it-security-2-deep-thought/raw_scans/9_gcp_ubuntu_20.04/lynis-report-1.dat

825 lines
62 KiB
Plaintext
Raw Permalink Normal View History

2021-01-08 22:06:34 +01:00
# Lynis Report
report_version_major=1
report_version_minor=0
report_datetime_start=2021-01-07 14:43:28
auditor=[Not Specified]
lynis_version=3.0.3
os=Linux
os_name=Ubuntu
os_fullname=Ubuntu 20.04.1 LTS
os_version=20.04
linux_version=Ubuntu
os_kernel_version=5.4.0
os_kernel_version_full=5.4.0-1033-gcp
hostname=ubuntu-20
test_category=all
test_group=all
plugin_directory=./plugins
lynis_update_available=0
binaries_count=1369
binaries_suid_count=/usr/bin/at /usr/bin/atq /usr/bin/atrm /usr/bin/chfn /usr/bin/chsh /usr/bin/fusermount /usr/bin/gpasswd /usr/bin/mount /usr/bin/newgrp /usr/bin/passwd /usr/bin/pkexec /usr/bin/sg /usr/bin/su /usr/bin/sudo /usr/bin/sudoedit /usr/bin/ubuntu-core-launcher /usr/bin/umount
binaries_sgid_count=/usr/bin/at /usr/bin/atq /usr/bin/atrm /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/ssh-agent /usr/bin/wall /usr/bin/write /usr/sbin/pam_extrausers_chkpwd /usr/sbin/unix_chkpwd
binary_paths=/snap/bin,/usr/bin,/usr/sbin,/usr/local/bin,/usr/local/sbin
vm=1
vmtype=kvm
container=0
systemd=1
plugin_enabled_phase1[]=pam|1.0.5|
authentication_two_factor_enabled=0
authentication_two_factor_required=0
plugin_enabled_phase1[]=systemd|1.0.4|
systemctl_exit_code=0
systemd_version=245
systemd_builtin_components=+PAM,+AUDIT,+SELINUX,+IMA,+APPARMOR,+SMACK,+SYSVINIT,+UTMP,+LIBCRYPTSETUP,+GCRYPT,+GNUTLS,+ACL,+XZ,+LZ4,+SECCOMP,+BLKID,+ELFUTILS,+KMOD,+IDN2,-IDN,+PCRE2,default-hierarchy=hybrid
systemd_unit_file[]=proc-sys-fs-binfmt_misc.automount|static|
systemd_unit_file[]=-.mount|generated|
systemd_unit_file[]=boot-efi.mount|generated|
systemd_unit_file[]=dev-hugepages.mount|static|
systemd_unit_file[]=dev-mqueue.mount|static|
systemd_unit_file[]=proc-sys-fs-binfmt_misc.mount|disabled|
systemd_unit_file[]=snap-core18-1944.mount|enabled|
systemd_unit_file[]=snap-google\x2dcloud\x2dsdk-162.mount|enabled|
systemd_unit_file[]=snap-lxd-18150.mount|enabled|
systemd_unit_file[]=snap-snapd-10707.mount|enabled|
systemd_unit_file[]=sys-fs-fuse-connections.mount|static|
systemd_unit_file[]=sys-kernel-config.mount|static|
systemd_unit_file[]=sys-kernel-debug.mount|static|
systemd_unit_file[]=sys-kernel-tracing.mount|static|
systemd_unit_file[]=apport-autoreport.path|enabled|
systemd_unit_file[]=systemd-ask-password-console.path|static|
systemd_unit_file[]=systemd-ask-password-plymouth.path|static|
systemd_unit_file[]=systemd-ask-password-wall.path|static|
systemd_unit_file[]=session-18.scope|transient|
systemd_unit_file[]=accounts-daemon.service|enabled|
systemd_unit_file[]=apparmor.service|enabled|
systemd_unit_file[]=apport-autoreport.service|static|
systemd_unit_file[]=apport-forward@.service|static|
systemd_unit_file[]=apport.service|generated|
systemd_unit_file[]=apt-daily-upgrade.service|static|
systemd_unit_file[]=apt-daily.service|static|
systemd_unit_file[]=atd.service|enabled|
systemd_unit_file[]=autovt@.service|enabled|
systemd_unit_file[]=blk-availability.service|enabled|
systemd_unit_file[]=bolt.service|static|
systemd_unit_file[]=chrony-dnssrv@.service|static|
systemd_unit_file[]=chrony.service|enabled|
systemd_unit_file[]=chronyd.service|enabled|
systemd_unit_file[]=cloud-config.service|enabled|
systemd_unit_file[]=cloud-final.service|enabled|
systemd_unit_file[]=cloud-init-local.service|enabled|
systemd_unit_file[]=cloud-init.service|enabled|
systemd_unit_file[]=console-getty.service|disabled|
systemd_unit_file[]=console-setup.service|enabled|
systemd_unit_file[]=container-getty@.service|static|
systemd_unit_file[]=cron.service|enabled|
systemd_unit_file[]=cryptdisks-early.service|masked|
systemd_unit_file[]=cryptdisks.service|masked|
systemd_unit_file[]=dbus-org.freedesktop.hostname1.service|static|
systemd_unit_file[]=dbus-org.freedesktop.locale1.service|static|
systemd_unit_file[]=dbus-org.freedesktop.login1.service|static|
systemd_unit_file[]=dbus-org.freedesktop.resolve1.service|enabled|
systemd_unit_file[]=dbus-org.freedesktop.timedate1.service|static|
systemd_unit_file[]=dbus-org.freedesktop.timesync1.service|masked|
systemd_unit_file[]=dbus.service|static|
systemd_unit_file[]=debug-shell.service|disabled|
systemd_unit_file[]=dm-event.service|static|
systemd_unit_file[]=dmesg.service|enabled|
systemd_unit_file[]=e2scrub@.service|static|
systemd_unit_file[]=e2scrub_all.service|static|
systemd_unit_file[]=e2scrub_fail@.service|static|
systemd_unit_file[]=e2scrub_reap.service|enabled|
systemd_unit_file[]=emergency.service|static|
systemd_unit_file[]=finalrd.service|enabled|
systemd_unit_file[]=friendly-recovery.service|static|
systemd_unit_file[]=fstrim.service|static|
systemd_unit_file[]=fwupd-offline-update.service|static|
systemd_unit_file[]=fwupd-refresh.service|static|
systemd_unit_file[]=fwupd.service|static|
systemd_unit_file[]=getty-static.service|static|
systemd_unit_file[]=getty@.service|enabled|
systemd_unit_file[]=google-accounts-daemon.service|enabled|
systemd_unit_file[]=google-clock-skew-daemon.service|enabled|
systemd_unit_file[]=google-instance-setup.service|enabled|
systemd_unit_file[]=google-network-daemon.service|enabled|
systemd_unit_file[]=google-oslogin-cache.service|static|
systemd_unit_file[]=google-shutdown-scripts.service|enabled|
systemd_unit_file[]=google-startup-scripts.service|enabled|
systemd_unit_file[]=grub-common.service|generated|
systemd_unit_file[]=grub-initrd-fallback.service|enabled|
systemd_unit_file[]=hwclock.service|masked|
systemd_unit_file[]=initrd-cleanup.service|static|
systemd_unit_file[]=initrd-parse-etc.service|static|
systemd_unit_file[]=initrd-switch-root.service|static|
systemd_unit_file[]=initrd-udevadm-cleanup-db.service|static|
systemd_unit_file[]=iscsi.service|enabled|
systemd_unit_file[]=iscsid.service|disabled|
systemd_unit_file[]=keyboard-setup.service|enabled|
systemd_unit_file[]=kmod-static-nodes.service|static|
systemd_unit_file[]=kmod.service|static|
systemd_unit_file[]=logrotate.service|static|
systemd_unit_file[]=lvm2-lvmpolld.service|static|
systemd_unit_file[]=lvm2-monitor.service|enabled|
systemd_unit_file[]=lvm2-pvscan@.service|static|
systemd_unit_file[]=lvm2.service|masked|
systemd_unit_file[]=lxd-agent-9p.service|enabled|
systemd_unit_file[]=lxd-agent.service|enabled|
