Противодействие хакерским угрозам
Модераторы: Olej, adminn, vikos
-
Olej
- Писатель
- Сообщения: 21338
- Зарегистрирован: 24 сен 2011, 14:22
- Откуда: Харьков
-
Контактная информация:
Непрочитанное сообщение
Olej » 23 сен 2023, 16:07
Olej писал(а): ↑23 сен 2023, 01:39
tiger
Код: Выделить всё
olej@R420:~$ time sudo tiger
Tiger UN*X security checking system
Developed by Texas A&M University, 1994
Updated by the Advanced Research Corporation, 1999-2002
Further updated by Javier Fernandez-Sanguino, 2001-2018
Contributions by Francisco Manuel Garcia Claramonte, 2009-2010
Covered by the GNU General Public License (GPL)
Configuring...
Will try to check using config for 'x86_64' running Linux 5.15.0-84-generic...
--CONFIG-- [con005c] Using configuration files for Linux 5.15.0-84-generic. Using
configuration files for generic Linux 5.
Tiger security scripts *** 3.2.4rc1, 2018.02.10.20.30 ***
15:10> Beginning security report for R420.
15:10> Starting file systems scans in background...
15:10> Checking password files...
15:10> Checking group files...
15:10> Checking user accounts...
15:10> Checking .rhosts files...
15:10> Checking .netrc files...
15:10> Checking ttytab, securetty, and login configuration files...
15:10> Checking PATH settings...
15:10> Checking anonymous ftp setup...
15:10> Checking mail aliases...
15:10> Checking cron entries...
15:10> Checking 'inetd' configuration...
15:10> Checking 'tcpd' configuration...
15:10> Checking 'services' configuration...
15:10> Checking NFS export entries...
15:10> Checking permissions and ownership of system files...
--CONFIG-- [con010c] Filesystem 'fuse.portal' used by 'portal' is not recognised as a valid filesystem
15:10> Checking for indications of break-in...
--CONFIG-- [con010c] Filesystem 'fuse.portal' used by 'portal' is not recognised as a valid filesystem
15:10> Performing rootkit checks...
15:10> Performing system specific checks...
15:49> Performing root directory checks...
15:49> Checking for secure backup devices...
15:49> Checking for the presence of log files...
15:49> Checking for the setting of user's umask...
15:49> Checking for listening processes...
15:49> Checking SSHD's configuration...
15:49> Checking the printers control file...
15:49> Checking ftpusers configuration...
15:49> Checking NTP configuration...
15:49> Waiting for filesystems scans to complete...
15:49> Filesystems scans completed...
15:49> Performing check of embedded pathnames...
15:50> Security report completed for R420.
Security report is in `/var/log/tiger/security.report.R420.230923-15:10'.
real 40m32,321s
user 0m0,001s
sys 0m0,014s
Так вот не слабенько
Olej
-
Olej
- Писатель
- Сообщения: 21338
- Зарегистрирован: 24 сен 2011, 14:22
- Откуда: Харьков
-
Контактная информация:
Непрочитанное сообщение
Olej » 23 сен 2023, 16:10
Olej писал(а): ↑23 сен 2023, 01:48
lynis
Код: Выделить всё
olej@R420:~$ lynis -c
This option (-c) is deprecated.
Use: lynis audit system [options]
Код: Выделить всё
olej@R420:~$ lynis -h
[ Lynis 3.0.7 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2021, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
------------------------------------
Usage: lynis command [options]
Command:
audit
audit system : Perform local security scan
audit system remote <host> : Remote security scan
audit dockerfile <file> : Analyze Dockerfile
show
show : Show all commands
show version : Show Lynis version
show help : Show help
update
update info : Show update details
Options:
Alternative system audit modes
--forensics : Perform forensics on a running or mounted system
--pentest : Non-privileged, show points of interest for pentesting
Layout options
--no-colors : Don't use colors in output
--quiet (-q) : No output
--reverse-colors : Optimize color display for light backgrounds
--reverse-colours : Optimize colour display for light backgrounds
Misc options
--debug : Debug logging to screen
--no-log : Don't create a log file
--profile <profile> : Scan the system with the given profile file
--view-manpage (--man) : View man page
--verbose : Show more details on screen
--version (-V) : Display version number and quit
--wait : Wait between a set of tests
--slow-warning <seconds> : Threshold for slow test warning in seconds (default 10)
Enterprise options
--plugindir <path> : Define path of available plugins
--upload : Upload data to central node
More options available. Run '/usr/sbin/lynis show options', or use the man page.
Olej
-
Olej
- Писатель
- Сообщения: 21338
- Зарегистрирован: 24 сен 2011, 14:22
- Откуда: Харьков
-
Контактная информация:
Непрочитанное сообщение
Olej » 23 сен 2023, 17:13
Olej писал(а): ↑23 сен 2023, 16:07
Так вот не слабенько
Код: Выделить всё
olej@R420:~$ time sudo lynis audit system
[ Lynis 3.0.7 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2021, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
------------------------------------
- Detecting OS... [ DONE ]
- Checking profiles... [ DONE ]
- Detecting language and localization [ ru ]
---------------------------------------------------
Program version: 3.0.7
Operating system: Linux
Operating system name: Linux Mint
Operating system version: 21.2
Kernel version: 5.15.0
Hardware platform: x86_64
Hostname: R420
---------------------------------------------------
Profiles: /etc/lynis/default.prf
Log file: /var/log/lynis.log
Report file: /var/log/lynis-report.dat
Report version: 1.0
Plugin directory: /etc/lynis/plugins
---------------------------------------------------
Auditor: [Not Specified]
Language: ru
Test category: all
Test group: all
---------------------------------------------------
- Program update status... [ ОБНОВЛЕНИЙ НЕТ ]
[+] Системные утилиты
------------------------------------
- Scanning available tools...
- Checking system binaries...
[+] Plugins (Стадия 1)
------------------------------------
Примечание: плагины имеют более обширные тесты и могут занять несколько минут до завершения
- Plugin: debian
[
[+] Debian Tests
------------------------------------
- Checking for system binaries that are required by Debian Tests...
