773 lines
57 KiB
Plaintext
773 lines
57 KiB
Plaintext
# Lynis Report
|
|
report_version_major=1
|
|
report_version_minor=0
|
|
report_datetime_start=2021-01-07 17:43:24
|
|
auditor=[Not Specified]
|
|
lynis_version=3.0.3
|
|
os=Linux
|
|
os_name=Ubuntu
|
|
os_fullname=Ubuntu 16.04.7 LTS
|
|
os_version=16.04
|
|
linux_version=Ubuntu
|
|
os_kernel_version=4.4.0
|
|
os_kernel_version_full=4.4.0-1117-aws
|
|
hostname=ip-172-31-54-18
|
|
test_category=all
|
|
test_group=all
|
|
plugin_directory=./plugins
|
|
lynis_update_available=0
|
|
binaries_count=1202
|
|
binaries_suid_count=/bin/fusermount /bin/mount /bin/ping /bin/ping6 /bin/su /bin/umount /usr/bin/at /usr/bin/atq /usr/bin/atrm /usr/bin/chfn /usr/bin/chsh /usr/bin/gpasswd /usr/bin/newgidmap /usr/bin/newgrp /usr/bin/newuidmap /usr/bin/passwd /usr/bin/pkexec /usr/bin/sg /usr/bin/sudo /usr/bin/sudoedit /usr/bin/ubuntu-core-launcher
|
|
binaries_sgid_count=/sbin/pam_extrausers_chkpwd /sbin/unix_chkpwd /usr/bin/at /usr/bin/atq /usr/bin/atrm /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/locate /usr/bin/mlocate /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/bin/write
|
|
binary_paths=/snap/bin,/bin,/sbin,/usr/bin,/usr/sbin,/usr/local/bin,/usr/local/sbin
|
|
vm=1
|
|
vmtype=xen
|
|
container=0
|
|
systemd=1
|
|
plugin_enabled_phase1[]=pam|1.0.5|
|
|
authentication_two_factor_enabled=0
|
|
authentication_two_factor_required=0
|
|
plugin_enabled_phase1[]=systemd|1.0.4|
|
|
systemctl_exit_code=0
|
|
systemd_version=229
|
|
systemd_builtin_components=+PAM,+AUDIT,+SELINUX,+IMA,+APPARMOR,+SMACK,+SYSVINIT,+UTMP,+LIBCRYPTSETUP,+GCRYPT,+GNUTLS,+ACL,+XZ,-LZ4,+SECCOMP,+BLKID,+ELFUTILS,+KMOD,-IDN
|
|
systemd_unit_file[]=proc-sys-fs-binfmt_misc.automount|static|
|
|
systemd_unit_file[]=dev-hugepages.mount|static|
|
|
systemd_unit_file[]=dev-mqueue.mount|static|
|
|
systemd_unit_file[]=proc-sys-fs-binfmt_misc.mount|static|
|
|
systemd_unit_file[]=snap-amazon\x2dssm\x2dagent-2012.mount|enabled|
|
|
systemd_unit_file[]=snap-core-10126.mount|enabled|
|
|
systemd_unit_file[]=sys-fs-fuse-connections.mount|static|
|
|
systemd_unit_file[]=sys-kernel-config.mount|static|
|
|
systemd_unit_file[]=sys-kernel-debug.mount|static|
|
|
systemd_unit_file[]=acpid.path|enabled|
|
|
systemd_unit_file[]=systemd-ask-password-console.path|static|
|
|
systemd_unit_file[]=systemd-ask-password-plymouth.path|static|
|
|
systemd_unit_file[]=systemd-ask-password-wall.path|static|
|
|
systemd_unit_file[]=systemd-networkd-resolvconf-update.path|static|
|
|
systemd_unit_file[]=accounts-daemon.service|enabled|
|
|
systemd_unit_file[]=acpid.service|disabled|
|
|
systemd_unit_file[]=apport-forward@.service|static|
|
|
systemd_unit_file[]=apt-daily-upgrade.service|static|
|
|
systemd_unit_file[]=apt-daily.service|static|
|
|
systemd_unit_file[]=atd.service|enabled|
|
|
systemd_unit_file[]=autovt@.service|enabled|
|
|
systemd_unit_file[]=bootlogd.service|masked|
|
|
systemd_unit_file[]=bootlogs.service|masked|
|
|
systemd_unit_file[]=bootmisc.service|masked|
|
|
systemd_unit_file[]=checkfs.service|masked|
|
|
systemd_unit_file[]=checkroot-bootclean.service|masked|
|
|
systemd_unit_file[]=checkroot.service|masked|
|
|
systemd_unit_file[]=cloud-config.service|enabled|
|
|
systemd_unit_file[]=cloud-final.service|enabled|
|
|
systemd_unit_file[]=cloud-init-local.service|enabled|
|
|
systemd_unit_file[]=cloud-init.service|enabled|
|
|
systemd_unit_file[]=console-getty.service|disabled|
|
|
systemd_unit_file[]=console-setup.service|static|
|
|
systemd_unit_file[]=console-shell.service|disabled|
|
|
systemd_unit_file[]=container-getty@.service|static|
|
|
systemd_unit_file[]=cron.service|enabled|
|
|
systemd_unit_file[]=cryptdisks-early.service|masked|
|
|
systemd_unit_file[]=cryptdisks.service|masked|
|
|
systemd_unit_file[]=dbus-org.freedesktop.hostname1.service|static|
|
|
systemd_unit_file[]=dbus-org.freedesktop.locale1.service|static|
|
|
systemd_unit_file[]=dbus-org.freedesktop.login1.service|static|
|
|
systemd_unit_file[]=dbus-org.freedesktop.network1.service|disabled|
|
|
systemd_unit_file[]=dbus-org.freedesktop.resolve1.service|disabled|
|
|
systemd_unit_file[]=dbus-org.freedesktop.timedate1.service|static|
|
|
systemd_unit_file[]=dbus.service|static|
|
|
systemd_unit_file[]=debug-shell.service|disabled|
|
|
systemd_unit_file[]=dm-event.service|disabled|
|
|
systemd_unit_file[]=emergency.service|static|
|
|
systemd_unit_file[]=friendly-recovery.service|static|
|
|
systemd_unit_file[]=fuse.service|masked|
|
|
systemd_unit_file[]=getty-static.service|static|
|
|
systemd_unit_file[]=getty@.service|enabled|
|
|
systemd_unit_file[]=halt.service|masked|
|
|
systemd_unit_file[]=hostname.service|masked|
|
|
systemd_unit_file[]=hwclock.service|masked|
|
|
systemd_unit_file[]=ifup@.service|static|
|
|
systemd_unit_file[]=initrd-cleanup.service|static|
|
|
systemd_unit_file[]=initrd-parse-etc.service|static|
|
|
systemd_unit_file[]=initrd-switch-root.service|static|
|
|
systemd_unit_file[]=initrd-udevadm-cleanup-db.service|static|
|
|
systemd_unit_file[]=iscsi.service|enabled|
|
|
systemd_unit_file[]=iscsid.service|enabled|
|
|
systemd_unit_file[]=keyboard-setup.service|disabled|
|
|
systemd_unit_file[]=killprocs.service|masked|
|
|
systemd_unit_file[]=kmod-static-nodes.service|static|
|
|
systemd_unit_file[]=kmod.service|static|
|
|
systemd_unit_file[]=lvm2-lvmetad.service|disabled|
|
|
systemd_unit_file[]=lvm2-lvmpolld.service|disabled|
|
|
systemd_unit_file[]=lvm2-monitor.service|enabled|
|
|
systemd_unit_file[]=lvm2-pvscan@.service|static|
|
|
systemd_unit_file[]=lvm2.service|masked|
|
|
systemd_unit_file[]=lxcfs.service|enabled|
|
|
systemd_unit_file[]=lxd-bridge.service|static|
|
|
systemd_unit_file[]=lxd-containers.service|enabled|
|
|
systemd_unit_file[]=lxd.service|indirect|
|
|
systemd_unit_file[]=mdadm-shutdown.service|disabled|
|
|
systemd_unit_file[]=module-init-tools.service|static|
|
|
systemd_unit_file[]=motd-news.service|static|
|
|
systemd_unit_file[]=motd.service|masked|
|
|
systemd_unit_file[]=mountall-bootclean.service|masked|
|
|
systemd_unit_file[]=mountall.service|masked|
|
|
systemd_unit_file[]=mountdevsubfs.service|masked|
|
|
systemd_unit_file[]=mountkernfs.service|masked|
|
|
systemd_unit_file[]=mountnfs-bootclean.service|masked|
|
|
systemd_unit_file[]=mountnfs.service|masked|
|
|
systemd_unit_file[]=networking.service|enabled|
|
|
systemd_unit_file[]=open-iscsi.service|enabled|
|
|
systemd_unit_file[]=open-vm-tools.service|enabled|
|
|
systemd_unit_file[]=plymouth-halt.service|static|
|
|
systemd_unit_file[]=plymouth-kexec.service|static|
|
|
systemd_unit_file[]=plymouth-log.service|static|
|
|
systemd_unit_file[]=plymouth-poweroff.service|static|
|
|
systemd_unit_file[]=plymouth-quit-wait.service|static|
|
|
systemd_unit_file[]=plymouth-quit.service|static|
|
|
systemd_unit_file[]=plymouth-read-write.service|static|
|
|
systemd_unit_file[]=plymouth-reboot.service|static|
|
|
systemd_unit_file[]=plymouth-start.service|static|
|
|
systemd_unit_file[]=plymouth-switch-root.service|static|
|
|
systemd_unit_file[]=plymouth.service|static|
|
|
systemd_unit_file[]=polkitd.service|static|
|
|
systemd_unit_file[]=pollinate.service|enabled|
|
|
systemd_unit_file[]=procps.service|static|
|
|
systemd_unit_file[]=quotaon.service|static|
|
|
systemd_unit_file[]=rc-local.service|static|
|
|
systemd_unit_file[]=rc.local.service|static|
|
|
systemd_unit_file[]=rc.service|masked|
|
|
systemd_unit_file[]=rcS.service|masked|
|
|
systemd_unit_file[]=reboot.service|masked|
|
|
systemd_unit_file[]=rescue.service|static|
|
|
systemd_unit_file[]=resolvconf.service|enabled|