systemd_unit_file[]=man-db.service|static|
systemd_unit_file[]=mdadm-grow-continue@.service|static|
systemd_unit_file[]=mdadm-last-resort@.service|static|
systemd_unit_file[]=mdcheck_continue.service|static|
systemd_unit_file[]=mdcheck_start.service|static|
systemd_unit_file[]=mdmon@.service|static|
systemd_unit_file[]=mdmonitor-oneshot.service|static|
systemd_unit_file[]=mdmonitor.service|static|
systemd_unit_file[]=modprobe@.service|static|
systemd_unit_file[]=motd-news.service|static|
systemd_unit_file[]=multipath-tools-boot.service|masked|
systemd_unit_file[]=multipath-tools.service|enabled|
systemd_unit_file[]=multipathd.service|enabled|
systemd_unit_file[]=netplan-ovs-cleanup.service|enabled-runtime|
systemd_unit_file[]=networkd-dispatcher.service|enabled|
systemd_unit_file[]=ondemand.service|enabled|
systemd_unit_file[]=open-iscsi.service|enabled|
systemd_unit_file[]=open-vm-tools.service|enabled|
systemd_unit_file[]=packagekit-offline-update.service|static|
systemd_unit_file[]=packagekit.service|static|
systemd_unit_file[]=plymouth-halt.service|static|
systemd_unit_file[]=plymouth-kexec.service|static|
systemd_unit_file[]=plymouth-log.service|static|
systemd_unit_file[]=plymouth-poweroff.service|static|
systemd_unit_file[]=plymouth-quit-wait.service|static|
systemd_unit_file[]=plymouth-quit.service|static|
systemd_unit_file[]=plymouth-read-write.service|static|
systemd_unit_file[]=plymouth-reboot.service|static|
systemd_unit_file[]=plymouth-start.service|static|
systemd_unit_file[]=plymouth-switch-root.service|static|
systemd_unit_file[]=plymouth.service|static|
systemd_unit_file[]=polkit.service|static|
systemd_unit_file[]=pollinate.service|enabled|
systemd_unit_file[]=procps.service|static|
systemd_unit_file[]=quotaon.service|static|
systemd_unit_file[]=rc-local.service|static|
systemd_unit_file[]=rc.service|masked|
systemd_unit_file[]=rcS.service|masked|
systemd_unit_file[]=rescue.service|static|
systemd_unit_file[]=rsync.service|enabled|
systemd_unit_file[]=rsyslog.service|enabled|
systemd_unit_file[]=screen-cleanup.service|masked|
systemd_unit_file[]=secureboot-db.service|enabled|
systemd_unit_file[]=serial-getty@.service|indirect|
systemd_unit_file[]=setvtrgb.service|enabled|
systemd_unit_file[]=snap.lxd.activate.service|enabled|
systemd_unit_file[]=snap.lxd.daemon.service|static|
systemd_unit_file[]=snapd.apparmor.service|enabled|
systemd_unit_file[]=snapd.autoimport.service|enabled|
systemd_unit_file[]=snapd.core-fixup.service|enabled|
systemd_unit_file[]=snapd.failure.service|static|
systemd_unit_file[]=snapd.recovery-chooser-trigger.service|enabled|
systemd_unit_file[]=snapd.seeded.service|enabled|
systemd_unit_file[]=snapd.service|enabled|
systemd_unit_file[]=snapd.snap-repair.service|static|
systemd_unit_file[]=snapd.system-shutdown.service|enabled|
systemd_unit_file[]=ssh.service|enabled|
systemd_unit_file[]=ssh@.service|static|
systemd_unit_file[]=sshd.service|enabled|
systemd_unit_file[]=sudo.service|masked|
systemd_unit_file[]=syslog.service|enabled|
systemd_unit_file[]=system-update-cleanup.service|static|
systemd_unit_file[]=systemd-ask-password-console.service|static|
systemd_unit_file[]=systemd-ask-password-plymouth.service|static|
systemd_unit_file[]=systemd-ask-password-wall.service|static|
systemd_unit_file[]=systemd-backlight@.service|static|
systemd_unit_file[]=systemd-binfmt.service|static|
systemd_unit_file[]=systemd-bless-boot.service|static|
systemd_unit_file[]=systemd-boot-check-no-failures.service|disabled|
systemd_unit_file[]=systemd-boot-system-token.service|static|
systemd_unit_file[]=systemd-exit.service|static|
systemd_unit_file[]=systemd-fsck-root.service|enabled-runtime|
systemd_unit_file[]=systemd-fsck@.service|static|
systemd_unit_file[]=systemd-fsckd.service|static|
systemd_unit_file[]=systemd-halt.service|static|
systemd_unit_file[]=systemd-hibernate-resume@.service|static|
systemd_unit_file[]=systemd-hibernate.service|static|
systemd_unit_file[]=systemd-hostnamed.service|static|
systemd_unit_file[]=systemd-hwdb-update.service|static|
systemd_unit_file[]=systemd-hybrid-sleep.service|static|
systemd_unit_file[]=systemd-initctl.service|static|
systemd_unit_file[]=systemd-journal-flush.service|static|
systemd_unit_file[]=systemd-journald.service|static|
systemd_unit_file[]=systemd-journald@.service|static|
systemd_unit_file[]=systemd-kexec.service|static|
systemd_unit_file[]=systemd-localed.service|static|
systemd_unit_file[]=systemd-logind.service|static|
systemd_unit_file[]=systemd-machine-id-commit.service|static|
systemd_unit_file[]=systemd-modules-load.service|static|
systemd_unit_file[]=systemd-network-generator.service|disabled|
systemd_unit_file[]=systemd-networkd-wait-online.service|enabled|
systemd_unit_file[]=systemd-networkd.service|enabled|
systemd_unit_file[]=systemd-poweroff.service|static|
systemd_unit_file[]=systemd-pstore.service|enabled|
systemd_unit_file[]=systemd-quotacheck.service|static|
systemd_unit_file[]=systemd-random-seed.service|static|
systemd_unit_file[]=systemd-reboot.service|static|
systemd_unit_file[]=systemd-remount-fs.service|enabled-runtime|
systemd_unit_file[]=systemd-resolved.service|enabled|
systemd_unit_file[]=systemd-rfkill.service|static|
systemd_unit_file[]=systemd-suspend-then-hibernate.service|static|
systemd_unit_file[]=systemd-suspend.service|static|
systemd_unit_file[]=systemd-sysctl.service|static|
systemd_unit_file[]=systemd-sysusers.service|static|
systemd_unit_file[]=systemd-time-wait-sync.service|disabled|
systemd_unit_file[]=systemd-timedated.service|static|
systemd_unit_file[]=systemd-timesyncd.service|masked|
systemd_unit_file[]=systemd-tmpfiles-clean.service|static|
systemd_unit_file[]=systemd-tmpfiles-setup-dev.service|static|
systemd_unit_file[]=systemd-tmpfiles-setup.service|static|
systemd_unit_file[]=systemd-udev-settle.service|static|
systemd_unit_file[]=systemd-udev-trigger.service|static|
systemd_unit_file[]=systemd-udevd.service|static|
systemd_unit_file[]=systemd-update-utmp-runlevel.service|static|
systemd_unit_file[]=systemd-update-utmp.service|static|
systemd_unit_file[]=systemd-user-sessions.service|static|
systemd_unit_file[]=systemd-volatile-root.service|static|
systemd_unit_file[]=udev.service|static|
systemd_unit_file[]=ufw.service|enabled|
systemd_unit_file[]=unattended-upgrades.service|enabled|
