Eu instalei o "Lynis" no Ubuntu para fazer uma additoria e obtive este log

darckpc
(usa Ubuntu)

Enviado em 04/06/2015 - 14:38h

Oi pessoal !
Eu instalei o Lynis para fazer uma análise do meu sistema e no final ele coletou estas informações:
Quais procedimentos devo tomar diante deste log ????


Operating system: Linux
Operating system name: Ubuntu
Operating system version: 12.04
Kernel version: 3.13.0-32-generic
Hardware platform: i686
Hostname: sergio-Digitron
Auditor: [Unknown]
Profile: /etc/lynis/default.prf
Log file: /var/log/lynis.log
Report file: /var/log/lynis-report.dat
Report version: 1.0
---------------------------------------------------

[ Press [ENTER] to continue, or [CTRL]+C to stop ]

- Checking profile file (/etc/lynis/default.prf)...
- Program update status... [ WARNING ]

===============================================================================
Notice: Lynis update available
Current version : 129 Latest version : 200
Please update to the latest version for new features, bug fixes, tests
and baselines.
===============================================================================


[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] System Tools
------------------------------------
- Scanning available tools...
- Checking system binaries...
- Checking /bin... [ FOUND ]
- Checking /sbin... [ FOUND ]
- Checking /usr/bin... [ FOUND ]
- Checking /usr/sbin... [ FOUND ]
- Checking /usr/local/bin... [ FOUND ]
- Checking /usr/local/sbin... [ FOUND ]
- Checking /usr/local/libexec... [ NOT FOUND ]
- Checking /usr/libexec... [ NOT FOUND ]
- Checking /usr/sfw/bin... [ NOT FOUND ]
- Checking /usr/sfw/sbin... [ NOT FOUND ]
- Checking /usr/sfw/libexec... [ NOT FOUND ]
- Checking /opt/sfw/bin... [ NOT FOUND ]
- Checking /opt/sfw/sbin... [ NOT FOUND ]
- Checking /opt/sfw/libexec... [ NOT FOUND ]
- Checking /usr/xpg4/bin... [ NOT FOUND ]
- Checking /usr/css/bin... [ NOT FOUND ]
- Checking /usr/ucb... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Boot and services
------------------------------------
- Checking boot loaders
- Checking presence GRUB2... [ OK ]
- Checking presence LILO... [ NOT FOUND ]
- Checking presence YABOOT... [ NOT FOUND ]
- Check services at startup (rc2.d)... [ DONE ]
Result: found 14 services

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Kernel
------------------------------------
- Checking default run level... [ UNKNOWN ]
- Checking CPU support (NX/PAE)
CPU supports PAE and NoeXecute [ YES ]
- Checking kernel version [ DONE ]
- Checking kernel type [ DONE ]
- Checking loaded kernel modules [ DONE ]
Found 42 active modules
- Checking Linux kernel configuration file... [ FOUND ]

- Checking for available kernel update... [ OK ]
- Checking core dumps configuration... [ ENABLED ]
- Checking setuid core dumps configuration... [ DISABLED ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Memory and processes
------------------------------------
- Checking /proc/meminfo... [ FOUND ]
- Searching for dead/zombie processes... [ OK ]
- Searching for IO waiting processes... [ OK ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Users, Groups and Authentication
------------------------------------
- Search administrator accounts... [ OK ]
- Checking consistency of group files (grpck)... [ OK ]
- Checking non unique group ID's... [ OK ]
- Checking non unique group names... [ OK ]
- Checking password file consistency... [ OK ]
- Query system users (non daemons)... [ DONE ]
- Checking NIS+ authentication support [ NOT ENABLED ]
- Checking NIS authentication support [ NOT ENABLED ]
- Checking sudoers file [ FOUND ]
- Check sudoers file permissions [ OK ]
- Checking PAM password strength tools [ SUGGESTION ]
- Checking PAM configuration files (pam.conf) [ FOUND ]
- Checking PAM configuration files (pam.d) [ FOUND ]
- Checking PAM modules [ FOUND ]
- Checking LDAP module in PAM [ NOT FOUND ]
- Checking accounts without expire date [ SUGGESTION ]
- Checking user password aging [ DISABLED ]
- Determining default umask
- Checking umask (/etc/profile) [ SUGGESTION ]
- Checking umask (/etc/login.defs) [ SUGGESTION ]
- Checking umask (/etc/init.d/rc) [ SUGGESTION ]
- Checking LDAP authentication support [ NOT ENABLED ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Shells
------------------------------------
- Checking shells from /etc/shells...
Result: found 4 shells (valid shells: 4).

