428 lines
39 KiB
Plaintext
428 lines
39 KiB
Plaintext
# Lynis Report
|
|
report_version_major=1
|
|
report_version_minor=0
|
|
report_datetime_start=2021-01-07 15:58:16
|
|
auditor=[Not Specified]
|
|
lynis_version=3.0.3
|
|
os=Linux
|
|
os_name=Ubuntu
|
|
os_fullname=Ubuntu 14.04.6 LTS
|
|
os_version=14.04
|
|
linux_version=Ubuntu
|
|
os_kernel_version=4.4.0
|
|
os_kernel_version_full=4.4.0-142-generic
|
|
hostname=ubuntu1404
|
|
test_category=all
|
|
test_group=all
|
|
warning[]=GEN-0010|This version 14.04 is marked end-of-life as of 2019-05-01|-|-|
|
|
plugin_directory=./plugins
|
|
lynis_update_available=0
|
|
binaries_count=1193
|
|
binaries_suid_count=/bin/fusermount /bin/mount /bin/ping /bin/ping6 /bin/su /bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/pkexec /usr/bin/procmail /usr/bin/sg /usr/bin/sudo /usr/bin/sudoedit /usr/bin/traceroute6 /usr/bin/traceroute6.iputils /usr/bin/vmware-user /usr/sbin/pppd /usr/sbin/sensible-mda /usr/sbin/uuidd
|
|
binaries_sgid_count=/sbin/unix_chkpwd /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/dotlockfile /usr/bin/expiry /usr/bin/locate /usr/bin/lockfile /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock /usr/bin/mlocate /usr/bin/procmail /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/bin/write /usr/sbin/hoststat /usr/sbin/purgestat /usr/sbin/sendmail /usr/sbin/sendmail-msp /usr/sbin/sendmail-mta /usr/sbin/uuidd
|
|
binary_paths=/usr/local/games,/usr/games,/bin,/sbin,/usr/bin,/usr/sbin,/usr/local/bin,/usr/local/sbin
|
|
vm=1
|
|
vmtype=vmware
|
|
container=0
|
|
notebook=0
|
|
systemd=0
|
|
plugin_enabled_phase1[]=pam|1.0.5|
|
|
authentication_two_factor_enabled=0
|
|
authentication_two_factor_required=0
|
|
minimum_password_length=8
|
|
password_strength_tested=1
|
|
min_password_class=0
|
|
password_max_digital_credit=1
|
|
password_max_l_credit=1
|
|
password_max_other_credit=1
|
|
password_max_u_credit=1
|
|
max_password_retry=3
|
|
plugin_enabled_phase1[]=systemd|1.0.4|
|
|
plugins_enabled=1
|
|
hostid=605d4ca91000f6389fbf4706cb904caab69b2b15
|
|
hostid2=9e032cc594257ab07ca76d51fb5bccee42dbceab2614a1f9ff1ae03970922b8f
|
|
suggestion[]=BOOT-5122|Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password)|-|-|
|
|
uptime_in_seconds=4335
|
|
uptime_in_days=0
|
|
boot_loader=GRUB2
|
|
boot_uefi_booted=0
|
|
boot_uefi_booted_secure=0
|
|
service_manager=upstart
|
|
linux_default_runlevel=2
|
|
cpu_pae=1
|
|
cpu_nx=1
|
|
linux_kernel_release=4.4.0-142-generic
|
|
linux_kernel_version=#168~14.04.1-Ubuntu SMP Sat Jan 19 11:26:28 UTC 2019
|
|
linux_kernel_type=modular
|
|
loaded_kernel_module[]=8250_fintek
|
|
loaded_kernel_module[]=ablk_helper
|
|
loaded_kernel_module[]=ac97_bus
|
|
loaded_kernel_module[]=aes_x86_64
|
|
loaded_kernel_module[]=aesni_intel
|
|
loaded_kernel_module[]=ahci
|
|
loaded_kernel_module[]=btrfs
|
|
loaded_kernel_module[]=cpuid
|
|
loaded_kernel_module[]=crc32_pclmul
|
|
loaded_kernel_module[]=crct10dif_pclmul
|
|
loaded_kernel_module[]=cryptd
|
|
loaded_kernel_module[]=drm
|
|
loaded_kernel_module[]=drm_kms_helper
|
|
loaded_kernel_module[]=e1000
|
|
loaded_kernel_module[]=fb_sys_fops
|
|
loaded_kernel_module[]=fjes
|
|
loaded_kernel_module[]=gameport
|
|
loaded_kernel_module[]=gf128mul
|
|
loaded_kernel_module[]=ghash_clmulni_intel
|
|
loaded_kernel_module[]=glue_helper
|
|
loaded_kernel_module[]=hfs
|
|
loaded_kernel_module[]=hfsplus
|
|
loaded_kernel_module[]=hid
|
|
loaded_kernel_module[]=hid_generic
|
|
loaded_kernel_module[]=i2c_piix4
|
|
loaded_kernel_module[]=inet_diag
|
|
loaded_kernel_module[]=input_leds
|
|
loaded_kernel_module[]=ip_tables
|
|
loaded_kernel_module[]=iptable_filter
|
|
loaded_kernel_module[]=iptable_nat
|
|
loaded_kernel_module[]=jfs
|
|
loaded_kernel_module[]=joydev
|
|
loaded_kernel_module[]=libahci
|
|
loaded_kernel_module[]=libcrc32c
|
|
loaded_kernel_module[]=lp
|
|
loaded_kernel_module[]=lrw
|
|
loaded_kernel_module[]=mac_hid
|
|
loaded_kernel_module[]=minix
|
|
loaded_kernel_module[]=mptbase
|
|
loaded_kernel_module[]=mptscsih
|
|
loaded_kernel_module[]=mptspi
|
|
loaded_kernel_module[]=msdos
|
|
loaded_kernel_module[]=nf_conntrack
|
|
loaded_kernel_module[]=nf_conntrack_ipv4
|
|
loaded_kernel_module[]=nf_defrag_ipv4
|
|
loaded_kernel_module[]=nf_nat
|
|
loaded_kernel_module[]=nf_nat_ipv4
|
|
loaded_kernel_module[]=ntfs
|
|
loaded_kernel_module[]=parport
|
|
loaded_kernel_module[]=pata_acpi
|
|
loaded_kernel_module[]=psmouse
|
|
loaded_kernel_module[]=qnx4
|
|
loaded_kernel_module[]=raid6_pq
|
|
loaded_kernel_module[]=scsi_transport_spi
|
|
loaded_kernel_module[]=serio_raw
|
|
loaded_kernel_module[]=shpchp
|
|
loaded_kernel_module[]=snd
|
|
loaded_kernel_module[]=snd_ac97_codec
|
|
loaded_kernel_module[]=snd_ens1371
|
|
loaded_kernel_module[]=snd_pcm
|
|
loaded_kernel_module[]=snd_rawmidi
|
|
loaded_kernel_module[]=snd_seq_device
|
|
loaded_kernel_module[]=snd_timer
|
|
loaded_kernel_module[]=soundcore
|
|
loaded_kernel_module[]=syscopyarea
|
|
loaded_kernel_module[]=sysfillrect
|
|
loaded_kernel_module[]=sysimgblt
|
|
loaded_kernel_module[]=tcp_diag
|
|
loaded_kernel_module[]=ttm
|
|
loaded_kernel_module[]=udp_diag