systemd_unit_file[]=user-runtime-dir@.service|static|
systemd_unit_file[]=user@.service|static|
systemd_unit_file[]=uuidd.service|indirect|
systemd_unit_file[]=vgauth.service|enabled|
systemd_unit_file[]=vmtoolsd.service|enabled|
systemd_unit_file[]=x11-common.service|masked|
systemd_unit_file[]=xfs_scrub@.service|static|
systemd_unit_file[]=xfs_scrub_all.service|static|
systemd_unit_file[]=xfs_scrub_fail@.service|static|
systemd_unit_file[]=machine.slice|static|
systemd_unit_file[]=system-systemd\x2dcryptsetup.slice|static|
systemd_unit_file[]=user.slice|static|
systemd_unit_file[]=apport-forward.socket|enabled|
systemd_unit_file[]=dbus.socket|static|
systemd_unit_file[]=dm-event.socket|enabled|
systemd_unit_file[]=iscsid.socket|enabled|
systemd_unit_file[]=lvm2-lvmpolld.socket|enabled|
systemd_unit_file[]=multipathd.socket|enabled|
systemd_unit_file[]=snap.lxd.daemon.unix.socket|enabled|
systemd_unit_file[]=snapd.socket|enabled|
systemd_unit_file[]=ssh.socket|disabled|
systemd_unit_file[]=syslog.socket|static|
systemd_unit_file[]=systemd-fsckd.socket|static|
systemd_unit_file[]=systemd-initctl.socket|static|
systemd_unit_file[]=systemd-journald-audit.socket|static|
systemd_unit_file[]=systemd-journald-dev-log.socket|static|
systemd_unit_file[]=systemd-journald-varlink@.socket|static|
systemd_unit_file[]=systemd-journald.socket|static|
systemd_unit_file[]=systemd-journald@.socket|static|
systemd_unit_file[]=systemd-networkd.socket|enabled|
systemd_unit_file[]=systemd-rfkill.socket|static|
systemd_unit_file[]=systemd-udevd-control.socket|static|
systemd_unit_file[]=systemd-udevd-kernel.socket|static|
systemd_unit_file[]=uuidd.socket|enabled|
systemd_unit_file[]=basic.target|static|
systemd_unit_file[]=blockdev@.target|static|
systemd_unit_file[]=bluetooth.target|static|
systemd_unit_file[]=boot-complete.target|static|
systemd_unit_file[]=cloud-config.target|static|
systemd_unit_file[]=cloud-init.target|enabled-runtime|
systemd_unit_file[]=cryptsetup-pre.target|static|
systemd_unit_file[]=cryptsetup.target|static|
systemd_unit_file[]=ctrl-alt-del.target|disabled|
systemd_unit_file[]=default.target|static|
systemd_unit_file[]=emergency.target|static|
systemd_unit_file[]=exit.target|disabled|
systemd_unit_file[]=final.target|static|
systemd_unit_file[]=friendly-recovery.target|static|
systemd_unit_file[]=getty-pre.target|static|
systemd_unit_file[]=getty.target|static|
systemd_unit_file[]=graphical.target|static|
systemd_unit_file[]=halt.target|disabled|
systemd_unit_file[]=hibernate.target|static|
systemd_unit_file[]=hybrid-sleep.target|static|
systemd_unit_file[]=initrd-fs.target|static|
systemd_unit_file[]=initrd-root-device.target|static|
systemd_unit_file[]=initrd-root-fs.target|static|
systemd_unit_file[]=initrd-switch-root.target|static|
systemd_unit_file[]=initrd.target|static|
systemd_unit_file[]=kexec.target|disabled|
systemd_unit_file[]=local-fs-pre.target|static|
systemd_unit_file[]=local-fs.target|static|
systemd_unit_file[]=multi-user.target|static|
systemd_unit_file[]=network-online.target|static|
systemd_unit_file[]=network-pre.target|static|
systemd_unit_file[]=network.target|static|
systemd_unit_file[]=nss-lookup.target|static|
systemd_unit_file[]=nss-user-lookup.target|static|
systemd_unit_file[]=paths.target|static|
systemd_unit_file[]=poweroff.target|disabled|
systemd_unit_file[]=printer.target|static|
systemd_unit_file[]=reboot.target|disabled|
systemd_unit_file[]=remote-cryptsetup.target|disabled|
systemd_unit_file[]=remote-fs-pre.target|static|
systemd_unit_file[]=remote-fs.target|enabled|
systemd_unit_file[]=rescue-ssh.target|static|
systemd_unit_file[]=rescue.target|static|
systemd_unit_file[]=rpcbind.target|static|
systemd_unit_file[]=runlevel0.target|disabled|
systemd_unit_file[]=runlevel1.target|static|
systemd_unit_file[]=runlevel2.target|static|
systemd_unit_file[]=runlevel3.target|static|
systemd_unit_file[]=runlevel4.target|static|
systemd_unit_file[]=runlevel5.target|static|
systemd_unit_file[]=runlevel6.target|disabled|
systemd_unit_file[]=shutdown.target|static|
systemd_unit_file[]=sigpwr.target|static|
systemd_unit_file[]=sleep.target|static|
systemd_unit_file[]=slices.target|static|
systemd_unit_file[]=smartcard.target|static|
systemd_unit_file[]=sockets.target|static|
systemd_unit_file[]=sound.target|static|
systemd_unit_file[]=suspend-then-hibernate.target|static|
systemd_unit_file[]=suspend.target|static|
systemd_unit_file[]=swap.target|static|
systemd_unit_file[]=sysinit.target|static|
systemd_unit_file[]=system-update-pre.target|static|
systemd_unit_file[]=system-update.target|static|
systemd_unit_file[]=time-set.target|static|
systemd_unit_file[]=time-sync.target|static|
systemd_unit_file[]=timers.target|static|
systemd_unit_file[]=umount.target|static|
systemd_unit_file[]=apt-daily-upgrade.timer|enabled|
systemd_unit_file[]=apt-daily.timer|enabled|
systemd_unit_file[]=chrony-dnssrv@.timer|disabled|
systemd_unit_file[]=e2scrub_all.timer|enabled|
systemd_unit_file[]=fstrim.timer|enabled|
systemd_unit_file[]=fwupd-refresh.timer|enabled|
systemd_unit_file[]=google-oslogin-cache.timer|enabled|
systemd_unit_file[]=logrotate.timer|enabled|
systemd_unit_file[]=man-db.timer|enabled|
systemd_unit_file[]=mdadm-last-resort@.timer|static|
systemd_unit_file[]=mdcheck_continue.timer|enabled|
systemd_unit_file[]=mdcheck_start.timer|enabled|
systemd_unit_file[]=mdmonitor-oneshot.timer|enabled|
systemd_unit_file[]=motd-news.timer|enabled|
systemd_unit_file[]=snapd.snap-repair.timer|enabled|
systemd_unit_file[]=systemd-tmpfiles-clean.timer|static|
systemd_unit_file[]=xfs_scrub_all.timer|disabled|
systemd_binaries=systemd-makefs|systemd-boot-check-no-failures|systemd-pstore|systemd-localed|systemd-rfkill|systemd-hibernate-resume|systemd-sleep|systemd-growfs|systemd-bless-boot|systemd-socket-proxyd|systemd-sysctl|systemd-time-wait-sync|systemd-hostnamed|systemd-sysv-install|systemd-user-runtime-dir|systemd-network-generator|systemd-random-seed|systemd-dissect|systemd-networkd|systemd-cryptsetup|systemd-binfmt|systemd-ac-power|systemd-fsckd|systemd-veritysetup|systemd-backlight|systemd-modules-load|systemd-remount-fs|systemd-volatile-root|systemd-journald|systemd-initctl|systemd-update-utmp|systemd-networkd-wait-online|systemd-timedated|systemd-fsck|systemd-cgroups-agent|systemd-quotacheck|systemd-sulogin-shell|systemd-resolved|systemd-user-sessions|systemd-udevd|systemd-logind|systemd-shutdown|systemd-reply-password|
