Tiger UNIX security tool

Автор rusooo, 17 февраля 2012, 03:50:50

« назад - далее »

0 Пользователи и 1 гость просматривают эту тему.

rusooo

на "свеже-установленной" системе запустил Tiger UNIX security tool
(ручками никуда не лазил) а он мне "кучу варненгов"
... кто разбирается подскажите что к чему

Открыть содержимое (спойлер)
Security scripts *** 3.2.3, 2008.09.10.09.30 ***
Fri Feb 17 01:22:46 EET 2012
01:22> Beginning security report for debian (x86_64 Linux 2.6.32-5-amd64).

# Performing check of passwd files...
# Checking entries from /etc/passwd.
--WARN-- [pass014w] Login (backup) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (bin) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (daemon) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (games) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (gnats) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (irc) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (libuuid) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (list) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (lp) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (mail) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (man) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (news) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (nobody) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (proxy) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (root) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (rusooo) is disabled, but has a valid shell.
--WARN-- [pass015w] Login ID sync does not have a valid shell (/bin/sync).
--WARN-- [pass014w] Login (sys) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (uucp) is disabled, but has a valid shell.
--WARN-- [pass014w] Login (www-data) is disabled, but has a valid shell.
--WARN-- [pass006w] Integrity of password files questionable (/usr/sbin/pwck
         -r).

# Performing check of group files...

# Performing check of user accounts...
# Checking accounts from /etc/passwd.
--WARN-- [acc021w] Login ID logcheck appears to be a dormant account.
--WARN-- [acc022w] Login ID nobody home directory (/nonexistent) is not
         accessible.

# Performing check of /etc/hosts.equiv and .rhosts files...

# Checking accounts from /etc/passwd...

# Performing check of .netrc files...

# Checking accounts from /etc/passwd...

# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...

# Performing check of PATH components...
# Only checking user 'root'

# Performing check of anonymous FTP...

# Performing checks of mail aliases...
# Checking aliases from /etc/aliases.

# Performing check of `cron' entries...
--WARN-- [cron004w] Root crontab does not exist
--WARN-- [cron005w] Use of cron is not restricted

# Performing check of 'services' ...
# Checking services from /etc/services.
--WARN-- [inet003w] The port for service sieve is also assigned to service
         cisco-sccp.
--WARN-- [inet003w] The port for service ndtp is also assigned to service
         pipe_server.
--WARN-- [inet003w] The port for service ndtp is also assigned to service
         search.
--WARN-- [inet003w] The port for service postgres is also assigned to service
         postgresql.
--WARN-- [inet003w] The port for service postgres is also assigned to service
         postgresql.
--WARN-- [inet003w] The port for service sane is also assigned to service
         sane-port.
--WARN-- [inet003w] The port for service webcache is also assigned to service
         http-alt.
--WARN-- [inet003w] The port for service webcache is also assigned to service
         http-alt.

# Performing NFS exports check...

# Performing check of system file permissions...
--ALERT-- [perm023a] /bin/su is setuid to `root'.
--ALERT-- [perm023a] /usr/bin/at is setuid to `daemon'.
--ALERT-- [perm024a] /usr/bin/at is setgid to `daemon'.
--WARN-- [perm001w] The owner of /usr/bin/at should be root (owned by daemon).
--WARN-- [perm002w] The group owner of /usr/bin/at should be root.
--ALERT-- [perm023a] /usr/bin/passwd is setuid to `root'.
--ALERT-- [perm024a] /usr/bin/wall is setgid to `tty'.

# Checking for known intrusion signs...
# Testing for promiscuous interfaces with /bin/ip
# Testing for backdoors in inetd.conf

# Performing check of files in system mail spool...

# Performing check for rookits...
# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...

# Performing system specific checks...
# Performing checks for Linux/2...

# Checking boot loader file permissions...
--WARN-- [boot03w] Could not access LILO's or Grub's configuration file

# Checking for vulnerabilities in inittab configuration...
--FAIL-- [lin007w] Normal users can reboot the system through ctrl+alt+del in
         runlevels 12345

# Checking for correct umask settings for init scripts...
--WARN-- [misc021w] There are no umask entries in /etc/init.d/rcS

# Checking Logins not used on the system ...

# Checking network configuration
--FAIL-- [lin013f] The system is not protected against Syn flooding attacks
--FAIL-- [lin014f] The system permits the transmission of IP packets with
         invalid addresses
--FAIL-- [lin016f] The system permits source routing from incoming packets
--WARN-- [lin017w] The system is not configured to log suspicious (martian)
         packets

# Verifying system specific password checks...

# Checking OS release...

# Checking installed packages vs Debian Security Advisories...

# Checking md5sums of installed files
--FAIL-- [lin005f] Installed file `/var/lib/aspell/ru.compat' checksum differs
         from installed package 'aspell-ru'.
--FAIL-- [lin005f] Installed file `/var/lib/aspell/ru.rws' checksum differs
         from installed package 'aspell-ru'.