|
|
loaded_kernel_module[]=ufs
|
|
loaded_kernel_module[]=usbhid
|
|
loaded_kernel_module[]=vmw_balloon
|
|
loaded_kernel_module[]=vmw_vmci
|
|
loaded_kernel_module[]=vmw_vsock_vmci_transport
|
|
loaded_kernel_module[]=vmwgfx
|
|
loaded_kernel_module[]=vsock
|
|
loaded_kernel_module[]=x_tables
|
|
loaded_kernel_module[]=xfs
|
|
loaded_kernel_module[]=xor
|
|
loaded_kernel_module[]=xt_multiport
|
|
linux_config_file=/boot/config-4.4.0-142-generic
|
|
linux_kernel_io_scheduler[]=deadline
|
|
warning[]=KRNL-5830|Reboot of system is most likely needed||text:reboot|
|
|
memory_size=4028204
|
|
memory_units=kB
|
|
auth_group_ids_unique=1
|
|
auth_group_names_unique=1
|
|
suggestion[]=AUTH-9229|Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values|-|-|
|
|
suggestion[]=AUTH-9230|Configure password hashing rounds in /etc/login.defs|-|-|
|
|
real_user[]=root,0
|
|
real_user[]=ll,1000
|
|
pam_cracklib=1
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_access.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_cap.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_cracklib.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_debug.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_deny.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_echo.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_env.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_exec.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_faildelay.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_filter.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_ftp.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_group.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_issue.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_keyinit.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_lastlog.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_limits.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_listfile.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_localuser.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_loginuid.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_mail.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_mkhomedir.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_motd.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_namespace.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_nologin.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_permit.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_pwhistory.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_rhosts.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_rootok.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_securetty.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_selinux.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_sepermit.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_shells.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_stress.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_succeed_if.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_systemd.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_tally.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_tally2.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_time.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_timestamp.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_tty_audit.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_umask.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_unix.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_userdb.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_warn.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_wheel.so
|
|
pam_module[]=/lib/x86_64-linux-gnu/security/pam_xauth.so
|
|
suggestion[]=AUTH-9282|When possible set expire dates for all password protected accounts|-|-|
|
|
manual_event[]=AUTH-9328:03
|
|
auth_failed_logins_tooling[]=/etc/login.defs
|
|
auth_failed_logins_logged=1
|
|
ldap_auth_enabled=0
|
|
ldap_pam_enabled=0
|
|
password_min_days=7
|
|
password_max_days=90
|
|
available_shell[]=/bin/sh
|
|
available_shell[]=/bin/dash
|
|
available_shell[]=/bin/bash
|
|
available_shell[]=/bin/rbash
|
|
available_shell[]=/usr/bin/tmux
|
|
available_shell[]=/usr/bin/screen
|
|
session_timeout_enabled=0
|
|
suggestion[]=FILE-6310|To decrease the impact of a full /home file system, place /home on a separate partition|-|-|
|
|
suggestion[]=FILE-6310|To decrease the impact of a full /var file system, place /var on a separate partition|-|-|
|
|
file_systems_ext[]=/|ext4|
|
|
swap_partition[]=UUID=43e4066c-3702-46ff-8e97-fa2d6b0e2bc8,UUID=43e4066c-3702-46ff-8e97-fa2d6b0e2bc8,
|
|
locate_db=/var/lib/mlocate/mlocate.db
|
|
suggestion[]=FILE-6430|Consider disabling unused kernel modules|/etc/modprobe.d/blacklist.conf|Add 'install MODULENAME /bin/true' (without quotes)|
|
|
usb_authorized_default_device[]=/sys/bus/usb/devices/usb1
|
|
usb_authorized_device[]=/sys/bus/usb/devices/usb1
|
|
usb_authorized_default_device[]=/sys/bus/usb/devices/usb2
|
|
usb_authorized_device[]=/sys/bus/usb/devices/usb2
|
|
resolv_conf_search_domain[]=localdomain
|
|