journal_bootlogs=2
journal_oldest_bootdate=2021-01-06
journal_contains_errors=0
journal_disk_size=16.0M
journal_meta_data=Filepath:/var/log/journal/38dd9c7e5f82a4f74d53c55b7cfbc248/system.journal,FileID:55a4499449eb4469a29e6fa1c02d758a,MachineID:38dd9c7e5f82a4f74d53c55b7cfbc248,BootID:896aa1c47a694f61b1b2283285b8ed99,SequentialnumberID:55a4499449eb4469a29e6fa1c02d758a,State:ONLINE,Compatibleflags:,Incompatibleflags:COMPRESSED-LZ4,Headersize:240,Arenasize:8388368,Datahashtablesize:45738,Fieldhashtablesize:333,Rotatesuggested:no,Headsequentialnumber:1(1),Tailsequentialnumber:3696(e70),Headrealtimetimestamp:Wed2021-01-0618:41:46UTC(5b83facdceb1e),Tailrealtimetimestamp:Thu2021-01-0714:43:28UTC(5b850767d7b8b),Tailmonotonictimestamp:48min38.027s(aded8ffa),Objects:13159,Entryobjects:3258,Dataobjects:6276,Datahashtablefill:13.7%,Fieldobjects:84,Fieldhashtablefill:25.2%,Tagobjects:0,Entryarrayobjects:3539,Diskusage:8.0M,|,Filepath:/var/log/journal/38dd9c7e5f82a4f74d53c55b7cfbc248/user-1001.journal,FileID:ebcaec0e3cc246d3ac3fc755f7625943,MachineID:38dd9c7e5f82a4f74d53c55b7cfbc248,BootID:896aa1c47a694f61b1b2283285b8ed99,SequentialnumberID:ebcaec0e3cc246d3ac3fc755f7625943,State:OFFLINE,Compatibleflags:,Incompatibleflags:COMPRESSED-LZ4,Headersize:240,Arenasize:8388368,Datahashtablesize:45738,Fieldhashtablesize:333,Rotatesuggested:no,Headsequentialnumber:1440(5a0),Tailsequentialnumber:3681(e61),Headrealtimetimestamp:Wed2021-01-0618:42:14UTC(5b83fae8de152),Tailrealtimetimestamp:Thu2021-01-0714:33:57UTC(5b8505479f6a8),Tailmonotonictimestamp:39min7.371s(8bea0b18),Objects:2134,Entryobjects:438,Dataobjects:909,Datahashtablefill:2.0%,Fieldobjects:39,Fieldhashtablefill:11.7%,Tagobjects:0,Entryarrayobjects:746,Diskusage:8.0M,
systemd_status=running
systemd_unit_not_found[]=boot.automount
systemd_unit_not_found[]=boot.mount
systemd_unit_not_found[]=tmp.mount
systemd_unit_not_found[]=auditd.service
systemd_unit_not_found[]=connman.service
systemd_unit_not_found[]=console-screen.service
systemd_unit_not_found[]=display-manager.service
systemd_unit_not_found[]=fcoe.service
systemd_unit_not_found[]=hv_kvp_daemon.service
systemd_unit_not_found[]=iscsi-shutdown.service
systemd_unit_not_found[]=kbd.service
systemd_unit_not_found[]=lvm2-activation-early.service
systemd_unit_not_found[]=lvm2-activation.service
systemd_unit_not_found[]=network.service
systemd_unit_not_found[]=networking.service
systemd_unit_not_found[]=NetworkManager.service
systemd_unit_not_found[]=ntp.service
systemd_unit_not_found[]=ntpsec.service
systemd_unit_not_found[]=openntpd.service
systemd_unit_not_found[]=ovsdb-server.service
systemd_unit_not_found[]=rbdmap.service
systemd_unit_not_found[]=sshd-keygen.service
systemd_unit_not_found[]=systemd-update-done.service
systemd_unit_not_found[]=systemd-vconsole-setup.service
systemd_unit_not_found[]=whoopsie.service
systemd_unit_not_found[]=all.target
systemd_service_not_found[]=auditd.service
systemd_service_not_found[]=connman.service
systemd_service_not_found[]=console-screen.service
systemd_service_not_found[]=display-manager.service
systemd_service_not_found[]=fcoe.service
systemd_service_not_found[]=hv_kvp_daemon.service
systemd_service_not_found[]=iscsi-shutdown.service
systemd_service_not_found[]=kbd.service
systemd_service_not_found[]=lvm2-activation-early.service
systemd_service_not_found[]=lvm2-activation.service
systemd_service_not_found[]=network.service
systemd_service_not_found[]=networking.service
systemd_service_not_found[]=NetworkManager.service
systemd_service_not_found[]=ntp.service
systemd_service_not_found[]=ntpsec.service
systemd_service_not_found[]=openntpd.service
systemd_service_not_found[]=ovsdb-server.service
systemd_service_not_found[]=rbdmap.service
systemd_service_not_found[]=sshd-keygen.service
systemd_service_not_found[]=systemd-update-done.service
systemd_service_not_found[]=systemd-vconsole-setup.service
systemd_service_not_found[]=whoopsie.service
journal_coredumps_lastday=0
plugins_enabled=1
hostid=d968b8106d6d356b364c82596705eac1ed313b14
hostid2=1170d1d1064a9b58bcd8f4281d4494a00623cc1fbf1753fc1aba7af94b0da717
suggestion[]=BOOT-5122|Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password)|-|-|
running_service_tool=systemctl
running_service[]=accounts-daemon
running_service[]=atd
running_service[]=chrony
running_service[]=cron
running_service[]=dbus
running_service[]=getty@tty1
running_service[]=google-accounts-daemon
running_service[]=google-clock-skew-daemon
running_service[]=google-network-daemon
running_service[]=multipathd
running_service[]=networkd-dispatcher
running_service[]=packagekit
running_service[]=polkit
running_service[]=rsyslog
running_service[]=serial-getty@ttyS0
running_service[]=snapd
running_service[]=ssh
running_service[]=systemd-journald
running_service[]=systemd-logind
running_service[]=systemd-networkd
running_service[]=systemd-resolved
running_service[]=systemd-udevd
running_service[]=unattended-upgrades
running_service[]=user@1001
boot_service_tool=systemctl
boot_service[]=accounts-daemon
boot_service[]=apparmor
boot_service[]=atd
boot_service[]=autovt@
boot_service[]=blk-availability
boot_service[]=chrony
boot_service[]=chronyd
boot_service[]=cloud-config
boot_service[]=cloud-final
boot_service[]=cloud-init-local
boot_service[]=cloud-init
boot_service[]=console-setup
boot_service[]=cron
boot_service[]=dbus-org.freedesktop.resolve1
boot_service[]=dmesg
boot_service[]=e2scrub_reap
boot_service[]=finalrd
boot_service[]=getty@
boot_service[]=google-accounts-daemon
boot_service[]=google-clock-skew-daemon
boot_service[]=google-instance-setup
boot_service[]=google-network-daemon
boot_service[]=google-shutdown-scripts
boot_service[]=google-startup-scripts
boot_service[]=grub-initrd-fallback
boot_service[]=iscsi
boot_service[]=keyboard-setup
boot_service[]=lvm2-monitor
boot_service[]=lxd-agent-9p
boot_service[]=lxd-agent
boot_service[]=multipath-tools
boot_service[]=multipathd
boot_service[]=networkd-dispatcher
boot_service[]=ondemand
boot_service[]=open-iscsi
boot_service[]=open-vm-tools
boot_service[]=pollinate
boot_service[]=rsync
boot_service[]=rsyslog
boot_service[]=secureboot-db
boot_service[]=setvtrgb
boot_service[]=snap.lxd.activate
boot_service[]=snapd.apparmor
boot_service[]=snapd.autoimport
