You are not logged in.

Pages: 1

#1 2009-06-09 15:59:11

Llama
Banned
From: St.-Petersburg, Russia
Registered: 2008-03-03
Posts: 1,379

tiger security report

Hi,

I tried to do a security check, for the first time ever smile . Any comment on the security report is welcome

Security scripts *** undetermined ***
Tue Jun  9 19:43:07 MSD 2009
19:43> Beginning security report for stovepipebox.localdomain (2009 Linux 2.6.29-ARCH).

# Performing check of passwd files...
# Checking entries from /etc/passwd.
--WARN-- [pass016w] User avahi has / as home directory 
--WARN-- [pass016w] User dbus has / as home directory 
--WARN-- [pass016w] User hal has / as home directory 
--WARN-- [pass016w] User nobody has / as home directory 
--WARN-- [pass016w] User policykit has / as home directory 
--WARN-- [pass012w] Home directory / exists multiple times (5) in /etc/passwd. 
--WARN-- [pass006w] Integrity of password files questionable (/usr/sbin/pwck 
         -r). 

# Performing check of group files...

# Performing check of user accounts...
# Checking accounts from /etc/passwd.
--WARN-- [acc021w] Login ID http appears to be a dormant account. 
--WARN-- [acc006w] Login ID mail's home directory (/var/spool/mail) has world 
         write access. 
--WARN-- [acc021w] Login ID ntp appears to be a dormant account. 
--WARN-- [acc021w] Login ID tomcat appears to be a dormant account. 

# Performing check of /etc/hosts.equiv and .rhosts files...

# Checking accounts from /etc/passwd...

# Performing check of .netrc files...

# Checking accounts from /etc/passwd...

# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...

# Performing check of PATH components...
# Only checking user 'root'

# Performing check of anonymous FTP...
--WARN-- [ftp006w] Anonymous FTP enabled, but directory does not exist. 

# Performing checks of mail aliases...

# Performing check of `cron' entries...
--WARN-- Unusual cron file `/var/spool/cron/root.pacsave' found.
--WARN-- [cron005w] Use of cron is not restricted 

# Performing check of 'services' ...
# Checking services from /etc/services.
--WARN-- [inet003w] The port for service postgres is also assigned to service 
         postgresql. 
--WARN-- [inet003w] The port for service postgres is also assigned to service 
         postgresql. 
--WARN-- [inet003w] The port for service sane is also assigned to service 
         sane-port. 

# Performing NFS exports check...

# Performing check of system file permissions...

# Checking for known intrusion signs...
# Testing for promiscuous interfaces with /sbin/ifconfig
# Testing for backdoors in inetd.conf

# Performing check of files in system mail spool...

# Performing check for rookits...
# Running chkrootkit (/usr/bin/chkrootkit) to perform further checks...

# Performing system specific checks...
# Performing checks for Linux/2...

# Checking for single user-mode password...

# Checking boot loader file permissions...
--WARN-- [boot01] The configuration file lilo.conf has group permissions 
--FAIL-- [boot01] The configuration file lilo.conf has other permissions 
--WARN-- [boot04] The bootloader lilo is not configured with a password 
--WARN-- [boot02] The configuration file /boot/grub/menu.lst has group 
         permissions. Should be 0600 
--FAIL-- [boot02] The configuration file /boot/grub/menu.lst has world 
         permissions. Should be 0600 
--WARN-- [boot06] The Grub bootloader does not have a password configured. 

# Checking for vulnerabilities in inittab configuration...

# Checking for correct umask settings for init scripts...

# Checking Logins not used on the system ...

# Checking network configuration
--WARN-- [lin012w] The system accepts ICMP redirection messages 
--FAIL-- [lin014f] The system permits the transmission of IP packets with 
         invalid addresses 
--FAIL-- [lin016f] The system permits source routing from incoming packets 
--WARN-- [lin017w] The system is not configured to log suspicious (martian) 
         packets 
--ERROR-- [init001e] Don't have required command IPTABLES.