suggestion[]=NAME-4028|Check DNS configuration for the dns domain name|-|-|
|
|
localhost-mapped-to=::1
|
|
name_cache_used=0
|
|
package_manager[]=dpkg
|
|
installed_packages=478
|
|
suggestion[]=PKGS-7370|Install debsums utility for the verification of packages with known good database.|-|-|
|
|
suggestion[]=PKGS-7394|Install package apt-show-versions for patch management purposes|-|-|
|
|
installed_kernel_packages=2
|
|
unattended_upgrade_tool[]=unattended-upgrade
|
|
unattended_upgrade_option_available=1
|
|
ipv6_mode=auto
|
|
ipv6_only=0
|
|
nameserver[]=192.168.37.2
|
|
warning[]=NETW-2705|Couldn't find 2 responsive nameservers|-|-|
|
|
suggestion[]=NETW-2705|Check your resolv.conf file and fill in a backup nameserver if possible|-|-|
|
|
default_gateway[]=192.168.37.2
|
|
network_interface[]=lo
|
|
network_interface[]=eth0
|
|
network_mac_address[]=00:0c:29:d7:de:37
|
|
network_ipv4_address[]=192.168.37.132
|
|
network_ipv4_address[]=127.0.0.1
|
|
network_listen[]=raw,ss,v1|tcp|*:513|portsentry,25154,6|
|
|
network_listen[]=raw,ss,v1|tcp|*:37444|portsentry,25154,11|
|
|
network_listen[]=raw,ss,v1|tcp|*:31335|portsentry,25154,13|
|
|
network_listen[]=raw,ss,v1|tcp|*:31337|portsentry,25154,19|
|
|
network_listen[]=raw,ss,v1|tcp|*:635|portsentry,25154,7|
|
|
network_listen[]=raw,ss,v1|tcp|*:640|portsentry,25154,8|
|
|
network_listen[]=raw,ss,v1|tcp|*:641|portsentry,25154,9|
|
|
network_listen[]=raw,ss,v1|tcp|*:700|portsentry,25154,10|
|
|
network_listen[]=raw,ss,v1|tcp|*:54321|portsentry,25154,20|
|
|
network_listen[]=raw,ss,v1|tcp|*:40525|dhclient,1277,20|
|
|
network_listen[]=raw,ss,v1|tcp|*:34555|portsentry,25154,12|
|
|
network_listen[]=raw,ss,v1|tcp|*:1|portsentry,25154,0|
|
|
network_listen[]=raw,ss,v1|tcp|*:32770|portsentry,25154,14|
|
|
network_listen[]=raw,ss,v1|tcp|*:32771|portsentry,25154,15|
|
|
network_listen[]=raw,ss,v1|tcp|*:32772|portsentry,25154,16|
|
|
network_listen[]=raw,ss,v1|tcp|*:32773|portsentry,25154,17|
|
|
network_listen[]=raw,ss,v1|tcp|*:32774|portsentry,25154,18|
|
|
network_listen[]=raw,ss,v1|tcp|*:7|portsentry,25154,1|
|
|
network_listen[]=raw,ss,v1|tcp|*:9|portsentry,25154,2|
|
|
network_listen[]=raw,ss,v1|tcp|*:68|dhclient,1277,6|
|
|
network_listen[]=raw,ss,v1|tcp|*:69|portsentry,25154,3|
|
|
network_listen[]=raw,ss,v1|tcp|*:161|portsentry,25154,4|
|
|
network_listen[]=raw,ss,v1|tcp|*:162|portsentry,25154,5|
|
|
network_listen[]=raw,ss,v1|tcp|:::3293|dhclient,1277,21|
|
|
network_listen[]=raw,ss,v1|tcp|127.0.0.1:587|sendmail-mta,11409,5|
|
|
network_listen[]=raw,ss,v1|tcp|*:22|sshd,1341,3|
|
|
network_listen[]=raw,ss,v1|tcp|127.0.0.1:25|sendmail-mta,11409,4|
|
|
network_listen[]=raw,ss,v1|tcp|:::22|sshd,1341,4|
|
|
suggestion[]=NETW-3200|Determine if protocol 'dccp' is really needed on this system|-|-|
|
|
uncommon_network_protocol_enabled=dccp
|
|
suggestion[]=NETW-3200|Determine if protocol 'sctp' is really needed on this system|-|-|
|
|
uncommon_network_protocol_enabled=sctp
|
|
suggestion[]=NETW-3200|Determine if protocol 'rds' is really needed on this system|-|-|
|
|
uncommon_network_protocol_enabled=rds
|
|
suggestion[]=NETW-3200|Determine if protocol 'tipc' is really needed on this system|-|-|
|
|
uncommon_network_protocol_enabled=tipc
|
|
imap_daemon=
|
|
pop3_daemon=
|
|
smtp_daemon=
|
|
firewall_software[]=iptables
|
|
warning[]=FIRE-4512|iptables module(s) loaded, but no rules active|-|-|
|
|
suggestion[]=FIRE-4513|Check iptables rules to see which rules are currently not used|-|-|
|
|
firewall_no_logging[]=iptables
|
|
manual[]=Verify if there is a formal process for testing and applying firewall rules
|
|
manual[]=Verify all traffic is filtered the right way between the different security zones
|
|
manual[]=Verify if a list is available with all required services
|
|
manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|AllowTcpForwarding (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option AllowTcpForwarding;field:AllowTcpForwarding;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|ClientAliveCountMax (set 3 to 2)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option ClientAliveCountMax;field:ClientAliveCountMax;prefval:2;value:3;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Compression (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option Compression;field:Compression;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|LogLevel (set INFO to VERBOSE)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option LogLevel;field:LogLevel;prefval:VERBOSE;value:INFO;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|MaxAuthTries (set 6 to 3)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option MaxAuthTries;field:MaxAuthTries;prefval:3;value:6;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|MaxSessions (set 10 to 2)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option MaxSessions;field:MaxSessions;prefval:2;value:10;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Port (set 22 to )|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option Port;field:Port;prefval:;value:22;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|TCPKeepAlive (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option TCPKeepAlive;field:TCPKeepAlive;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|UseDNS (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option UseDNS;field:UseDNS;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|X11Forwarding (set YES to NO)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option X11Forwarding;field:X11Forwarding;prefval:NO;value:YES;|