boot_service[]=snapd.core-fixup
boot_service[]=snapd.recovery-chooser-trigger
boot_service[]=snapd.seeded
boot_service[]=snapd
boot_service[]=snapd.system-shutdown
boot_service[]=ssh
boot_service[]=sshd
boot_service[]=syslog
boot_service[]=systemd-networkd-wait-online
boot_service[]=systemd-networkd
boot_service[]=systemd-pstore
boot_service[]=systemd-resolved
boot_service[]=ufw
boot_service[]=unattended-upgrades
boot_service[]=vgauth
boot_service[]=vmtoolsd
uptime_in_seconds=2927
uptime_in_days=0
suggestion[]=BOOT-5264|Consider hardening system services|Run '/usr/bin/systemd-analyze security SERVICE' for each service|-|
boot_loader=GRUB2
boot_uefi_booted=1
boot_uefi_booted_secure=0
service_manager=systemd
linux_default_runlevel=5
cpu_pae=1
cpu_nx=1
linux_kernel_release=5.4.0-1033-gcp
linux_kernel_version=#35-Ubuntu SMP Mon Dec 14 13:27:36 UTC 2020
linux_kernel_type=modular
loaded_kernel_module[]=aesni_intel
loaded_kernel_module[]=autofs4
loaded_kernel_module[]=crc32_pclmul
loaded_kernel_module[]=crct10dif_pclmul
loaded_kernel_module[]=cryptd
loaded_kernel_module[]=crypto_simd
loaded_kernel_module[]=dm_multipath
loaded_kernel_module[]=drm
loaded_kernel_module[]=failover
loaded_kernel_module[]=ghash_clmulni_intel
loaded_kernel_module[]=glue_helper
loaded_kernel_module[]=input_leds
loaded_kernel_module[]=ip_tables
loaded_kernel_module[]=net_failover
loaded_kernel_module[]=nls_iso8859_1
loaded_kernel_module[]=psmouse
loaded_kernel_module[]=sch_fq_codel
loaded_kernel_module[]=scsi_dh_alua
loaded_kernel_module[]=scsi_dh_emc
loaded_kernel_module[]=scsi_dh_rdac
loaded_kernel_module[]=serio_raw
loaded_kernel_module[]=virtio_net
loaded_kernel_module[]=virtio_rng
loaded_kernel_module[]=x_tables
linux_config_file=/boot/config-5.4.0-1033-gcp
suggestion[]=KRNL-5820|If not required, consider explicit disabling of core dump in /etc/security/limits.conf file|-|-|
memory_size=4029868
memory_units=kB
auth_group_ids_unique=1
auth_group_names_unique=1
suggestion[]=AUTH-9230|Configure password hashing rounds in /etc/login.defs|-|-|
real_user[]=root,0
real_user[]=ubuntu,1000
real_user[]=ktdw73,1001
real_user[]=Tobias,1002
suggestion[]=AUTH-9262|Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc|-|-|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_access.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_cap.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_debug.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_deny.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_echo.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_env.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_exec.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_extrausers.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_faildelay.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_filter.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_ftp.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_group.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_issue.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_keyinit.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_lastlog.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_limits.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_listfile.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_localuser.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_loginuid.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_mail.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_mkhomedir.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_motd.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_namespace.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_nologin.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_oslogin_admin.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_oslogin_login.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_permit.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_pwhistory.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_rhosts.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_rootok.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_securetty.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_selinux.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_sepermit.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_shells.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_stress.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_succeed_if.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_systemd.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_tally.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_tally2.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_time.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_timestamp.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_tty_audit.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_umask.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_unix.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_userdb.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_warn.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_wheel.so
pam_module[]=/lib/x86_64-linux-gnu/security/pam_xauth.so
locked_account[]=Tobias
locked_account[]=ktdw73
locked_account[]=ubuntu
suggestion[]=AUTH-9284|Look at the locked accounts and consider removing them|-|-|
suggestion[]=AUTH-9286|Configure minimum password age in /etc/login.defs|-|-|
suggestion[]=AUTH-9286|Configure maximum password age in /etc/login.defs|-|-|
manual_event[]=AUTH-9328:03
suggestion[]=AUTH-9328|Default umask in /etc/login.defs could be more strict like 027|-|-|
auth_failed_logins_tooling[]=/etc/login.defs
auth_failed_logins_logged=1
ldap_auth_enabled=0
ldap_pam_enabled=0
password_min_days=-1
password_max_days=-1
available_shell[]=/bin/sh
available_shell[]=/bin/bash
available_shell[]=/usr/bin/bash
available_shell[]=/bin/rbash
available_shell[]=/usr/bin/rbash
available_shell[]=/bin/dash
available_shell[]=/usr/bin/dash
available_shell[]=/usr/bin/tmux
available_shell[]=/usr/bin/screen
session_timeout_enabled=0
suggestion[]=FILE-6310|To decrease the impact of a full /home file system, place /home on a separate partition|-|-|
suggestion[]=FILE-6310|To decrease the impact of a full /tmp file system, place /tmp on a separate partition|-|-|