|
|
systemd_unit_file[]=rmnologin.service|masked|
|
|
systemd_unit_file[]=rsync.service|disabled|
|
|
systemd_unit_file[]=rsyslog.service|enabled|
|
|
systemd_unit_file[]=screen-cleanup.service|masked|
|
|
systemd_unit_file[]=sendsigs.service|masked|
|
|
systemd_unit_file[]=serial-getty@.service|disabled|
|
|
systemd_unit_file[]=setvtrgb.service|static|
|
|
systemd_unit_file[]=sigpwr-container-shutdown.service|static|
|
|
systemd_unit_file[]=single.service|masked|
|
|
systemd_unit_file[]=snap.amazon-ssm-agent.amazon-ssm-agent.service|enabled|
|
|
systemd_unit_file[]=snapd.apparmor.service|enabled|
|
|
systemd_unit_file[]=snapd.autoimport.service|enabled|
|
|
systemd_unit_file[]=snapd.core-fixup.service|enabled|
|
|
systemd_unit_file[]=snapd.failure.service|static|
|
|
systemd_unit_file[]=snapd.recovery-chooser-trigger.service|enabled|
|
|
systemd_unit_file[]=snapd.seeded.service|enabled|
|
|
systemd_unit_file[]=snapd.service|enabled|
|
|
systemd_unit_file[]=snapd.snap-repair.service|static|
|
|
systemd_unit_file[]=snapd.system-shutdown.service|enabled|
|
|
systemd_unit_file[]=ssh.service|enabled|
|
|
systemd_unit_file[]=ssh@.service|static|
|
|
systemd_unit_file[]=sshd.service|enabled|
|
|
systemd_unit_file[]=stop-bootlogd-single.service|masked|
|
|
systemd_unit_file[]=stop-bootlogd.service|masked|
|
|
systemd_unit_file[]=syslog.service|enabled|
|
|
systemd_unit_file[]=systemd-ask-password-console.service|static|
|
|
systemd_unit_file[]=systemd-ask-password-plymouth.service|static|
|
|
systemd_unit_file[]=systemd-ask-password-wall.service|static|
|
|
systemd_unit_file[]=systemd-backlight@.service|static|
|
|
systemd_unit_file[]=systemd-binfmt.service|static|
|
|
systemd_unit_file[]=systemd-bootchart.service|disabled|
|
|
systemd_unit_file[]=systemd-bus-proxyd.service|static|
|
|
systemd_unit_file[]=systemd-exit.service|static|
|
|
systemd_unit_file[]=systemd-fsck-root.service|static|
|
|
systemd_unit_file[]=systemd-fsck@.service|static|
|
|
systemd_unit_file[]=systemd-fsckd.service|static|
|
|
systemd_unit_file[]=systemd-halt.service|static|
|
|
systemd_unit_file[]=systemd-hibernate-resume@.service|static|
|
|
systemd_unit_file[]=systemd-hibernate.service|static|
|
|
systemd_unit_file[]=systemd-hostnamed.service|static|
|
|
systemd_unit_file[]=systemd-hwdb-update.service|static|
|
|
systemd_unit_file[]=systemd-hybrid-sleep.service|static|
|
|
systemd_unit_file[]=systemd-initctl.service|static|
|
|
systemd_unit_file[]=systemd-journal-flush.service|static|
|
|
systemd_unit_file[]=systemd-journald.service|static|
|
|
systemd_unit_file[]=systemd-kexec.service|static|
|
|
systemd_unit_file[]=systemd-localed.service|static|
|
|
systemd_unit_file[]=systemd-logind.service|static|
|
|
systemd_unit_file[]=systemd-machine-id-commit.service|static|
|
|
systemd_unit_file[]=systemd-modules-load.service|static|
|
|
systemd_unit_file[]=systemd-networkd-resolvconf-update.service|static|
|
|
systemd_unit_file[]=systemd-networkd-wait-online.service|disabled|
|
|
systemd_unit_file[]=systemd-networkd.service|disabled|
|
|
systemd_unit_file[]=systemd-poweroff.service|static|
|
|
systemd_unit_file[]=systemd-quotacheck.service|static|
|
|
systemd_unit_file[]=systemd-random-seed.service|static|
|
|
systemd_unit_file[]=systemd-reboot.service|static|
|
|
systemd_unit_file[]=systemd-remount-fs.service|static|
|
|
systemd_unit_file[]=systemd-resolved.service|disabled|
|
|
systemd_unit_file[]=systemd-rfkill.service|static|
|
|
systemd_unit_file[]=systemd-suspend.service|static|
|
|
systemd_unit_file[]=systemd-sysctl.service|static|
|
|
systemd_unit_file[]=systemd-timedated.service|static|
|
|
systemd_unit_file[]=systemd-timesyncd.service|enabled|
|
|
systemd_unit_file[]=systemd-tmpfiles-clean.service|static|
|
|
systemd_unit_file[]=systemd-tmpfiles-setup-dev.service|static|
|
|
systemd_unit_file[]=systemd-tmpfiles-setup.service|static|
|
|
systemd_unit_file[]=systemd-udev-settle.service|static|
|
|
systemd_unit_file[]=systemd-udev-trigger.service|static|
|
|
systemd_unit_file[]=systemd-udevd.service|static|
|
|
systemd_unit_file[]=systemd-update-utmp-runlevel.service|static|
|
|
systemd_unit_file[]=systemd-update-utmp.service|static|
|
|
systemd_unit_file[]=systemd-user-sessions.service|static|
|
|
systemd_unit_file[]=udev.service|static|
|
|
systemd_unit_file[]=ufw.service|enabled|
|
|
systemd_unit_file[]=umountfs.service|masked|
|
|
systemd_unit_file[]=umountnfs.service|masked|
|
|
systemd_unit_file[]=umountroot.service|masked|
|
|
systemd_unit_file[]=unattended-upgrades.service|enabled|
|
|
systemd_unit_file[]=urandom.service|static|
|
|
systemd_unit_file[]=ureadahead-stop.service|static|
|
|
systemd_unit_file[]=ureadahead.service|enabled|
|
|
systemd_unit_file[]=user@.service|static|
|
|
systemd_unit_file[]=uuidd.service|indirect|
|
|
systemd_unit_file[]=vgauth.service|enabled|
|
|
systemd_unit_file[]=x11-common.service|masked|
|
|
systemd_unit_file[]=-.slice|static|
|
|
systemd_unit_file[]=machine.slice|static|
|
|
systemd_unit_file[]=system.slice|static|
|
|
systemd_unit_file[]=user.slice|static|
|
|
systemd_unit_file[]=acpid.socket|enabled|
|
|
systemd_unit_file[]=apport-forward.socket|enabled|
|
|
systemd_unit_file[]=dbus.socket|static|
|
|
systemd_unit_file[]=dm-event.socket|enabled|
|
|
systemd_unit_file[]=lvm2-lvmetad.socket|enabled|
|
|
systemd_unit_file[]=lvm2-lvmpolld.socket|enabled|
|
|
systemd_unit_file[]=lxd.socket|enabled|
|
|
systemd_unit_file[]=snapd.socket|enabled|
|
|
systemd_unit_file[]=ssh.socket|disabled|
|
|
systemd_unit_file[]=syslog.socket|static|
|
|
systemd_unit_file[]=systemd-bus-proxyd.socket|static|
|
|
systemd_unit_file[]=systemd-fsckd.socket|static|
|
|
systemd_unit_file[]=systemd-initctl.socket|static|
|
|
systemd_unit_file[]=systemd-journald-audit.socket|static|
|
|
systemd_unit_file[]=systemd-journald-dev-log.socket|static|
|
|
systemd_unit_file[]=systemd-journald.socket|static|
|
|
systemd_unit_file[]=systemd-networkd.socket|disabled|
|
|
systemd_unit_file[]=systemd-rfkill.socket|static|
|
|
systemd_unit_file[]=systemd-udevd-control.socket|static|
|
|
systemd_unit_file[]=systemd-udevd-kernel.socket|static|
|
|
systemd_unit_file[]=uuidd.socket|enabled|
|
|
systemd_unit_file[]=basic.target|static|
|
|
systemd_unit_file[]=bluetooth.target|static|
|
|
systemd_unit_file[]=busnames.target|static|
|
|
systemd_unit_file[]=cloud-config.target|static|
|
|
systemd_unit_file[]=cloud-init.target|static|
|
|
systemd_unit_file[]=cryptsetup-pre.target|static|
|
|
systemd_unit_file[]=cryptsetup.target|static|
|
|
systemd_unit_file[]=ctrl-alt-del.target|disabled|
|
|
systemd_unit_file[]=default.target|static|
|
|
systemd_unit_file[]=emergency.target|static|
|
|
systemd_unit_file[]=exit.target|disabled|
|
|
systemd_unit_file[]=final.target|static|
|
|
systemd_unit_file[]=friendly-recovery.target|static|
|
|
systemd_unit_file[]=getty.target|static|
|
|
systemd_unit_file[]=graphical.target|static|
|
|
systemd_unit_file[]=halt.target|disabled|
|
|
systemd_unit_file[]=hibernate.target|static|
|
|
systemd_unit_file[]=hybrid-sleep.target|static|
|
|
systemd_unit_file[]=initrd-fs.target|static|
|
|
systemd_unit_file[]=initrd-root-fs.target|static|
|
|
systemd_unit_file[]=initrd-switch-root.target|static|
|
|
systemd_unit_file[]=initrd.target|static|
|
|
systemd_unit_file[]=kexec.target|disabled|
|
|
systemd_unit_file[]=local-fs-pre.target|static|
|
|
systemd_unit_file[]=local-fs.target|static|
|
|
systemd_unit_file[]=mail-transport-agent.target|static|
|
|
systemd_unit_file[]=multi-user.target|static|
|
|
systemd_unit_file[]=network-online.target|static|
|
|
systemd_unit_file[]=network-pre.target|static|