|
|
suggestion[]=SSH-7408|Consider hardening SSH configuration|UsePrivilegeSeparation (set YES to SANDBOX)|-|
|
|
details[]=SSH-7408|sshd|desc:sshd option UsePrivilegeSeparation;field:UsePrivilegeSeparation;prefval:SANDBOX;value:YES;|
|
|
ssh_daemon_running=1
|
|
openssh_daemon_running=1
|
|
syslog_daemon_present=1
|
|
syslog_daemon[]=rsyslog
|
|
log_directory[]=/var/log
|
|
log_directory[]=/var/log/apt
|
|
log_directory[]=/var/log/unattended-upgrades
|
|
log_directory[]=/var/log/upstart
|
|
remote_syslog_configured=0
|
|
suggestion[]=LOGG-2154|Enable logging to an external logging host for archiving purposes and additional protection|-|-|
|
|
log_directory[]=/var/log
|
|
deleted_file[]=/lib/systemd/systemd-logind(systemd-l)
|
|
suggestion[]=LOGG-2190|Check what deleted files are still in use and why.|-|-|
|
|
log_rotation_config_found=1
|
|
log_rotation_tool=logrotate
|
|
suggestion[]=BANN-7126|Add a legal banner to /etc/issue, to warn unauthorized users|-|-|
|
|
weak_banner_file[]=/etc/issue
|
|
suggestion[]=BANN-7130|Add legal banner to /etc/issue.net, to warn unauthorized users|-|-|
|
|
crond_running=1
|
|
scheduler[]=crond
|
|
cronjob[]=17,*,*,*,*,root,cd,/,&&,run-parts,--report,/etc/cron.hourly
|
|
cronjob[]=25,6,*,*,*,root,test,-x,/usr/sbin/anacron,||,(,cd,/,&&,run-parts,--report,/etc/cron.daily,)
|
|
cronjob[]=47,6,*,*,7,root,test,-x,/usr/sbin/anacron,||,(,cd,/,&&,run-parts,--report,/etc/cron.weekly,)
|
|
cronjob[]=52,6,1,*,*,root,test,-x,/usr/sbin/anacron,||,(,cd,/,&&,run-parts,--report,/etc/cron.monthly,)
|
|
cronjob[]=/etc/cron.d/tiger
|
|
cronjob[]=/etc/cron.d/sendmail
|
|
cronjob[]=/etc/cron.daily/passwd
|
|
cronjob[]=/etc/cron.daily/apt
|
|
cronjob[]=/etc/cron.daily/aptitude
|
|
cronjob[]=/etc/cron.daily/cracklib-runtime
|
|
cronjob[]=/etc/cron.daily/acct
|
|
cronjob[]=/etc/cron.daily/logrotate
|
|
cronjob[]=/etc/cron.daily/upstart
|
|
cronjob[]=/etc/cron.daily/update-notifier-common
|
|
cronjob[]=/etc/cron.daily/sendmail
|
|
cronjob[]=/etc/cron.daily/man-db
|
|
cronjob[]=/etc/cron.daily/apport
|
|
cronjob[]=/etc/cron.daily/dpkg
|
|
cronjob[]=/etc/cron.daily/chkrootkit
|
|
cronjob[]=/etc/cron.daily/tripwire
|
|
cronjob[]=/etc/cron.daily/bsdmainutils
|
|
cronjob[]=/etc/cron.daily/mlocate
|
|
cronjob[]=/etc/cron.daily/popularity-contest
|
|
cronjob[]=/etc/cron.weekly/apt-xapian-index
|
|
cronjob[]=/etc/cron.weekly/update-notifier-common
|
|
cronjob[]=/etc/cron.weekly/man-db
|
|
cronjob[]=/etc/cron.weekly/fstrim
|
|
cronjob[]=/etc/cron.monthly/acct
|
|
suggestion[]=ACCT-9626|Enable sysstat to collect accounting (no results)|-|-|
|
|
suggestion[]=ACCT-9628|Enable auditd to collect audit information|-|-|
|
|
linux_auditd_running=0
|
|
audit_daemon_running=0
|
|
tz_variable_empty=1
|
|
ntp_config_found=0
|
|
ntp_config_type_daemon=0
|
|
ntp_config_type_eventbased=1
|
|
ntp_config_type_scheduled=0
|
|
ntp_config_type_startup=0
|
|
ntp_daemon=
|
|
ntp_daemon_running=0
|
|
certificate[]=/etc/ssl/certs/ca-certificates.crt|0|cn:ACCVRAIZ1;notafter:Dec 31 09:37:37 2030 GMT;|
|
|
certificates=149
|
|
kernel_entropy=795
|
|
rng_found=0
|
|
apparmor_enabled=1
|
|
apparmor_policy_loaded=1
|
|
framework_grsecurity=0
|
|
framework_selinux=0
|
|
file_integrity_tool[]=tripwire
|
|
suggestion[]=TOOL-5002|Determine if automation tools are present for system management|-|-|
|
|
ids_ips_tooling[]=fail2ban
|
|
fail2ban_config=/etc/fail2ban/jail.local
|
|
fail2ban_enabled_service[]=sshd
|
|
automation_tool_present=0
|
|
malware_scanner[]=chkrootkit
|
|
malware_scanner[]=rkhunter
|
|
malware_scanner_installed=1
|
|
suggestion[]=FILE-7524|Consider restricting file permissions|See screen output or log file|text:Use chmod to change file permissions|
|
|
home_directory[]=/bin
|
|
home_directory[]=/dev
|
|
home_directory[]=/home/ll
|
|
home_directory[]=/root
|
|
home_directory[]=/usr/games
|
|
home_directory[]=/usr/sbin
|
|
home_directory[]=/var/backups
|
|
home_directory[]=/var/cache/man
|
|
home_directory[]=/var/lib/landscape
|
|
home_directory[]=/var/lib/libuuid
|
|
home_directory[]=/var/lib/sendmail
|
|
home_directory[]=/var/mail
|
|
home_directory[]=/var/run/dbus
|
|
home_directory[]=/var/run/sshd
|
|
suggestion[]=HOME-9304|Double check the permissions of home directories as some might be not strict enough.|-|-|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict FIFO special device creation behavior;field:fs.protected_fifos;prefval:2;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict regular files creation behavior;field:fs.protected_regular;prefval:2;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict module loading once this sysctl value is loaded;field:kernel.modules_disabled;prefval:1;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict unprivileged access to the perf_event_open() system call.;field:kernel.perf_event_paranoid;prefval:3;value:1;|