- Checking /bin... [ FOUND ]
- Checking /sbin... [ FOUND ]
- Checking /usr/bin... [ FOUND ]
- Checking /usr/sbin... [ FOUND ]
- Checking /usr/local/bin... [ FOUND ]
- Checking /usr/local/sbin... [ FOUND ]
- Authentication:
- PAM (Pluggable Authentication Modules):
[WARNING]: Test DEB-0001 had a long execution: 25.920806 seconds
- libpam-tmpdir [ Not Installed ]
- File System Checks:
- DM-Crypt, Cryptsetup & Cryptmount:
- Checking / on /dev/sda5 [ NOT ENCRYPTED ]
- Checking /home on /dev/nvme0n1p1 [ NOT ENCRYPTED ]
- Checking /home/olej/Загрузки on /dev/sdb2 [ NOT ENCRYPTED ]
- Checking /boot/efi on /dev/sda1 [ NOT ENCRYPTED ]
- Checking /mnt/sdc3 on /dev/sdc3 [ NOT ENCRYPTED ]
- Checking /mnt/sdc2 on /dev/sdc2 [ NOT ENCRYPTED ]
- Ecryptfs [ INSTALLED ]
- Home for olej [ NO ]
- Software:
- apt-listbugs [ Not Installed ]
- apt-listchanges [ Not Installed ]
- needrestart [ Not Installed ]
- fail2ban [ Not Installed ]
]
[+] Загрузка и сервисы
------------------------------------
- Service Manager [ systemd ]
- Checking UEFI boot [ ОТКЛЮЧЕНО ]
- Checking presence GRUB2 [ Найдено ]
- Checking for password protection [ Отсутствует ]
- Check running services (systemctl) [ Завершено ]
Result: found 48 running services
- Check enabled services at boot (systemctl) [ Завершено ]
Result: found 71 enabled services
- Check startup files (permissions) [ ОК ]
- Running 'systemd-analyze security'
- ModemManager.service: [ СРЕДНИЙ ]
- NetworkManager.service: [ УЯЗВИМО ]
- accounts-daemon.service: [ СРЕДНИЙ ]
- acpid.service: [ НЕБЕЗОПАСНО ]
- alsa-state.service: [ НЕБЕЗОПАСНО ]
- anacron.service: [ НЕБЕЗОПАСНО ]
- avahi-daemon.service: [ НЕБЕЗОПАСНО ]
- blueman-mechanism.service: [ НЕБЕЗОПАСНО ]
- colord.service: [ УЯЗВИМО ]
- cpufrequtils.service: [ НЕБЕЗОПАСНО ]
- cron.service: [ НЕБЕЗОПАСНО ]
- cups-browsed.service: [ НЕБЕЗОПАСНО ]
- cups.service: [ НЕБЕЗОПАСНО ]
- dbus.service: [ НЕБЕЗОПАСНО ]
- dm-event.service: [ НЕБЕЗОПАСНО ]
- dmesg.service: [ НЕБЕЗОПАСНО ]
- emergency.service: [ НЕБЕЗОПАСНО ]
- fancontrol.service: [ НЕБЕЗОПАСНО ]
- getty@tty7.service: [ НЕБЕЗОПАСНО ]
- glances.service: [ НЕБЕЗОПАСНО ]
- haveged.service: [ ЗАЩИЩЕНО ]
- hv-fcopy-daemon.service: [ НЕБЕЗОПАСНО ]
- hv-kvp-daemon.service: [ НЕБЕЗОПАСНО ]
- hv-vss-daemon.service: [ НЕБЕЗОПАСНО ]
- inetd.service: [ НЕБЕЗОПАСНО ]
- irqbalance.service: [ СРЕДНИЙ ]
- kerneloops.service: [ НЕБЕЗОПАСНО ]
- lightdm.service: [ НЕБЕЗОПАСНО ]
- loadcpufreq.service: [ НЕБЕЗОПАСНО ]
- lvm2-lvmpolld.service: [ НЕБЕЗОПАСНО ]
- lynis.service: [ НЕБЕЗОПАСНО ]
- mintsystem.service: [ НЕБЕЗОПАСНО ]
- networkd-dispatcher.service: [ НЕБЕЗОПАСНО ]
- nfs-blkmap.service: [ НЕБЕЗОПАСНО ]
- nfs-idmapd.service: [ НЕБЕЗОПАСНО ]
- nfs-mountd.service: [ НЕБЕЗОПАСНО ]
- nfsdcld.service: [ НЕБЕЗОПАСНО ]
- nginx.service: [ НЕБЕЗОПАСНО ]
- nscd.service: [ НЕБЕЗОПАСНО ]
- packagekit.service: [ НЕБЕЗОПАСНО ]
- plymouth-start.service: [ НЕБЕЗОПАСНО ]
- polkit.service: [ НЕБЕЗОПАСНО ]
- postfix@-.service: [ НЕБЕЗОПАСНО ]
- pure-ftpd.service: [ НЕБЕЗОПАСНО ]
- rc-local.service: [ НЕБЕЗОПАСНО ]
- rescue.service: [ НЕБЕЗОПАСНО ]
- rngd.service: [ НЕБЕЗОПАСНО ]
- rpc-gssd.service: [ НЕБЕЗОПАСНО ]
- rpc-statd-notify.service: [ НЕБЕЗОПАСНО ]
- rpc-statd.service: [ НЕБЕЗОПАСНО ]
- rpc-svcgssd.service: [ НЕБЕЗОПАСНО ]
- rpcbind.service: [ НЕБЕЗОПАСНО ]
- rsync.service: [ УЯЗВИМО ]
- rsyslog.service: [ НЕБЕЗОПАСНО ]
- rtkit-daemon.service: [ СРЕДНИЙ ]
- smartmontools.service: [ НЕБЕЗОПАСНО ]
- ssh.service: [ НЕБЕЗОПАСНО ]
- switcheroo-control.service: [ УЯЗВИМО ]
- sysfsutils.service: [ НЕБЕЗОПАСНО ]
- systemd-ask-password-console.service: [ НЕБЕЗОПАСНО ]
- systemd-ask-password-plymouth.service: [ НЕБЕЗОПАСНО ]
- systemd-ask-password-wall.service: [ НЕБЕЗОПАСНО ]
- systemd-fsckd.service: [ НЕБЕЗОПАСНО ]
- systemd-initctl.service: [ НЕБЕЗОПАСНО ]
- systemd-journald.service: [ ЗАЩИЩЕНО ]
- systemd-logind.service: [ ЗАЩИЩЕНО ]
- systemd-networkd.service: [ ЗАЩИЩЕНО ]
- systemd-resolved.service: [ ЗАЩИЩЕНО ]
- systemd-rfkill.service: [ НЕБЕЗОПАСНО ]
- systemd-timesyncd.service: [ ЗАЩИЩЕНО ]
- systemd-udevd.service: [ СРЕДНИЙ ]
- thermald.service: [ НЕБЕЗОПАСНО ]
- tor@default.service: [ СРЕДНИЙ ]
- touchegg.service: [ НЕБЕЗОПАСНО ]
- ubuntu-advantage.service: [ НЕБЕЗОПАСНО ]
- udisks2.service: [ НЕБЕЗОПАСНО ]
- uml-utilities.service: [ НЕБЕЗОПАСНО ]
- upower.service: [ ЗАЩИЩЕНО ]
- user@1000.service: [ НЕБЕЗОПАСНО ]
- uuidd.service: [ ЗАЩИЩЕНО ]
- virtualbox-guest-utils.service: [ НЕБЕЗОПАСНО ]
- virtualbox.service: [ НЕБЕЗОПАСНО ]
- wpa_supplicant.service: [ НЕБЕЗОПАСНО ]
- yggdrasil.service: [ СРЕДНИЙ ]
[+] Ядро
------------------------------------
- Checking default run level [ RUNLEVEL 5 ]
- Checking CPU support (NX/PAE)
CPU support: PAE and/or NoeXecute supported [ Найдено ]
- Checking kernel version and release [ Завершено ]
- Checking kernel type [ Завершено ]
- Checking loaded kernel modules [ Завершено ]
Found 103 active modules
- Checking Linux kernel configuration file [ Найдено ]
- Checking default I/O kernel scheduler [ НЕ НАЙДЕНО ]
- Checking for available kernel update [ ОК ]
- Checking core dumps configuration
- configuration in systemd conf files [ ПО УМОЛЧАНИЮ ]
- configuration in etc/profile [ ПО УМОЛЧАНИЮ ]
- 'hard' configuration in security/limits.conf [ ПО УМОЛЧАНИЮ ]