|
|
systemd_unit_file[]=network.target|static|
|
|
systemd_unit_file[]=nss-lookup.target|static|
|
|
systemd_unit_file[]=nss-user-lookup.target|static|
|
|
systemd_unit_file[]=paths.target|static|
|
|
systemd_unit_file[]=poweroff.target|disabled|
|
|
systemd_unit_file[]=printer.target|static|
|
|
systemd_unit_file[]=reboot.target|disabled|
|
|
systemd_unit_file[]=remote-fs-pre.target|static|
|
|
systemd_unit_file[]=remote-fs.target|enabled|
|
|
systemd_unit_file[]=rescue.target|disabled|
|
|
systemd_unit_file[]=rpcbind.target|static|
|
|
systemd_unit_file[]=runlevel0.target|disabled|
|
|
systemd_unit_file[]=runlevel1.target|disabled|
|
|
systemd_unit_file[]=runlevel2.target|static|
|
|
systemd_unit_file[]=runlevel3.target|static|
|
|
systemd_unit_file[]=runlevel4.target|static|
|
|
systemd_unit_file[]=runlevel5.target|static|
|
|
systemd_unit_file[]=runlevel6.target|disabled|
|
|
systemd_unit_file[]=shutdown.target|static|
|
|
systemd_unit_file[]=sigpwr.target|static|
|
|
systemd_unit_file[]=sleep.target|static|
|
|
systemd_unit_file[]=slices.target|static|
|
|
systemd_unit_file[]=smartcard.target|static|
|
|
systemd_unit_file[]=sockets.target|static|
|
|
systemd_unit_file[]=sound.target|static|
|
|
systemd_unit_file[]=suspend.target|static|
|
|
systemd_unit_file[]=swap.target|static|
|
|
systemd_unit_file[]=sysinit.target|static|
|
|
systemd_unit_file[]=system-update.target|static|
|
|
systemd_unit_file[]=time-sync.target|static|
|
|
systemd_unit_file[]=timers.target|static|
|
|
systemd_unit_file[]=umount.target|static|
|
|
systemd_unit_file[]=apt-daily-upgrade.timer|enabled|
|
|
systemd_unit_file[]=apt-daily.timer|enabled|
|
|
systemd_unit_file[]=motd-news.timer|enabled|
|
|
systemd_unit_file[]=snapd.snap-repair.timer|enabled|
|
|
systemd_unit_file[]=systemd-tmpfiles-clean.timer|static|
|
|
systemd_unit_file[]=ureadahead-stop.timer|static|
|
|
journal_bootlogs=1
|
|
journal_oldest_bootdate=2021-01-07
|
|
journal_contains_errors=0
|
|
journal_disk_size=2.4M
|
|
journal_meta_data=FilePath:/run/log/journal/ee5771b00ec04b1b8f5bcfc53913337c/system.journal,FileID:6e8251ed89cd4d36bf718ce8c1005b85,MachineID:ee5771b00ec04b1b8f5bcfc53913337c,BootID:171fe1399d5b4998bf61143fccc62fd1,SequentialNumberID:b09646e46b1b433a81c7b0cc151392f0,State:ONLINE,CompatibleFlags:,IncompatibleFlags:COMPRESSED-XZ,Headersize:240,Arenasize:1298192,DataHashTableSize:2254,FieldHashTableSize:333,RotateSuggested:no,HeadSequentialNumber:821,TailSequentialNumber:1172,HeadRealtimeTimestamp:Thu2021-01-0717:38:54UTC,TailRealtimeTimestamp:Thu2021-01-0717:43:02UTC,TailMonotonicTimestamp:4min41.436s,Objects:1783,EntryObjects:352,DataObjects:881,DataHashTableFill:39.1%,FieldObjects:47,FieldHashTableFill:14.1%,TagObjects:0,EntryArrayObjects:501,Diskusage:1.2M,|,FilePath:/run/log/journal/ee5771b00ec04b1b8f5bcfc53913337c/system@b09646e46b1b433a81c7b0cc151392f0-0000000000000001-0005b852e844eb75.journal,FileID:b09646e46b1b433a81c7b0cc151392f0,MachineID:ee5771b00ec04b1b8f5bcfc53913337c,BootID:171fe1399d5b4998bf61143fccc62fd1,SequentialNumberID:b09646e46b1b433a81c7b0cc151392f0,State:ARCHIVED,CompatibleFlags:,IncompatibleFlags:COMPRESSED-XZ,Headersize:240,Arenasize:1298192,DataHashTableSize:2254,FieldHashTableSize:333,RotateSuggested:yes,HeadSequentialNumber:1,TailSequentialNumber:820,HeadRealtimeTimestamp:Thu2021-01-0717:38:27UTC,TailRealtimeTimestamp:Thu2021-01-0717:38:54UTC,TailMonotonicTimestamp:32.744s,Objects:3035,EntryObjects:820,DataObjects:1692,DataHashTableFill:75.1%,FieldObjects:50,FieldHashTableFill:15.0%,TagObjects:0,EntryArrayObjects:471,Diskusage:1.2M,
|
|
systemd_status=running
|
|
systemd_unit_not_found[]=org.freedesktop.network1.busname
|
|
systemd_unit_not_found[]=org.freedesktop.resolve1.busname
|
|
systemd_unit_not_found[]=tmp.mount
|
|
systemd_unit_not_found[]=auditd.service
|
|
systemd_unit_not_found[]=console-screen.service
|
|
systemd_unit_not_found[]=display-manager.service
|
|
systemd_unit_not_found[]=hv_kvp_daemon.service
|
|
systemd_unit_not_found[]=kbd.service
|
|
systemd_unit_not_found[]=lvm2-activation.service
|
|
systemd_unit_not_found[]=lxc.service
|
|
systemd_unit_not_found[]=NetworkManager.service
|
|
systemd_unit_not_found[]=openvswitch-switch.service
|
|
systemd_unit_not_found[]=sshd-keygen.service
|
|
systemd_unit_not_found[]=systemd-sysusers.service
|
|
systemd_unit_not_found[]=systemd-update-done.service
|
|
systemd_unit_not_found[]=systemd-vconsole-setup.service
|
|
systemd_service_not_found[]=auditd.service
|
|
systemd_service_not_found[]=console-screen.service
|
|
systemd_service_not_found[]=display-manager.service
|
|
systemd_service_not_found[]=hv_kvp_daemon.service
|
|
systemd_service_not_found[]=kbd.service
|
|
systemd_service_not_found[]=lvm2-activation.service
|
|
systemd_service_not_found[]=lxc.service
|
|
systemd_service_not_found[]=NetworkManager.service
|
|
systemd_service_not_found[]=openvswitch-switch.service
|
|
systemd_service_not_found[]=sshd-keygen.service
|
|
systemd_service_not_found[]=systemd-sysusers.service
|
|
systemd_service_not_found[]=systemd-update-done.service
|
|
systemd_service_not_found[]=systemd-vconsole-setup.service
|
|
journal_coredumps_lastday=0
|
|
plugins_enabled=1
|
|
hostid=2b680bf64349a88b2b29a98612a45e3467411a68
|
|
hostid2=5c8c862077c5595e1583a584f2925eb0b9a0f4ed9a9610ad1e55eaa49c88d227
|
|
suggestion[]=BOOT-5122|Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password)|-|-|
|
|
running_service_tool=systemctl
|
|
running_service[]=accounts-daemon
|
|
running_service[]=acpid
|
|
running_service[]=atd
|
|
running_service[]=cron
|
|
running_service[]=dbus
|
|
running_service[]=getty@tty1
|
|
running_service[]=iscsid
|
|
running_service[]=lvm2-lvmetad
|
|
running_service[]=lxcfs
|
|
running_service[]=mdadm
|
|
running_service[]=polkitd
|
|
running_service[]=rsyslog
|
|
running_service[]=serial-getty@ttyS0
|
|
running_service[]=snap.amazon-ssm-agent.amazon-ssm-agent
|
|
running_service[]=snapd
|
|
running_service[]=ssh
|
|
running_service[]=systemd-journald
|
|
running_service[]=systemd-logind
|
|
running_service[]=systemd-resolved
|
|
running_service[]=systemd-timesyncd
|
|
running_service[]=systemd-udevd
|
|
running_service[]=unattended-upgrades
|
|
running_service[]=user@1000
|
|
boot_service_tool=systemctl
|
|
boot_service[]=accounts-daemon
|
|
boot_service[]=atd
|
|
boot_service[]=autovt@
|
|
boot_service[]=cloud-config
|
|
boot_service[]=cloud-final
|
|
boot_service[]=cloud-init-local
|
|
boot_service[]=cloud-init
|
|
boot_service[]=cron
|
|
boot_service[]=getty@
|
|
boot_service[]=iscsi
|
|
boot_service[]=iscsid
|
|
boot_service[]=lvm2-monitor
|
|
boot_service[]=lxcfs
|
|
boot_service[]=lxd-containers
|
|
boot_service[]=networking
|
|
boot_service[]=open-iscsi
|
|
boot_service[]=open-vm-tools
|
|
boot_service[]=pollinate
|
|
boot_service[]=resolvconf
|
|
boot_service[]=rsyslog
|
|
boot_service[]=snap.amazon-ssm-agent.amazon-ssm-agent
|
|
boot_service[]=snapd.apparmor
|
|
boot_service[]=snapd.autoimport
|
|
boot_service[]=snapd.core-fixup
|
|
boot_service[]=snapd.recovery-chooser-trigger
|
|
boot_service[]=snapd.seeded
|
|
boot_service[]=snapd
|
|
boot_service[]=snapd.system-shutdown
|
|
boot_service[]=ssh
|
|
boot_service[]=sshd
|
|
boot_service[]=syslog
|
|
boot_service[]=systemd-timesyncd
|
|
boot_service[]=ufw
|
|
boot_service[]=unattended-upgrades
|
|
boot_service[]=ureadahead
|
|
boot_service[]=vgauth
|
|
uptime_in_seconds=308
|
|
uptime_in_days=0
|
|
boot_loader=GRUB2
|
|
boot_uefi_booted=0
|
|
boot_uefi_booted_secure=0
|
|
service_manager=systemd
|
|
linux_default_runlevel=5
|
|
cpu_pae=1
|
|
cpu_nx=1
|
|
