Skip to content

Instantly share code, notes, and snippets.

@medined

medined/lynis-report-after-stig.txt

Created June 26, 2020 15:23
Show Gist options
  • Save medined/1d15a0c5b599fed8fc2515bcd0c212ad to your computer and use it in GitHub Desktop.
Save medined/1d15a0c5b599fed8fc2515bcd0c212ad to your computer and use it in GitHub Desktop.
Download ZIP
Results of Running Lynis Audit on Centos7 After Running MindPoint Group RHEL7 STIG
Raw
lynis-report-after-stig.txt
2020-06-26 15:02:05 Starting Lynis 3.0.0 with PID 11125, build date 2020-03-20
2020-06-26 15:02:05 ====
2020-06-26 15:02:05 ### 2007-2020, CISOfy - https://cisofy.com/lynis/ ###
2020-06-26 15:02:05 Checking permissions of /usr/share/lynis/include/profiles
2020-06-26 15:02:05 File permissions are OK
2020-06-26 15:02:05 Reading profile/configuration /etc/lynis/default.prf
2020-06-26 15:02:05 Action: created temporary file /tmp/lynis.PsCgQxJx67
2020-06-26 15:02:05 Language set via profile to ''
2020-06-26 15:02:05 Plugin 'authentication' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'compliance' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'configuration' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'control-panels' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'crypto' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'dns' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'docker' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'file-integrity' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'file-systems' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'firewalls' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'forensics' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:05 Plugin 'hardware' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'intrusion-detection' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'intrusion-prevention' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'kernel' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'malware' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'memory' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'nginx' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'pam' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'processes' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'security-modules' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'software' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'system-integrity' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'systemd' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Plugin 'users' enabled according profile (/etc/lynis/default.prf)
2020-06-26 15:02:06 Set option to default value: NTPD_ROLE --> client
2020-06-26 15:02:06 ====
2020-06-26 15:02:06 ====
2020-06-26 15:02:06 EOL check: 0
2020-06-26 15:02:06 Program version: 3.0.0
2020-06-26 15:02:06 Operating system: Linux
2020-06-26 15:02:06 Operating system name: CentOS Linux
2020-06-26 15:02:06 Operating system version: 7
2020-06-26 15:02:06 Kernel version: 3.10.0
2020-06-26 15:02:06 Kernel version (full): 3.10.0-1062.12.1.el7.x86_64
2020-06-26 15:02:06 Hardware platform: x86_64
2020-06-26 15:02:06 -----------------------------------------------------
2020-06-26 15:02:06 Hostname: ip-172-20-38-179
2020-06-26 15:02:06 Auditor: [Not Specified]
2020-06-26 15:02:06 Profiles: /etc/lynis/default.prf
2020-06-26 15:02:06 Work directory: /home/centos
2020-06-26 15:02:06 Include directory: /usr/share/lynis/include
2020-06-26 15:02:06 Plugin directory: /usr/share/lynis/plugins
2020-06-26 15:02:06 -----------------------------------------------------
2020-06-26 15:02:06 Log file: /var/log/lynis.log
2020-06-26 15:02:06 Report file: /var/log/lynis-report.dat
2020-06-26 15:02:06 Report version: 1.0
2020-06-26 15:02:06 -----------------------------------------------------
2020-06-26 15:02:06 Test category: all
2020-06-26 15:02:06 Test group: all
2020-06-26 15:02:06 BusyBox used: 0
2020-06-26 15:02:06 ====
2020-06-26 15:02:06 Test: Checking for program update...
2020-06-26 15:02:06 Result: dig, drill or host not installed, update check skipped
2020-06-26 15:02:06 Current installed version : 300
2020-06-26 15:02:06 Latest stable version : 0000000000
2020-06-26 15:02:06 Update check skipped due to constraints (e.g. missing dig binary)
2020-06-26 15:02:06 ====
2020-06-26 15:02:06 Checking permissions of /usr/share/lynis/include/binaries
2020-06-26 15:02:06 File permissions are OK
2020-06-26 15:02:06 ====
2020-06-26 15:02:06 Action: Performing tests from category: System Tools
2020-06-26 15:02:06 Start scanning for available audit binaries and tools...