- 'soft' configuration in security/limits.conf [ ПО УМОЛЧАНИЮ ]
- Checking setuid core dumps configuration [ ЗАЩИЩЕНО ]
- Check if reboot is needed [ НЕТ ]
[+] Память и процессы
------------------------------------
- Checking /proc/meminfo [ Найдено ]
- Searching for dead/zombie processes [ НЕ НАЙДЕНО ]
- Searching for IO waiting processes [ НЕ НАЙДЕНО ]
- Search prelink tooling [ НЕ НАЙДЕНО ]
[+] Пользователи, группы и Аутентификация
------------------------------------
- Administrator accounts [ ОК ]
- Unique UIDs [ ОК ]
- Consistency of group files (grpck) [ ОК ]
- Unique group IDs [ ОК ]
- Unique group names [ ОК ]
- Password file consistency [ ОК ]
- Password hashing methods [ ПРЕДЛОЖЕНИЕ ]
- Checking password hashing rounds [ ОТКЛЮЧЕНО ]
- Query system users (non daemons) [ Завершено ]
- NIS+ authentication support [ НЕ ВКЛЮЧЕНО ]
- NIS authentication support [ НЕ ВКЛЮЧЕНО ]
- Sudoers file(s) [ Найдено ]
- Permissions for directory: /etc/sudoers.d [ ПРЕДУПРЕЖДЕНИЕ ]
- Permissions for: /etc/sudoers [ ОК ]
- Permissions for: /etc/sudoers.d/README [ ОК ]
- Permissions for: /etc/sudoers.d/0pwfeedback [ ОК ]
- Permissions for: /etc/sudoers.d/mintupdate [ ОК ]
- Permissions for: /etc/sudoers.d/mintdrivers [ ОК ]
- PAM password strength tools [ ПРЕДЛОЖЕНИЕ ]
- PAM configuration files (pam.conf) [ Найдено ]
- PAM configuration files (pam.d) [ Найдено ]
- PAM modules [ Найдено ]
- LDAP module in PAM [ НЕ НАЙДЕНО ]
- Accounts without expire date [ ПРЕДЛОЖЕНИЕ ]
- Accounts without password [ ОК ]
- Locked accounts [ ОК ]
- Checking user password aging (minimum) [ ОТКЛЮЧЕНО ]
- User password aging (maximum) [ ОТКЛЮЧЕНО ]
- Checking expired passwords [ ОК ]
- Checking Linux single user mode authentication [ ОК ]
- Determining default umask
- umask (/etc/profile) [ НЕ НАЙДЕНО ]
- umask (/etc/login.defs) [ ПРЕДЛОЖЕНИЕ ]
- LDAP authentication support [ НЕ ВКЛЮЧЕНО ]
- Logging failed login attempts [ ВКЛЮЧЕНО ]
[+] Командные оболочки
------------------------------------
- Checking shells from /etc/shells
Result: found 8 shells (valid shells: 8).
- Session timeout settings/tools [ Отсутствует ]
- Checking default umask values
- Checking default umask in /etc/bash.bashrc [ Отсутствует ]
- Checking default umask in /etc/profile [ Отсутствует ]
[+] Файловые системы
------------------------------------
- Checking mount points
- Checking /home mount point [ ОК ]
- Checking /tmp mount point [ ПРЕДЛОЖЕНИЕ ]
- Checking /var mount point [ ПРЕДЛОЖЕНИЕ ]
- Query swap partitions (fstab) [ ОК ]
- Testing swap partitions [ ОК ]
- Testing /proc mount (hidepid) [ ПРЕДЛОЖЕНИЕ ]
- Checking for old files in /tmp [ ОК ]
- Checking /tmp sticky bit [ ОК ]
- Checking /var/tmp sticky bit [ ОК ]
- ACL support root file system [ ВКЛЮЧЕНО ]
- Mount options of / [ НЕ ПО УМОЛЧАНИЮ ]
- Mount options of /dev [ ЧАСТИЧНО УСИЛЕНО ]
- Mount options of /dev/shm [ ЧАСТИЧНО УСИЛЕНО ]
- Mount options of /home [ ПО УМОЛЧАНИЮ ]
- Mount options of /run [ УСИЛЕНО ]
- Total without nodev:10 noexec:14 nosuid:8 ro or noexec (W^X): 14 of total 33
- Checking Locate database [ НЕ НАЙДЕНО ]
- Disable kernel support of some filesystems
[+] USB Устройства
------------------------------------
- Checking usb-storage driver (modprobe config) [ НЕ ОТКЛЮЧЕНО ]
- Checking USB devices authorization [ ВКЛЮЧЕНО ]
- Checking USBGuard [ НЕ НАЙДЕНО ]
[+] Хранилище
------------------------------------
- Checking firewire ohci driver (modprobe config) [ ОТКЛЮЧЕНО ]
[+] NFS
------------------------------------
- Query rpc registered programs [ Завершено ]
- Query NFS versions [ Завершено ]
- Query NFS protocols [ Завершено ]
- Check running NFS daemon [ Найдено ]
- Checking /etc/exports [ Найдено ]
- Checking NFS client access [ ОК ]
[+] Серверы имён
------------------------------------
- Checking search domains [ Найдено ]
- Checking /etc/resolv.conf options [ Найдено ]
- Searching DNS domain name [ НЕИЗВЕСТНО ]
- Checking nscd status [ ЗАПУЩЕНО ]
- Checking /etc/hosts
- Duplicate entries in hosts file [ Отсутствует ]
- Presence of configured hostname in /etc/hosts [ Найдено ]
- Hostname mapped to localhost [ НЕ НАЙДЕНО ]
- Localhost mapping to IP address [ ОК ]
[+] Пакеты
------------------------------------
- Searching package managers
- Searching dpkg package manager [ Найдено ]
- Querying package manager
[WARNING]: Test PKGS-7345 had a long execution: 24.814855 seconds
- Query unpurged packages [ Отсутствует ]
- Checking security repository in sources.list.d directory [ ОК ]
- Checking APT package database [ ОК ]
W: https://repo.skype.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
- Checking vulnerable packages [ ОК ]
[WARNING]: Test PKGS-7392 had a long execution: 10.895952 seconds
- Checking upgradeable packages [ ПРОПУЩЕНО ]
- Checking package audit tool [ УСТАНОВЛЕНО ]
Found: apt-check
- Toolkit for automatic upgrades [ НЕ НАЙДЕНО ]
[+] Сети
------------------------------------
- Checking IPv6 configuration [ ВКЛЮЧЕНО ]
Configuration method [ AUTO ]
IPv6 only [ НЕТ ]
- Checking configured nameservers
- Testing nameservers
Nameserver: 127.0.0.53 [ ОК ]
- DNSSEC supported (systemd-resolved) [ НЕТ ]
- Checking default gateway [ Завершено ]
- Getting listening ports (TCP/UDP) [ Завершено ]
- Checking promiscuous interfaces [ ОК ]
- Checking waiting connections [ ОК ]