linux_kernel_release=4.4.0-1117-aws
|
|
linux_kernel_version=#131-Ubuntu SMP Tue Oct 6 20:45:33 UTC 2020
|
|
linux_kernel_type=modular
|
|
loaded_kernel_module[]=ablk_helper
|
|
loaded_kernel_module[]=aes_x86_64
|
|
loaded_kernel_module[]=aesni_intel
|
|
loaded_kernel_module[]=async_memcpy
|
|
loaded_kernel_module[]=async_pq
|
|
loaded_kernel_module[]=async_raid6_recov
|
|
loaded_kernel_module[]=async_tx
|
|
loaded_kernel_module[]=async_xor
|
|
loaded_kernel_module[]=autofs4
|
|
loaded_kernel_module[]=binfmt_misc
|
|
loaded_kernel_module[]=btrfs
|
|
loaded_kernel_module[]=crc32_pclmul
|
|
loaded_kernel_module[]=crct10dif_pclmul
|
|
loaded_kernel_module[]=cryptd
|
|
loaded_kernel_module[]=gf128mul
|
|
loaded_kernel_module[]=ghash_clmulni_intel
|
|
loaded_kernel_module[]=glue_helper
|
|
loaded_kernel_module[]=ib_addr
|
|
loaded_kernel_module[]=ib_cm
|
|
loaded_kernel_module[]=ib_core
|
|
loaded_kernel_module[]=ib_iser
|
|
loaded_kernel_module[]=ib_mad
|
|
loaded_kernel_module[]=ib_sa
|
|
loaded_kernel_module[]=inet_diag
|
|
loaded_kernel_module[]=ip_tables
|
|
loaded_kernel_module[]=iptable_filter
|
|
loaded_kernel_module[]=iptable_nat
|
|
loaded_kernel_module[]=iscsi_tcp
|
|
loaded_kernel_module[]=iw_cm
|
|
loaded_kernel_module[]=libcrc32c
|
|
loaded_kernel_module[]=libiscsi
|
|
loaded_kernel_module[]=libiscsi_tcp
|
|
loaded_kernel_module[]=linear
|
|
loaded_kernel_module[]=lrw
|
|
loaded_kernel_module[]=msdos
|
|
loaded_kernel_module[]=multipath
|
|
loaded_kernel_module[]=nf_conntrack
|
|
loaded_kernel_module[]=nf_conntrack_ipv4
|
|
loaded_kernel_module[]=nf_defrag_ipv4
|
|
loaded_kernel_module[]=nf_nat
|
|
loaded_kernel_module[]=nf_nat_ipv4
|
|
loaded_kernel_module[]=raid0
|
|
loaded_kernel_module[]=raid1
|
|
loaded_kernel_module[]=raid10
|
|
loaded_kernel_module[]=raid456
|
|
loaded_kernel_module[]=raid6_pq
|
|
loaded_kernel_module[]=rdma_cm
|
|
loaded_kernel_module[]=scsi_transport_iscsi
|
|
loaded_kernel_module[]=serio_raw
|
|
loaded_kernel_module[]=tcp_diag
|
|
loaded_kernel_module[]=udp_diag
|
|
loaded_kernel_module[]=ufs
|
|
loaded_kernel_module[]=x_tables
|
|
loaded_kernel_module[]=xfs
|
|
loaded_kernel_module[]=xor
|
|
linux_config_file=/boot/config-4.4.0-1117-aws
|
|
linux_kernel_io_scheduler[]=deadline
|
|
suggestion[]=KRNL-5820|If not required, consider explicit disabling of core dump in /etc/security/limits.conf file|-|-|
|
|
warning[]=KRNL-5830|Reboot of system is most likely needed||text:reboot|
|
|
memory_size=1014400
|
|
memory_units=kB
|
|
auth_group_ids_unique=1
|
|
auth_group_names_unique=1
|
|
suggestion[]=AUTH-9230|Configure password hashing rounds in /etc/login.defs|-|-|
|
|
real_user[]=root,0
|
|
real_user[]=ubuntu,1000
|
|
suggestion[]=AUTH-9262|Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc|-|-|
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_access.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_debug.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_deny.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_echo.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_env.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_exec.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_extrausers.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_faildelay.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_filter.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_ftp.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_group.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_issue.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_keyinit.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_lastlog.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_limits.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_listfile.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_localuser.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_loginuid.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_mail.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_mkhomedir.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_motd.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_namespace.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_nologin.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_permit.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_pwhistory.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_rhosts.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_rootok.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_securetty.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_selinux.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_sepermit.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_shells.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_stress.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_succeed_if.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_systemd.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_tally.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_tally2.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_time.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_timestamp.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_tty_audit.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_umask.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_unix.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_userdb.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_warn.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_wheel.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_xauth.so
|
|
locked_account[]=ubuntu
|
|
suggestion[]=AUTH-9284|Look at the locked accounts and consider removing them|-|-|
|
|
suggestion[]=AUTH-9286|Configure minimum password age in /etc/login.defs|-|-|
|
|
suggestion[]=AUTH-9286|Configure maximum password age in /etc/login.defs|-|-|
|
|
manual_event[]=AUTH-9328:03
|
|
suggestion[]=AUTH-9328|Default umask in /etc/login.defs could be more strict like 027|-|-|
|
|
suggestion[]=AUTH-9328|Default umask in /etc/init.d/rc could be more strict like 027|-|-|
|
|
auth_failed_logins_tooling[]=/etc/login.defs
|
|
auth_failed_logins_logged=1
|
|
ldap_auth_enabled=0
|
|
ldap_pam_enabled=0
|
|
password_min_days=-1
|
|
password_max_days=-1
|
|
available_shell[]=/bin/sh
|
|
available_shell[]=/bin/dash
|
|
available_shell[]=/bin/bash
|
|
available_shell[]=/bin/rbash
|
|
available_shell[]=/usr/bin/tmux
|
|
available_shell[]=/usr/bin/screen
|
|
session_timeout_enabled=0
|
|
suggestion[]=FILE-6310|To decrease the impact of a full /home file system, place /home on a separate partition|-|-|
|
|
suggestion[]=FILE-6310|To decrease the impact of a full /tmp file system, place /tmp on a separate partition|-|-|
|
|
suggestion[]=FILE-6310|To decrease the impact of a full /var file system, place /var on a separate partition|-|-|
|
|
file_systems_ext[]=/|ext4|
|
|
locate_db=/var/lib/mlocate/mlocate.db
|
|
suggestion[]=FILE-6430|Consider disabling unused kernel modules|/etc/modprobe.d/blacklist.conf|Add 'install MODULENAME /bin/true' (without quotes)|
|
|
suggestion[]=USB-1000|Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft|-|-|
|
|
resolv_conf_search_domain[]=ec2.internal
|
|
domainname=ec2.internal
|
|
suggestion[]=NAME-4404|Add the IP name and FQDN to /etc/hosts for proper name resolving|-|-|
|
|
localhost-mapped-to=::1
|
|
name_cache_used=0
|
|
package_manager[]=dpkg
|
|
installed_packages=459
|
|
suggestion[]=PKGS-7370|Install debsums utility for the verification of packages with known good database.|-|-|
|
|
suggestion[]=PKGS-7394|Install package apt-show-versions for patch management purposes|-|-|
|
|
installed_kernel_packages=2