2020-06-26 15:02:06 ====
2020-06-26 15:02:06 Performing test ID CORE-1000 (Check all system binaries)
2020-06-26 15:02:06 Status: Starting binary scan...
2020-06-26 15:02:06 Test: Checking binaries in directory /usr/bin
2020-06-26 15:02:06 Directory /usr/bin exists. Starting directory scanning...
2020-06-26 15:02:06 Found known binary: as (compiler) - /usr/bin/as
2020-06-26 15:02:06 Found known binary: awk (string tool) - /usr/bin/awk
2020-06-26 15:02:06 Found known binary: base64 (encoding tool) - /usr/bin/base64
2020-06-26 15:02:06 Found known binary: bootctl (systemd-boot manager utility) - /usr/bin/bootctl
2020-06-26 15:02:06 Found known binary: cat (generic file handling) - /usr/bin/cat
2020-06-26 15:02:06 Found known binary: comm (file compare) - /usr/bin/comm
2020-06-26 15:02:06 Found known binary: curl (browser, download utility) - /usr/bin/curl
2020-06-26 15:02:06 Found known binary: cut (text stream editor) - /usr/bin/cut
2020-06-26 15:02:06 Found known binary: dnsdomainname (DNS domain) - /usr/bin/dnsdomainname
2020-06-26 15:02:06 Found known binary: domainname (NIS domain) - /usr/bin/domainname
2020-06-26 15:02:06 Found known binary: egrep (text search) - /usr/bin/egrep
2020-06-26 15:02:06 Found known binary: fail2ban (IPS tool) - /usr/bin/fail2ban-server
2020-06-26 15:02:06 Found known binary: file (file type detection) - /usr/bin/file
2020-06-26 15:02:06 Found known binary: find (search tool) - /usr/bin/find
2020-06-26 15:02:06 Found known binary: getent (query tool for name service switch libraries) - /usr/bin/getent
2020-06-26 15:02:06 Found known binary: grep (text search) - /usr/bin/grep
2020-06-26 15:02:06 Found known binary: gzip (compressing utility) - /usr/bin/gzip
2020-06-26 15:02:06 Found known binary: head (text filter) - /usr/bin/head
2020-06-26 15:02:06 Found known binary: journalctl (systemd journal) - /usr/bin/journalctl
2020-06-26 15:02:06 Found known binary: ls (file listing) - /usr/bin/ls
2020-06-26 15:02:06 Found known binary: lsattr (file attributes) - /usr/bin/lsattr
2020-06-26 15:02:06 Found known binary: lsblk (block devices) - /usr/bin/lsblk
2020-06-26 15:02:06 Found known binary: md5sum (hash tool) - /usr/bin/md5sum
2020-06-26 15:02:06 Found known binary: mount (disk utility) - /usr/bin/mount
2020-06-26 15:02:06 Found known binary: netstat (network statistics) - /usr/bin/netstat
2020-06-26 15:02:06 Found /usr/bin/openssl (version 1.0.2k-fips)
2020-06-26 15:02:06 Found known binary: pgrep (search in process list) - /usr/bin/pgrep
2020-06-26 15:02:06 Found known binary: ps (process listing) - /usr/bin/ps
2020-06-26 15:02:06 Found known binary: python (programming language interpreter) - /usr/bin/python (version 2.7.5)
2020-06-26 15:02:06 Found known binary: python2 (programming language interpreter) - /usr/bin/python2 (version 2.7.5)
2020-06-26 15:02:06 Found known binary: python3 (programming language interpreter) - /usr/bin/python3 (version 3.6.8)
2020-06-26 15:02:07 Found known binary: readlink (follows symlinks) - /usr/bin/readlink
2020-06-26 15:02:07 Found known binary: rpm (package manager) - /usr/bin/rpm
2020-06-26 15:02:07 Found known binary: sed (text stream editor) - /usr/bin/sed
2020-06-26 15:02:07 Found known binary: sha1/sha1sum/shasum (crypto hashing) - /usr/bin/sha1sum
2020-06-26 15:02:07 Found known binary: sha256/sha256sum (crypto hashing) - /usr/bin/sha256sum
2020-06-26 15:02:07 Found known binary: sort (sort data streams) - /usr/bin/sort
2020-06-26 15:02:07 Found known binary: ssh-keyscan (scanner for SSH keys) - /usr/bin/ssh-keyscan