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] File systems
------------------------------------
- Checking mount points
- Checking /home mount point... [ OK ]
- Checking /tmp mount point... [ SUGGESTION ]
- Checking for old files in /tmp... [ OK ]
- Checking /tmp sticky bit... [ OK ]
- ACL support root file system... [ ENABLED ]
- Checking Locate database... [ FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Storage
------------------------------------
- Checking usb-storage driver (modprobe config)... [ NOT DISABLED ]
- Checking firewire ohci driver (modprobe config)... [ NOT DISABLED ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]

- Check running NFS daemon... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Software: name services
------------------------------------
- Checking default DNS search domain... [ NONE ]
- Checking /etc/resolv.conf options... [ NONE ]
- Searching DNS domain name... [ UNKNOWN ]
- Checking nscd status... [ NOT FOUND ]
- Checking BIND status... [ NOT FOUND ]
- Checking PowerDNS status... [ NOT FOUND ]
- Checking ypbind status... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Ports and packages
------------------------------------
- Searching package managers...
- Searching dpkg package manager... [ FOUND ]
- Querying package manager...

- Checking security repository in sources.list file... [ OK ]
E: Não foi possível obter trava /var/lib/dpkg/lock - open (11: Recurso temporariamente indisponível)
E: Não foi possível obter acesso exclusivo ao directório de administração (/var/lib/dpkg/), outro processo está a utilizá-lo?
- Checking APT package database... [ WARNING ]
E: Não foi possível obter trava /var/lib/apt/lists/lock - open (11: Recurso temporariamente indisponível)
E: Impossível criar acesso exclusivo ao directório /var/lib/apt/lists/
E: Não foi possível obter trava /var/lib/dpkg/lock - open (11: Recurso temporariamente indisponível)
E: Não foi possível obter acesso exclusivo ao directório de administração (/var/lib/dpkg/), outro processo está a utilizá-lo?
E: Não foi possível obter trava /var/lib/dpkg/lock - open (11: Recurso temporariamente indisponível)
E: Não foi possível obter acesso exclusivo ao directório de administração (/var/lib/dpkg/), outro processo está a utilizá-lo?
- Checking vulnerable packages... [ OK ]
- Checking upgradeable packages... [ SKIPPED ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Networking
------------------------------------
- Checking configured nameservers...
- Testing nameservers...
Nameserver: 127.0.0.1... [ OK ]
- Checking default gateway... [ DONE ]
- Checking promiscuous interfaces... [ OK ]
- Checking waiting connections... [ OK ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Printers and Spools
------------------------------------
- Checking cups daemon... [ RUNNING ]
- Checking cups configuration file... [ OK ]
- Checking cups addresses/sockets... [ FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Software: e-mail and messaging
------------------------------------
- Checking Exim status... [ NOT FOUND ]
- Checking Postfix status... [ NOT FOUND ]
- Checking Qmail smtpd status... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Software: firewalls
------------------------------------
- Checking iptables kernel module... [ NOT FOUND ]
- Checking pf configuration... [ NOT FOUND ]
- Checking host based firewall [ NOT ACTIVE ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Software: webserver
------------------------------------
- Checking Apache... [ NOT FOUND ]
- Searching nginx process... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] SSH Support
------------------------------------
- Checking running SSH daemon... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] SNMP Support
------------------------------------
- Checking running SNMP daemon... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Databases
------------------------------------
- MySQL process status... [ NOT FOUND ]
- PostgreSQL processes status... [ NOT FOUND ]
- Oracle processes status... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] LDAP Services
------------------------------------
- Checking OpenLDAP instance... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Software: PHP
------------------------------------
- Checking PHP... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Squid Support
------------------------------------
- Checking running Squid daemon... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Logging and files
------------------------------------
- Checking for a running syslog daemon... [ OK ]
- Checking Syslog-NG status [ NOT FOUND ]
- Checking Metalog status [ NOT FOUND ]
- Checking RSyslog status [ FOUND ]
- Checking RFC 3195 daemon status [ NOT FOUND ]
- Checking minilogd instances [ NONE ]
- Checking logrotate presence [ OK ]
- Checking log directories (static list) [ DONE ]
lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/sergio/.gvfs
Output information may be incomplete.


- Checking open log files [ DONE ]
lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/sergio/.gvfs
Output information may be incomplete.
- Checking deleted files in use [ FILES FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Insecure services
------------------------------------
- Checking inetd status... [ NOT ACTIVE ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Banners and identification
------------------------------------
- Checking banners...
- /etc/motd... [ FOUND ]
- /etc/issue... [ FOUND ]
- /etc/issue contents... [ WEAK ]
- /etc/issue.net... [ FOUND ]
- /etc/issue.net contents... [ WEAK ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Scheduled tasks
------------------------------------
- Checking crontab/cronjob [ DONE ]
- Checking atd status [ NOT RUNNING ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Accounting
------------------------------------
- Checking accounting information... [ NOT FOUND ]
- Checking auditd [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Time and Synchronization
------------------------------------
- Checking running NTP daemon... [ NOT FOUND ]
- Checking NTP client in crontab file... [ NOT FOUND ]
- Checking NTP client in cron.d files... [ NOT FOUND ]
- Checking for a running NTP daemon or client... [ WARNING ]
- Checking NTP daemon... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Cryptography
------------------------------------
- Checking SSL certificate expiration... [ OK ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Virtualization
------------------------------------