- Checking status DHCP client
- Checking for ARP monitoring software [ НЕ НАЙДЕНО ]
- Uncommon network protocols [ 0 ]
[+] Принтеры и спулеры
------------------------------------
- Checking cups daemon [ ЗАПУЩЕНО ]
- Checking CUPS configuration file [ ОК ]
- File permissions [ ПРЕДУПРЕЖДЕНИЕ ]
- Checking CUPS addresses/sockets [ Найдено ]
- Checking lp daemon [ НЕ ЗАПУЩЕНО ]
[+] Программное обеспечение: e-mail и отправка сообщений
------------------------------------
- Postfix status [ ЗАПУЩЕНО ]
- Postfix configuration [ Найдено ]
- Postfix banner [ ПРЕДУПРЕЖДЕНИЕ ]
[+] Программное обеспечение: firewall
------------------------------------
- Checking iptables kernel module [ Найдено ]
- Checking iptables policies of chains [ Найдено ]
- Checking for empty ruleset [ ПРЕДУПРЕЖДЕНИЕ ]
- Checking for unused rules [ ОК ]
- Checking host based firewall [ АКТИВЕН ]
[+] Программное обеспечение: веб-серверы
------------------------------------
- Checking Apache [ НЕ НАЙДЕНО ]
- Checking nginx [ Найдено ]
- Searching nginx configuration file [ Найдено ]
- Found nginx includes [ 8 FOUND ]
- Parsing configuration options
- /etc/nginx/nginx.conf
- /etc/nginx/modules-enabled/50-mod-http-geoip2.conf
- /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
- /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
- /etc/nginx/modules-enabled/50-mod-mail.conf
- /etc/nginx/modules-enabled/50-mod-stream.conf
- /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf
- /etc/nginx/sites-enabled/default
- SSL configured [ НЕТ ]
- Checking log file configuration
- Missing log files (access_log) [ НЕТ ]
- Disabled access logging [ НЕТ ]
- Missing log files (error_log) [ НЕТ ]
- Debugging mode on error_log [ НЕТ ]
[+] Поддержка SSH
------------------------------------
- Checking running SSH daemon [ Найдено ]
- Searching SSH configuration [ Найдено ]
- OpenSSH option: AllowTcpForwarding [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: ClientAliveCountMax [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: ClientAliveInterval [ ОК ]
- OpenSSH option: Compression [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: FingerprintHash [ ОК ]
- OpenSSH option: GatewayPorts [ ОК ]
- OpenSSH option: IgnoreRhosts [ ОК ]
- OpenSSH option: LoginGraceTime [ ОК ]
- OpenSSH option: LogLevel [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: MaxAuthTries [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: MaxSessions [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: PermitRootLogin [ ОК ]
- OpenSSH option: PermitUserEnvironment [ ОК ]
- OpenSSH option: PermitTunnel [ ОК ]
- OpenSSH option: Port [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: PrintLastLog [ ОК ]
- OpenSSH option: StrictModes [ ОК ]
- OpenSSH option: TCPKeepAlive [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: UseDNS [ ОК ]
- OpenSSH option: X11Forwarding [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: AllowAgentForwarding [ ПРЕДЛОЖЕНИЕ ]
- OpenSSH option: AllowUsers [ НЕ НАЙДЕНО ]
- OpenSSH option: AllowGroups [ НЕ НАЙДЕНО ]
[+] Поддержка SNMP
------------------------------------
- Checking running SNMP daemon [ НЕ НАЙДЕНО ]
[+] Базы данных
------------------------------------
No database engines found
[+] Сервисы LDAP
------------------------------------
- Checking OpenLDAP instance [ НЕ НАЙДЕНО ]
[+] PHP
------------------------------------
- Checking PHP [ НЕ НАЙДЕНО ]
[+] Поддержка Squid
------------------------------------
- Checking running Squid daemon [ НЕ НАЙДЕНО ]
[+] Логирование и файлы
------------------------------------
- Checking for a running log daemon [ ОК ]
- Checking Syslog-NG status [ НЕ НАЙДЕНО ]
- Checking systemd journal status [ Найдено ]
- Checking Metalog status [ НЕ НАЙДЕНО ]
- Checking RSyslog status [ Найдено ]
- Checking RFC 3195 daemon status [ НЕ НАЙДЕНО ]
- Checking minilogd instances [ НЕ НАЙДЕНО ]
- Checking logrotate presence [ ОК ]
- Checking remote logging [ НЕ ВКЛЮЧЕНО ]
- Checking log directories (static list) [ Завершено ]
- Checking open log files [ Завершено ]
- Checking deleted files in use [ ФАЙЛЫ НАЙДЕНЫ ]
[+] Небезопасные сервисы
------------------------------------
- Installed inetd package [ НЕ НАЙДЕНО ]
- Checking enabled inetd services [ ОК ]
- Installed xinetd package [ ОК ]
- xinetd status
- Installed rsh client package [ ОК ]
- Installed rsh server package [ ОК ]
- Installed telnet client package [ ОК ]
- Installed telnet server package [ НЕ НАЙДЕНО ]
- Checking NIS client installation [ ОК ]
- Checking NIS server installation [ ОК ]
- Checking TFTP client installation [ ОК ]
- Checking TFTP server installation [ ОК ]
[+] Баннеры и идентификаторы
------------------------------------
- /etc/issue [ Найдено ]
- /etc/issue contents [ СЛАБЫЙ ]
- /etc/issue.net [ Найдено ]
- /etc/issue.net contents [ СЛАБЫЙ ]
[+] Запланированные задачи
------------------------------------
- Checking crontab and cronjob files [ Завершено ]
[+] Учёт
------------------------------------
- Checking accounting information [ НЕ НАЙДЕНО ]
- Checking sysstat accounting data [ ОТКЛЮЧЕНО ]
- Checking auditd [ НЕ НАЙДЕНО ]
[+] Время и его синхронизация
------------------------------------
- NTP daemon found: systemd (timesyncd) [ Найдено ]
- Checking for a running NTP daemon or client [ ОК ]
- Last time synchronization [ 445s ]
