LSAT output page





default init level is not set to 5. Good.

Consider placing: auth.* /var/log/secure in your /etc/syslog.conf file.

Consider placing: authpriv.* /var/log/secure in your /etc/syslog.conf file.

The last 100 (or less) failed login attempts on the system Login Failures Maximum Latest On root 0 0 12/31/69 18:00:00 -0600 daemon 0 0 12/31/69 18:00:00 -0600 bin 0 0 12/31/69 18:00:00 -0600 sys 0 0 12/31/69 18:00:00 -0600 sync 0 0 12/31/69 18:00:00 -0600 games 0 0 12/31/69 18:00:00 -0600 man 0 0 12/31/69 18:00:00 -0600 lp 0 0 12/31/69 18:00:00 -0600 mail 0 0 12/31/69 18:00:00 -0600 news 0 0 12/31/69 18:00:00 -0600 uucp 0 0 12/31/69 18:00:00 -0600 proxy 0 0 12/31/69 18:00:00 -0600 www-data 0 0 12/31/69 18:00:00 -0600 gnats 0 0 12/31/69 18:00:00 -0600 nobody 0 0 12/31/69 18:00:00 -0600 libuuid 0 0 12/31/69 18:00:00 -0600 syslog 0 0 12/31/69 18:00:00 -0600 messagebus 0 0 12/31/69 18:00:00 -0600 whoopsie 0 0 12/31/69 18:00:00 -0600 postfix 0 0 12/31/69 18:00:00 -0600 landscape 0 0 12/31/69 18:00:00 -0600 sshd 0 0 12/31/69 18:00:00 -0600 ntp 0 0 12/31/69 18:00:00 -0600

This is a list of .exrc files found

This is a list of .forward files found on the system:

This is a list of .rhosts files found on the system:

This is a list of .netrc files found on the system

This is a list of dotfiles found on the system

Please consider removing these system accounts. Check to see if you need them for your system applications before removing. Also, consult the securitylinks.txt file for more information. sync man lp news uucp

The following accounts are UID 0 in /etc/passwd. Only root should be UID 0. Remove if needed.

Remove the following entries (if any) from the respective passwd/group file(s)

The following accounts have no/empty passwords

Output of pwck, note non existent directories, etc user 'lp': directory '/var/spool/lpd' does not exist user 'news': directory '/var/spool/news' does not exist user 'uucp': directory '/var/spool/uucp' does not exist user 'nobody': directory '/nonexistent' does not exist user 'whoopsie': directory '/nonexistent' does not exist user 'ntp': directory '/home/ntp' does not exist

Output of grpck, note groups it think should be deleted.

Checking default umask on system: Default umask should be 022, 027 or 077. 002 is ok for RedHat. Here are the filenames, and the umask number found in each. Please read through the file and ensure that is what you want. **************************************** While checking ftpusers... /etc/ftpusers does not exist or is not readable. This is ok if you are not root, not running ftp or your ftp daemon does not use /etc/ftpusers. Please triple check your configuration and ensure you do not need /etc/ftpusers. *****************************************

Checking rc startup scripts: These services were found in /etc/rc.d/init.d Consider removing or disabling unneeded services. ****************************************

Default limits hashed out in limits.conf. Check /etc/security/limits.conf for the default entry. Make sure to set hard and soft limits for default "*", or for individual users.

Output from ulimit, check to see if these are reasonable limits. Resource limits can help prevent DOS attacks, read up on them if you need to. time(seconds) unlimited file(blocks) unlimited data(kbytes) unlimited stack(kbytes) 8192 coredump(blocks) 0 memory(kbytes) unlimited locked memory(kbytes) 64 process 47616 nofiles 1024 vmemory(kbytes) unlimited locks unlimited

sshd config file entries Make sure these are commented out.

Protcol 2 not found in sshd config, or you are doing 1,2. Change to protcol 2 only.

This is the lsof output, diff this against a previous run. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ntpd 1300 ntp 16u IPv4 9529 0t0 UDP *:ntp ntpd 1300 ntp 17u IPv6 9530 0t0 UDP *:ntp ntpd 1300 ntp 18u IPv4 9536 0t0 UDP localhost.localdomain:ntp apache2 8662 www-data 3u IPv4 4202205 0t0 TCP *:http (LISTEN) apache2 8662 www-data 4u IPv4 4202208 0t0 TCP *:https (LISTEN) sshd 11033 root 3r IPv4 4202184 0t0 TCP *:22 (LISTEN) sshd 11033 root 4u IPv6 4202186 0t0 TCP *:22 (LISTEN)

/etc/issue exists. Make sure it does not have any system specific information in it.

/etc/issue.net exists. Make sure it does not have any system specific information in it.

/etc/motd exists. Make sure it does not have any system specific information in it.

/etc/banners dir not found. Check securitylinks.txt for more info.

No ExecCGIs found. Good.