suggestion[]=FILE-6310|To decrease the impact of a full /var file system, place /var on a separate partition|-|-|
file_systems_ext[]=/|ext4|
suggestion[]=FILE-6430|Consider disabling unused kernel modules|/etc/modprobe.d/blacklist.conf|Add 'install MODULENAME /bin/true' (without quotes)|
suggestion[]=USB-1000|Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft|-|-|
resolv_conf_search_domain[]=europe-west3-c.c.cc2020-tobiaswieck.internal
resolv_conf_option[]=edns0
domainname=europe-west3-c.c.cc2020-tobiaswieck.internal
suggestion[]=NAME-4404|Add the IP name and FQDN to /etc/hosts for proper name resolving|-|-|
localhost-mapped-to=::1
name_cache_used=0
package_manager[]=dpkg
installed_packages=567
suggestion[]=PKGS-7346|Purge old/removed packages (1 found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts.|-|-|
suggestion[]=PKGS-7370|Install debsums utility for the verification of packages with known good database.|-|-|
suggestion[]=PKGS-7394|Install package apt-show-versions for patch management purposes|-|-|
installed_kernel_packages=1
unattended_upgrade_tool[]=unattended-upgrade
unattended_upgrade_option_available=1
ipv6_mode=auto
ipv6_only=0
nameserver[]=127.0.0.53
network_interface[]=lo
network_interface[]=ens4
network_mac_address[]=42:01:0a:9c:00:04
network_ipv4_address[]=127.0.0.1
network_ipv4_address[]=10.156.0.4
network_ipv6_address[]=::1
network_ipv6_address[]=fe80::4001:aff:fe9c:4
network_listen[]=raw,ss,v1|udp|127.0.0.53%lo:53|systemd-resolve|
network_listen[]=raw,ss,v1|udp|10.156.0.4%ens4:68|systemd-network|
network_listen[]=raw,ss,v1|udp|127.0.0.1:323|chronyd|
network_listen[]=raw,ss,v1|udp|[::1]:323|chronyd|
network_listen[]=raw,ss,v1|tcp|127.0.0.53%lo:53|systemd-resolve|
network_listen[]=raw,ss,v1|tcp|0.0.0.0:22|sshd|
network_listen[]=raw,ss,v1|tcp|[::]:22|sshd|
suggestion[]=NETW-3200|Determine if protocol 'dccp' is really needed on this system|-|-|
uncommon_network_protocol_enabled=dccp
suggestion[]=NETW-3200|Determine if protocol 'sctp' is really needed on this system|-|-|
uncommon_network_protocol_enabled=sctp
suggestion[]=NETW-3200|Determine if protocol 'rds' is really needed on this system|-|-|
uncommon_network_protocol_enabled=rds
suggestion[]=NETW-3200|Determine if protocol 'tipc' is really needed on this system|-|-|
uncommon_network_protocol_enabled=tipc
imap_daemon=
pop3_daemon=
smtp_daemon=
firewall_software[]=iptables
warning[]=FIRE-4512|iptables module(s) loaded, but no rules active|-|-|
firewall_no_logging[]=iptables
manual[]=Verify if there is a formal process for testing and applying firewall rules
manual[]=Verify all traffic is filtered the right way between the different security zones
manual[]=Verify if a list is available with all required services
manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic
suggestion[]=SSH-7408|Consider hardening SSH configuration|AllowTcpForwarding (set YES to NO)|-|
details[]=SSH-7408|sshd|desc:sshd option AllowTcpForwarding;field:AllowTcpForwarding;prefval:NO;value:YES;|
suggestion[]=SSH-7408|Consider hardening SSH configuration|ClientAliveCountMax (set 3 to 2)|-|
details[]=SSH-7408|sshd|desc:sshd option ClientAliveCountMax;field:ClientAliveCountMax;prefval:2;value:3;|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Compression (set YES to NO)|-|
details[]=SSH-7408|sshd|desc:sshd option Compression;field:Compression;prefval:NO;value:YES;|
suggestion[]=SSH-7408|Consider hardening SSH configuration|LogLevel (set INFO to VERBOSE)|-|
details[]=SSH-7408|sshd|desc:sshd option LogLevel;field:LogLevel;prefval:VERBOSE;value:INFO;|
suggestion[]=SSH-7408|Consider hardening SSH configuration|MaxAuthTries (set 6 to 3)|-|
details[]=SSH-7408|sshd|desc:sshd option MaxAuthTries;field:MaxAuthTries;prefval:3;value:6;|
suggestion[]=SSH-7408|Consider hardening SSH configuration|MaxSessions (set 10 to 2)|-|
details[]=SSH-7408|sshd|desc:sshd option MaxSessions;field:MaxSessions;prefval:2;value:10;|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Port (set 22 to )|-|
details[]=SSH-7408|sshd|desc:sshd option Port;field:Port;prefval:;value:22;|
suggestion[]=SSH-7408|Consider hardening SSH configuration|TCPKeepAlive (set YES to NO)|-|
details[]=SSH-7408|sshd|desc:sshd option TCPKeepAlive;field:TCPKeepAlive;prefval:NO;value:YES;|
suggestion[]=SSH-7408|Consider hardening SSH configuration|X11Forwarding (set YES to NO)|-|
details[]=SSH-7408|sshd|desc:sshd option X11Forwarding;field:X11Forwarding;prefval:NO;value:YES;|
suggestion[]=SSH-7408|Consider hardening SSH configuration|AllowAgentForwarding (set YES to NO)|-|
details[]=SSH-7408|sshd|desc:sshd option AllowAgentForwarding;field:AllowAgentForwarding;prefval:NO;value:YES;|
ssh_daemon_running=1
openssh_daemon_running=1
syslog_daemon_present=1
syslog_daemon[]=systemd-journal
syslog_daemon_present=1
syslog_daemon[]=rsyslog
log_directory[]=/var/log
log_directory[]=/var/log/apt
log_directory[]=/var/log/unattended-upgrades
remote_syslog_configured=0
suggestion[]=LOGG-2154|Enable logging to an external logging host for archiving purposes and additional protection|-|-|
log_directory[]=/var/log
deleted_file[]=/(none)
suggestion[]=LOGG-2190|Check what deleted files are still in use and why.|-|-|
open_empty_log_file[]=unattende,/var/log/unattended-upgrades/unattended-upgrades-shutdown.log
log_rotation_config_found=1
log_rotation_tool=logrotate
suggestion[]=BANN-7126|Add a legal banner to /etc/issue, to warn unauthorized users|-|-|
weak_banner_file[]=/etc/issue
suggestion[]=BANN-7130|Add legal banner to /etc/issue.net, to warn unauthorized users|-|-|
crond_running=1
scheduler[]=crond
cronjob[]=17,*,*,*,*,root,cd,/,&&,run-parts,--report,/etc/cron.hourly
cronjob[]=25,6,*,*,*,root,test,-x,/usr/sbin/anacron,||,(,cd,/,&&,run-parts,--report,/etc/cron.daily,)
cronjob[]=47,6,*,*,7,root,test,-x,/usr/sbin/anacron,||,(,cd,/,&&,run-parts,--report,/etc/cron.weekly,)
cronjob[]=52,6,1,*,*,root,test,-x,/usr/sbin/anacron,||,(,cd,/,&&,run-parts,--report,/etc/cron.monthly,)
cronjob[]=/etc/cron.d/e2scrub_all
cronjob[]=/etc/cron.d/e2scrub_all
cronjob[]=/etc/cron.d/popularity-contest
cronjob[]=/etc/cron.daily/dpkg
cronjob[]=/etc/cron.daily/bsdmainutils
cronjob[]=/etc/cron.daily/apt-compat
cronjob[]=/etc/cron.daily/logrotate
cronjob[]=/etc/cron.daily/man-db
cronjob[]=/etc/cron.daily/apport
cronjob[]=/etc/cron.daily/popularity-contest
cronjob[]=/etc/cron.daily/update-notifier-common
cronjob[]=/etc/cron.weekly/man-db
