARN-- [lin017w] The system is not configured to log suspicious (martian)
packets
--ERROR-- [init001e] Don't have required command IPTABLES.
# Verifying system specific password checks...
# Performing check of root directory...
# Checking device permissions...
--WARN-- [dev003w] The directory /dev/block resides in a device directory.
--WARN-- [dev003w] The directory /dev/bsg resides in a device directory.
--WARN-- [dev003w] The directory /dev/cd resides in a device directory.
--WARN-- [dev003w] The directory /dev/char resides in a device directory.
--FAIL-- [dev002f] /dev/fuse has world permissions
--FAIL-- [dev002f] /dev/log has world permissions
--FAIL-- [dev002f] /dev/nvidia0 has world permissions
--FAIL-- [dev002f] /dev/nvidiactl has world permissions
--FAIL-- [dev002f] /dev/ptmx has world permissions
--FAIL-- [dev002f] /dev/usbdev1.1 has world permissions
--FAIL-- [dev002f] /dev/usbdev2.1 has world permissions
# Checking for existence of log files...
--FAIL-- [logf005f] Log file /var/log/wtmp permission should be 644
--FAIL-- [logf005f] Log file /var/run/utmp permission should be 644
--FAIL-- [logf007f] Log file /var/log/messages does not exist
# Checking for correct umask settings...
# Checking listening processes
--ERROR-- [init001e] Don't have required command LSOF.
--WARN-- [lin002i] The process `cupsd' is listening on socket 631 (UDP) on
every interface.
--WARN-- [lin003w] The process `ktorrent' is listening on socket (TCP on
interface) is run by alexey.
--WARN-- [lin003w] The process `ktorrent' is listening on socket (UDP on
interface) is run by alexey.
--WARN-- [lin002i] The process `perl' is listening on socket 10000 (TCP) on
every interface.
--WARN-- [lin002i] The process `perl' is listening on socket 10000 (UDP) on
every interface.
# Checking sshd_config configuration files...
--FAIL-- [ssh005w] Cannot find a configuration file for SSH.
# Performing common access checks for root...
--FAIL-- [netw020f] There is no /etc/ftpusers file.
# Checking ntpd configuration...
--FAIL-- [netw014f] /etc/ntp.conf was not found.
# Checking unusual file names...
--ALERT-- [fsys005a] Unusual filename `.log' found:
-rw-r--r-- 1 alexey users 15907 Jul 10 2008 /home/alexey/LESHA/workspace/.metadata/.log
--ALERT-- [fsys005a] Unusual filename `._Chung Kuo 2.rm' found:
-rw-r--r-- 1 alexey users 82 May 8 2005 /home/alexey/common/Downloads/UpDown/Movies/Deployed/Chung Kuo/__MACOSX/Michelangelo Antonioni - Chung Kuo (Real Video)/._Chung Kuo 2.rm
--ALERT-- [fsys005a] Unusual filename `.log' found:
-rw-r--r-- 1 alexey users 154181 Jun 2 10:36 /home/alexey/workspace/.metadata/.log
--ALERT-- [fsys005a] Unusual filename `.log' found:
-rw-r--r-- 1 root root 2050 Apr 16 2008 /root/workspace/.metadata/.log
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 263 May 12 04:14 /usr/include/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 445 May 12 04:14 /usr/include/asm-generic/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 805 May 12 04:14 /usr/include/asm/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 3725 May 12 04:14 /usr/include/linux/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 387 May 12 04:14 /usr/include/linux/byteorder/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 342 May 12 04:14 /usr/include/linux/can/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 382 May 12 04:14 /usr/include/linux/dvb/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 336 May 12 04:14 /usr/include/linux/hdlc/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 338 May 12 04:14 /usr/include/linux/isdn/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 1031 May 12 04:14 /usr/include/linux/netfilter/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 409 May 12 04:14 /usr/include/linux/netfilter_arp/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 588 May 12 04:14 /usr/include/linux/netfilter_bridge/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 960 May 12 04:14 /usr/include/linux/netfilter_ipv4/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 640 May 12 04:14 /usr/include/linux/netfilter_ipv6/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 379 May 12 04:14 /usr/include/linux/nfsd/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 342 May 12 04:14 /usr/include/linux/raid/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 331 May 12 04:14 /usr/include/linux/spi/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 348 May 12 04:14 /usr/include/linux/sunrpc/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 404 May 12 04:14 /usr/include/linux/tc_act/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 410 May 12 04:14 /usr/include/linux/tc_ematch/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 387 May 12 04:14 /usr/include/linux/usb/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 343 May 12 04:14 /usr/include/linux/wimax/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 356 May 12 04:14 /usr/include/mtd/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 306 May 12 04:14 /usr/include/rdma/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 395 May 12 04:14 /usr/include/sound/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found:
-rw-r--r-- 1 root root 323 May 12 04:14 /usr/include/video/..install.cmd
# Looking for unusual device files...
--ALERT-- [fsys006a] Unexpected device files found:
lrwxrwxrwx 1 alexey users 8 Jun 7 2008 /home/alexey/.wine/dosdevices/e:: -> /dev/sr0
crw------- 1 root root 5, 1 Apr 9 13:35 /lib/udev/devices/console
crw-rw-rw- 1 root root 10, 229 Apr 9 13:35 /lib/udev/devices/fuse
crw-rw-rw- 1 root root 1, 11 Apr 9 13:35 /lib/udev/devices/kmsg
brw-rw---- 1 root disk 7, 0 Apr 9 13:35 /lib/udev/devices/loop/0
brw-rw---- 1 root disk 7, 1 Apr 9 13:35 /lib/udev/devices/loop/1
brw-rw---- 1 root disk 7, 2 Apr 9 13:35 /lib/udev/devices/loop/2
brw-rw---- 1 root disk 7, 3 Apr 9 13:35 /lib/udev/devices/loop/3
brw-rw---- 1 root disk 7, 4 Apr 9 13:35 /lib/udev/devices/loop/4
brw-rw---- 1 root disk 7, 5 Apr 9 13:35 /lib/udev/devices/loop/5
brw-rw---- 1 root disk 7, 6 Apr 9 13:35 /lib/udev/devices/loop/6
brw-rw---- 1 root disk 7, 7 Apr 9 13:35 /lib/udev/devices/loop/7
lrwxrwxrwx 1 root root 6 Apr 9 13:35 /lib/udev/devices/loop0 -> loop/0
lrwxrwxrwx 1 root root 6 Apr 9 13:35 /lib/udev/devices/loop1 -> loop/1
lrwxrwxrwx 1 root root 6 Apr 9 13:35 /lib/udev/devices/loop2 -> loop/2
lrwxrwxrwx 1 root root 6 Apr 9 13:35 /lib/udev/devices/loop3 -> loop/3
lrwxrwxrwx 1 root root 6 Apr 9 13:35 /lib/udev/devices/loop4 -> loop/4
lrwxrwxrwx 1 root root 6 Apr 9 13:35 /lib/udev/devices/loop5 -> loop/5
lrwxrwxrwx 1 root root 6 Apr 9 13:35 /lib/udev/devices/loop6 -> loop/6
lrwxrwxrwx 1 root root 6 Apr 9 13:35 /lib/udev/devices/loop7 -> loop/7
crw-rw-rw- 1 root root 10, 200 Apr 9 13:35 /lib/udev/devices/net/tun
crw-rw-rw- 1 root root 1, 3 Apr 9 13:35 /lib/udev/devices/null
crw------- 1 root root 108, 0 Apr 9 13:35 /lib/udev/devices/ppp
lrwxrwxrwx 1 root root 15 Apr 9 13:35 /lib/udev/devices/stderr -> /proc/self/fd/2
crw-rw---- 1 root root 1, 5 Apr 9 13:35 /lib/udev/devices/zero
# Checking symbolic links...
# Performing check of embedded pathnames...
19:50> Security report completed for stovepipebox.localdomain.
Offline
Pages: 1