These are the kernel modules that are loaded on the system as given by the output of modprobe -c -l Check to see if they are really needed. kernel/arch/x86/kernel/cpu/mcheck/mce-xeon75xx.ko kernel/arch/x86/kernel/cpu/mcheck/mce-inject.ko kernel/arch/x86/kernel/msr.ko kernel/arch/x86/kernel/cpuid.ko kernel/arch/x86/kernel/microcode.ko kernel/arch/x86/crypto/aes-x86_64.ko kernel/arch/x86/crypto/blowfish-x86_64.ko kernel/arch/x86/crypto/twofish-x86_64.ko kernel/arch/x86/crypto/twofish-x86_64-3way.ko kernel/arch/x86/crypto/salsa20-x86_64.ko kernel/arch/x86/crypto/aesni-intel.ko kernel/arch/x86/crypto/ghash-clmulni-intel.ko kernel/arch/x86/crypto/sha1-ssse3.ko kernel/arch/x86/kvm/kvm.ko kernel/arch/x86/kvm/kvm-intel.ko kernel/arch/x86/kvm/kvm-amd.ko kernel/fs/nfs_common/nfs_acl.ko kernel/fs/quota/quota_v1.ko kernel/fs/quota/quota_v2.ko kernel/fs/quota/quota_tree.ko kernel/drivers/pci/hotplug/cpcihp_zt5550.ko kernel/drivers/pci/hotplug/cpcihp_generic.ko kernel/drivers/pci/hotplug/shpchp.ko kernel/drivers/pci/hotplug/acpiphp.ko kernel/drivers/pci/hotplug/acpiphp_ibm.ko kernel/drivers/pci/hotplug/fakephp.ko kernel/drivers/pci/pci-stub.ko -- deleted for brevity --

/etc/securetty has tty's over 6. Consider disabeling all ttys over tty6 (console).

/etc/securetty has ttys other than the console. Consider removing any lines in /etc/securetty other than tty[1-6].

This is a list of files in /etc/init.d whose permissions are not set to 700. We recommend that you change the permissions of these files to 700. /etc/init.d/apache2 /etc/init.d/bootlogd /etc/init.d/skeleton /etc/init.d/README /etc/init.d/ntp /etc/init.d/killprocs /etc/init.d/reboot /etc/init.d/umountfs /etc/init.d/rc /etc/init.d/single /etc/init.d/halt /etc/init.d/umountnfs.sh

Check these ports in /etc/services to see what they are. Close all ports you do not need. Ports listening on this system: Protocol Port tcp 22 tcp 80 tcp 25 tcp 443

Output from nmap run on local IP(s) Check these services to see if they are critical. Disable services you do not need. Starting Nmap 5.21 ( http://nmap.org ) at 2014-04-26 20:52 CDT Initiating Parallel DNS resolution of 1 host. at 20:52 Completed Parallel DNS resolution of 1 host. at 20:52, 0.04s elapsed Initiating SYN Stealth Scan at 20:52 Scanning 192.168.169.69 [1000 ports] Discovered open port 25/tcp on 192.168.169.69 Discovered open port 80/tcp on 192.168.169.69 Discovered open port 22/tcp on 192.168.169.69 Completed SYN Stealth Scan at 20:52, 0.01s elapsed (1000 total ports) Nmap scan report for 192.168.169.69 Host is up (0.0000040s latency). Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 443/tcp open https Read data files from: /usr/share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds Raw packets sent: 1000 (44.000KB) | Rcvd: 2007 (84.308KB)

Output from arp -a. If you have arp poisoning, it should show up here. ? (192.168.169.1) at FF:FF:FF:FF:FF:FF [ether] on eth0

Output from netstat -i showing Kernel interface statistics Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 7643542 0 71186 0 4631577 0 0 0 BMRU lo 16436 0 203149 0 0 0 203149 0 0 0 LRU

Output from netstat -rn showing current routing Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.169.1 0.0.0.0 UG 0 0 0 eth0 192.168.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

These network interfaces found to be in promisc mode using /sbin/ip.

These network interfaces found to be in promisc mode using /sbin/ip.

Password keyword is not in grub configuration file, please check.

/proc/sys/net/ipv4/icmp_echo_ignore_all exists, but is off. Consider placing a one in it to turn on.

You ignore all ICMP Echo broadcasts, good.

You are denying source routed packets. Good.

/proc/sys/net/ipv4/conf/all/accept_redirects exists, but its off.

You are ignoring bad err msgs in ipv4. Good.

Logging of spoofed, etc packets is off. Consider turning on.

X seems to be listening for tcp connections. Consider turning this off with -nolisten tcp in your X startup file.

readlink is not installed on this system, or it is not in the path, or I just can not find it. checklistening was not run.

