Security report domain.com! Mida siit silmas pidada...

Security scripts *** 3.2.3, 2008.09.10.09.30 ***
Sun Mar 31 10:51:46 CEST 2013
10:51> Beginning security report for domain.com (x86_64 Linux 3.2.13-grsec-xxxx-grs-ipv6-64).

# Performing check of passwd files...
# Checking entries from /etc/passwd.
--WARN-- [pass013w] Username `root' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `daemon' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `bin' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `sys' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `sync' is not using an acceptable password hash
(x).
--WARN-- [pass015w] Login ID sync does not have a valid shell (/bin/sync).
--WARN-- [pass013w] Username `games' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `man' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `lp' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `mail' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `news' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `uucp' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `proxy' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `www-data' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `backup' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `list' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `irc' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `gnats' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `nobody' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `libuuid' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `Debian-exim' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `statd' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `bind' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `sshd' is not using an acceptable password hash
(x).
--WARN-- [pass015w] Login ID sshd does not have a valid shell
(/usr/sbin/nologin).
--WARN-- [pass013w] Username `ntp' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `mysql' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `clamav' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `postfix' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `dkimproxy' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `fetchmail' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `amavis' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `dtc' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `tumgreyspf' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `domain' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `vmail' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `getmail' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `ispapps' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `ispconfig' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `web3' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `web4' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `proftpd' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `ftp' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `web6' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `ftpuser' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `munin' is not using an acceptable password hash
(x).

# Performing check of group files...

# Performing check of user accounts...
# Checking accounts from /etc/passwd.
--WARN-- [acc006w] Login ID mail's home directory (/var/mail) has group `4096'
write access.
--WARN-- [acc022w] Login ID nobody home directory (/nonexistent) is not
accessible.
--WARN-- [acc006w] Login ID libuuid's home directory (/var/lib/libuuid) has
group `4096' write access.
--WARN-- [acc021w] Login ID libuuid appears to be a dormant account.
--WARN-- [acc006w] Login ID bind's home directory (/var/cache/bind) has group
`4096' write access.
--WARN-- [acc021w] Login ID bind appears to be a dormant account.
--WARN-- [acc021w] Login ID sshd appears to be a dormant account.
--WARN-- [acc019w] Login ID vmail may be missing a shell initialization file
/var/vmail/.shrc.
--WARN-- [acc019w] Login ID getmail may be missing a shell initialization file
/etc/getmail/.shrc.
--WARN-- [acc019w] Login ID ispapps may be missing a shell initialization file
/var/www/apps/.shrc.
--WARN-- [acc023w] Login ID ispconfig's parent directory (/usr/local) has
non-administrative `staff' ownership.
--WARN-- [acc023w] Login ID ispconfig's parent directory (/usr/local/) has
group `4096' write access.
--WARN-- [acc019w] Login ID ispconfig may be missing a shell initialization
file /usr/local/ispconfig/.shrc.
--WARN-- [acc022w] Login ID ftpuser home directory (/bin/null) is not
accessible.

# Performing check of /etc/hosts.equiv and .rhosts files...

# Checking accounts from /etc/passwd...

# Performing check of .netrc files...

# Checking accounts from /etc/passwd...

# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...
--WARN-- [root001w] Remote root login allowed in /etc/ssh/sshd_config

# Performing check of PATH components...
# Only checking user 'root'
--WARN-- [path002w] /usr/bin/bsd-write in root's PATH from default is not
owned by root (owned by tty).
--WARN-- [path002w] /usr/bin/chage in root's PATH from default is not owned by
root (owned by shadow).
--WARN-- [path002w] /usr/bin/crontab in root's PATH from default is not owned
by root (owned by Debian-exim).
--WARN-- [path002w] /usr/bin/dotlockfile in root's PATH from default is not
owned by root (owned by mail).
--WARN-- [path002w] /usr/bin/expiry in root's PATH from default is not owned
by root (owned by shadow).
--WARN-- [path002w] /usr/bin/locate in root's PATH from default is not owned
by root (owned by mlocate).
--WARN-- [path002w] /usr/bin/mlocate in root's PATH from default is not owned
by root (owned by mlocate).
--WARN-- [path002w] /usr/bin/mlock in root's PATH from default is not owned by
root (owned by mail).
--WARN-- [path002w] /usr/bin/screen in root's PATH from default is not owned
by root (owned by utmp).
--WARN-- [path002w] /usr/bin/ssh-agent in root's PATH from default is not
owned by root (owned by ssh).
--WARN-- [path002w] /usr/bin/wall in root's PATH from default is not owned by
root (owned by tty).
--WARN-- [path002w] /usr/bin/write in root's PATH from default is not owned by
root (owned by tty).
--WARN-- [path002w] /usr/sbin/postdrop in root's PATH from default is not
owned by root (owned by postdrop).
--WARN-- [path002w] /usr/sbin/postqueue in root's PATH from default is not
owned by root (owned by postdrop).

# Performing check of anonymous FTP...

# Performing checks of mail aliases...
# Checking aliases from /etc/aliases.

# Performing check of `cron' entries...
--WARN-- CRON file `' is owned by Debian-exim.
--WARN-- Found cron file for unknown user .
--WARN-- CRON file `' is owned by Debian-exim.
--WARN-- Found cron file for unknown user .
--WARN-- [cron005w] Use of cron is not restricted

# Performing check of 'inetd'...
--ERROR-- [init006e] `/usr/lib/tiger/systems/default/inetd' does not exist (file definition INETDFILE).