cronjob[]=/etc/cron.weekly/update-notifier-common
scheduler[]=atd
suggestion[]=ACCT-9622|Enable process accounting|-|-|
suggestion[]=ACCT-9626|Enable sysstat to collect accounting (no results)|-|-|
suggestion[]=ACCT-9628|Enable auditd to collect audit information|-|-|
linux_auditd_running=0
audit_daemon_running=0
tz_variable_empty=1
ntp_config_found=0
ntp_config_type_daemon=1
ntp_config_type_eventbased=0
ntp_config_type_scheduled=0
ntp_config_type_startup=0
ntp_daemon=chronyd
ntp_daemon_running=1
certificate[]=/etc/ssl/certs/ca-certificates.crt|0|cn:subject=CN = ACCVRAIZ1, OU = PKIACCV, O = ACCV, C = ES;notafter:Dec 31 09:37:37 2030 GMT;|
certificates=142
kernel_entropy=2093
rng_found=0
apparmor_enabled=1
apparmor_policy_loaded=1
framework_grsecurity=0
framework_selinux=0
suggestion[]=FINT-4350|Install a file integrity tool to monitor changes to critical and sensitive files|-|-|
suggestion[]=TOOL-5002|Determine if automation tools are present for system management|-|-|
automation_tool_present=0
malware_scanner_installed=0
suggestion[]=FILE-7524|Consider restricting file permissions|See screen output or log file|text:Use chmod to change file permissions|
home_directory[]=/
home_directory[]=/bin
home_directory[]=/dev
home_directory[]=/home/Tobias
home_directory[]=/home/ktdw73
home_directory[]=/home/ubuntu
home_directory[]=/root
home_directory[]=/run/sshd
home_directory[]=/run/systemd
home_directory[]=/run/uuidd
home_directory[]=/usr/games
home_directory[]=/usr/sbin
home_directory[]=/var/backups
home_directory[]=/var/cache/man
home_directory[]=/var/cache/pollinate
home_directory[]=/var/lib/chrony
home_directory[]=/var/lib/landscape
home_directory[]=/var/lib/tpm
home_directory[]=/var/mail
home_directory[]=/var/snap/lxd/common/lxd
suggestion[]=HOME-9304|Double check the permissions of home directories as some might be not strict enough.|-|-|
details[]=KRNL-6000|sysctl|desc:Disable loading of TTY line disciplines;field:dev.tty.ldisc_autoload;prefval:0;value:1;|
details[]=KRNL-6000|sysctl|desc:Restrict FIFO special device creation behavior;field:fs.protected_fifos;prefval:2;value:1;|
details[]=KRNL-6000|sysctl|desc:Restrict core dumps;field:fs.suid_dumpable;prefval:0;value:2;|
details[]=KRNL-6000|sysctl|desc:No description;field:kernel.core_uses_pid;prefval:1;value:0;|
details[]=KRNL-6000|sysctl|desc:Restrict use of dmesg;field:kernel.dmesg_restrict;prefval:1;value:0;|
details[]=KRNL-6000|sysctl|desc:Restrict access to kernel symbols;field:kernel.kptr_restrict;prefval:2;value:1;|
details[]=KRNL-6000|sysctl|desc:Restrict module loading once this sysctl value is loaded;field:kernel.modules_disabled;prefval:1;value:0;|
details[]=KRNL-6000|sysctl|desc:Restrict unprivileged access to the perf_event_open() system call.;field:kernel.perf_event_paranoid;prefval:3;value:2;|
details[]=KRNL-6000|sysctl|desc:Disable magic SysRQ;field:kernel.sysrq;prefval:0;value:176;|
details[]=KRNL-6000|sysctl|desc:Restrict BPF for unprivileged users;field:kernel.unprivileged_bpf_disabled;prefval:1;value:0;|
details[]=KRNL-6000|sysctl|desc:Hardened BPF JIT compilation;field:net.core.bpf_jit_harden;prefval:2;value:0;|
details[]=KRNL-6000|sysctl|desc:Disable/Ignore ICMP routing redirects;field:net.ipv6.conf.all.accept_redirects;prefval:0;value:1;|
details[]=KRNL-6000|sysctl|desc:Disable/Ignore ICMP routing redirects;field:net.ipv6.conf.default.accept_redirects;prefval:0;value:1;|
suggestion[]=KRNL-6000|One or more sysctl values differ from the scan profile and could be tweaked||Change sysctl value or disable test (skip-test=KRNL-6000:<sysctl-key>)|
suggestion[]=HRDN-7230|Harden the system by installing at least one malware scanner, to perform periodic file system scans|-|Install a tool like rkhunter, chkrootkit, OSSEC|
compiler_installed=0
lynis_tests_done=260
report_datetime_end=2021-01-07 14:44:06
dhcp_client_running=0
arpwatch_running=0
firewall_active=1
firewall_empty_ruleset=1
firewall_installed=1
installed_packages_array=|accountsservice,0.6.55-0ubuntu12~20.04.4|adduser,3.118ubuntu2|alsa-topology-conf,1.2.2-1|alsa-ucm-conf,1.2.2-1ubuntu0.5|apparmor,2.13.3-7ubuntu5.1|apport,2.20.11-0ubuntu27.14|apport-symptoms,0.23|apt,2.0.2ubuntu0.2|apt-utils,2.0.2ubuntu0.2|at,3.1.23-1ubuntu1|base-files,11ubuntu5.2|base-passwd,3.5.47|bash,5.0-6ubuntu1.1|bash-completion,1:2.10-1ubuntu1|bc,1.07.1-2build1|bcache-tools,1.0.8-3ubuntu0.1|bind9-dnsutils,1:9.16.1-0ubuntu2.4|bind9-host,1:9.16.1-0ubuntu2.4|bind9-libs:amd64,1:9.16.1-0ubuntu2.4|bolt,0.8-4ubuntu1|bsdmainutils,11.1.2ubuntu3|bsdutils,1:2.34-0.1ubuntu9.1|btrfs-progs,5.4.1-2|busybox-initramfs,1:1.30.1-4ubuntu6.3|busybox-static,1:1.30.1-4ubuntu6.3|byobu,5.133-0ubuntu1|bzip2,1.0.8-2|ca-certificates,20201027ubuntu0.20.04.1|chrony,3.5-6ubuntu6.2|cloud-guest-utils,0.31-7-gd99b2d76-0ubuntu1|cloud-init,20.4-0ubuntu1~20.04.1|cloud-initramfs-copymods,0.45ubuntu1|cloud-initramfs-dyn-netconf,0.45ubuntu1|command-not-found,20.04.4|console-setup,1.194ubuntu3|console-setup-linux,1.194ubuntu3|coreutils,8.30-3ubuntu2|cpio,2.13+dfsg-2|cron,3.0pl1-136ubuntu1|cryptsetup,2:2.2.2-3ubuntu2.3|cryptsetup-bin,2:2.2.2-3ubuntu2.3|cryptsetup-initramfs,2:2.2.2-3ubuntu2.3|cryptsetup-run,2:2.2.2-3ubuntu2.3|curl,7.68.0-1ubuntu2.4|dash,0.5.10.2-6|dbus,1.12.16-2ubuntu2.1|dbus-user-session,1.12.16-2ubuntu2.1|dconf-gsettings-backend:amd64,0.36.0-1|dconf-service,0.36.0-1|debconf,1.5.73|debconf-i18n,1.5.73|debianutils,4.9.1|diffutils,1:3.7-3|dirmngr,2.2.19-3ubuntu2|distro-info-data,0.43ubuntu1.4|dmeventd,2:1.02.167-1ubuntu1|dmidecode,3.2-3|dmsetup,2:1.02.167-1ubuntu1|dosfstools,4.1-2|dpkg,1.19.7ubuntu3|e2fsprogs,1.45.5-2ubuntu1|eatmydata,105-7|ed,1.16-1|efibootmgr,17-1|eject,2.1.5+deb1+cvs20081104-14|ethtool,1:5.4-1|fdisk,2.34-0.1ubuntu9.1|file,1:5.38-4|finalrd,6~ubuntu20.04.1|findutils,4.7.0-1ubuntu1|fonts-ubuntu-console,0.83-4ubuntu1|friendly-recovery,0.2.41|ftp,0.17-34.1|fuse,2.9.9-3|fwupd,1.3.11-1~focal1|fwupd-signed,1.27.1ubuntu2+1.3.11-1~focal1|gawk,1:5.0.1+dfsg-1|gcc-10-base:amd64,10.2.0-5ubuntu1~20.04|gce-compute-image-packages,20190801-0ubuntu4.2|gdisk,1.0.5-1|gettext-base,0.19.8.1-10build1|gir1.2-glib-2.0:amd64,1.64.1-1~ubuntu20.04.1|gir1.2-packagekitglib-1.0,1.1.13-2ubuntu1.1|git,1:2.25.1-1ubuntu3|git-man,1:2.25.1-1ubuntu3|glib-networking-common,2.64.2-1ubuntu0.1|glib-networking-services,2.64.2-1ubuntu0.1|glib-networking:amd64,2.64.2-1ubuntu0.1|gnupg,2.2.19-3ubuntu2|gnupg-l10n,2.2.19-3ubuntu2|gnupg-utils,2.2.19-3ubuntu2|google-compute-engine-oslogin,20200925.00-0ubuntu3~20.04.0|gpg,2.2.19-3ubuntu2|gpg-agent,2.2.19-3ubuntu2|gpg-wks-client,2.2.19-3ubuntu2|gpg-wks-server,2.2.19-3ubuntu2|gpgconf,2.2.19-3ubuntu2|gpgsm,2.2.19-3ubuntu2|gpgv,2.2.19-3ubuntu2|grep,3.4-1|groff-base,1.22.4-4build1|grub-common,2.04-1ubuntu26.7|grub-efi-amd64-bin,2.04-1ubuntu26.7|grub-efi-amd64-signed,1.142.9+2.04-1ubuntu26.7|grub-gfxpayload-lists,0.7|grub-pc,2.04-1ubuntu26.7|grub-pc-bin,2.04-1ubuntu26.7|grub2-common,2.04-1ubuntu26.7|gsettings-desktop-schemas,3.36.0-1ubuntu1|gzip,1.10-0ubuntu4|hdparm,9.58+ds-4|hostname,3.23|htop,2.2.0-2build1|info,6.7.0.dfsg.2-5|init,1.57|init-system-helpers,1.57|initramfs-tools,0.136ubuntu6.3|initramfs-tools-bin,0.136ubuntu6.3|initramfs-tools-core,0.136ubuntu6.3|install-info,6.7.0.dfsg.2-5|iproute2,5.5.0-1ubuntu1|iptables,1.8.4-3ubuntu2|iputils-ping,3:20190709-3|iputils-tracepath,3:20190709-3|isc-dhcp-client,4.4.1-2.1ubuntu5|isc-dhcp-common,4.4.1-2.1ubuntu5|iso-codes,4.4-1|kbd,2.0.4-4ubuntu2|keyboard-configuration,1.194ubuntu3|klibc-utils,2.0.7-1ubuntu5|kmod,27-1ubuntu2|kpartx,0.8.3-1ubuntu2|krb5-locales,1.17-6ubuntu4.1|landscape-common,19.12-0ubuntu4.1|language-selector-common,0.204.2|less,551-1ubuntu0.1|libaccountsservice0:amd64,0.6.55-0ubuntu12~20.04.4|libacl1:amd64,2.2.53-6|libaio1:amd64,0.3.112-5|libapparmor1:amd64,2.13.3-7ubuntu5.1|libappstream4:amd64,0.12.10-2|libapt-pkg6.0:amd64,2.0.2ubuntu0.2|libarchive13:amd64,3.4.0-2ubuntu1|libargon2-1:amd64,0~20171227-0.2|libasn1-8-heimdal:amd64,7.7.0+dfsg-1ubuntu1|libasound2-data,1.2.2-2.1ubuntu2.3|libasound2:amd64,1.2.2-2.1ubuntu2.3|libassuan0:amd64,2.5.3
package_audit_tool=apt-check
package_audit_tool_found=1
vulnerable_packages_found=0
hardening_index=68
tests_executed=HRDN-7231|HRDN-7230|HRDN-7222|HRDN-7220|KRNL-6000|HOME-9350|HOME-9310|HOME-9306|HOME-9304|HOME-9302|FILE-7524|MALW-3284|MALW-3282|MALW-3280|MALW-3278|MALW-3276|MALW-3275|TOOL-5190|TOOL-5126|TOOL-5130|TOOL-5122|TOOL-5120|TOOL-5102|TOOL-5002|FINT-4350|FINT-4341|FINT-4340|FINT-4338|FINT-4330|FINT-4328|FINT-4326|FINT-4322|FINT-4318|FINT-4314|FINT-4310|MACF-6290|RBAC-6272|MACF-6240|MACF-6232|MACF-6208|MACF-6204|CONT-8102|CRYP-8005|CRYP-8004|CRYP-8002|CRYP-7931|CRYP-7930|CRYP-7902|TIME-3170|TIME-3148|TIME-3104|ACCT-9636|ACCT-9628|ACCT-9626|ACCT-9622|SCHD-7724|SCHD-7720|SCHD-7718|SCHD-7704|SCHD-7702|BANN-7130|BANN-7128|BANN-7126|BANN-7124|INSE-8320|INSE-8318|INSE-8316|INSE-8314|INSE-8322|INSE-8310|INSE-8304|INSE-8300|INSE-8102|INSE-8100|INSE-8000|LOGG-2192|LOGG-2190|LOGG-2180|LOGG-2170|LOGG-2154|LOGG-2150|LOGG-2148|LOGG-2146|LOGG-2142|LOGG-2138|LOGG-2240|LOGG-2230|LOGG-2210|LOGG-2136|LOGG-2132|LOGG-2130|SQD-3602|PHP-2211|LDAP-2219|DBS-1880|DBS-1860|DBS-1840|DBS-1826|DBS-1820|DBS-1818|DBS-1804|SNMP-3302|SSH-7440|SSH-7408|SSH-7406|SSH-7404|SSH-7402|HTTP-6702|HTTP-6622|FIRE-4594|FIRE-4590|FIRE-4586|FIRE-4524|FIRE-4513|FIRE-4512|FIRE-4508|FIRE-4502|MAIL-8880|MAIL-8860|MAIL-8838|MAIL-8820|MAIL-8814|MAIL-8802|PRNT-2314|PRNT-2304|NETW-3200|NETW-3032|NETW-3030|NETW-3015|NETW-3012|NETW-3008|NETW-3006|NETW-3004|NETW-2706|NETW-2704|NETW-2600|NETW-2400|PKGS-7420|PKGS-7410|PKGS-7398|PKGS-7394|PKGS-7392|PKGS-7390|PKGS-7388|PKGS-7370|PKGS-7346|PKGS-7345|NAME-4408|NAME-4406|NAME-4404|NAME-4402|NAME-4304|NAME-4230|NAME-4202|NAME-4034|NAME-4032|NAME-4028|NAME-4020|NAME-4018|NAME-4016|STRG-1920|STRG-1846|USB-3000|USB-2000|USB-1000|FILE-6430|FILE-6394|FILE-6376|FILE-6374|FILE-6372|FILE-6368|FILE-6363|FILE-6362|FILE-6354|FILE-6344|FILE-6336|FILE-6332|FILE-6329|FILE-6324|FILE-6323|FILE-6311|FILE-6310|SHLL-6230|SHLL-6220|SHLL-6211|AUTH-9408|AUTH-9402|AUTH-9328|AUTH-9308|AUTH-9288|AUTH-9286|AUTH-9284|AUTH-9283|AUTH-9282|AUTH-9278|AUTH-9268|AUTH-9266|AUTH-9264|AUTH-9262|AUTH-9252|AUTH-9250|AUTH-9242|AUTH-9240|AUTH-9234|AUTH-9230|AUTH-9229|AUTH-9228|AUTH-9226|AUTH-9222|AUTH-9216|AUTH-9208|AUTH-9204|PROC-3802|PROC-3614|PROC-3612|PROC-3602|KRNL-5830|KRNL-5820|KRNL-5788|KRNL-5730|KRNL-5728|KRNL-5726|KRNL-5723|KRNL-5695|KRNL-5677|KRNL-5622|BOOT-5264|BOOT-5260|BOOT-5202|BOOT-5184|BOOT-5180|BOOT-5177|BOOT-5155|BOOT-5142|BOOT-5139|BOOT-5122|BOOT-5121|BOOT-5117|BOOT-5116|BOOT-5109|BOOT-5108|BOOT-5104|PLGN-3860|PLGN-3856|PLGN-3834|PLGN-3832|PLGN-3830|PLGN-3820|PLGN-3818|PLGN-3816|PLGN-3814|PLGN-3812|PLGN-3810|PLGN-3808|PLGN-3806|PLGN-3804|PLGN-3802|PLGN-3800|PLGN-0010|CORE-1000|
tests_skipped=MALW-3288|MALW-3286|TOOL-5104|FINT-4402|FINT-4339|FINT-4336|FINT-4334|FINT-4316|FINT-4315|MACF-6242|MACF-6234|CONT-8108|CONT-8107|CONT-8106|CONT-8104|CONT-8004|TIME-3185|TIME-3182|TIME-3181|TIME-3180|TIME-3160|TIME-3136|TIME-3132|TIME-3128|TIME-3124|TIME-3120|TIME-3116|TIME-3112|TIME-3106|ACCT-9662|ACCT-9660|ACCT-9656|ACCT-9654|ACCT-9652|ACCT-9650|ACCT-9634|ACCT-9632|ACCT-9630|ACCT-2760|ACCT-2754|BANN-7113|INSE-8050|INSE-8200|INSE-8116|INSE-8106|INSE-8104|INSE-8016|INSE-8006|INSE-8004|INSE-8002|LOGG-2164|LOGG-2162|LOGG-2160|LOGG-2153|LOGG-2152|LOGG-2134|SQD-3680|SQD-3630|SQD-3624|SQD-3620|SQD-3616|SQD-3614|SQD-3613|SQD-3610|SQD-3606|SQD-3604|PHP-2382|PHP-2378|PHP-2376|PHP-2374|PHP-2372|PHP-2368|PHP-2320|LDAP-2224|DBS-1888|DBS-1886|DBS-1884|DBS-1882|DBS-1828|DBS-1816|SNMP-3306|SNMP-3304|HTTP-6720|HTTP-6716|HTTP-6714|HTTP-6712|HTTP-6710|HTTP-6708|HTTP-6706|HTTP-6704|HTTP-6643|HTTP-6641|HTTP-6640|HTTP-6632|HTTP-6626|HTTP-6624|FIRE-4540|FIRE-4538|FIRE-4536|FIRE-4534|FIRE-4532|FIRE-4530|FIRE-4526|FIRE-4520|FIRE-4518|MAIL-8920|MAIL-8818|MAIL-8817|MAIL-8816|MAIL-8804|PRNT-2420|PRNT-2418|PRNT-2316|PRNT-2308|PRNT-2307|PRNT-2306|PRNT-2302|NETW-3028|NETW-3014|NETW-3001|NETW-2705|PKGS-7393|PKGS-7387|PKGS-7386|PKGS-7384|PKGS-7383|PKGS-7382|PKGS-7381|PKGS-7380|PKGS-7378|PKGS-7366|PKGS-7354|PKGS-7352|PKGS-7350|PKGS-7348|PKGS-7334|PKGS-7332|PKGS-7330|PKGS-7328|PKGS-7322|PKGS-7320|PKGS-7314|PKGS-7312|PKGS-7310|PKGS-7308|PKGS-7306|PKGS-7304|PKGS-7303|PKGS-7302|PKGS-7301|NAME-4306|NAME-4238|NAME-4236|NAME-4232|NAME-4210|NAME-4206|NAME-4204|NAME-4036|NAME-4026|NAME-4024|STRG-1930|STRG-1928|STRG-1926|STRG-1906|STRG-1904|STRG-1902|FILE-6410|FILE-6439|FILE-6330|FILE-6312|SHLL-6202|AUTH-9410|AUTH-9409|AUTH-9406|AUTH-9340|AUTH-9306|AUTH-9304|AUTH-9254|AUTH-9218|AUTH-9212|PROC-3604|KRNL-5770|KRNL-5831|KRNL-5745|BOOT-5263|BOOT-5262|BOOT-5170|BOOT-5165|BOOT-5159|BOOT-5126|BOOT-5261|BOOT-5124|BOOT-5106|BOOT-5102|PLGN-0008|
finish=true