2020-06-26 15:02:07 Found known binary: stat (file information) - /usr/bin/stat
2020-06-26 15:02:07 Found known binary: strings (text strings search) - /usr/bin/strings
2020-06-26 15:02:07 Found known binary: systemctl (client to systemd) - /usr/bin/systemctl
2020-06-26 15:02:07 Found known binary: systemd-analyze (systemd service analysis tool) - /usr/bin/systemd-analyze
2020-06-26 15:02:07 Found known binary: tail (text filter) - /usr/bin/tail
2020-06-26 15:02:07 Found known binary: timedatectl (timedate client) - /usr/bin/timedatectl
2020-06-26 15:02:07 Found known binary: tr (text transformation) - /usr/bin/tr
2020-06-26 15:02:07 Found known binary: uname (operating system details) - /usr/bin/uname
2020-06-26 15:02:07 Found known binary: uniq (text manipulation utility) - /usr/bin/uniq
2020-06-26 15:02:07 Found known binary: usbguard (USB security tool) - /usr/bin/usbguard
2020-06-26 15:02:07 Found known binary: wc (word count) - /usr/bin/wc
2020-06-26 15:02:07 Found known binary: xargs (command output redirection) - /usr/bin/xargs
2020-06-26 15:02:07 Found known binary: yum (package manager) - /usr/bin/yum
2020-06-26 15:02:07 Found known binary: zgrep (text search for compressed files) - /usr/bin/zgrep
2020-06-26 15:02:07 Test: Checking binaries in directory /usr/sbin
2020-06-26 15:02:07 Directory /usr/sbin exists. Starting directory scanning...
2020-06-26 15:02:07 Found known binary: aide (file integrity checker) - /usr/sbin/aide
2020-06-26 15:02:07 Found known binary: auditctl (control utility for audit daemon) - /usr/sbin/auditctl
2020-06-26 15:02:07 Found known binary: auditd (audit framework) - /usr/sbin/auditd
2020-06-26 15:02:07 Found known binary: blkid (information about block devices) - /usr/sbin/blkid
2020-06-26 15:02:07 Found known binary: chkconfig (administration tool) - /usr/sbin/chkconfig
2020-06-26 15:02:07 Found known binary: dmidecode (hardware collector tool) - /usr/sbin/dmidecode
2020-06-26 15:02:07 Found known binary: getcap (kernel capabilities) - /usr/sbin/getcap
2020-06-26 15:02:07 Found known binary: grpck (consistency checker) - /usr/sbin/grpck
2020-06-26 15:02:07 Found known binary: grub2-install (installer for boot loader) - /usr/sbin/grub2-install
2020-06-26 15:02:07 Found known binary: ipconfig (IP configuration) - /usr/sbin/ifconfig
2020-06-26 15:02:07 Found known binary: ip (IP configuration) - /usr/sbin/ip
2020-06-26 15:02:07 Found known binary: iptables (firewall) - /usr/sbin/iptables
2020-06-26 15:02:07 Found known binary: iptables-save (firewall) - /usr/sbin/iptables-save
2020-06-26 15:02:07 Found known binary: logrotate (log rotation tool) - /usr/sbin/logrotate
2020-06-26 15:02:07 Found known binary: lsmod (kernel modules) - /usr/sbin/lsmod
2020-06-26 15:02:07 Found known binary: modprobe (kernel modules) - /usr/sbin/modprobe
2020-06-26 15:02:07 Found known binary: postconf (postfix configuration) - /usr/sbin/postconf
2020-06-26 15:02:07 Found known binary: postfix (postfix binary) - /usr/sbin/postfix
2020-06-26 15:02:07 Found known binary: rpcinfo (RPC information) - /usr/sbin/rpcinfo
2020-06-26 15:02:07 Found known binary: runlevel (system utility) - /usr/sbin/runlevel
2020-06-26 15:02:07 Found known binary: semanage (SELinux policy management tool) - /usr/sbin/semanage
2020-06-26 15:02:07 Found known binary: service (system services) - /usr/sbin/service
2020-06-26 15:02:07 Found known binary: sestatus (SELinux status tool) - /usr/sbin/sestatus
2020-06-26 15:02:07 Found known binary: showmount (NFS mounts) - /usr/sbin/showmount
