LSAT output page






Please consider removing these packages.


net-dns/bind-tools-9.2.2_rc1



Did not find only_from= in /etc/xinetd.conf.
Please add this to allow subnets that you want to give access to.





default init level is not set to 5. Good.





Consider placing: auth.*				/var/log/secure
 in your /etc/syslog.conf file.





Consider placing: authpriv.*				/var/log/secure
 in your /etc/syslog.conf file.





This is a list of SUID files on the system:


/usr/sbin/pwdb_chkpwd
/usr/sbin/unix_chkpwd
/usr/sbin/suexec



This is a list of SGID files/directories on the system:


/usr/bin/man
/usr/bin/write
/usr/bin/dotlockfile



List of normal files in /dev. MAKEDEV is ok, but there
should be no other files:





This is a list of world writable files



/home/someuser/file1.txt
/home/someuser/file2.txt




List of group writable directories:


/tmp
/var/tmp
/var/lock
/home/files




This is a list of .exrc files found





This is a list of .forward files found on the system:





This is a list of .rhosts files found on the system:





This is a list of .netrc files on the system





Please consider removing these system accounts.
Check to see if you need them for your system applications before removing.
Also, consult the securitylinks.txt file for more information.


lp
sync
news
uucp
man



The following accounts are SUID 0 in /etc/passwd.
Remove if needed.





Remove the following entries (if any) from the
 respective passwd/group file(s)





The following accounts have no/empty password





Checks for sticky bits on tmp files


changelog is not chmod 644.
config.status is not chmod 644.
configure is not chmod 644.
lsat is not chmod 644.
lsat.html is not chmod 644.
lsat.pod is not chmod 644.
/var/run/syslog-ng.pid is not chmod 644.
changelog is not chmod 644.
config.status is not chmod 644.
configure is not chmod 644.
lsat is not chmod 644.
lsat.html is not chmod 644.
lsat.pod is not chmod 644.
Check above files for chmod 644.



List of files with no user or group:

/usr/share/epic/help/6_Functions/regex




Checking default umask on system:

Default umask should be 022, 027or 077. 002 is ok for RedHat.
Here are the filenames, and the umask number
found in each. Please read through the file and ensure that is what you want.


/etc/profile: 022

****************************************
While checking ftpusers...
/etc/ftpusers does not exist or is not readable.
This is ok if you are not root, not
running ftp or your ftp daemon
does not use /etc/ftpusers.
Please triple check your configuration
and ensure you do not need /etc/ftpusers.

*****************************************



Checking rc startup scripts:


inetd

These services were found in /etc/rc.d/init.d
Consider removing or disabling unneeded services.
****************************************



Default limits hashed out in limits.conf.
Check /etc/security/limits.conf for the default entry.
Make sure to set hard and soft limits for default "*",
or for individual users.





sshd config file entries
Make sure these are commented out.




lsof is not installed on this system,
or it is not in the path,
or I just can not find it.
checkopenfiles was not run.





/etc/issue does not exist. Good.





/etc/issue.net does not exist. Good.





/etc/motd does not exist.





/etc/banners dir not found. 
Check securitylinks.txt for more info.





ExecCGIs were found in commonapache.conf.




Please ensure that the ExecCGIs in the apache 
conf files are needed.
Consider the Options IncludeNoExec directive, or 
getting rid of all ExecCGI directives.




Modules appear to be enabled in the kernel.
For the paranoid, consider recompiling as static,
or run lcap.
List of modules loaded:


Module                  Size  Used by    Tainted: P  
natsemi                 9380   1 
ipt_MASQUERADE          1184   1  (autoclean)
ipt_LOG                 3104   1  (autoclean)
ipt_state                608   1  (autoclean)
iptable_filter          1728   1  (autoclean)
ip_nat_ftp              2944   0  (unused)
iptable_nat            13108   2  [ipt_MASQUERADE ip_nat_ftp]
ip_conntrack_irc        2432   0  (unused)
ip_conntrack_ftp        3168   0  (unused)
ip_conntrack           13260   4  [ipt_MASQUERADE ipt_state ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]
ip_tables              10464   7  [ipt_MASQUERADE ipt_LOG ipt_state iptable_filter iptable_nat]



/etc/securetty has tty's over 6.
Consider disabeling all ttys over tty6 (console).





/etc/securetty has ttys other than the console.
Consider removing any lines in /etc/securetty other than tty[1-6].





This is a list of files in /etc/init.d that are not permission 700
We recommend that you change permissions to 700.


/etc/init.d/checkfs
/etc/init.d/clock
/etc/init.d/consolefont
/etc/init.d/hostname
/etc/init.d/local
/etc/init.d/numlock



Check these ports in /etc/services to see what they are.
Close all ports you do not need.

Ports listening on this system:
Protocol	Port


tcp		80
tcp		22



Output from nmap run on local IP(s)
Check these services to see if they are critical.
Disable services you do not need.



Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host www.rosaryhouse.com (192.168.1.20) appears to be up ... good.
Initiating SYN Stealth Scan against www.rosaryhouse.com (192.168.1.20)
Adding open port 22/tcp
Adding open port 80/tcp
The SYN Stealth Scan took 2 seconds to scan 1601 ports.
Interesting ports on www.rosaryhouse.com (192.168.1.20):
(The 1597 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
80/tcp     open        http                    

Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds




Looks like ip_forward is enabled on this system
ensure /proc/sys/net/ipv4/ip_forward
contains a 0 only as its entry.





Hrm, do not see FORWARD_IPV4=FALSE in network.
Make sure that /etc/sysconfig/network
contains the line FORWARD_IPV4=FALSE





No interfaces found in promisc mode. Good.