[+] Криптография
------------------------------------
- Checking for expired SSL certificates [0/142] [ Отсутствует ]
[WARNING]: Test CRYP-7902 had a long execution: 66.043774 seconds
- Found 0 encrypted and 1 unencrypted swap devices in use. [ OK ]
- Kernel entropy is sufficient [ ДА ]
- HW RNG & rngd [ НЕТ ]
- SW prng [ ДА ]
- MOR variable not found [ СЛАБЫЙ ]
[+] Виртуализация
------------------------------------
[+] Контейнеры
------------------------------------
[+] Фреймворки
------------------------------------
- Checking presence AppArmor [ Найдено ]
- Checking AppArmor status [ ВКЛЮЧЕНО ]
Found 200 unconfined processes
- Checking presence SELinux [ НЕ НАЙДЕНО ]
- Checking presence TOMOYO Linux [ НЕ НАЙДЕНО ]
- Checking presence grsecurity [ НЕ НАЙДЕНО ]
- Checking for implemented MAC framework [ ОК ]
[+] Программное обеспечение: целостность файлов
------------------------------------
- Checking file integrity tools
- Tripwire [ Найдено ]
- dm-integrity (status) [ ОТКЛЮЧЕНО ]
- dm-verity (status) [ ОТКЛЮЧЕНО ]
- Checking presence integrity tool [ Найдено ]
[+] SПрограммное обеспечение: системные инструменты
------------------------------------
- Checking automation tooling
- Automation tooling [ НЕ НАЙДЕНО ]
- Checking for IDS/IPS tooling [ Отсутствует ]
[+] Вредоносное ПО
------------------------------------
- Проверка chkrootkit [ Найдено ]
- Проверка Rootkit Hunter [ Найдено ]
- Malware software components [ Найдено ]
- Active agent [ НЕ НАЙДЕНО ]
- Rootkit scanner [ Найдено ]
[+] Права доступа к файлам
------------------------------------
- Starting file permissions check
File: /boot/grub/grub.cfg [ ОК ]
File: /etc/crontab [ ПРЕДЛОЖЕНИЕ ]
File: /etc/group [ ОК ]
File: /etc/group- [ ОК ]
File: /etc/hosts.allow [ ОК ]
File: /etc/hosts.deny [ ОК ]
File: /etc/issue [ ОК ]
File: /etc/issue.net [ ОК ]
File: /etc/passwd [ ОК ]
File: /etc/passwd- [ ОК ]
File: /etc/ssh/sshd_config [ ПРЕДЛОЖЕНИЕ ]
Directory: /root/.ssh [ ОК ]
Directory: /etc/cron.d [ ПРЕДЛОЖЕНИЕ ]
Directory: /etc/cron.daily [ ПРЕДЛОЖЕНИЕ ]
Directory: /etc/cron.hourly [ ПРЕДЛОЖЕНИЕ ]
Directory: /etc/cron.weekly [ ПРЕДЛОЖЕНИЕ ]
Directory: /etc/cron.monthly [ ПРЕДЛОЖЕНИЕ ]
[+] Домашние директории
------------------------------------
- Permissions of home directories [ ПРЕДУПРЕЖДЕНИЕ ]
- Ownership of home directories [ ОК ]
- Checking shell history files [ ОК ]
[+] УСиления ядра
------------------------------------
- Comparing sysctl key pairs with scan profile
- dev.tty.ldisc_autoload (exp: 0) [ ОТЛИЧАЕТСЯ ]
- fs.protected_fifos (exp: 2) [ ОТЛИЧАЕТСЯ ]
- fs.protected_hardlinks (exp: 1) [ ОК ]
- fs.protected_regular (exp: 2) [ ОК ]
- fs.protected_symlinks (exp: 1) [ ОК ]
- fs.suid_dumpable (exp: 0) [ ОТЛИЧАЕТСЯ ]
- kernel.core_uses_pid (exp: 1) [ ОК ]
- kernel.ctrl-alt-del (exp: 0) [ ОК ]
- kernel.dmesg_restrict (exp: 1) [ ОТЛИЧАЕТСЯ ]
- kernel.kptr_restrict (exp: 2) [ ОТЛИЧАЕТСЯ ]
- kernel.modules_disabled (exp: 1) [ ОТЛИЧАЕТСЯ ]
- kernel.perf_event_paranoid (exp: 3) [ ОТЛИЧАЕТСЯ ]
- kernel.randomize_va_space (exp: 2) [ ОК ]
- kernel.sysrq (exp: 0) [ ОТЛИЧАЕТСЯ ]
- kernel.unprivileged_bpf_disabled (exp: 1) [ ОТЛИЧАЕТСЯ ]
- kernel.yama.ptrace_scope (exp: 1 2 3) [ ОК ]
- net.core.bpf_jit_harden (exp: 2) [ ОТЛИЧАЕТСЯ ]
- net.ipv4.conf.all.accept_redirects (exp: 0) [ ОТЛИЧАЕТСЯ ]
- net.ipv4.conf.all.accept_source_route (exp: 0) [ ОК ]
- net.ipv4.conf.all.bootp_relay (exp: 0) [ ОК ]
- net.ipv4.conf.all.forwarding (exp: 0) [ ОК ]
- net.ipv4.conf.all.log_martians (exp: 1) [ ОТЛИЧАЕТСЯ ]
- net.ipv4.conf.all.mc_forwarding (exp: 0) [ ОК ]
- net.ipv4.conf.all.proxy_arp (exp: 0) [ ОК ]
- net.ipv4.conf.all.rp_filter (exp: 1) [ ОТЛИЧАЕТСЯ ]
- net.ipv4.conf.all.send_redirects (exp: 0) [ ОТЛИЧАЕТСЯ ]
- net.ipv4.conf.default.accept_redirects (exp: 0) [ ОТЛИЧАЕТСЯ ]
- net.ipv4.conf.default.accept_source_route (exp: 0) [ ОК ]
- net.ipv4.conf.default.log_martians (exp: 1) [ ОТЛИЧАЕТСЯ ]
- net.ipv4.icmp_echo_ignore_broadcasts (exp: 1) [ ОК ]
- net.ipv4.icmp_ignore_bogus_error_responses (exp: 1) [ ОК ]
- net.ipv4.tcp_syncookies (exp: 1) [ ОК ]
- net.ipv4.tcp_timestamps (exp: 0 1) [ ОК ]
- net.ipv6.conf.all.accept_redirects (exp: 0) [ ОТЛИЧАЕТСЯ ]
- net.ipv6.conf.all.accept_source_route (exp: 0) [ ОК ]
- net.ipv6.conf.default.accept_redirects (exp: 0) [ ОТЛИЧАЕТСЯ ]
- net.ipv6.conf.default.accept_source_route (exp: 0) [ ОК ]
[+] Усиление
------------------------------------
- Installed compiler(s) [ Найдено ]
- Installed malware scanner [ Найдено ]
- Non-native binary formats [ Найдено ]
[+] Пользовательские тесты
------------------------------------
- Running custom tests... [ Отсутствует ]
[+] Plugins (Стадия 2)
------------------------------------
================================================================================
-[ Lynis 3.0.7 Results ]-
Warnings (2):
----------------------------
! Found some information disclosure in SMTP banner (OS or software name) [MAIL-8818]
https://cisofy.com/lynis/controls/MAIL-8818/
! iptables module(s) loaded, but no rules active [FIRE-4512]
https://cisofy.com/lynis/controls/FIRE-4512/
Suggestions (56):
----------------------------
* This release is more than 4 months old. Check the website or GitHub to see if there is an update available. [LYNIS]
https://cisofy.com/lynis/controls/LYNIS/