# Verifying system specific password checks...

# Performing check of root directory...

# Checking device permissions...
--WARN-- [dev003w] The directory /dev/block resides in a device directory. 
--WARN-- [dev003w] The directory /dev/bsg resides in a device directory. 
--WARN-- [dev003w] The directory /dev/cd resides in a device directory. 
--WARN-- [dev003w] The directory /dev/char resides in a device directory. 
--FAIL-- [dev002f] /dev/fuse has world permissions 
--FAIL-- [dev002f] /dev/log has world permissions 
--FAIL-- [dev002f] /dev/nvidia0 has world permissions 
--FAIL-- [dev002f] /dev/nvidiactl has world permissions 
--FAIL-- [dev002f] /dev/ptmx has world permissions 
--FAIL-- [dev002f] /dev/usbdev1.1 has world permissions 
--FAIL-- [dev002f] /dev/usbdev2.1 has world permissions 

# Checking for existence of log files...
--FAIL-- [logf005f] Log file /var/log/wtmp permission should be 644 
--FAIL-- [logf005f] Log file /var/run/utmp permission should be 644 
--FAIL-- [logf007f] Log file /var/log/messages does not exist 

# Checking for correct umask settings...

# Checking listening processes 
--ERROR-- [init001e] Don't have required command LSOF.
--WARN-- [lin002i] The process `cupsd' is listening on socket 631 (UDP) on 
         every interface. 
--WARN-- [lin003w] The process `ktorrent' is listening on socket (TCP on 
         interface) is run by alexey. 
--WARN-- [lin003w] The process `ktorrent' is listening on socket (UDP on 
         interface) is run by alexey. 
--WARN-- [lin002i] The process `perl' is listening on socket 10000 (TCP) on 
         every interface. 
--WARN-- [lin002i] The process `perl' is listening on socket 10000 (UDP) on 
         every interface. 

# Checking sshd_config configuration files...
--FAIL-- [ssh005w] Cannot find a configuration file for SSH. 

# Performing common access checks for root...
--FAIL-- [netw020f] There is no /etc/ftpusers file. 

# Checking ntpd configuration...
--FAIL-- [netw014f] /etc/ntp.conf was not found. 

# Checking unusual file names...
--ALERT-- [fsys005a] Unusual filename `.log' found: 
-rw-r--r-- 1 alexey users 15907 Jul 10  2008 /home/alexey/LESHA/workspace/.metadata/.log
--ALERT-- [fsys005a] Unusual filename `._Chung Kuo 2.rm' found: 
-rw-r--r-- 1 alexey users 82 May  8  2005 /home/alexey/common/Downloads/UpDown/Movies/Deployed/Chung Kuo/__MACOSX/Michelangelo Antonioni - Chung Kuo (Real Video)/._Chung Kuo 2.rm
--ALERT-- [fsys005a] Unusual filename `.log' found: 
-rw-r--r-- 1 alexey users 154181 Jun  2 10:36 /home/alexey/workspace/.metadata/.log
--ALERT-- [fsys005a] Unusual filename `.log' found: 
-rw-r--r-- 1 root root 2050 Apr 16  2008 /root/workspace/.metadata/.log
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 263 May 12 04:14 /usr/include/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 445 May 12 04:14 /usr/include/asm-generic/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 805 May 12 04:14 /usr/include/asm/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 3725 May 12 04:14 /usr/include/linux/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 387 May 12 04:14 /usr/include/linux/byteorder/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 342 May 12 04:14 /usr/include/linux/can/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 382 May 12 04:14 /usr/include/linux/dvb/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 336 May 12 04:14 /usr/include/linux/hdlc/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 338 May 12 04:14 /usr/include/linux/isdn/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 1031 May 12 04:14 /usr/include/linux/netfilter/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 409 May 12 04:14 /usr/include/linux/netfilter_arp/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 588 May 12 04:14 /usr/include/linux/netfilter_bridge/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 960 May 12 04:14 /usr/include/linux/netfilter_ipv4/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 640 May 12 04:14 /usr/include/linux/netfilter_ipv6/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 379 May 12 04:14 /usr/include/linux/nfsd/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 342 May 12 04:14 /usr/include/linux/raid/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 331 May 12 04:14 /usr/include/linux/spi/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 348 May 12 04:14 /usr/include/linux/sunrpc/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 404 May 12 04:14 /usr/include/linux/tc_act/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 410 May 12 04:14 /usr/include/linux/tc_ematch/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 387 May 12 04:14 /usr/include/linux/usb/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 343 May 12 04:14 /usr/include/linux/wimax/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 356 May 12 04:14 /usr/include/mtd/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 306 May 12 04:14 /usr/include/rdma/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 395 May 12 04:14 /usr/include/sound/..install.cmd
--ALERT-- [fsys005a] Unusual filename `..install.cmd' found: 
-rw-r--r-- 1 root root 323 May 12 04:14 /usr/include/video/..install.cmd