|
|
unattended_upgrade_tool[]=unattended-upgrade
|
|
unattended_upgrade_option_available=1
|
|
ipv6_mode=auto
|
|
ipv6_only=0
|
|
nameserver[]=172.31.0.2
|
|
warning[]=NETW-2705|Couldn't find 2 responsive nameservers|-|-|
|
|
suggestion[]=NETW-2705|Check your resolv.conf file and fill in a backup nameserver if possible|-|-|
|
|
default_gateway[]=172.31.48.1
|
|
network_interface[]=lo
|
|
network_interface[]=eth0
|
|
network_mac_address[]=06:21:8f:97:bf:41
|
|
network_ipv4_address[]=172.31.54.18
|
|
network_ipv4_address[]=127.0.0.1
|
|
network_ipv6_address[]=fe80::421:8fff:fe97:bf41/64
|
|
network_ipv6_address[]=::1/128
|
|
network_listen[]=raw,ss,v1|udp|*:5355|systemd-resolve|
|
|
network_listen[]=raw,ss,v1|udp|*:68|dhclient|
|
|
network_listen[]=raw,ss,v1|udp|:::5355|systemd-resolve|
|
|
network_listen[]=raw,ss,v1|tcp|*:5355|systemd-resolve|
|
|
network_listen[]=raw,ss,v1|tcp|*:22|sshd|
|
|
network_listen[]=raw,ss,v1|tcp|:::5355|systemd-resolve|
|
|
network_listen[]=raw,ss,v1|tcp|:::22|sshd|
|
|
suggestion[]=NETW-3200|Determine if protocol 'dccp' is really needed on this system|-|-|
|
|
uncommon_network_protocol_enabled=dccp
|
|
suggestion[]=NETW-3200|Determine if protocol 'sctp' is really needed on this system|-|-|
|
|
uncommon_network_protocol_enabled=sctp
|
|
suggestion[]=NETW-3200|Determine if protocol 'rds' is really needed on this system|-|-|
|
|
uncommon_network_protocol_enabled=rds
|
|
suggestion[]=NETW-3200|Determine if protocol 'tipc' is really needed on this system|-|-|
|
|
uncommon_network_protocol_enabled=tipc
|
|
imap_daemon=
|
|
pop3_daemon=
|
|
smtp_daemon=
|
|
firewall_software[]=iptables
|
|
warning[]=FIRE-4512|iptables module(s) loaded, but no rules active|-|-|
|
|
firewall_no_logging[]=iptables
|
|
manual[]=Verify if there is a formal process for testing and applying firewall rules
|
|
manual[]=Verify all traffic is filtered the right way between the different security zones
|
|
manual[]=Verify if a list is available with all required services
|
|
manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|AllowTcpForwarding (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option AllowTcpForwarding;field:AllowTcpForwarding;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|ClientAliveCountMax (set 3 to 2)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option ClientAliveCountMax;field:ClientAliveCountMax;prefval:2;value:3;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Compression (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option Compression;field:Compression;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|LogLevel (set INFO to VERBOSE)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option LogLevel;field:LogLevel;prefval:VERBOSE;value:INFO;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|MaxAuthTries (set 6 to 3)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option MaxAuthTries;field:MaxAuthTries;prefval:3;value:6;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|MaxSessions (set 10 to 2)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option MaxSessions;field:MaxSessions;prefval:2;value:10;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Port (set 22 to )|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option Port;field:Port;prefval:;value:22;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|TCPKeepAlive (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option TCPKeepAlive;field:TCPKeepAlive;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|X11Forwarding (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option X11Forwarding;field:X11Forwarding;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|AllowAgentForwarding (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option AllowAgentForwarding;field:AllowAgentForwarding;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|UsePrivilegeSeparation (set YES to SANDBOX)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option UsePrivilegeSeparation;field:UsePrivilegeSeparation;prefval:SANDBOX;value:YES;|
|
|
ssh_daemon_running=1
|
|
openssh_daemon_running=1
|
|
syslog_daemon_present=1
|
|
syslog_daemon[]=systemd-journal
|
|
syslog_daemon_present=1
|
|
syslog_daemon[]=rsyslog
|
|
log_directory[]=/var/log
|
|
log_directory[]=/var/log/apt
|
|
log_directory[]=/var/log/lxd
|
|
log_directory[]=/var/log/unattended-upgrades
|
|
remote_syslog_configured=0
|
|
suggestion[]=LOGG-2154|Enable logging to an external logging host for archiving purposes and additional protection|-|-|
|
|
log_directory[]=/var/log
|
|
deleted_file[]=/usr/bin/python3.5(unattende)
|
|
suggestion[]=LOGG-2190|Check what deleted files are still in use and why.|-|-|
|
|
open_empty_log_file[]=unattende,/var/log/unattended-upgrades/unattended-upgrades-shutdown.log
|
|
log_rotation_config_found=1
|
|
log_rotation_tool=logrotate
|
|
suggestion[]=BANN-7126|Add a legal banner to /etc/issue, to warn unauthorized users|-|-|
|
|
weak_banner_file[]=/etc/issue
|
|
suggestion[]=BANN-7130|Add legal banner to /etc/issue.net, to warn unauthorized users|-|-|
|
|
crond_running=1
|
|
scheduler[]=crond
|
|
cronjob[]=17,*,*,*,*,root,cd,/,&&,run-parts,--report,/etc/cron.hourly
|
|
cronjob[]=25,6,*,*,*,root,test,-x,/usr/sbin/anacron,||,(,cd,/,&&,run-parts,--report,/etc/cron.daily,)
|
|
cronjob[]=47,6,*,*,7,root,test,-x,/usr/sbin/anacron,||,(,cd,/,&&,run-parts,--report,/etc/cron.weekly,)
|
|
cronjob[]=52,6,1,*,*,root,test,-x,/usr/sbin/anacron,||,(,cd,/,&&,run-parts,--report,/etc/cron.monthly,)
|
|
cronjob[]=/etc/cron.d/mdadm
|
|
cronjob[]=/etc/cron.d/popularity-contest
|
|
cronjob[]=/etc/cron.daily/update-notifier-common
|
|
cronjob[]=/etc/cron.daily/man-db
|
|
cronjob[]=/etc/cron.daily/dpkg
|
|
cronjob[]=/etc/cron.daily/passwd
|
|
cronjob[]=/etc/cron.daily/mdadm
|
|
cronjob[]=/etc/cron.daily/apt-compat
|
|
cronjob[]=/etc/cron.daily/mlocate
|
|
cronjob[]=/etc/cron.daily/logrotate
|
|
cronjob[]=/etc/cron.daily/apport
|
|
cronjob[]=/etc/cron.daily/bsdmainutils
|
|
cronjob[]=/etc/cron.daily/popularity-contest
|
|
cronjob[]=/etc/cron.weekly/update-notifier-common
|
|
cronjob[]=/etc/cron.weekly/man-db
|
|
cronjob[]=/etc/cron.weekly/fstrim
|
|
scheduler[]=atd
|
|
suggestion[]=ACCT-9622|Enable process accounting|-|-|
|
|
suggestion[]=ACCT-9626|Enable sysstat to collect accounting (no results)|-|-|
|
|
suggestion[]=ACCT-9628|Enable auditd to collect audit information|-|-|
|
|
linux_auditd_running=0
|
|
audit_daemon_running=0
|
|
tz_variable_empty=1
|
|
ntp_config_found=0
|
|
ntp_config_type_daemon=0
|
|
ntp_config_type_eventbased=0
|
|
ntp_config_type_scheduled=0
|
|
ntp_config_type_startup=0
|
|
ntp_daemon=
|
|
ntp_daemon_running=0
|
|
certificate[]=/etc/ssl/certs/ca-certificates.crt|0|cn:ACCVRAIZ1;notafter:Dec 31 09:37:37 2030 GMT;|
|
|
certificates=139
|
|
kernel_entropy=268
|
|
rng_found=0
|
|
apparmor_enabled=1
|
|
apparmor_policy_loaded=1
|
|
framework_grsecurity=0
|
|
framework_selinux=0
|
|
suggestion[]=FINT-4350|Install a file integrity tool to monitor changes to critical and sensitive files|-|-|
|
|
suggestion[]=TOOL-5002|Determine if automation tools are present for system management|-|-|
|
|
automation_tool_present=0
|
|
malware_scanner_installed=0
|
|
suggestion[]=FILE-7524|Consider restricting file permissions|See screen output or log file|text:Use chmod to change file permissions|
|
|
home_directory[]=/bin
|
|
home_directory[]=/dev
|
|
home_directory[]=/home/ubuntu
|
|
home_directory[]=/root
|
|
home_directory[]=/run/systemd
|
|
home_directory[]=/run/systemd/netif
|
|
home_directory[]=/run/systemd/resolve
|
|
home_directory[]=/run/uuidd
|
|
home_directory[]=/usr/games
|
|