|
|
details[]=KRNL-6000|sysctl|desc:Restrict BPF for unprivileged users;field:kernel.unprivileged_bpf_disabled;prefval:1;value:0;|
|
|
details[]=KRNL-6000|sysctl|desc:Hardened BPF JIT compilation;field:net.core.bpf_jit_harden;prefval:2;value:0;|
|
|
suggestion[]=KRNL-6000|One or more sysctl values differ from the scan profile and could be tweaked||Change sysctl value or disable test (skip-test=KRNL-6000:<sysctl-key>)|
|
|
compiler_installed=1
|
|
lynis_tests_done=240
|
|
report_datetime_end=2021-01-07 15:58:53
|
|
dhcp_client_running=1
|
|
arpwatch_running=0
|
|
firewall_active=1
|
|
firewall_empty_ruleset=1
|
|
firewall_installed=1
|
|
installed_packages_array=|accountsservice,0.6.35-0ubuntu7.3|acct,6.5.5-1ubuntu5|acpid,1:2.0.21-1ubuntu2|adduser,3.113+nmu3ubuntu3|amd64-microcode,3.20180524.1~ubuntu0.14.04.2+really20130710.1ubuntu1|apparmor,2.10.95-0ubuntu2.6~14.04.4|apport,2.14.1-0ubuntu3.29|apport-symptoms,0.20|apt,1.0.1ubuntu2.24|apt-transport-https,1.0.1ubuntu2.24|apt-utils,1.0.1ubuntu2.24|apt-xapian-index,0.45ubuntu4|aptitude,0.6.8.2-1ubuntu4|aptitude-common,0.6.8.2-1ubuntu4|base-files,7.2ubuntu5.6|base-passwd,3.5.33|bash,4.3-7ubuntu1.7|bash-completion,1:2.1-4ubuntu0.2|bc,1.06.95-8ubuntu1|bind9-host,1:9.9.5.dfsg-3ubuntu0.19|binutils,2.24-5ubuntu14.2|biosdevname,0.4.1-0ubuntu6.3|bsdmainutils,9.0.5ubuntu1|bsdutils,1:2.20.1-5.1ubuntu20.9|busybox-initramfs,1:1.21.0-1ubuntu1.4|busybox-static,1:1.21.0-1ubuntu1.4|byobu,5.77-0ubuntu1.2|bzip2,1.0.6-5|ca-certificates,20170717~14.04.2|chkrootkit,0.49-4.1ubuntu1.14.04.1|command-not-found,0.3ubuntu12|command-not-found-data,0.3ubuntu12|console-setup,1.70ubuntu8|coreutils,8.21-1ubuntu5.4|cpio,2.11+dfsg-1ubuntu1.2|cracklib-runtime,2.9.1-1build1|crda,1.1.2-1ubuntu2|cron,3.0pl1-124ubuntu2|curl,7.35.0-1ubuntu2.20|dash,0.5.7-4ubuntu1|dbus,1.6.18-0ubuntu4.5|debconf,1.5.51ubuntu2|debconf-i18n,1.5.51ubuntu2|debianutils,4.4|dh-python,1.20140128-1ubuntu8.2|diffutils,1:3.3-1|dmidecode,2.12-2|dmsetup,2:1.02.77-6ubuntu2|dnsutils,1:9.9.5.dfsg-3ubuntu0.19|dosfstools,3.0.26-1ubuntu0.1|dpkg,1.17.5ubuntu5.8|e2fslibs:amd64,1.42.9-3ubuntu1.3|e2fsprogs,1.42.9-3ubuntu1.3|ed,1.9-2|eject,2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1|ethtool,1:3.13-1|fail2ban,0.8.11-1|file,1:5.14-2ubuntu3.4|findutils,4.4.2-7|fonts-ubuntu-font-family-console,0.80-0ubuntu6|friendly-recovery,0.2.25|ftp,0.17-28|fuse,2.9.2-4ubuntu4.14.04.1|gawk,1:4.0.1+dfsg-2.1ubuntu2|gcc-4.8-base:amd64,4.8.4-2ubuntu1~14.04.4|gcc-4.9-base:amd64,4.9.3-0ubuntu4|geoip-database,20140313-1|gettext-base,0.18.3.1-1ubuntu3.1|gir1.2-glib-2.0,1.40.0-1ubuntu0.2|git,1:1.9.1-1ubuntu0.10|git-man,1:1.9.1-1ubuntu0.10|gnupg,1.4.16-1ubuntu2.6|gpgv,1.4.16-1ubuntu2.6|grep,2.16-1|groff-base,1.22.2-5|grub-common,2.02~beta2-9ubuntu1.17|grub-gfxpayload-lists,0.6|grub-pc,2.02~beta2-9ubuntu1.17|grub-pc-bin,2.02~beta2-9ubuntu1.17|grub2-common,2.02~beta2-9ubuntu1.17|gzip,1.6-3ubuntu1|hdparm,9.43-1ubuntu3|hostname,3.15ubuntu1|ifupdown,0.7.47.2ubuntu4.5|info,5.2.0.dfsg.1-2|init-system-helpers,1.14ubuntu1|initramfs-tools,0.103ubuntu4.11|initramfs-tools-bin,0.103ubuntu4.11|initscripts,2.88dsf-41ubuntu6.3|insserv,1.14.0-5ubuntu2|install-info,5.2.0.dfsg.1-2|installation-report,2.54ubuntu1|intel-microcode,3.20190618.0ubuntu0.14.04.1|iproute2,3.12.0-2ubuntu1.2|iptables,1.4.21-1ubuntu1|iputils-ping,3:20121221-4ubuntu1.1|iputils-tracepath,3:20121221-4ubuntu1.1|irqbalance,1.0.6-2ubuntu0.14.04.4|isc-dhcp-client,4.2.4-7ubuntu12.13|isc-dhcp-common,4.2.4-7ubuntu12.13|iso-codes,3.52-1|iucode-tool,1.0.1-1|john,1.8.0-1|john-data,1.8.0-1|kbd,1.15.5-1ubuntu1|keyboard-configuration,1.70ubuntu8|klibc-utils,2.0.3-0ubuntu1.14.04.3|kmod,15-0ubuntu7|krb5-locales,1.12+dfsg-2ubuntu5.4|landscape-common,14.12-0ubuntu6.14.04.4|language-pack-en,1:14.04+20160720|language-pack-en-base,1:14.04+20160720|language-selector-common,0.129.3|laptop-detect,0.13.7ubuntu2|less,458-2|libaccountsservice0:amd64,0.6.35-0ubuntu7.3|libacl1:amd64,2.2.52-1|libapparmor-perl,2.10.95-0ubuntu2.6~14.04.4|libapparmor1:amd64,2.10.95-0ubuntu2.6~14.04.4|libapt-inst1.5:amd64,1.0.1ubuntu2.24|libapt-pkg4.12:amd64,1.0.1ubuntu2.24|libarchive-extract-perl,0.70-1|libasn1-8-heimdal:amd64,1.6~git20131207+dfsg-1ubuntu1.2|libasprintf0c2:amd64,0.18.3.1-1ubuntu3.1|libattr1:amd64,1:2.4.47-1ubuntu1|libaudit-common,1:2.3.2-2ubuntu1|libaudit1:amd64,1:2.3.2-2ubuntu1|libbind9-90,1:9.9.5.dfsg-3ubuntu0.19|libblkid1:amd64,2.20.1-5.1ubuntu20.9|libboost-iostreams1.54.0:amd64,1.54.0-4ubuntu3.1|libbsd0:amd64,0.6.0-2ubuntu1|libbz2-1.0:amd64,1.0.6-5|libc-bin,2.19-0ubuntu6.15|libc6:amd64,2.19-0ubuntu6.15|libcap-ng0,0.7.3-1ubuntu2|libcap2-bin,1:2.24-0ubuntu2|libcap2:amd64,1:2.24-0ubuntu2|libcgmanager0:amd64,0.24-0ubuntu7.5|libck-connector0:amd64,0.4.5-3.1ubuntu2|libclass-accessor-perl,0.34-1|libcomerr2:amd64,1.42.9-3ubuntu1.3|libcrack2:amd64,2.9.1-1build1|libcurl3-gnutls:amd64,7.35.0-1ubuntu2.20|libcurl3:amd64,7.35.0-1ubuntu2.20|libcurses-perl,1.28-1build3|libcurses-ui-perl,0.9609-1|libcwidget3,0.5.16-3.5ubuntu1|libdb5.3:amd64,5.3.28-3ubuntu3.1|libdbus-1-3:amd64,1.6.18-0ubuntu4.5|libdbus-glib-1-2:amd64,0.100.2-1|libdebconfclient0:amd64,0.187ubuntu1|libdevmapper1.02.1:amd64,2:1.02.77-6ubuntu2|libdns100,1:9.9.5.dfsg-3ubuntu0.19|libdrm2:amd64,2.4.67-1ubuntu0.14.04.2|libedit2:amd64,3.1-20130712-2|libelf1:amd64,0.158-0ubuntu5.3|libept1.4.12:amd64,1.0.12|liberror-perl,0.17-1.1|libestr0,0.1.9-0ubuntu2|libevent-2.0-5:amd64,2.0.21-stable-1ubuntu1.14.04.2|libexpat1:amd64,2.1.0-4ubuntu1.4|libffi6:amd64,3.1~rc1+r3.0.13-12ubuntu0.2|libfreetype6:amd64,2.5.2-1ubuntu2.8|libfribidi0:amd64,0.19.6-1|libfuse2:amd64,2.9.2-4ubuntu4.14.04.1|libgc1c2:amd64,1:7.2d-5ubuntu2.1|libgcc1:amd64,1:4.9.3-0ubuntu4|libgck-1-0:amd64,3.10.1-1|libgcr-3-common,3.10.1-1|libgcr-base-3-1:amd64,3.10.1-1|libgcrypt11:amd64,1.5.3-2ubuntu4.6|libgdbm3:amd64,1.8.3-12build1|libgeoip1:amd64,1.6.0-1|libgirepository-1.0-1,1.40.0-1ubuntu0.2|libglib2.0-0:amd64,2.40.2-0ubuntu1.1|libglib2.0-data,2.40.2-0ubuntu1.1|libgnutls-openssl27:amd64,2.12.23-12ubuntu2.8|libgnutls26:amd64,2.12.23-12ubuntu2.8|libgpg-error0:amd64,1.12-0.2ubuntu1|libgpm2:amd64,1.20.4-6.1|libgssapi-krb5-2:amd64,1.12+dfsg-2ubuntu5.4|libgssapi3-heimdal:amd64,1.6~git20131207+dfsg-1ubuntu1.2|libhcrypto4-heimdal:amd64,1.6~git20131207+dfsg-1ubuntu1.2|libheimbase1-heimdal:amd64,1.6~git20131207+dfsg-1ubuntu1.2|libheimntlm0-heimdal:amd64,1.6~git20131207+dfsg-1ubuntu1.2|libhx509-5-heimdal:amd64,1.6~git20131207+dfsg-1ubuntu1.2|libidn11:amd64,1.28-1ubuntu2.2|libio-string-perl,1.08-3|libisc95,1:9.9.5.dfsg-3ubuntu0.19|libisccc90,1:9.9.5.dfsg-3ubuntu0.19|libisccfg90,1:9.9.5.dfsg-3ubuntu0.19|libiw30:amd64,30~pre9-8ubuntu1|libjson-c2:amd64,0.11-3ubuntu1.2|libjson0:amd64,0.11-3ubuntu1.2|libk5crypto3:amd64,1.12+dfsg-2ubuntu5.4|libkeyutils1:amd64,1.5.6-1|libklibc,2.0.3-0ubuntu1.14.04.3|libkmod2:amd64,15-0ubuntu7|libkrb5-26-heimdal:amd64,1.6~git20131207+dfsg-1ubuntu1.2|libkrb5-3:amd64,1.12+dfsg-2ubuntu5.4|libkrb5support0:amd64,1.12+dfsg-2ubuntu5.4|libldap-2.4-2:amd64,2.4.31-1+nmu2ubuntu8.5|liblocale-gettext-perl,1.05-7build3|liblockfile-bin,1.09-6ubuntu1|liblockfile1:amd64,1.09-6ubuntu1|liblog-message-simple-perl,0.10-1|liblwres90,1:9.9.5.dfsg-3ubuntu0.19|liblzma5:amd64,5.1.1alpha+20120614-2ubuntu2|libmagic1:amd64,1:5.14-2ubuntu3.4|libmodule-pluggable-perl,5.1-1|libmount1:amd64,2.20.1-5.1ubuntu20.9|libmpdec2:amd64,2.4.0-6|libncurses5:amd64,5.9+20140118-1ubuntu1|libncursesw5:amd64,5.9+20140118-1ubuntu1|libnewt0.52:amd64,0.52.15-2ubuntu5|libnfnetlink0:amd64,1.0.1-2|libnih-dbus1:amd64,1.0.3-4ubuntu25|libnih1:amd64,1.0.3-4ubuntu25|libnl-3-200:amd64,3.2.21-1ubuntu4.1|libnl-genl-3-200:amd64,3.2.21-1ubuntu4.1|libnuma1:amd64,2.0.9~rc5-1ubuntu3.14.04.2|libp11-kit0:amd64,0.20.2-2ubuntu2|libpam-cap:amd64,1:2.24-0ubuntu2|libpam-cracklib:amd64,1.1.8-1ubuntu2.2|libpam-modules-bin,1.1.8-1ubuntu2.2|libpam-modules:amd64,1.1.8-1ubuntu2.2|libpam-runtime,1.1.8-1ubuntu2.2|libpam-systemd:amd64,204-5ubuntu20.31|libpam0g:amd64,1.1.8-1ubuntu2.2|libparse-debianchangelog-perl,1.2.0-1ubuntu1|libparted0debian1:amd64,2.3-19ubuntu1.14.04.1|libpcap0.8:amd64,1.5.3-2|libpci3:amd64,1:3.2.1-1ubuntu5.1|libpcre3:amd64,1:8.31-2ubuntu2.3|libpcsclite1:amd64,1.8.10-1ubuntu1.1|libpipeline1:amd64,1.3.0-1|libplymouth2:amd64,0.8.8-0ubuntu17.2|libpng12-0:amd64,1.2.50-1ubuntu2.14.04.3|libpod-latex-perl,0.61-1|libpolkit-agent-1-0:amd64,0.105-4ubuntu3.14.04.6|libpolkit-backend-1-0:amd64,0.105-4ubuntu3.14.04.6|libpolkit-gobject-1-0:amd64,0.105-4ubuntu3.14.04.6|libpopt0:amd64,1.16-8ubuntu1|libprocps3:amd64,1:3.3.9-1ubuntu2.3|libpython-stdlib:amd64,2.7.5-5ubuntu3|libpython2.7-minimal:amd64,2.7.6-8ubuntu0.5|libpython2.7-stdlib:amd64,2.7.6-8ubuntu0.5|libpython2.7:amd64,2.7.6-8ubuntu0.5|libpython3-stdlib:amd64,3.4.0-0ubuntu2|libpython3.4-minimal:amd64,3.4.3-1ubuntu1~14.04.7|libpython3.4-stdlib:amd64,3.4.3-1ubuntu1~14.04.7|libreadline5:amd64,5.2+dfsg-2|libreadline6:amd64,6.3-4ubuntu2|libroken18-heimdal:amd64,1.6~git20131207+dfsg-1ubuntu1.2|librtmp0:amd64,2.4+20121230.gitdf6c518-1ubuntu0.1|libsasl2-2:amd64,2.1.25.dfsg1-17build1|libsasl2-modules-db:amd64,2.1.25.dfsg1-17build1|libsasl2-modules:amd64,2.1.25.dfsg1-17build1|libselinux1:amd64,2.2.2-1ubuntu0.1|libsemanage-common,2.2-1|libsemanage1:amd64,2.2-1|libsepol1:amd64,2.2-1ubuntu0.1|libsigc++-2.0-0c2a:amd64,2.2.10-0.2ubuntu2|libsigsegv2:amd64,2.10-2|libslang2:amd64,2.2.4-15ubuntu1|libsqlite3-0:amd64,3.8.2-1ubuntu2.2|libss2:amd64,1.42.9-3ubuntu1.3|libssl1.0.0:amd64,1.0.1f-1ubuntu2.27|libstdc++6:amd64,4.8.4-2ubuntu1~14.04.4|libsub-name-perl,0.05-1build4|libsystemd-daemon0:amd64,204-5ubuntu20.31|libsystemd-login0:amd64,204-5ubuntu20.31|libtasn1-6:amd64,3.4-3ubuntu0.6|libterm-readkey-perl,2.31-1|libterm-ui-perl,0.42-1|libtext-charwidth-perl,0.04-7build3|libtext-iconv-perl,1.7-5build2|libtext-soundex-perl,3.4-1build1|libtext-wrapi18n-perl,0.06-7|libtimedate-perl,2.3000-1|libtinfo5:amd64,5.9+20140118-1ubuntu1|libudev1:amd64,204-5ubuntu20.31|libusb-0.1-4:amd64,2:0.1.12-23.3ubuntu1|libusb-1.0-0:amd64,2:1.0.17-1ubuntu2|libustr-1.0-1:amd64,1.0.4-3ubuntu2|libuuid1:amd64,2.20.1-5.1ubuntu20.9|libwind0-heimdal:amd64,1.6~git20131207+dfsg-1ubuntu1.2|libwrap0:amd64,7.6.q-25|libx11-6:amd64,2:1.6.2-1ubuntu2.1|libx11-data,