# Looking for unusual device files...
--ALERT-- [fsys006a] Unexpected device files found: 
lrwxrwxrwx 1 alexey users 8 Jun  7  2008 /home/alexey/.wine/dosdevices/e:: -> /dev/sr0
crw------- 1 root root 5, 1 Apr  9 13:35 /lib/udev/devices/console
crw-rw-rw- 1 root root 10, 229 Apr  9 13:35 /lib/udev/devices/fuse
crw-rw-rw- 1 root root 1, 11 Apr  9 13:35 /lib/udev/devices/kmsg
brw-rw---- 1 root disk 7, 0 Apr  9 13:35 /lib/udev/devices/loop/0
brw-rw---- 1 root disk 7, 1 Apr  9 13:35 /lib/udev/devices/loop/1
brw-rw---- 1 root disk 7, 2 Apr  9 13:35 /lib/udev/devices/loop/2
brw-rw---- 1 root disk 7, 3 Apr  9 13:35 /lib/udev/devices/loop/3
brw-rw---- 1 root disk 7, 4 Apr  9 13:35 /lib/udev/devices/loop/4
brw-rw---- 1 root disk 7, 5 Apr  9 13:35 /lib/udev/devices/loop/5
brw-rw---- 1 root disk 7, 6 Apr  9 13:35 /lib/udev/devices/loop/6
brw-rw---- 1 root disk 7, 7 Apr  9 13:35 /lib/udev/devices/loop/7
lrwxrwxrwx 1 root root 6 Apr  9 13:35 /lib/udev/devices/loop0 -> loop/0
lrwxrwxrwx 1 root root 6 Apr  9 13:35 /lib/udev/devices/loop1 -> loop/1
lrwxrwxrwx 1 root root 6 Apr  9 13:35 /lib/udev/devices/loop2 -> loop/2
lrwxrwxrwx 1 root root 6 Apr  9 13:35 /lib/udev/devices/loop3 -> loop/3
lrwxrwxrwx 1 root root 6 Apr  9 13:35 /lib/udev/devices/loop4 -> loop/4
lrwxrwxrwx 1 root root 6 Apr  9 13:35 /lib/udev/devices/loop5 -> loop/5
lrwxrwxrwx 1 root root 6 Apr  9 13:35 /lib/udev/devices/loop6 -> loop/6
lrwxrwxrwx 1 root root 6 Apr  9 13:35 /lib/udev/devices/loop7 -> loop/7
crw-rw-rw- 1 root root 10, 200 Apr  9 13:35 /lib/udev/devices/net/tun
crw-rw-rw- 1 root root 1, 3 Apr  9 13:35 /lib/udev/devices/null
crw------- 1 root root 108, 0 Apr  9 13:35 /lib/udev/devices/ppp
lrwxrwxrwx 1 root root 15 Apr  9 13:35 /lib/udev/devices/stderr -> /proc/self/fd/2
crw-rw---- 1 root root 1, 5 Apr  9 13:35 /lib/udev/devices/zero


# Checking symbolic links...

# Performing check of embedded pathnames...
19:50> Security report completed for stovepipebox.localdomain.

Offline

Pages: 1

Board footer

Powered by FluxBB