2020-06-26 15:02:07 Found known binary: ss (show sockets) - /usr/sbin/ss
2020-06-26 15:02:07 Found /usr/sbin/sshd (version 7.4)
2020-06-26 15:02:07 Found known binary: swapon (swap device tool) - /usr/sbin/swapon
2020-06-26 15:02:07 Found known binary: sysctl (kernel parameters) - /usr/sbin/sysctl
2020-06-26 15:02:07 Found known binary: tune2fs (file system tool) - /usr/sbin/tune2fs
2020-06-26 15:02:07 Test: Checking binaries in directory /bin
2020-06-26 15:02:07 Result: directory exists, but is actually a symlink
2020-06-26 15:02:07 Action: checking symlink for file /bin
2020-06-26 15:02:07 Note: Using real readlink binary to determine symlink on /bin
2020-06-26 15:02:07 Result: readlink shows /usr/bin as output
2020-06-26 15:02:07 Result: symlink found, pointing to directory /usr/bin
2020-06-26 15:02:07 Result: found the path behind this symlink (/bin --> /usr/bin)
2020-06-26 15:02:07 Result: Skipping this directory as it was already scanned
2020-06-26 15:02:07 Result: Directory /usr/bin skipped
2020-06-26 15:02:07 Test: Checking binaries in directory /sbin
2020-06-26 15:02:07 Result: directory exists, but is actually a symlink
2020-06-26 15:02:07 Action: checking symlink for file /sbin
2020-06-26 15:02:07 Note: Using real readlink binary to determine symlink on /sbin
2020-06-26 15:02:07 Result: readlink shows /usr/sbin as output
2020-06-26 15:02:07 Result: symlink found, pointing to directory /usr/sbin
2020-06-26 15:02:07 Result: found the path behind this symlink (/sbin --> /usr/sbin)
2020-06-26 15:02:07 Result: Skipping this directory as it was already scanned
2020-06-26 15:02:07 Result: Directory /usr/sbin skipped
2020-06-26 15:02:07 Discovered directories: /usr/bin,/usr/sbin
2020-06-26 15:02:07 Result: found 1194 binaries including 21 set-uid and 7 set-gid
2020-06-26 15:02:07 Result: set-uid binaries: /usr/bin/chage /usr/bin/chfn /usr/bin/chsh /usr/bin/crontab /usr/bin/gpasswd /usr/bin/mount /usr/bin/newgrp /usr/bin/passwd /usr/bin/pkexec /usr/bin/sg /usr/bin/su /usr/bin/sudo /usr/bin/sudoedit /usr/bin/umount /usr/sbin/mount.nfs /usr/sbin/mount.nfs4 /usr/sbin/pam_timestamp_check /usr/sbin/umount.nfs /usr/sbin/umount.nfs4 /usr/sbin/unix_chkpwd /usr/sbin/usernetctl
2020-06-26 15:02:07 Result: set-gid binaries: /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/bin/write /usr/sbin/netreport /usr/sbin/postdrop /usr/sbin/postqueue
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Informational: package manager is used
2020-06-26 15:02:07 Test: Determine if this system is a virtual machine
2020-06-26 15:02:07 Result: facter utility not found
2020-06-26 15:02:07 Test: trying to guess virtualization technology with systemd-detect-virt
2020-06-26 15:02:07 Result: found kvm
2020-06-26 15:02:07 Result: skipped lscpu test, as we already found machine type
2020-06-26 15:02:07 Result: skipped dmidecode test, as we already found machine type
2020-06-26 15:02:07 Result: skipped processes test, as we already found platform
2020-06-26 15:02:07 Result: skipped Amazon EC2 test, as we already found platform
2020-06-26 15:02:07 Result: skipped sysctl test, as we already found platform
2020-06-26 15:02:07 Result: skipped lshw test, as we already found machine type
2020-06-26 15:02:07 Result: found virtual machine (type: kvm, KVM)
2020-06-26 15:02:07 Result: Lynis is not running in container
2020-06-26 15:02:07 Result: system is using systemd
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Action: Performing plugin tests
2020-06-26 15:02:07 Searching plugins...