home_directory[]=/usr/sbin
|
|
home_directory[]=/var/backups
|
|
home_directory[]=/var/cache/man
|
|
home_directory[]=/var/cache/pollinate
|
|
home_directory[]=/var/lib/lxd/
|
|
home_directory[]=/var/lib/misc
|
|
home_directory[]=/var/mail
|
|
home_directory[]=/var/run/dbus
|
|
home_directory[]=/var/run/sshd
|
|
suggestion[]=HOME-9304|Double check the permissions of home directories as some might be not strict enough.|-|-|
|
|
details[]=KRNL-6000|sysctl|desc:Disable loading of TTY line disciplines;field:dev.tty.ldisc_autoload;prefval:0;value:1;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict FIFO special device creation behavior;field:fs.protected_fifos;prefval:2;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict regular files creation behavior;field:fs.protected_regular;prefval:2;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict core dumps;field:fs.suid_dumpable;prefval:0;value:2;|
|
|
details[]=KRNL-6000|sysctl|desc:No description;field:kernel.core_uses_pid;prefval:1;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict use of dmesg;field:kernel.dmesg_restrict;prefval:1;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict access to kernel symbols;field:kernel.kptr_restrict;prefval:2;value:1;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict module loading once this sysctl value is loaded;field:kernel.modules_disabled;prefval:1;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict unprivileged access to the perf_event_open() system call.;field:kernel.perf_event_paranoid;prefval:3;value:1;|
|
|
details[]=KRNL-6000|sysctl|desc:Disable magic SysRQ;field:kernel.sysrq;prefval:0;value:176;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict BPF for unprivileged users;field:kernel.unprivileged_bpf_disabled;prefval:1;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Hardened BPF JIT compilation;field:net.core.bpf_jit_harden;prefval:2;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Disable/Ignore ICMP routing redirects;field:net.ipv4.conf.all.accept_redirects;prefval:0;value:1;|
|
|
details[]=KRNL-6000|sysctl|desc:Log all packages for which the host does not have a path back to the source;field:net.ipv4.conf.all.log_martians;prefval:1;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Disable/Ignore ICMP routing redirects;field:net.ipv4.conf.all.send_redirects;prefval:0;value:1;|
|
|
details[]=KRNL-6000|sysctl|desc:Disable/Ignore ICMP routing redirects;field:net.ipv4.conf.default.accept_redirects;prefval:0;value:1;|
|
|
details[]=KRNL-6000|sysctl|desc:Disable IP source routing;field:net.ipv4.conf.default.accept_source_route;prefval:0;value:1;|
|
|
details[]=KRNL-6000|sysctl|desc:Log all packages for which the host does not have a path back to the source;field:net.ipv4.conf.default.log_martians;prefval:1;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Disable/Ignore ICMP routing redirects;field:net.ipv6.conf.all.accept_redirects;prefval:0;value:1;|
|
|
details[]=KRNL-6000|sysctl|desc:Disable/Ignore ICMP routing redirects;field:net.ipv6.conf.default.accept_redirects;prefval:0;value:1;|
|
|
suggestion[]=KRNL-6000|One or more sysctl values differ from the scan profile and could be tweaked||Change sysctl value or disable test (skip-test=KRNL-6000:<sysctl-key>)|
|
|
suggestion[]=HRDN-7230|Harden the system by installing at least one malware scanner, to perform periodic file system scans|-|Install a tool like rkhunter, chkrootkit, OSSEC|
|
|
compiler_installed=0
|
|
lynis_tests_done=260
|
|
report_datetime_end=2021-01-07 17:43:48
|
|
dhcp_client_running=1
|
|
arpwatch_running=0
|
|
firewall_active=1
|
|
firewall_empty_ruleset=1
|
|
firewall_installed=1
|
|
installed_packages_array=|accountsservice,0.6.40-2ubuntu11.6|acl,2.2.52-3|acpid,1:2.0.26-1ubuntu2|adduser,3.113+nmu3ubuntu4|apparmor,2.10.95-0ubuntu2.11|apport,2.20.1-0ubuntu2.28|apport-symptoms,0.20|apt,1.2.32ubuntu0.2|apt-transport-https,1.2.32ubuntu0.2|apt-utils,1.2.32ubuntu0.2|at,3.1.18-2ubuntu1|base-files,9.4ubuntu4.13|base-passwd,3.5.39|bash,4.3-14ubuntu1.4|bash-completion,1:2.1-4.2ubuntu1.1|bcache-tools,1.0.8-2|bind9-host,1:9.10.3.dfsg.P4-8ubuntu1.17|bsdmainutils,9.0.6ubuntu3|bsdutils,1:2.27.1-6ubuntu3.10|btrfs-tools,4.4-1ubuntu1.1|busybox-initramfs,1:1.22.0-15ubuntu1.4|busybox-static,1:1.22.0-15ubuntu1.4|byobu,5.106-0ubuntu1|bzip2,1.0.6-8ubuntu0.2|ca-certificates,20201027ubuntu0.16.04.1|cloud-guest-utils,0.27-0ubuntu25.2|cloud-init,20.4-0ubuntu1~16.04.1|cloud-initramfs-copymods,0.27ubuntu1.6|cloud-initramfs-dyn-netconf,0.27ubuntu1.6|command-not-found,0.3ubuntu16.04.2|command-not-found-data,0.3ubuntu16.04.2|console-setup,1.108ubuntu15.5|console-setup-linux,1.108ubuntu15.5|coreutils,8.25-2ubuntu3~16.04|cpio,2.11+dfsg-5ubuntu1.1|cron,3.0pl1-128ubuntu2|cryptsetup,2:1.6.6-5ubuntu2.1|cryptsetup-bin,2:1.6.6-5ubuntu2.1|curl,7.47.0-1ubuntu2.18|dash,0.5.8-2.1ubuntu2|dbus,1.10.6-1ubuntu3.6|debconf,1.5.58ubuntu2|debconf-i18n,1.5.58ubuntu2|debianutils,4.7|dh-python,2.20151103ubuntu1.2|diffutils,1:3.3-3|distro-info-data,0.28ubuntu0.16|dmeventd,2:1.02.110-1ubuntu10|dmidecode,3.0-2ubuntu0.2|dmsetup,2:1.02.110-1ubuntu10|dns-root-data,2018013001~16.04.1|dnsmasq-base,2.75-1ubuntu0.16.04.5|dnsutils,1:9.10.3.dfsg.P4-8ubuntu1.17|dosfstools,3.0.28-2ubuntu0.1|dpkg,1.18.4ubuntu1.6|e2fslibs:amd64,1.42.13-1ubuntu1.2|e2fsprogs,1.42.13-1ubuntu1.2|eatmydata,105-3|ed,1.10-2|eject,2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1|ethtool,1:4.5-1|file,1:5.25-2ubuntu1.4|findutils,4.6.0+git+20160126-2|fonts-ubuntu-font-family-console,1:0.83-0ubuntu2|friendly-recovery,0.2.31ubuntu2.1|ftp,0.17-33|fuse,2.9.4-1ubuntu3.1|gawk,1:4.1.3+dfsg-0.1|gcc-5-base:amd64,5.4.0-6ubuntu1~16.04.12|gcc-6-base:amd64,6.0.1-0ubuntu1|gdisk,1.0.1-1build1|geoip-database,20160408-1|gettext-base,0.19.7-2ubuntu3.1|gir1.2-glib-2.0:amd64,1.46.0-3ubuntu1|git,1:2.7.4-0ubuntu1.9|git-man,1:2.7.4-0ubuntu1.9|gnupg,1.4.20-1ubuntu3.3|gpgv,1.4.20-1ubuntu3.3|grep,2.25-1~16.04.1|groff-base,1.22.3-7|grub-common,2.02~beta2-36ubuntu3.29|grub-gfxpayload-lists,0.7|grub-legacy-ec2,20.4-0ubuntu1~16.04.1|grub-pc,2.02~beta2-36ubuntu3.29|grub-pc-bin,2.02~beta2-36ubuntu3.29|grub2-common,2.02~beta2-36ubuntu3.29|gzip,1.6-4ubuntu1|hdparm,9.48+ds-1ubuntu0.1|hibagent,1.0.1-0ubuntu1~16.04.1|host,1:9.10.3.dfsg.P4-8ubuntu1.17|hostname,3.16ubuntu2|ifenslave,2.7ubuntu1|ifupdown,0.8.10ubuntu1.4|info,6.1.0.dfsg.1-5|init,1.29ubuntu4|init-system-helpers,1.29ubuntu4|initramfs-tools,0.122ubuntu8.17|initramfs-tools-bin,0.122ubuntu8.17|initramfs-tools-core,0.122ubuntu8.17|initscripts,2.88dsf-59.3ubuntu2|insserv,1.14.0-5ubuntu3|install-info,6.1.0.dfsg.1-5|iproute2,4.3.0-1ubuntu3.16.04.5|iptables,1.6.0-2ubuntu3|iputils-ping,3:20121221-5ubuntu2|iputils-tracepath,3:20121221-5ubuntu2|irqbalance,1.1.0-2ubuntu1|isc-dhcp-client,4.3.3-5ubuntu12.10|isc-dhcp-common,4.3.3-5ubuntu12.10|iso-codes,3.65-1|kbd,1.15.5-1ubuntu5|keyboard-configuration,1.108ubuntu15.5|klibc-utils,2.0.4-8ubuntu1.16.04.4|kmod,22-1ubuntu5.2|krb5-locales,1.13.2+dfsg-5ubuntu2.2|language-selector-common,0.165.4|less,481-2.1ubuntu0.2|libaccountsservice0:amd64,0.6.40-2ubuntu11.6|libacl1:amd64,2.2.52-3|libapparmor-perl,2.10.95-0ubuntu2.11|libapparmor1:amd64,2.10.95-0ubuntu2.11|libapt-inst2.0:amd64,1.2.32ubuntu0.2|libapt-pkg5.0:amd64,1.2.32ubuntu0.2|libasn1-8-heimdal:amd64,1.7~git20150920+dfsg-4ubuntu1.16.04.1|libasprintf0v5:amd64,0.19.7-2ubuntu3.1|libatm1:amd64,1:2.5.1-1.5|libattr1:amd64,1:2.4.47-2|libaudit-common,1:2.4.5-1ubuntu2.1|libaudit1:amd64,1:2.4.5-1ubuntu2.1|libbind9-140:amd64,1:9.10.3.dfsg.P4-8ubuntu1.17|libblkid1:amd64,2.27.1-6ubuntu3.10|libbsd0:amd64,0.8.2-1ubuntu0.1|libbz2-1.0:amd64,1.0.6-8ubuntu0.2|libc-bin,2.23-0ubuntu11.2|libc6:amd64,2.23-0ubuntu11.2|libcap-ng0:amd64,0.7.7-1|libcap2-bin,1:2.24-12|libcap2:amd64,1:2.24-12|libcomerr2:amd64,1.42.13-1ubuntu1.2|libcryptsetup4:amd64,2:1.6.6-5ubuntu2.1|libcurl3-gnutls:amd64,7.47.0-1ubuntu2.18|libdb5.3:amd64,5.3.28-11ubuntu0.2|libdbus-1-3:amd64,1.10.6-1ubuntu3.6|libdbus-glib-1-2:amd64,0.106-1|libdebconfclient0:amd64,0.198ubuntu1|libdevmapper-event1.02.1:amd64,2:1.02.110-1ubuntu10|libdevmapper1.02.1:amd64,2:1.02.110-1ubuntu10|libdns-export162,1:9.10.3.dfsg.P4-8ubuntu1.17|libdns162:amd64,1:9.10.3.dfsg.P4-8ubuntu1.17|libdrm-common,2.4.91-2~16.04.1|libdrm2:amd64,2.4.91-2~16.04.1|libdumbnet1:amd64,1.12-7|libeatmydata1:amd64,105-3|libedit2:amd64,3.1-20150325-1ubuntu2|libelf1:amd64,0.165-3ubuntu1.2|liberror-perl,0.17-1.2|libestr0,0.1.10-1|libevent-2.0-5:amd64,2.0.21-stable-2ubuntu0.16.04.1|libexpat1:amd64,2.1.0-7ubuntu0.16.04.5|libfdisk1:amd64,2.27.1-6ubuntu3.10|libffi6:amd64,3.2.1-4|libfreetype6:amd64,2.6.1-0.1ubuntu2.5|libfribidi0:amd64,0.19.7-1|libfuse2:amd64,2.9.4-1ubuntu3.1|libgcc1:amd64,1:6.0.1-0ubuntu1|libgcrypt20:amd64,1.6.5-2ubuntu0.6|libgdbm3:amd64,1.8.3-13.1|libgeoip1:amd64,1.6.9-1|libgirepository-1.0-1:amd64,1.46.0-3ubuntu1|libglib2.0-0:amd64,2.48.2-0ubuntu4.6|libglib2.0-data,2.48.2-0ubuntu4.6|libgmp10:amd64,2:6.1.0+dfsg-2|libgnutls-openssl27:amd64,3.4.10-4ubuntu1.8|libgnutls30:amd64,3.4.10-4ubuntu1.8|libgpg-error0:amd64,1.21-2ubuntu1|libgpm2:amd64,1.20.4-6.1|libgssapi-krb5-2:amd64,1.13.2+dfsg-5ubuntu2.2|libgssapi3-heimdal:amd64,1.7~git20150920+dfsg-4ubuntu1.16.04.1|libhcrypto4-heimdal:amd64,1.7~git20150920+dfsg-4ubuntu1.16.04.1|libheimbase1-heimdal:amd64,1.7~git20150920+dfsg-4ubuntu1.16.04.1|libheimntlm0-heimdal:amd64,1.7~git20150920+dfsg-4ubuntu1.16.04.1|libhogweed4:amd64,3.2-1ubuntu0.16.04.1|libhx509-5-heimdal:amd64,1.7~git20150920+dfsg-4ubuntu1.16.04.1|libicu55:amd64,55.1-7ubuntu0.5|libidn11:amd64,1.32-3ubuntu1.2|libisc-export160,1:9.10.3.dfsg.P4-8ubuntu1.17|libisc160:amd64,1:9.10.3.dfsg.P4-8ubuntu1.17|libisccc140:amd64,1:9.10.3.dfsg.P4-8ubuntu1.17|libisccfg140:amd64,1:9.10.3.dfsg.P4-8ubuntu1.17|libjson-c2:amd64,0.11-4ubuntu2.6|libk5crypto3:amd64,1.13.2+dfsg-5ubuntu2.2|libkeyutils1:amd64,1.5.9-8ubuntu1|libklibc,2.0.4-8ubuntu1.16.04.4|libkmod2:amd64,22-1ubuntu5.2|libkrb5-26-heimdal:amd64,1.7~git20150920+dfsg-4ubuntu1.16.04.1|libkrb5-3:amd64,1.13.2+dfsg-5ubuntu2.2|libkrb5support0:amd64,1.13.2+dfsg-5ubuntu2.2|libldap-2.4-2:amd64,2.4.42+dfsg-2ubuntu3.11|liblocale-gettext-perl,1.07-1build1|liblvm2app2.2:amd64,2.02.133-1ubuntu10|liblvm2cmd2.02:amd64,2.02.133-1ubuntu10|liblwres141:amd64,1:9.10.3.dfsg.P4-8ubuntu1.17|liblxc1,2.0.11-0ubuntu1~16.04.3|liblz4-1:amd64,0.0~r131-2ubuntu2|liblzma5:amd64,5.1.1alpha+20120614-2ubuntu2|liblzo2-2:amd64,2.08-1.2|libmagic1:amd64,1:5.25-2ubuntu1.4|libmnl0:amd64,1.0.3-5|libmount1:amd64,2.27.1-6ubuntu3.10|libmpdec2:amd64,2.4.2-1|libmpfr4:amd64,3.1.4-1|libmspack0:amd64,0.5-1ubuntu0.16.04.4|libncurses5:amd64,6.0+20160213-1ubuntu1|libncursesw5:amd64,6.0+20160213-1ubuntu1|libnetfilter-conntrack3:amd64,1.0.5-1|libnettle6:amd64,3.2-1ubuntu0.16.04.1|libnewt0.52:amd64,0.52.18-1ubuntu2|libnfnetlink0:amd64,1.0.1-3|libnih1:amd64,1.0.3-4.3ubuntu1|libnuma1:amd64,2.0.11-1ubuntu1.1|libp11-kit0:amd64,0.23.2-5~ubuntu16.04.2|libpam-modules-bin,1.1.8-3.2ubuntu2.3|libpam-modules:amd64,1.1.8-3.2ubuntu2.3|libpam-runtime,1.1.8-3.2ubuntu2.3|libpam-systemd:amd64,229-4ubuntu21.29|libpam0g:amd64,1.1.8-3.2ubuntu2.3|libparted2:amd64,3.2-15ubuntu0.1|libpcap0.8:amd64,1.7.4-2ubuntu0.1|libpci3:amd64,1:3.3.1-1.1ubuntu1.3|libpcre3:amd64,2:8.38-3.1|libperl5.22:amd64,5.22.1-9ubuntu0.9|libpipeline1:amd64,1.4.1-2|libplymouth4:amd64,0.9.2-3ubuntu13.5|libpng12-0:amd64,1.2.54-1ubuntu1.1|libpolkit-agent-1-0:amd64,0.105-14.1ubuntu0.5|libpolkit-backend-1-0:amd64,0.105-14.1ubuntu0.5|libpolkit-gobject-1-0:amd64,0.105-14.1ubuntu0.5|libpopt0:amd64,1.16-10|libprocps4:amd64,2:3.3.10-4ubuntu2.5|libpython3-stdlib:amd64,3.5.1-3|libpython3.5-minimal:amd64,3.5.2-2ubuntu0~16.04.12|libpython3.5-stdlib:amd64,3.5.2-2ubuntu0~16.04.12|libpython3.5:amd64,3.5.2-2ubuntu0~16.04.12|libreadline5:amd64,5.2+dfsg-3build1|libreadline6:amd64,6.3-8ubuntu2|libroken18-heimdal:amd64,1.7~git20150920+dfsg-4ubuntu1.16.04.1|librtmp1:amd64,2.4+20151223.gitfa8646d-1ubuntu0.1|libsasl2-2:amd64,2.1.26.dfsg1-14ubuntu0.2|libsasl2-modules-db:amd64,2.1.26.dfsg1-14ubuntu0.2|libsasl2-modules:amd64,2.1.26.dfsg1-14ubuntu0.2|libseccomp2:amd64,2.4.3-1ubuntu3.16.04.3|libselinux1:amd64,2.4-3build2|libsemanage-common,2.3-1build3|libsemanage1:amd64,2.3-1build3|libsepol1:amd64,2.4-2|libsigsegv2:amd64,2.10-4|libslang2:amd64,2.3.0-2ubuntu1.1|libsmartcols1:amd64,2.27.1-6ubuntu3.10|libsqlite3-0:amd64,3.11.0-1ubuntu1.5|libss2:amd64,1.42.13-1ubuntu1.2|libssl1.0.0:amd64,1.0.2g-1ubuntu4.18|libstdc++6:amd64,5.4.0-6ubuntu1~16.04.12|libsystemd0:amd64,229-4ubuntu21.29|libtasn1-6:amd64,4.7-3ubuntu0.16.04.3|libtext-charwidth-perl,0.04-7build5|libtext-iconv-perl,1.7-5build4|libtext-wrapi18n-perl,0.06-7.1|libtinfo5:amd64,6.0+20160213-1ubuntu1|libudev1:amd64,229-4ubuntu21.29|libusb-0.1-4:amd64,2:0.1.12-28|libusb-1.0-0:amd64,2:1.0.20-1|libustr-1.0-1:amd64,1.0.4-5|libutempter0:amd64,1.1.6-3|libuuid1:amd64,2.27.1-6ubuntu3.10|libwind0-heimdal:amd64,1.7~git20150920+dfsg-4ubuntu1.16.04.1|libwrap0:amd64,7.6.q-25|libx11-6:amd64,2:1.6.3-1ubuntu2.2|libx11-data,2:1.6.3-1ubuntu2.2|libxau6:amd64,1:1.0.8-1|libxcb1:amd64,1.11.1-1ubuntu1|libxdmcp6:amd64,1:1.1.2-1.1|libxext6:amd64,2:1.3.3-1|libxml2:amd64,2.9.3+dfsg1-1ubuntu0.7|libxmlsec1,1.2.20-2ubuntu4|libxmlsec1-openssl,1.2.20-2ubuntu4|libxmuu1:amd64,2:1.1.2-2|libxslt1.1:amd64,1.1.28-2.1ubuntu0.3|libxtables11:amd64,1.6.0-2ubuntu3|libyaml-0-2:amd64,0.1.6-3|linux-aws,4.4.0.1119.124|linux-aws-headers-4.4.0-1117,4.4.0-1117.131|linux-aws-headers-4.4.0-1119,4.4.0-1119.133|linux-base,4.5ubuntu1.2~16.04.1|linux-headers-4.4.0-1117-aws,4.4.0-1117.131|linux-headers-4.4.0-1119-aws,4.4.0-1119.133|linux-headers-aws,4.4.0.1119.124|linux-image-4.4.0-1117-aws,4.4.0-1117.131|linux-image-4.4.0-1119-aws,4.4.0-1119.133|linux-image-aws,4.4.0.1119.124|linux-modules-4.4.0-1117-aws,4.4.0-1117.131|linux-modules-4.4.0-1119-aws,4.4.0-1119.133|locales,2.23-0ubuntu11.2|login,1:4.2-3.1ubuntu5.4|logrotate,3.8.7-2ubuntu2.16.04.2|lsb-base,9.20160110ubuntu0.2|lsb-release,9.20160110ubuntu0.2|lshw,02.17-1.1ubuntu3.6|lsof,4.89+dfsg-0.1|ltrace,0.7.3-5.1ubuntu4|lvm2,2.02.133-1ubuntu10|lxc-common,2.0.11-0ubuntu1~16.04.3|lxcfs,2.0.8-0ubuntu1~16.04.2|lxd,2.0.11-0ubuntu1~16.04.4|lxd-client,2.0.11-0ubuntu1~16.04.4|makedev,2.3.1-93ubuntu2~ubuntu16.04.1|man-db,2.7.5-1|manpages,4.04-2|mawk,1.3.3-17ubuntu2|mdadm,3.3-2ubuntu7.6|mime-support,3.59ubuntu1|mlocate,0.26-1ubuntu2|motd-news-config,9.4ubuntu4.13|mount,2.27.1-6ubuntu3.10|mtr-tiny,0.86-1ubuntu0.1|multiarch-support,2.23-0ubuntu11.2|nano,2.5.3-2ubuntu2|ncurses-base,6.0+20160213-1ubuntu1|ncurses-bin,6.0+20160213-1ubuntu1|ncurses-term,6.0+20160213-1ubuntu1|net-tools,1.60-26ubuntu1|netbase,5.3|netcat-openbsd,1.105-7ubuntu1|ntfs-3g,1:2015.3.14AR.1-1ubuntu0.3|open-iscsi,2.0.873+git0.3b4b4500-14ubuntu3.7|open-vm-tools,2:10.2.0-3~ubuntu0.16.04.1|openssh-client,1:7.2p2-4ubuntu2.10|openssh-server,1:7.2p2-4ubuntu2.10|openssh-sftp-server,1:7.2p2-4ubuntu2.10|openssl,1.0.2g-1ubuntu4.18|os-prober,1.70ubuntu3.3|overlayroot,0.27ubuntu1.6|parted,3.2-15ubuntu0.1|passwd,1:4.2-3.1ubuntu5.4|pastebinit,1.5-1|patch,2.7.5-1ubuntu0.16.04.2|pciutils,1:3.3.1-1.1ubuntu1.3|perl,5.22.1-9ubuntu0.9|perl-base,5.22.1-9ubuntu0.9|perl-modules-5.22,5.22.1-9ubuntu0.9|plymouth,0.9.2-3ubuntu13.5|plymouth-theme-ubuntu-text,0.9.2-3ubuntu13.5|policykit-1,0.105-14.1ubuntu0.5|pollinate,4.33-0ubuntu1~16.04.1|popularity-contest,1.64ubuntu2|powermgmt-base,1.31+nmu1|procps,2:3.3.10-4ubuntu2.5|psmisc,22.21-2.1ubuntu0.1|python-apt-common,1.1.0~beta1ubuntu0.16.04.11|python3,3.5.1-3|python3-apport,2.20.1-0ubuntu2.28|python3-apt,1.1.0~beta1ubuntu0.16.04.11|python3-blinker,1.3.dfsg2-1build1|python3-cffi-backend,1.5.2-1ubuntu1|python3-chardet,2.3.0-2|python3-commandnotfound,0.3ubuntu16.04.2|python3-configobj,5.0.6-2|python3-cryptography,1.2.3-1ubuntu0.3|python3-dbus,1.2.0-3|python3-debian,0.1.27ubuntu2|python3-distupgrade,1:16.04.32|python3-gdbm:amd64,3.5.1-1|python3-gi,3.20.0-0ubuntu1|python3-idna,2.0-3|python3-jinja2,2.8-1ubuntu0.1|python3-json-pointer,1.9-3|python3-jsonpatch,1.19-3|python3-jwt,1.3.0-1ubuntu0.1|python3-markupsafe,0.23-2build2|python3-minimal,3.5.1-3|python3-newt,0.52.18-1ubuntu2|python3-oauthlib,1.0.3-1|python3-pkg-resources,20.7.0-1|python3-prettytable,0.7.2-3|python3-problem-report,2.20.1-0ubuntu2.28|python3-pyasn1,0.1.9-1|python3-pycurl,7.43.0-1ubuntu1|python3-requests,2.9.1-3ubuntu0.1|python3-serial,3.0.1-1|python3-six,1.10.0-3|python3-software-properties,0.96.20.10|python3-systemd,231-2build1|python3-update-manager,1:16.04.17|python3-urllib3,1.13.1-2ubuntu0.16.04.4|python3-yaml,3.11-3build1|python3.5,3.5.2-2ubuntu0~16.04.12|python3.5-minimal,3.5.2-2ubuntu0~16.04.12|readline-common,6.3-8ubuntu2|rename,0.20-4|resolvconf,1.78ubuntu7|rsync,3.1.1-3ubuntu1.3|rsyslog,8.16.0-1ubuntu3.1|run-one,1.17-0ubuntu1|screen,4.3.1-2build1|sed,4.2.2-7|sensible-utils,0.0.9ubuntu0.16.04.1|sgml-base,1.26+nmu4ubuntu1|shared-mime-info,1.5-2ubuntu0.2|snapd,2.48|software-properties-common,0.96.20.10|sosreport,3.9.1-1ubuntu0.16.04.1|squashfs-tools,1:4.3-3ubuntu2.16.04.3|ssh-import-id,5.5-0ubuntu1|strace,4.11-1ubuntu3|sudo,1.8.16-0ubuntu1.9|systemd,229-4ubuntu21.29|systemd-sysv,229-4ubuntu21.29|sysv-rc,2.88dsf-59.3ubuntu2|sysvinit-utils,2.88dsf-59.3ubuntu2|tar,1.28-2.1ubuntu0.1|tcpd,7.6.q-25|tcpdump,4.9.3-0ubuntu0.16.04.1|telnet,0.17-40|time,1.7-25.1|tmux,2.1-3build1|tzdata,2020d-0ubuntu0.16.04|ubuntu-advantage-tools,10ubuntu0.16.04.1|ubuntu-cloudimage-keyring,2013.11.11|ubuntu-core-launcher,2.48|ubuntu-keyring,2012.05.19.1|ubuntu-minimal,1.361.6|ubuntu-release-upgrader-core,1:16.04.32|ubuntu-server,1.361.6|ubuntu-standard,1.361.6|ucf,3.0036|udev,229-4ubuntu21.29|ufw,0.35-0ubuntu2|uidmap,1:4.2-3.1ubuntu5.4|unattended-upgrades,1.1ubuntu1.18.04.7~16.04.6|update-manager-core,1:16.04.17|update-notifier-common,3.168.13|ureadahead,0.100.0-19.1|usbutils,1:007-4|util-linux,2.27.1-6ubuntu3.10|uuid-runtime,2.27.1-6ubuntu3.10|vim,2:7.4.1689-3ubuntu1.5|vim-common,2:7.4.1689-3ubuntu1.5|vim-runtime,2:7.4.1689-3ubuntu1.5|vim-tiny,2:7.4.1689-3ubuntu1.5|vlan,1.9-3.2ubuntu1.16.04.5|wget,1.17.1-1ubuntu1.5|whiptail,0.52.18-1ubuntu2|xauth,1:1.0.9-1ubuntu2|xdg-user-dirs,0.15-2ubuntu6.16.04.1|xfsprogs,4.3.0+nmu1ubuntu1.1|xkb-data,2.16-1ubuntu1|xml-core,0.13+nmu2|xz-utils,5.1.1alpha+20120614-2ubuntu2|zerofree,1.0.3-1|zlib1g:amd64,1:1.2.8.dfsg-2ubuntu4.3
|
|
package_audit_tool=apt-check
|
|
package_audit_tool_found=1
|
|
vulnerable_packages_found=0
|
|
hardening_index=63
|
|
tests_executed=HRDN-7231|HRDN-7230|HRDN-7222|HRDN-7220|KRNL-6000|HOME-9350|HOME-9310|HOME-9306|HOME-9304|HOME-9302|FILE-7524|MALW-3284|MALW-3282|MALW-3280|MALW-3278|MALW-3276|MALW-3275|TOOL-5190|TOOL-5126|TOOL-5130|TOOL-5122|TOOL-5120|TOOL-5102|TOOL-5002|FINT-4350|FINT-4341|FINT-4338|FINT-4330|FINT-4328|FINT-4326|FINT-4322|FINT-4318|FINT-4314|FINT-4310|MACF-6290|RBAC-6272|MACF-6240|MACF-6232|MACF-6208|MACF-6204|CONT-8102|CRYP-8005|CRYP-8004|CRYP-8002|CRYP-7931|CRYP-7930|CRYP-7902|TIME-3170|TIME-3148|ACCT-9636|ACCT-9628|ACCT-9626|ACCT-9622|SCHD-7724|SCHD-7720|SCHD-7718|SCHD-7704|SCHD-7702|BANN-7130|BANN-7128|BANN-7126|BANN-7124|INSE-8320|INSE-8318|INSE-8316|INSE-8314|INSE-8322|INSE-8310|INSE-8304|INSE-8300|INSE-8102|INSE-8100|INSE-8000|LOGG-2192|LOGG-2190|LOGG-2180|LOGG-2170|LOGG-2154|LOGG-2150|LOGG-2148|LOGG-2146|LOGG-2142|LOGG-2138|LOGG-2240|LOGG-2230|LOGG-2210|LOGG-2136|LOGG-2132|LOGG-2130|SQD-3602|PHP-2211|LDAP-2219|DBS-1880|DBS-1860|DBS-1840|DBS-1826|DBS-1820|DBS-1818|DBS-1804|SNMP-3302|SSH-7440|SSH-7408|SSH-7406|SSH-7404|SSH-7402|HTTP-6702|HTTP-6622|FIRE-4594|FIRE-4590|FIRE-4586|FIRE-4524|FIRE-4513|FIRE-4512|FIRE-4508|FIRE-4502|MAIL-8880|MAIL-8860|MAIL-8838|MAIL-8820|MAIL-8814|MAIL-8802|PRNT-2314|PRNT-2304|NETW-3200|NETW-3032|NETW-3030|NETW-3028|NETW-3015|NETW-3012|NETW-3008|NETW-3006|NETW-3004|NETW-3001|NETW-2706|NETW-2705|NETW-2704|NETW-2600|NETW-2400|PKGS-7420|PKGS-7410|PKGS-7398|PKGS-7394|PKGS-7392|PKGS-7390|PKGS-7388|PKGS-7370|PKGS-7346|PKGS-7345|NAME-4408|NAME-4406|NAME-4404|NAME-4402|NAME-4304|NAME-4230|NAME-4202|NAME-4034|NAME-4032|NAME-4028|NAME-4020|NAME-4018|NAME-4016|STRG-1920|STRG-1846|USB-3000|USB-2000|USB-1000|FILE-6430|FILE-6410|FILE-6394|FILE-6376|FILE-6374|FILE-6372|FILE-6368|FILE-6363|FILE-6362|FILE-6354|FILE-6344|FILE-6336|FILE-6332|FILE-6329|FILE-6324|FILE-6323|FILE-6311|FILE-6310|SHLL-6230|SHLL-6220|SHLL-6211|AUTH-9408|AUTH-9402|AUTH-9328|AUTH-9308|AUTH-9288|AUTH-9286|AUTH-9284|AUTH-9283|AUTH-9282|AUTH-9278|AUTH-9268|AUTH-9266|AUTH-9264|AUTH-9262|AUTH-9252|AUTH-9250|AUTH-9242|AUTH-9240|AUTH-9234|AUTH-9230|AUTH-9229|AUTH-9228|AUTH-9226|AUTH-9222|AUTH-9216|AUTH-9208|AUTH-9204|PROC-3802|PROC-3614|PROC-3612|PROC-3602|KRNL-5830|KRNL-5820|KRNL-5788|KRNL-5730|KRNL-5728|KRNL-5726|KRNL-5723|KRNL-5695|KRNL-5677|KRNL-5622|BOOT-5260|BOOT-5202|BOOT-5184|BOOT-5180|BOOT-5177|BOOT-5155|BOOT-5142|BOOT-5139|BOOT-5122|BOOT-5121|BOOT-5116|BOOT-5109|BOOT-5108|BOOT-5104|PLGN-3860|PLGN-3856|PLGN-3834|PLGN-3832|PLGN-3830|PLGN-3820|PLGN-3818|PLGN-3816|PLGN-3814|PLGN-3812|PLGN-3810|PLGN-3808|PLGN-3806|PLGN-3804|PLGN-3802|PLGN-3800|PLGN-0010|CORE-1000|
|
|
tests_skipped=MALW-3288|MALW-3286|TOOL-5104|FINT-4402|FINT-4340|FINT-4339|FINT-4336|FINT-4334|FINT-4316|FINT-4315|MACF-6242|MACF-6234|CONT-8108|CONT-8107|CONT-8106|CONT-8104|CONT-8004|TIME-3185|TIME-3182|TIME-3181|TIME-3180|TIME-3160|TIME-3136|TIME-3132|TIME-3128|TIME-3124|TIME-3120|TIME-3116|TIME-3112|TIME-3106|TIME-3104|ACCT-9662|ACCT-9660|ACCT-9656|ACCT-9654|ACCT-9652|ACCT-9650|ACCT-9634|ACCT-9632|ACCT-9630|ACCT-2760|ACCT-2754|BANN-7113|INSE-8050|INSE-8200|INSE-8116|INSE-8106|INSE-8104|INSE-8016|INSE-8006|INSE-8004|INSE-8002|LOGG-2164|LOGG-2162|LOGG-2160|LOGG-2153|LOGG-2152|LOGG-2134|SQD-3680|SQD-3630|SQD-3624|SQD-3620|SQD-3616|SQD-3614|SQD-3613|SQD-3610|SQD-3606|SQD-3604|PHP-2382|PHP-2378|PHP-2376|PHP-2374|PHP-2372|PHP-2368|PHP-2320|LDAP-2224|DBS-1888|DBS-1886|DBS-1884|DBS-1882|DBS-1828|DBS-1816|SNMP-3306|SNMP-3304|HTTP-6720|HTTP-6716|HTTP-6714|HTTP-6712|HTTP-6710|HTTP-6708|HTTP-6706|HTTP-6704|HTTP-6643|HTTP-6641|HTTP-6640|HTTP-6632|HTTP-6626|HTTP-6624|FIRE-4540|FIRE-4538|FIRE-4536|FIRE-4534|FIRE-4532|FIRE-4530|FIRE-4526|FIRE-4520|FIRE-4518|MAIL-8920|MAIL-8818|MAIL-8817|MAIL-8816|MAIL-8804|PRNT-2420|PRNT-2418|PRNT-2316|PRNT-2308|PRNT-2307|PRNT-2306|PRNT-2302|NETW-3014|PKGS-7393|PKGS-7387|PKGS-7386|PKGS-7384|PKGS-7383|PKGS-7382|PKGS-7381|PKGS-7380|PKGS-7378|PKGS-7366|PKGS-7354|PKGS-7352|PKGS-7350|PKGS-7348|PKGS-7334|PKGS-7332|PKGS-7330|PKGS-7328|PKGS-7322|PKGS-7320|PKGS-7314|PKGS-7312|PKGS-7310|PKGS-7308|PKGS-7306|PKGS-7304|PKGS-7303|PKGS-7302|PKGS-7301|NAME-4306|NAME-4238|NAME-4236|NAME-4232|NAME-4210|NAME-4206|NAME-4204|NAME-4036|NAME-4026|NAME-4024|STRG-1930|STRG-1928|STRG-1926|STRG-1906|STRG-1904|STRG-1902|FILE-6439|FILE-6330|FILE-6312|SHLL-6202|AUTH-9410|AUTH-9409|AUTH-9406|AUTH-9340|AUTH-9306|AUTH-9304|AUTH-9254|AUTH-9218|AUTH-9212|PROC-3604|KRNL-5770|KRNL-5831|KRNL-5745|BOOT-5264|BOOT-5263|BOOT-5262|BOOT-5170|BOOT-5165|BOOT-5159|BOOT-5126|BOOT-5261|BOOT-5124|BOOT-5117|BOOT-5106|BOOT-5102|PLGN-0008|
|
|
finish=true
|