# Performing check of services with tcp wrappers...
--ERROR-- [init006e] `/usr/lib/tiger/systems/default/inetd' does not exist (file definition INETDFILE).

# Performing check of 'services' ...
# Checking services from /etc/services.
--WARN-- [inet003w] The port for service pop-2 is also assigned to service
pop2.
--WARN-- [inet003w] The port for service x400-snd is also assigned to service
acr-nema.

# Performing NFS exports check...

# Performing check of system file permissions...
--ERROR-- [init004e] `/usr/lib/tiger/systems/default/gen_mounts' is not executable (command GET_MOUNTS).

# Checking for known intrusion signs...
--ERROR-- [init004e] `/usr/lib/tiger/systems/default/gen_mounts' is not executable (command GET_MOUNTS).

# Performing check for rookits...

# Performing system specific checks...

# Performing check of root directory...

# Checking device permissions...
--WARN-- [dev003w] The directory /dev/block resides in a device directory.
--WARN-- [dev003w] The directory /dev/bsg resides in a device directory.
--WARN-- [dev003w] The directory /dev/char resides in a device directory.
--WARN-- [dev003w] The directory /dev/cpu resides in a device directory.

# Checking for existence of log files...
--FAIL-- [logf005f] Log file /var/log/wtmp permission should be 644
--FAIL-- [logf005f] Log file /var/log/btmp permission should be 600
--FAIL-- [logf005f] Log file /var/run/utmp permission should be 644
--FAIL-- [logf005f] Log file /var/log/messages permission should be 640

# Checking for correct umask settings...
--FAIL-- [misc022f] The umask setting in /etc/profile is insecure

# Checking listening processes
--WARN-- [lin003w] The process `amavisd-n' is listening on socket TCP (0t0 on
TCP interface) is run by amavis.
--WARN-- [lin003w] The process `apache2' is listening on socket TCP (0t0 on
TCP interface) is run by root.
--WARN-- [lin003w] The process `apache2' is listening on socket TCP (0t0 on
TCP interface) is run by www-data.
--WARN-- [lin003w] The process `couriertc' is listening on socket TCP (0t0 on
TCP interface) is run by root.
--WARN-- [lin003w] The process `dkimproxy' is listening on socket TCP (0t0 on
TCP interface) is run by dkimproxy.
--WARN-- [lin003w] The process `lwresd' is listening on socket UDP (0t0 on UDP
interface) is run by root.
--WARN-- [lin003w] The process `master' is listening on socket TCP (0t0 on TCP
interface) is run by root.
--WARN-- [lin003w] The process `miniserv.' is listening on socket TCP (0t0 on
TCP interface) is run by root.
--WARN-- [lin003w] The process `miniserv.' is listening on socket UDP (0t0 on
UDP interface) is run by root.
--WARN-- [lin003w] The process `munin-nod' is listening on socket TCP (0t0 on
TCP interface) is run by root.
--WARN-- [lin003w] The process `mysqld' is listening on socket TCP (0t0 on TCP
interface) is run by mysql.
--WARN-- [lin003w] The process `named' is listening on socket TCP (0t0 on TCP
interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket UDP (0t0 on UDP
interface) is run by bind.
--WARN-- [lin003w] The process `ntpd' is listening on socket UDP (0t0 on UDP
interface) is run by ntp.
--WARN-- [lin003w] The process `pure-ftpd' is listening on socket TCP (0t0 on
TCP interface) is run by root.
--WARN-- [lin003w] The process `sshd' is listening on socket TCP (0t0 on TCP
interface) is run by root.

# Checking sshd_config configuration files...
--WARN-- [ssh004w] The PasswordAuthentication directive in
/etc/ssh/sshd_config is set to the unapproved defult value: yes.

# Checking printer configuration files...
--ERROR-- [init006e] `/etc/printcap' does not exist (file definition src).
--ERROR-- [init006e] `/etc/printcap' does not exist (file definition infile).

# Performing common access checks for root...
--FAIL-- [netw018f] Administrative user gnats allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user libuuid allowed access in
/etc/ftpusers
--FAIL-- [netw018f] Administrative user Debian-exim allowed access in
/etc/ftpusers
--FAIL-- [netw018f] Administrative user statd allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user bind allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user sshd allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user ntp allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user mysql allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user clamav allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user postfix allowed access in
/etc/ftpusers
--FAIL-- [netw018f] Administrative user dkimproxy allowed access in
/etc/ftpusers
--FAIL-- [netw018f] Administrative user fetchmail allowed access in
/etc/ftpusers
--FAIL-- [netw018f] Administrative user amavis allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user dtc allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user tumgreyspf allowed access in
/etc/ftpusers
--FAIL-- [netw018f] Administrative user proftpd allowed access in
/etc/ftpusers
--FAIL-- [netw018f] Administrative user ftp allowed access in /etc/ftpusers
--FAIL-- [netw018f] Administrative user munin allowed access in /etc/ftpusers

# Checking ntpd configuration...
--ERROR-- [init001e] Don't have required command NETSTAT.
--ERROR-- [init004e] `/usr/lib/tiger/systems/default/getdisks' is not executable (command GETDISKS).

# Performing check of embedded pathnames...
--WARN-- [embed002w] Path `/usr/lib/apache2/suexec' is not owned by root
(owned by www-data).
Embedded references in: /usr/sbin/apache2->/default(PATH)
10:52> Security report completed for domain.com.