2020-06-26 15:02:07 Result: Found 0 plugins of which 0 are enabled
2020-06-26 15:02:07 Result: Plugins phase 1 finished
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Result: No eth0 found (ether found), using first network interface to determine hostid (with ifconfig)
2020-06-26 15:02:07 Info: using hardware address 02:1c:6e:f4:67:3f to create ID
2020-06-26 15:02:07 Result: Found HostID: 73768ce51fe90c9b492e6eb97481b5d33fe27864
2020-06-26 15:02:07 Info: creating a HostID (version 2)
2020-06-26 15:02:07 Result: found file ssh_host_ed25519_key.pub in /etc/ssh, using that to create host identifier
2020-06-26 15:02:07 Using SSH public key to create the second host identifier
2020-06-26 15:02:07 Hash (hostname): 997f0be1dc8e5dd6565a2e76eaa1a2fe6fb99c453036da7ad88e914c3e8c8dce
2020-06-26 15:02:07 Hash (ssh or machineid): 48b4678db43c2b5685237a31dba74c3093808a973fb36a94d0e4e2c15fc38967
2020-06-26 15:02:07 Info: found valid HostID 73768ce51fe90c9b492e6eb97481b5d33fe27864
2020-06-26 15:02:07 Info: no machine ID found
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Info: perform tests from all categories
2020-06-26 15:02:07 Security check: file is normal
2020-06-26 15:02:07 Checking permissions of /usr/share/lynis/include/tests_boot_services
2020-06-26 15:02:07 File permissions are OK
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Action: Performing tests from category: Boot and services
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Skipped test BOOT-5102 (Check for AIX boot device)
2020-06-26 15:02:07 Reason to skip: Incorrect guest OS (AIX only)
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Performing test ID BOOT-5104 (Determine service manager)
2020-06-26 15:02:07 Result: cmdline found = /usr/lib/systemd/systemd --system --deserialize 15
2020-06-26 15:02:07 Result: file on disk = /usr/lib/systemd/systemd
2020-06-26 15:02:07 Found: systemd
2020-06-26 15:02:07 Result: service manager found = systemd
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Skipped test BOOT-5106 (Check EFI boot file on Mac OS X/macOS)
2020-06-26 15:02:07 Reason to skip: Incorrect guest OS (macOS only)
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Performing test ID BOOT-5108 (Check Syslinux as bootloader)
2020-06-26 15:02:07 Test: checking if file /boot/syslinux/syslinux.cfg exists
2020-06-26 15:02:07 Result: file /boot/syslinux/syslinux.cfg NOT found
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Performing test ID BOOT-5109 (Check rEFInd as bootloader)
2020-06-26 15:02:07 Test: checking if file /boot/refind_linux.conf exists
2020-06-26 15:02:07 Result: file /boot/refind_linux.conf NOT found
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Performing test ID BOOT-5116 (Check if system is booted in UEFI mode)
2020-06-26 15:02:07 Test: checking if UEFI is used
2020-06-26 15:02:07 Result: UEFI not used, can't find /sys/firmware/efi directory
2020-06-26 15:02:07 Test: determine if Secure Boot is used
2020-06-26 15:02:07 Result: system not booted with Secure Boot (no SecureBoot file found)
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Skipped test BOOT-5117 (Check for systemd-boot bootloader presence)
2020-06-26 15:02:07 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Performing test ID BOOT-5121 (Check for GRUB boot loader presence)
2020-06-26 15:02:07 Test: Checking for presence GRUB conf file (/boot/grub/grub.conf or /boot/grub/menu.lst)
2020-06-26 15:02:07 Result: found GRUB2 configuration file (/boot/grub2/grub.cfg)
2020-06-26 15:02:07 ====
2020-06-26 15:02:07 Performing test ID BOOT-5122 (Check for GRUB boot password)
2020-06-26 15:02:07 Found file /boot/grub2/grub.cfg, proceeding with tests.