* Install libpam-tmpdir to set $TMP and $TMPDIR for PAM sessions [DEB-0280]
https://cisofy.com/lynis/controls/DEB-0280/
* As root run 'ecryptfs-migrate-home --user olej' to configure Ecryptfs for user's home directory [DEB-0520]
https://cisofy.com/lynis/controls/DEB-0520/
* Install apt-listbugs to display a list of critical bugs prior to each APT installation. [DEB-0810]
https://cisofy.com/lynis/controls/DEB-0810/
* Install apt-listchanges to display any significant changes prior to any upgrade via APT. [DEB-0811]
https://cisofy.com/lynis/controls/DEB-0811/
* Install needrestart, alternatively to debian-goodies, so that you can run needrestart after upgrades to determine which daemons are using old versions of libraries and need restarting. [DEB-0831]
https://cisofy.com/lynis/controls/DEB-0831/
* Install fail2ban to automatically ban hosts that commit multiple authentication errors. [DEB-0880]
https://cisofy.com/lynis/controls/DEB-0880/
* Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122]
https://cisofy.com/lynis/controls/BOOT-5122/
* Consider hardening system services [BOOT-5264]
- Details : Run '/usr/bin/systemd-analyze security SERVICE' for each service
https://cisofy.com/lynis/controls/BOOT-5264/
* If not required, consider explicit disabling of core dump in /etc/security/limits.conf file [KRNL-5820]
https://cisofy.com/lynis/controls/KRNL-5820/
* Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values [AUTH-9229]
https://cisofy.com/lynis/controls/AUTH-9229/
* Configure password hashing rounds in /etc/login.defs [AUTH-9230]
https://cisofy.com/lynis/controls/AUTH-9230/
* Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [AUTH-9262]
https://cisofy.com/lynis/controls/AUTH-9262/
* When possible set expire dates for all password protected accounts [AUTH-9282]
https://cisofy.com/lynis/controls/AUTH-9282/
* Configure minimum password age in /etc/login.defs [AUTH-9286]
https://cisofy.com/lynis/controls/AUTH-9286/
* Configure maximum password age in /etc/login.defs [AUTH-9286]
https://cisofy.com/lynis/controls/AUTH-9286/
* Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328]
https://cisofy.com/lynis/controls/AUTH-9328/
* To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310]
https://cisofy.com/lynis/controls/FILE-6310/
* To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310]
https://cisofy.com/lynis/controls/FILE-6310/
* The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [FILE-6410]
https://cisofy.com/lynis/controls/FILE-6410/
* Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [USB-1000]
https://cisofy.com/lynis/controls/USB-1000/
* Check DNS configuration for the dns domain name [NAME-4028]
https://cisofy.com/lynis/controls/NAME-4028/
* Install debsums utility for the verification of packages with known good database. [PKGS-7370]
https://cisofy.com/lynis/controls/PKGS-7370/
* Install package apt-show-versions for patch management purposes [PKGS-7394]
https://cisofy.com/lynis/controls/PKGS-7394/
* Consider using a tool to automatically apply upgrades [PKGS-7420]
https://cisofy.com/lynis/controls/PKGS-7420/
* Determine if protocol 'dccp' is really needed on this system [NETW-3200]
https://cisofy.com/lynis/controls/NETW-3200/
* Determine if protocol 'sctp' is really needed on this system [NETW-3200]
https://cisofy.com/lynis/controls/NETW-3200/
* Determine if protocol 'rds' is really needed on this system [NETW-3200]
https://cisofy.com/lynis/controls/NETW-3200/
* Determine if protocol 'tipc' is really needed on this system [NETW-3200]
https://cisofy.com/lynis/controls/NETW-3200/
* Access to CUPS configuration could be more strict. [PRNT-2307]
https://cisofy.com/lynis/controls/PRNT-2307/
* Check CUPS configuration if it really needs to listen on the network [PRNT-2308]
https://cisofy.com/lynis/controls/PRNT-2308/
* You are advised to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (/etc/postfix/main.cf) [MAIL-8818]
https://cisofy.com/lynis/controls/MAIL-8818/
* Disable the 'VRFY' command [MAIL-8820:disable_vrfy_command]
- Details : disable_vrfy_command=no
- Solution : run postconf -e disable_vrfy_command=yes to change the value
https://cisofy.com/lynis/controls/MAIL-8820/
* Add HTTPS to nginx virtual hosts for enhanced protection of sensitive data and privacy [HTTP-6710]
https://cisofy.com/lynis/controls/HTTP-6710/
* Consider hardening SSH configuration [SSH-7408]
- Details : AllowTcpForwarding (set YES to NO)
https://cisofy.com/lynis/controls/SSH-7408/
* Consider hardening SSH configuration [SSH-7408]
- Details : ClientAliveCountMax (set 360 to 2)
https://cisofy.com/lynis/controls/SSH-7408/
* Consider hardening SSH configuration [SSH-7408]
- Details : Compression (set YES to NO)
https://cisofy.com/lynis/controls/SSH-7408/
* Consider hardening SSH configuration [SSH-7408]
- Details : LogLevel (set INFO to VERBOSE)
https://cisofy.com/lynis/controls/SSH-7408/
* Consider hardening SSH configuration [SSH-7408]
- Details : MaxAuthTries (set 6 to 3)
https://cisofy.com/lynis/controls/SSH-7408/
* Consider hardening SSH configuration [SSH-7408]
- Details : MaxSessions (set 10 to 2)
https://cisofy.com/lynis/controls/SSH-7408/
* Consider hardening SSH configuration [SSH-7408]
- Details : Port (set 22 to )
https://cisofy.com/lynis/controls/SSH-7408/
* Consider hardening SSH configuration [SSH-7408]