This is a list of mount points currently mounted. Make sure the permissions are reasonable (rw, ro, etc). /dev/sda1 on / type ext4 (rw,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) udev on /dev type devtmpfs (rw,mode=0755) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev)

This is a list of disk utilizations on the system, in kilobytes. Chcek to see that filesystems are not near capacity, etc. Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda1 477999656 79109628 374964320 18% / udev 3047456 4 3047452 1% /dev tmpfs 1222496 300 1222196 1% /run none 5120 0 5120 0% /run/lock none 3056236 0 3056236 0% /run/shm

Checking services that start at boot. object path "/com/ubuntu/Upstart/jobs/mountall_2dnet" object path "/com/ubuntu/Upstart/jobs/rc" object path "/com/ubuntu/Upstart/jobs/rsyslog" object path "/com/ubuntu/Upstart/jobs/screen_2dcleanup" object path "/com/ubuntu/Upstart/jobs/tty4" object path "/com/ubuntu/Upstart/jobs/udev" object path "/com/ubuntu/Upstart/jobs/upstart_2dudev_2dbridge" object path "/com/ubuntu/Upstart/jobs/ureadahead_2dother" object path "/com/ubuntu/Upstart/jobs/whoopsie" object path "/com/ubuntu/Upstart/jobs/passwd" object path "/com/ubuntu/Upstart/jobs/console_2dsetup" object path "/com/ubuntu/Upstart/jobs/hwclock_2dsave" object path "/com/ubuntu/Upstart/jobs/irqbalance" object path "/com/ubuntu/Upstart/jobs/plymouth_2dlog" object path "/com/ubuntu/Upstart/jobs/rpcbind_2dboot" object path "/com/ubuntu/Upstart/jobs/tty5" object path "/com/ubuntu/Upstart/jobs/apport" object path "/com/ubuntu/Upstart/jobs/failsafe" object path "/com/ubuntu/Upstart/jobs/atd" object path "/com/ubuntu/Upstart/jobs/dbus" object path "/com/ubuntu/Upstart/jobs/mounted_2dvar" object path "/com/ubuntu/Upstart/jobs/plymouth" object path "/com/ubuntu/Upstart/jobs/portmap" object path "/com/ubuntu/Upstart/jobs/resolvconf" object path "/com/ubuntu/Upstart/jobs/ssh" object path "/com/ubuntu/Upstart/jobs/udev_2dfallback_2dgraphics" object path "/com/ubuntu/Upstart/jobs/control_2dalt_2ddelete" object path "/com/ubuntu/Upstart/jobs/hwclock" object path "/com/ubuntu/Upstart/jobs/mounted_2dproc" object path "/com/ubuntu/Upstart/jobs/module_2dinit_2dtools" object path "/com/ubuntu/Upstart/jobs/setvtrgb" object path "/com/ubuntu/Upstart/jobs/shutdown" object path "/com/ubuntu/Upstart/jobs/cron" object path "/com/ubuntu/Upstart/jobs/mountall" object path "/com/ubuntu/Upstart/jobs/mounted_2ddebugfs" object path "/com/ubuntu/Upstart/jobs/console" object path "/com/ubuntu/Upstart/jobs/mounted_2drun" object path "/com/ubuntu/Upstart/jobs/acpid" object path "/com/ubuntu/Upstart/jobs/plymouth_2dstop" object path "/com/ubuntu/Upstart/jobs/rcS" object path "/com/ubuntu/Upstart/jobs/ufw" object path "/com/ubuntu/Upstart/jobs/wait_2dfor_2dstate" object path "/com/ubuntu/Upstart/jobs/flush_2dearly_2djob_2dlog" object path "/com/ubuntu/Upstart/jobs/friendly_2drecovery" object path "/com/ubuntu/Upstart/jobs/rc_2dsysinit" object path "/com/ubuntu/Upstart/jobs/upstart_2dsocket_2dbridge" object path "/com/ubuntu/Upstart/jobs/tty2" object path "/com/ubuntu/Upstart/jobs/udevtrigger" object path "/com/ubuntu/Upstart/jobs/container_2ddetect" object path "/com/ubuntu/Upstart/jobs/mounted_2ddev" object path "/com/ubuntu/Upstart/jobs/tty3" object path "/com/ubuntu/Upstart/jobs/udev_2dfinish" object path "/com/ubuntu/Upstart/jobs/dovecot" object path "/com/ubuntu/Upstart/jobs/hostname" object path "/com/ubuntu/Upstart/jobs/mountall_2dreboot" object path "/com/ubuntu/Upstart/jobs/mysql" object path "/com/ubuntu/Upstart/jobs/mountall_2dshell" object path "/com/ubuntu/Upstart/jobs/mounted_2dtmp" object path "/com/ubuntu/Upstart/jobs/network_2dinterface" object path "/com/ubuntu/Upstart/jobs/plymouth_2dsplash" object path "/com/ubuntu/Upstart/jobs/plymouth_2dupstart_2dbridge" object path "/com/ubuntu/Upstart/jobs/tty1" object path "/com/ubuntu/Upstart/jobs/udevmonitor" object path "/com/ubuntu/Upstart/jobs/plymouth_2dready" object path "/com/ubuntu/Upstart/jobs/portmap_2dwait" object path "/com/ubuntu/Upstart/jobs/dmesg" object path "/com/ubuntu/Upstart/jobs/network_2dinterface_2dsecurity" object path "/com/ubuntu/Upstart/jobs/networking" object path "/com/ubuntu/Upstart/jobs/procps" object path "/com/ubuntu/Upstart/jobs/tty6" object path "/com/ubuntu/Upstart/jobs/network_2dinterface_2dcontainer" object path "/com/ubuntu/Upstart/jobs/ureadahead"