# Checking installed files against packages...
--WARN-- [lin001w] File `/lib/ufw/user6.rules' does not belong to any package.
--WARN-- [lin001w] File `/lib/ufw/user.rules' does not belong to any package.
--WARN-- [lin001w] File `/lib/init/rw/.ramfs' does not belong to any package.
--WARN-- [lin001w] File `/lib/modules/2.6.32-5-amd64/updates/dkms/nvidia.ko'
         does not belong to any package.
--WARN-- [lin001w] File `/lib/modules/2.6.32-5-amd64/modules.alias' does not
         belong to any package.
--WARN-- [lin001w] File `/lib/modules/2.6.32-5-amd64/modules.symbols.bin' does
         not belong to any package.
--WARN-- [lin001w] File `/lib/modules/2.6.32-5-amd64/modules.symbols' does not
         belong to any package.
--WARN-- [lin001w] File `/lib/modules/2.6.32-5-amd64/modules.softdep' does not
         belong to any package.
--WARN-- [lin001w] File `/lib/modules/2.6.32-5-amd64/modules.devname' does not
         belong to any package.
--WARN-- [lin001w] File `/lib/modules/2.6.32-5-amd64/modules.dep.bin' does not
         belong to any package.
--WARN-- [lin001w] File `/lib/modules/2.6.32-5-amd64/modules.dep' does not
         belong to any package.
--WARN-- [lin001w] File `/lib/modules/2.6.32-5-amd64/modules.alias.bin' does
         not belong to any package.

# Performing check of root directory...

# Checking device permissions...
--WARN-- [dev003w] The directory /dev/block resides in a device directory.
--WARN-- [dev003w] The directory /dev/bsg resides in a device directory.
--WARN-- [dev003w] The directory /dev/char resides in a device directory.
--FAIL-- [dev002f] /dev/rfkill has world permissions
--WARN-- [dev003w] File /dev/sndstat is a regular file in a device directory.
--WARN-- [dev003w] The directory /dev/v4l resides in a device directory.

# Checking for existence of log files...

# Checking for correct umask settings for user login shells...
--WARN-- [misc026w] There is no default umask settings for user login shells
         in /etc/login.defs
--WARN-- [misc021w] There is no umask definition for the dash shell
--WARN-- [misc021w] There is no umask definition for the bash shell

# Checking listening processes
--WARN-- [lin002i] The process `dhclient' is listening on socket 68 (UDP) on
         every interface.
--WARN-- [lin003w] The process `portmap' is listening on socket 111 (TCP on
         every interface) is run by daemon.
--WARN-- [lin003w] The process `portmap' is listening on socket 111 (UDP on
         every interface) is run by daemon.
--WARN-- [lin003w] The process `rpc.statd' is listening on socket 47842 (TCP
         on every interface) is run by statd.
--WARN-- [lin003w] The process `rpc.statd' is listening on socket 37055 (UDP
         on every interface) is run by statd.
--WARN-- [lin003w] The process `rpc.statd' is listening on socket 911 (UDP on
         every interface) is run by statd.

# Checking sshd_config configuration files...
--FAIL-- [ssh005w] Cannot find a configuration file for SSH.

# Checking printer configuration files...
--ERROR-- [init006e] `/etc/printcap' does not exist (file definition src).
--ERROR-- [init006e] `/etc/printcap' does not exist (file definition infile).

# Performing common access checks for root...
--FAIL-- [netw020f] There is no /etc/ftpusers file.

# Checking ntpd configuration...
--WARN-- [fsys013w] cannot access /usr/include/python2.5/numpy is a dangling
         symlink.
--WARN-- [fsys013w] cannot access /usr/include/python2.5_d/numpy is a dangling
         symlink.
--WARN-- [fsys013w] cannot access /usr/share/doc/vlc/MAINTAINERS is a dangling
         symlink.
--WARN-- [fsys013w] cannot access /usr/share/terminfo/k/kon2 is a dangling
         symlink.
--WARN-- [fsys013w] cannot access /usr/share/bug/libvlccore4 is a dangling
         symlink.
--WARN-- [fsys013w] cannot access /usr/share/bug/libvlc5 is a dangling
         symlink.
--WARN-- [fsys013w] cannot access
         /usr/lib/python2.4/site-packages/python-support.pth is a dangling
         symlink.
--WARN-- [fsys013w] cannot access
         /usr/lib/python2.5/site-packages/python-support.pth is a dangling
         symlink.
--WARN-- [fsys013w] cannot access /usr/lib/tiger/systems/Linux/issue.net is a
         dangling symlink.
--WARN-- [fsys013w] cannot access
         /usr/lib/openoffice/basis3.2/program/classes/bsh.jar is a dangling
         symlink.
--WARN-- [fsys013w] cannot access
         /home/rusooo/.mozilla/firefox/teb199bd.default/lock is a dangling
         symlink.
--WARN-- [fsys013w] cannot access
         /home/rusooo/.pulse/43b8e9f745dc3a8050b1727500000523-runtime is a
         dangling symlink.

# Checking unusual file names...

# Looking for unusual device files...

# Checking symbolic links...

# Performing check of embedded pathnames...
01:30> Security report completed for debian.
[свернуть]

gromozeka.deb

А зачем оно?  ???
Лучше кашмарского тогда, он и не такое тебе скажет  ;)

Malaheenee

О Господи! Ежели Вы все эти фэйлы и ворнинги устраните - работать нормально не сможете. Только рутом, а это такая большая дыра в системе...
Все мы где-то, когда-то и в чем-то были новичками.