- Details : TCPKeepAlive (set YES to NO)
https://cisofy.com/lynis/controls/SSH-7408/
* Consider hardening SSH configuration [SSH-7408]
- Details : X11Forwarding (set YES to NO)
https://cisofy.com/lynis/controls/SSH-7408/
* Consider hardening SSH configuration [SSH-7408]
- Details : AllowAgentForwarding (set YES to NO)
https://cisofy.com/lynis/controls/SSH-7408/
* Enable logging to an external logging host for archiving purposes and additional protection [LOGG-2154]
https://cisofy.com/lynis/controls/LOGG-2154/
* Check what deleted files are still in use and why. [LOGG-2190]
https://cisofy.com/lynis/controls/LOGG-2190/
* Add a legal banner to /etc/issue, to warn unauthorized users [BANN-7126]
https://cisofy.com/lynis/controls/BANN-7126/
* Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130]
https://cisofy.com/lynis/controls/BANN-7130/
* Enable process accounting [ACCT-9622]
https://cisofy.com/lynis/controls/ACCT-9622/
* Enable sysstat to collect accounting (disabled) [ACCT-9626]
https://cisofy.com/lynis/controls/ACCT-9626/
* Enable auditd to collect audit information [ACCT-9628]
https://cisofy.com/lynis/controls/ACCT-9628/
* Determine if automation tools are present for system management [TOOL-5002]
https://cisofy.com/lynis/controls/TOOL-5002/
* Consider restricting file permissions [FILE-7524]
- Details : See screen output or log file
- Solution : Use chmod to change file permissions
https://cisofy.com/lynis/controls/FILE-7524/
* Double check the permissions of home directories as some might be not strict enough. [HOME-9304]
https://cisofy.com/lynis/controls/HOME-9304/
* One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000]
- Solution : Change sysctl value or disable test (skip-test=KRNL-6000:<sysctl-key>)
https://cisofy.com/lynis/controls/KRNL-6000/
* Harden compilers like restricting access to root user only [HRDN-7222]
https://cisofy.com/lynis/controls/HRDN-7222/
Follow-up:
----------------------------
- Show details of a test (lynis show details TEST-ID)
- Check the logfile for all details (less /var/log/lynis.log)
- Read security controls texts (https://cisofy.com)
- Use --upload to upload data to central system (Lynis Enterprise users)
================================================================================
Lynis security scan details:
Hardening index : 61 [############ ]
Tests performed : 276
Plugins enabled : 1
Components:
- Firewall [V]
- Malware scanner [V]
Scan mode:
Normal [V] Forensics [ ] Integration [ ] Pentest [ ]
Lynis modules:
- Compliance status [?]
- Security audit [V]
- Vulnerability scan [V]
Files:
- Test and debug information : /var/log/lynis.log
- Report data : /var/log/lynis-report.dat
================================================================================
Lynis 3.0.7
Auditing, system hardening, and compliance for UNIX-based systems
(Linux, macOS, BSD, and others)
2007-2021, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
================================================================================
[TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /etc/lynis/default.prf for all settings)
real 2m44,760s
user 0m0,011s
sys 0m0,041s
Этот пошустрее будет ... но понаписывал уйму - чёрт ногу сломит
Olej
-
Olej
- Писатель
- Сообщения: 21338
- Зарегистрирован: 24 сен 2011, 14:22
- Откуда: Харьков
-
Контактная информация:
Непрочитанное сообщение
Olej » 23 сен 2023, 17:42
Последний из этой троицы (или 1-й, с которого начинали):
Код: Выделить всё
olej@R420:~$ time sudo rkhunter -c --sk
[sudo] пароль для olej:
[ Rootkit Hunter version 1.4.6 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preloaded libraries [ None found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ OK ]
/usr/sbin/adduser [ Warning ]
/usr/sbin/chroot [ Warning ]
/usr/sbin/cron [ Warning ]
/usr/sbin/depmod [ OK ]
/usr/sbin/fsck [ OK ]
/usr/sbin/groupadd [ Warning ]
/usr/sbin/groupdel [ Warning ]
/usr/sbin/groupmod [ Warning ]
/usr/sbin/grpck [ Warning ]
/usr/sbin/ifconfig [ OK ]
/usr/sbin/ifdown [ OK ]
/usr/sbin/ifup [ OK ]
/usr/sbin/inetd [ Warning ]
/usr/sbin/init [ OK ]
/usr/sbin/insmod [ OK ]
/usr/sbin/ip [ OK ]
/usr/sbin/lsmod [ OK ]
/usr/sbin/modinfo [ OK ]
/usr/sbin/modprobe [ OK ]
/usr/sbin/nologin [ Warning ]
/usr/sbin/pwck [ Warning ]
/usr/sbin/rmmod [ OK ]
/usr/sbin/route [ OK ]
/usr/sbin/rsyslogd [ Warning ]
/usr/sbin/runlevel [ OK ]
/usr/sbin/sshd [ Warning ]
/usr/sbin/sulogin [ OK ]
/usr/sbin/sysctl [ OK ]
/usr/sbin/tcpd [ Warning ]
/usr/sbin/useradd [ Warning ]
/usr/sbin/userdel [ Warning ]
/usr/sbin/usermod [ Warning ]
/usr/sbin/vipw [ Warning ]
/usr/sbin/unhide [ OK ]
/usr/sbin/unhide-linux [ Warning ]
/usr/sbin/unhide-posix [ Warning ]
/usr/sbin/unhide-tcp [ Warning ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ Warning ]
/usr/bin/bash [ OK ]
/usr/bin/cat [ OK ]
/usr/bin/chattr [ Warning ]
/usr/bin/chmod [ OK ]
/usr/bin/chown [ OK ]
/usr/bin/cp [ OK ]
/usr/bin/curl [ Warning ]
/usr/bin/cut [ Warning ]
/usr/bin/date [ OK ]
/usr/bin/df [ OK ]
/usr/bin/diff [ Warning ]
/usr/bin/dirname [ Warning ]
/usr/bin/dmesg [ OK ]
/usr/bin/dpkg [ Warning ]
/usr/bin/dpkg-query [ Warning ]
/usr/bin/du [ Warning ]
/usr/bin/echo [ OK ]
/usr/bin/ed [ OK ]
/usr/bin/egrep [ OK ]
/usr/bin/env [ Warning ]
/usr/bin/fgrep [ OK ]
/usr/bin/file [ Warning ]
/usr/bin/find [ Warning ]