2:1.6.2-1ubuntu2.1|libxapian22,1.2.16-2ubuntu1|libxau6:amd64,1:1.0.8-1|libxcb1:amd64,1.10-2ubuntu1|libxdmcp6:amd64,1:1.1.1-1|libxext6:amd64,2:1.3.2-1ubuntu0.0.14.04.1|libxml2:amd64,2.9.1+dfsg1-3ubuntu4.13|libxmuu1:amd64,2:1.1.1-1|libxtables10,1.4.21-1ubuntu1|libyaml-0-2:amd64,0.1.4-3ubuntu3.1|linux-base,4.5ubuntu1~14.04.1|linux-firmware,1.127.24|linux-generic-lts-xenial,4.4.0.148.130|linux-headers-4.4.0-142,4.4.0-142.168~14.04.1|linux-headers-4.4.0-142-generic,4.4.0-142.168~14.04.1|linux-headers-4.4.0-148,4.4.0-148.174~14.04.1|linux-headers-4.4.0-148-generic,4.4.0-148.174~14.04.1|linux-headers-generic-lts-xenial,4.4.0.148.130|linux-image-4.4.0-142-generic,4.4.0-142.168~14.04.1|linux-image-4.4.0-148-generic,4.4.0-148.174~14.04.1|linux-image-extra-4.4.0-142-generic,4.4.0-142.168~14.04.1|linux-image-generic-lts-xenial,4.4.0.148.130|linux-modules-4.4.0-148-generic,4.4.0-148.174~14.04.1|linux-modules-extra-4.4.0-148-generic,4.4.0-148.174~14.04.1|locales,2.13+git20120306-12.1|lockfile-progs,0.1.17|login,1:4.1.5.1-1ubuntu9.5|logrotate,3.8.7-1ubuntu1.2|lsb-base,4.1+Debian11ubuntu6.2|lsb-release,4.1+Debian11ubuntu6.2|lshw,02.16-2ubuntu1.4|lsof,4.86+dfsg-1ubuntu2|ltrace,0.7.3-4ubuntu5.1|m4,1.4.17-2ubuntu1|make,3.81-8.2ubuntu3|makedev,2.3.1-93ubuntu2~ubuntu14.04.1|man-db,2.6.7.1-1ubuntu1|manpages,3.54-1ubuntu1|mawk,1.3.3-17ubuntu2|memtest86+,4.20-1.1ubuntu8|mime-support,3.54ubuntu1.1|mlocate,0.26-1ubuntu1|module-init-tools,15-0ubuntu7|mount,2.20.1-5.1ubuntu20.9|mountall,2.53ubuntu1|mtr-tiny,0.85-2|multiarch-support,2.19-0ubuntu6.15|nano,2.2.6-1ubuntu1|ncurses-base,5.9+20140118-1ubuntu1|ncurses-bin,5.9+20140118-1ubuntu1|ncurses-term,5.9+20140118-1ubuntu1|net-tools,1.60-25ubuntu2.1|netbase,5.2|netcat-openbsd,1.105-7ubuntu1|ntfs-3g,1:2013.1.13AR.1-2ubuntu2|ntpdate,1:4.2.6.p5+dfsg-3ubuntu2.14.04.13|openssh-client,1:6.6p1-2ubuntu2.13|openssh-server,1:6.6p1-2ubuntu2.13|openssh-sftp-server,1:6.6p1-2ubuntu2.13|openssl,1.0.1f-1ubuntu2.27|os-prober,1.63ubuntu1.1|parted,2.3-19ubuntu1.14.04.1|passwd,1:4.1.5.1-1ubuntu9.5|patch,2.7.1-4ubuntu2.4|pciutils,1:3.2.1-1ubuntu5.1|perl,5.18.2-2ubuntu1.7|perl-base,5.18.2-2ubuntu1.7|perl-modules,5.18.2-2ubuntu1.7|plymouth,0.8.8-0ubuntu17.2|plymouth-theme-ubuntu-text,0.8.8-0ubuntu17.2|policykit-1,0.105-4ubuntu3.14.04.6|popularity-contest,1.57ubuntu1|portsentry,1.2-13|powermgmt-base,1.31build1|ppp,2.4.5-5.1ubuntu2.3|pppconfig,2.3.19ubuntu1|pppoeconf,1.20ubuntu1|procmail,3.22-21ubuntu0.2|procps,1:3.3.9-1ubuntu2.3|psmisc,22.20-1ubuntu2|python,2.7.5-5ubuntu3|python-apt,0.9.3.5ubuntu3|python-apt-common,0.9.3.5ubuntu3|python-chardet,2.0.1-2build2|python-configobj,4.7.2+ds-5build1|python-debian,0.1.21+nmu2ubuntu2|python-gdbm,2.7.5-1ubuntu1|python-minimal,2.7.5-5ubuntu3|python-openssl,0.13-2ubuntu6|python-pam,0.4.2-13.1ubuntu3|python-pkg-resources,3.3-1ubuntu2|python-pyinotify,0.9.4-1build1|python-requests,2.2.1-1ubuntu0.4|python-serial,2.6-1build1|python-six,1.5.2-1ubuntu1.1|python-twisted-bin,13.2.0-1ubuntu1.2|python-twisted-core,13.2.0-1ubuntu1.2|python-urllib3,1.7.1-1ubuntu4.1|python-xapian,1.2.16-2ubuntu1|python-zope.interface,4.0.5-1ubuntu4|python2.7,2.7.6-8ubuntu0.5|python2.7-minimal,2.7.6-8ubuntu0.5|python3,3.4.0-0ubuntu2|python3-apport,2.14.1-0ubuntu3.29|python3-apt,0.9.3.5ubuntu3|python3-commandnotfound,0.3ubuntu12|python3-dbus,1.2.0-2build2|python3-distupgrade,1:0.220.11|python3-gdbm:amd64,3.4.3-1~14.04.2|python3-gi,3.12.0-1ubuntu1|python3-minimal,3.4.0-0ubuntu2|python3-newt,0.52.15-2ubuntu5|python3-pkg-resources,3.3-1ubuntu2|python3-problem-report,2.14.1-0ubuntu3.29|python3-pycurl,7.19.3-0ubuntu3|python3-software-properties,0.92.37.8|python3-update-manager,1:0.196.25|python3-yaml,3.10-4ubuntu0.1|python3.4,3.4.3-1ubuntu1~14.04.7|python3.4-minimal,3.4.3-1ubuntu1~14.04.7|readline-common,6.3-4ubuntu2|resolvconf,1.69ubuntu1.4|rsync,3.1.0-2ubuntu0.4|rsyslog,7.4.4-1ubuntu2.7|run-one,1.17-0ubuntu1|screen,4.1.0~20120320gitdb59704-9|sed,4.2.2-4ubuntu1|sendmail,8.14.4-4.1ubuntu1.1|sendmail-base,8.14.4-4.1ubuntu1.1|sendmail-bin,8.14.4-4.1ubuntu1.1|sendmail-cf,8.14.4-4.1ubuntu1.1|sensible-mda,8.14.4-4.1ubuntu1.1|sensible-utils,0.0.9ubuntu0.14.04.1|sgml-base,1.26+nmu4ubuntu1|shared-mime-info,1.2-0ubuntu3|software-properties-common,0.92.37.8|ssh-import-id,3.21-0ubuntu1|strace,4.8-1ubuntu5|sudo,1.8.9p5-1ubuntu1.4|systemd-services,204-5ubuntu20.31|systemd-shim,6-2bzr1|sysv-rc,2.88dsf-41ubuntu6.3|sysv-rc-conf,0.99-7|sysvinit-utils,2.88dsf-41ubuntu6.3|tar,1.27.1-1ubuntu0.1|tasksel,2.88ubuntu15|tasksel-data,2.88ubuntu15|tcpd,7.6.q-25|tcpdump,4.9.2-0ubuntu0.14.04.1|telnet,0.17-36build2|tiger,1:3.2.3-12|time,1.7-24|tmux,1.8-5|tripwire,2.4.2.2-3|tzdata,2019a-0ubuntu0.14.04|ubuntu-advantage-tools,19.6~ubuntu14.04.4|ubuntu-keyring,2012.05.19|ubuntu-minimal,1.325.1|ubuntu-release-upgrader-core,1:0.220.11|ubuntu-standard,1.325.1|ucf,3.0027+nmu1|udev,204-5ubuntu20.31|ufw,0.34~rc-0ubuntu2|unattended-upgrades,0.82.1ubuntu2.5|unhide,20121229-1|update-manager-core,1:0.196.25|update-notifier-common,0.154.1ubuntu8|upstart,1.12.1-0ubuntu4.2|ureadahead,0.100.0-16|usbutils,1:007-2ubuntu1.1|util-linux,2.20.1-5.1ubuntu20.9|uuid-runtime,2.20.1-5.1ubuntu20.9|vim,2:7.4.052-1ubuntu3.1|vim-common,2:7.4.052-1ubuntu3.1|vim-runtime,2:7.4.052-1ubuntu3.1|vim-tiny,2:7.4.052-1ubuntu3.1|w3m,0.5.3-15ubuntu0.2|wamerican,7.1-1|wget,1.15-1ubuntu1.14.04.5|whiptail,0.52.15-2ubuntu5|whois,5.1.1|wireless-regdb,2013.02.13-1ubuntu1|wireless-tools,30~pre9-8ubuntu1|wpasupplicant,2.1-0ubuntu1.7|xauth,1:1.0.7-1ubuntu1|xkb-data,2.10.1-1ubuntu1|xml-core,0.13+nmu2|xz-utils,5.1.1alpha+20120614-2ubuntu2|zlib1g:amd64,1:1.2.8.dfsg-1ubuntu1.1