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Security frameworks
------------------------------------
- Checking presence AppArmor [ FOUND ]
- Checking AppArmor status [ ENABLED ]
- Checking presence SELinux [ NOT FOUND ]
- Checking presence grsecurity [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Software: file integrity
------------------------------------
- Checking AFICK... [ NOT FOUND ]
- Checking AIDE... [ NOT FOUND ]
- Checking Osiris... [ NOT FOUND ]
- Checking Samhain... [ NOT FOUND ]
- Checking Tripwire... [ NOT FOUND ]
- Checking presence integrity tool... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Software: Malware scanners
------------------------------------
- Checking chkrootkit... [ NOT FOUND ]
- Checking Rootkit Hunter... [ NOT FOUND ]
- Checking ClamAV scanner... [ NOT FOUND ]
- Checking ClamAV daemon... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] System Tools
------------------------------------
- Starting file permissions check...
/etc/lilo.conf [ NOT FOUND ]
/root/.ssh [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Home directories
------------------------------------
- Checking shell history files... [ OK ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Kernel Hardening
------------------------------------
- Comparing sysctl key pairs with scan profile...
- kernel.core_uses_pid (1) [ DIFFERENT ]
- kernel.ctrl-alt-del (0) [ OK ]
- kernel.sysrq (0) [ DIFFERENT ]
- net.ipv4.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.all.accept_source_route (0) [ OK ]
- net.ipv4.conf.all.bootp_relay (0) [ OK ]
- net.ipv4.conf.all.forwarding (0) [ OK ]
- net.ipv4.conf.all.log_martians (1) [ DIFFERENT ]
- net.ipv4.conf.all.mc_forwarding (0) [ OK ]
- net.ipv4.conf.all.proxy_arp (0) [ OK ]
- net.ipv4.conf.all.rp_filter (1) [ OK ]
- net.ipv4.conf.all.send_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_source_route (0) [ DIFFERENT ]
- net.ipv4.conf.default.log_martians (1) [ DIFFERENT ]
- net.ipv4.icmp_echo_ignore_broadcasts (1) [ OK ]
- net.ipv4.icmp_ignore_bogus_error_responses (1) [ OK ]
- net.ipv4.tcp_syncookies (1) [ OK ]
- net.ipv4.tcp_timestamps (0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_source_route (0) [ OK ]
- net.ipv6.conf.default.accept_redirects (0) [ DIFFERENT ]
- net.ipv6.conf.default.accept_source_route (0) [ OK ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


[+] Hardening
------------------------------------
- Installed compiler(s)... [ FOUND ]
- Installed malware scanner... [ NOT FOUND ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]


================================================================================

-[ Lynis 1.2.9 Results ]-

Tests performed: 135
Warnings:
----------------------------
- [14:29:02] Warning: apt-get check returned a non successful exit code. [test:PKGS-7390] [impact:M]
- [14:30:06] Warning: No running NTP daemon or available client found [test:TIME-3104] [impact:M]

Suggestions:
----------------------------
- [14:28:21] Suggestion: update to the latest stable release.
- [14:28:44] Suggestion: Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [test:AUTH-9262]
- [14:28:44] Suggestion: When possible set expire dates for all password protected accounts [test:AUTH-9282]
- [14:28:44] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
- [14:28:44] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
- [14:28:44] Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328]
- [14:28:44] Suggestion: Default umask in /etc/init.d/rc could be more strict like 027 [test:AUTH-9328]
- [14:28:47] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
- [14:28:49] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
- [14:28:49] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
- [14:29:02] Suggestion: Run apt-get to perform a manual package database consistency check. [test:PKGS-7390]
- [14:29:02] Suggestion: Install package apt-show-versions for patch management purposes [test:PKGS-7394]
- [14:29:43] Suggestion: Configure a firewall/packet filter to filter incoming and outgoing traffic [test:FIRE-4590]
- [14:30:02] Suggestion: Add legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126]
- [14:30:03] Suggestion: Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130]
- [14:30:05] Suggestion: Enable auditd to collect audit information [test:ACCT-9628]
- [14:30:06] Suggestion: Check if any NTP daemon is running or a NTP client gets executed daily, to prevent big time differences and avoid problems with services like kerberos, authentication or logging differences. [test:TIME-3104]
- [14:30:27] Suggestion: Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed [test:HRDN-7220]
- [14:30:27] Suggestion: Harden the system by installing one or malware scanners to perform periodic file system scans [test:HRDN-7230]
================================================================================
Files:
- Test and debug information : /var/log/lynis.log
- Report data : /var/log/lynis-report.dat
================================================================================
Notice: Lynis update available
Current version : 129 Latest version : 200
================================================================================
Hardening index : [40] [######## ]
================================================================================
Lynis 1.2.9
Copyright 2007-2009 - Michael Boelen, http://www.rootkit.nl/
================================================================================