/usr/bin/fuser [ OK ]
/usr/bin/GET [ OK ]
/usr/bin/grep [ OK ]
/usr/bin/groups [ Warning ]
/usr/bin/head [ Warning ]
/usr/bin/id [ Warning ]
/usr/bin/ip [ OK ]
/usr/bin/ipcs [ Warning ]
/usr/bin/kill [ OK ]
/usr/bin/killall [ Warning ]
/usr/bin/last [ Warning ]
/usr/bin/lastlog [ Warning ]
/usr/bin/ldd [ Warning ]
/usr/bin/less [ Warning ]
/usr/bin/links [ Warning ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ Warning ]
/usr/bin/login [ OK ]
/usr/bin/ls [ OK ]
/usr/bin/lsattr [ Warning ]
/usr/bin/lsmod [ OK ]
/usr/bin/lsof [ Warning ]
/usr/bin/lynx [ Warning ]
/usr/bin/mail [ OK ]
/usr/bin/md5sum [ Warning ]
/usr/bin/mktemp [ OK ]
/usr/bin/more [ OK ]
/usr/bin/mount [ OK ]
/usr/bin/mv [ OK ]
/usr/bin/netstat [ OK ]
/usr/bin/newgrp [ Warning ]
/usr/bin/passwd [ Warning ]
/usr/bin/perl [ Warning ]
/usr/bin/pgrep [ Warning ]
/usr/bin/ping [ OK ]
/usr/bin/pkill [ OK ]
/usr/bin/ps [ OK ]
/usr/bin/pstree [ Warning ]
/usr/bin/pwd [ OK ]
/usr/bin/readlink [ OK ]
/usr/bin/rkhunter [ Warning ]
/usr/bin/runcon [ Warning ]
/usr/bin/sed [ OK ]
/usr/bin/sh [ OK ]
/usr/bin/sha1sum [ Warning ]
/usr/bin/sha224sum [ Warning ]
/usr/bin/sha256 [ OK ]
/usr/bin/sha256sum [ Warning ]
/usr/bin/sha384 [ OK ]
/usr/bin/sha384sum [ Warning ]
/usr/bin/sha512 [ OK ]
/usr/bin/sha512sum [ Warning ]
/usr/bin/size [ OK ]
/usr/bin/sockstat [ Warning ]
/usr/bin/sort [ Warning ]
/usr/bin/ssh [ Warning ]
/usr/bin/stat [ Warning ]
/usr/bin/strace [ Warning ]
/usr/bin/strings [ OK ]
/usr/bin/su [ OK ]
/usr/bin/sudo [ Warning ]
/usr/bin/tail [ Warning ]
/usr/bin/telnet [ OK ]
/usr/bin/test [ Warning ]
/usr/bin/top [ Warning ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ Warning ]
/usr/bin/uname [ OK ]
/usr/bin/uniq [ Warning ]
/usr/bin/users [ Warning ]
/usr/bin/vmstat [ Warning ]
/usr/bin/w [ Warning ]
/usr/bin/watch [ Warning ]
/usr/bin/wc [ Warning ]
/usr/bin/wget [ Warning ]
/usr/bin/whatis [ Warning ]
/usr/bin/whereis [ Warning ]
/usr/bin/which [ OK ]
/usr/bin/who [ Warning ]
/usr/bin/whoami [ Warning ]
/usr/bin/numfmt [ Warning ]
/usr/bin/kmod [ OK ]
/usr/bin/systemd [ OK ]
/usr/bin/systemctl [ OK ]
/usr/bin/gawk [ Warning ]
/usr/bin/lwp-request [ Warning ]
/usr/bin/plocate [ Warning ]
/usr/bin/mail.mailutils [ Warning ]
/usr/bin/dash [ OK ]
/usr/bin/hashalot [ Warning ]
/usr/bin/x86_64-linux-gnu-size [ Warning ]
/usr/bin/x86_64-linux-gnu-strings [ Warning ]
/usr/bin/telnet.netkit [ Warning ]
/usr/bin/which.debianutils [ Warning ]
/usr/lib/systemd/systemd [ OK ]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
Adore Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
cb Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Diamorphine LKM [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Ebury backdoor [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
Fu Rootkit [ Not found ]
Fuck`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
IntoXonia-NG Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Jynx Rootkit [ Not found ]
Jynx2 Rootkit [ Not found ]
KBeast Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
ld-linuxv.so Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mokes backdoor [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx2 Rootkit [ Not found ]
Phalanx2 Rootkit (extended tests) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
'Spanish' Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
trNkit Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
Vampire Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
Xzibit Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
ZK Rootkit [ Not found ]
Performing additional rootkit checks
Suckit Rootkit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for sniffer log files [ None found ]
Checking for suspicious directories [ None found ]
Checking for suspicious (large) shared memory segments [ Warning ]
Performing trojan specific checks
Checking for enabled inetd services [ OK ]
Checking for Apache backdoor [ Not found ]
Performing Linux specific checks
Checking loaded kernel modules [ OK ]
Checking kernel module names [ OK ]
Checking the network...
Performing checks on the network ports
Checking for backdoor ports [ None found ]
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
Checking the local host...
Performing system boot checks
Checking for local host name [ Found ]
Checking for system startup files [ Found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]
Performing system configuration file checks
Checking for an SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not set ]
Checking for other suspicious configuration settings [ None found ]
Checking for a running system logging daemon [ Found ]
Checking for a system logging configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
Checking for hidden files and directories [ Warning ]
System checks summary
=====================
File properties checks...
Files checked: 157
Suspect files: 90
Rootkit checks...
Rootkits checked : 504
Possible rootkits: 29
Applications checks...
All checks skipped
The system checks took: 2 minutes and 35 seconds
All results have been written to the log file: /var/log/rkhunter.log
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
real 2m41,344s
user 0m0,028s
sys 0m0,026s
Olej
Сейчас этот форум просматривают: нет зарегистрированных пользователей и 4 гостя