|
|
package_audit_tool=apt-check
|
|
package_audit_tool_found=1
|
|
vulnerable_packages_found=0
|
|
hardening_index=73
|
|
tests_executed=HRDN-7231|HRDN-7230|HRDN-7222|HRDN-7220|KRNL-6000|HOME-9350|HOME-9310|HOME-9306|HOME-9304|HOME-9302|FILE-7524|MALW-3284|MALW-3282|MALW-3280|MALW-3278|MALW-3276|MALW-3275|TOOL-5190|TOOL-5126|TOOL-5130|TOOL-5122|TOOL-5120|TOOL-5104|TOOL-5102|TOOL-5002|FINT-4350|FINT-4338|FINT-4330|FINT-4328|FINT-4326|FINT-4322|FINT-4318|FINT-4314|FINT-4310|MACF-6290|RBAC-6272|MACF-6240|MACF-6232|MACF-6208|MACF-6204|CONT-8102|CRYP-8005|CRYP-8004|CRYP-8002|CRYP-7930|CRYP-7902|TIME-3170|TIME-3148|TIME-3104|ACCT-9636|ACCT-9628|ACCT-9626|ACCT-9622|SCHD-7718|SCHD-7704|SCHD-7702|BANN-7130|BANN-7128|BANN-7126|BANN-7124|INSE-8320|INSE-8318|INSE-8316|INSE-8314|INSE-8322|INSE-8310|INSE-8304|INSE-8300|INSE-8102|INSE-8100|INSE-8000|LOGG-2192|LOGG-2190|LOGG-2180|LOGG-2170|LOGG-2154|LOGG-2150|LOGG-2148|LOGG-2146|LOGG-2142|LOGG-2138|LOGG-2240|LOGG-2230|LOGG-2210|LOGG-2136|LOGG-2132|LOGG-2130|SQD-3602|PHP-2211|LDAP-2219|DBS-1880|DBS-1860|DBS-1840|DBS-1826|DBS-1820|DBS-1818|DBS-1804|SNMP-3302|SSH-7440|SSH-7408|SSH-7406|SSH-7404|SSH-7402|HTTP-6702|HTTP-6622|FIRE-4594|FIRE-4590|FIRE-4586|FIRE-4524|FIRE-4513|FIRE-4512|FIRE-4508|FIRE-4502|MAIL-8880|MAIL-8860|MAIL-8838|MAIL-8820|MAIL-8814|MAIL-8802|PRNT-2314|PRNT-2304|NETW-3200|NETW-3032|NETW-3030|NETW-3028|NETW-3015|NETW-3012|NETW-3008|NETW-3006|NETW-3004|NETW-3001|NETW-2705|NETW-2704|NETW-2600|NETW-2400|PKGS-7420|PKGS-7410|PKGS-7398|PKGS-7394|PKGS-7392|PKGS-7390|PKGS-7388|PKGS-7370|PKGS-7346|PKGS-7345|NAME-4408|NAME-4406|NAME-4404|NAME-4402|NAME-4304|NAME-4230|NAME-4202|NAME-4034|NAME-4032|NAME-4028|NAME-4020|NAME-4018|NAME-4016|STRG-1920|STRG-1846|USB-3000|USB-2000|USB-1000|FILE-6430|FILE-6410|FILE-6394|FILE-6376|FILE-6374|FILE-6372|FILE-6368|FILE-6363|FILE-6362|FILE-6354|FILE-6344|FILE-6336|FILE-6332|FILE-6329|FILE-6324|FILE-6323|FILE-6310|SHLL-6230|SHLL-6220|SHLL-6211|AUTH-9408|AUTH-9402|AUTH-9328|AUTH-9308|AUTH-9288|AUTH-9286|AUTH-9284|AUTH-9283|AUTH-9282|AUTH-9278|AUTH-9268|AUTH-9266|AUTH-9264|AUTH-9262|AUTH-9252|AUTH-9250|AUTH-9242|AUTH-9240|AUTH-9234|AUTH-9230|AUTH-9229|AUTH-9228|AUTH-9226|AUTH-9222|AUTH-9216|AUTH-9208|AUTH-9204|PROC-3802|PROC-3614|PROC-3612|PROC-3602|KRNL-5830|KRNL-5820|KRNL-5788|KRNL-5730|KRNL-5728|KRNL-5726|KRNL-5723|KRNL-5695|KRNL-5677|KRNL-5622|BOOT-5260|BOOT-5202|BOOT-5184|BOOT-5180|BOOT-5177|BOOT-5155|BOOT-5142|BOOT-5139|BOOT-5122|BOOT-5121|BOOT-5116|BOOT-5109|BOOT-5108|BOOT-5104|PLGN-0010|CORE-1000|
|
|
tests_skipped=MALW-3288|MALW-3286|FINT-4402|FINT-4341|FINT-4340|FINT-4339|FINT-4336|FINT-4334|FINT-4316|FINT-4315|MACF-6242|MACF-6234|CONT-8108|CONT-8107|CONT-8106|CONT-8104|CONT-8004|CRYP-7931|TIME-3185|TIME-3182|TIME-3181|TIME-3180|TIME-3160|TIME-3136|TIME-3132|TIME-3128|TIME-3124|TIME-3120|TIME-3116|TIME-3112|TIME-3106|ACCT-9662|ACCT-9660|ACCT-9656|ACCT-9654|ACCT-9652|ACCT-9650|ACCT-9634|ACCT-9632|ACCT-9630|ACCT-2760|ACCT-2754|SCHD-7724|SCHD-7720|BANN-7113|INSE-8050|INSE-8200|INSE-8116|INSE-8106|INSE-8104|INSE-8016|INSE-8006|INSE-8004|INSE-8002|LOGG-2164|LOGG-2162|LOGG-2160|LOGG-2153|LOGG-2152|LOGG-2134|SQD-3680|SQD-3630|SQD-3624|SQD-3620|SQD-3616|SQD-3614|SQD-3613|SQD-3610|SQD-3606|SQD-3604|PHP-2382|PHP-2378|PHP-2376|PHP-2374|PHP-2372|PHP-2368|PHP-2320|LDAP-2224|DBS-1888|DBS-1886|DBS-1884|DBS-1882|DBS-1828|DBS-1816|SNMP-3306|SNMP-3304|HTTP-6720|HTTP-6716|HTTP-6714|HTTP-6712|HTTP-6710|HTTP-6708|HTTP-6706|HTTP-6704|HTTP-6643|HTTP-6641|HTTP-6640|HTTP-6632|HTTP-6626|HTTP-6624|FIRE-4540|FIRE-4538|FIRE-4536|FIRE-4534|FIRE-4532|FIRE-4530|FIRE-4526|FIRE-4520|FIRE-4518|MAIL-8920|MAIL-8818|MAIL-8817|MAIL-8816|MAIL-8804|PRNT-2420|PRNT-2418|PRNT-2316|PRNT-2308|PRNT-2307|PRNT-2306|PRNT-2302|NETW-3014|NETW-2706|PKGS-7393|PKGS-7387|PKGS-7386|PKGS-7384|PKGS-7383|PKGS-7382|PKGS-7381|PKGS-7380|PKGS-7378|PKGS-7366|PKGS-7354|PKGS-7352|PKGS-7350|PKGS-7348|PKGS-7334|PKGS-7332|PKGS-7330|PKGS-7328|PKGS-7322|PKGS-7320|PKGS-7314|PKGS-7312|PKGS-7310|PKGS-7308|PKGS-7306|PKGS-7304|PKGS-7303|PKGS-7302|PKGS-7301|NAME-4306|NAME-4238|NAME-4236|NAME-4232|NAME-4210|NAME-4206|NAME-4204|NAME-4036|NAME-4026|NAME-4024|STRG-1930|STRG-1928|STRG-1926|STRG-1906|STRG-1904|STRG-1902|FILE-6439|FILE-6330|FILE-6312|FILE-6311|SHLL-6202|AUTH-9410|AUTH-9409|AUTH-9406|AUTH-9340|AUTH-9306|AUTH-9304|AUTH-9254|AUTH-9218|AUTH-9212|PROC-3604|KRNL-5770|KRNL-5831|KRNL-5745|BOOT-5264|BOOT-5263|BOOT-5262|BOOT-5170|BOOT-5165|BOOT-5159|BOOT-5126|BOOT-5261|BOOT-5124|BOOT-5117|BOOT-5106|BOOT-5102|PLGN-3860|PLGN-3856|PLGN-3834|PLGN-3832|PLGN-3830|PLGN-3820|PLGN-3818|PLGN-3816|PLGN-3814|PLGN-3812|PLGN-3810|PLGN-3808|PLGN-3806|PLGN-3804|PLGN-3802|PLGN-3800|PLGN-0008|
|
|
finish=true
|