2020-06-26 15:02:07 Test: check if we can access /boot/grub2/grub.cfg (escaped: /boot/grub2/grub.cfg)
2020-06-26 15:02:07 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:07 Result: file /boot/grub2/grub.cfg is readable (or directory accessible).
2020-06-26 15:02:07 Result: File '/boot/grub/custom.cfg' does not exist
2020-06-26 15:02:07 Found file /etc/grub.d/00_header, proceeding with tests.
2020-06-26 15:02:07 Test: check if we can access /etc/grub.d/00_header (escaped: /etc/grub.d/00_header)
2020-06-26 15:02:07 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:07 Result: file /etc/grub.d/00_header is readable (or directory accessible).
2020-06-26 15:02:07 Result: did not find hashed password line in this file
2020-06-26 15:02:07 Found file /etc/grub.d/01_users, proceeding with tests.
2020-06-26 15:02:07 Test: check if we can access /etc/grub.d/01_users (escaped: /etc/grub.d/01_users)
2020-06-26 15:02:07 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:07 Result: file /etc/grub.d/01_users is readable (or directory accessible).
2020-06-26 15:02:07 Found file /etc/grub.d/10_linux, proceeding with tests.
2020-06-26 15:02:07 Test: check if we can access /etc/grub.d/10_linux (escaped: /etc/grub.d/10_linux)
2020-06-26 15:02:07 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:07 Result: file /etc/grub.d/10_linux is readable (or directory accessible).
2020-06-26 15:02:07 Result: did not find hashed password line in this file
2020-06-26 15:02:07 Found file /etc/grub.d/20_linux_xen, proceeding with tests.
2020-06-26 15:02:07 Test: check if we can access /etc/grub.d/20_linux_xen (escaped: /etc/grub.d/20_linux_xen)
2020-06-26 15:02:07 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:07 Result: file /etc/grub.d/20_linux_xen is readable (or directory accessible).
2020-06-26 15:02:07 Result: did not find hashed password line in this file
2020-06-26 15:02:07 Found file /etc/grub.d/20_ppc_terminfo, proceeding with tests.
2020-06-26 15:02:07 Test: check if we can access /etc/grub.d/20_ppc_terminfo (escaped: /etc/grub.d/20_ppc_terminfo)
2020-06-26 15:02:07 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:07 Result: file /etc/grub.d/20_ppc_terminfo is readable (or directory accessible).
2020-06-26 15:02:08 Result: did not find hashed password line in this file
2020-06-26 15:02:08 Found file /etc/grub.d/30_os-prober, proceeding with tests.
2020-06-26 15:02:08 Test: check if we can access /etc/grub.d/30_os-prober (escaped: /etc/grub.d/30_os-prober)
2020-06-26 15:02:08 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:08 Result: file /etc/grub.d/30_os-prober is readable (or directory accessible).
2020-06-26 15:02:08 Result: did not find hashed password line in this file
2020-06-26 15:02:08 Found file /etc/grub.d/40_custom, proceeding with tests.
2020-06-26 15:02:08 Test: check if we can access /etc/grub.d/40_custom (escaped: /etc/grub.d/40_custom)
2020-06-26 15:02:08 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:08 Result: file /etc/grub.d/40_custom is readable (or directory accessible).
2020-06-26 15:02:08 Result: did not find hashed password line in this file
2020-06-26 15:02:08 Found file /etc/grub.d/41_custom, proceeding with tests.
2020-06-26 15:02:08 Test: check if we can access /etc/grub.d/41_custom (escaped: /etc/grub.d/41_custom)
2020-06-26 15:02:08 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:08 Result: file /etc/grub.d/41_custom is readable (or directory accessible).
2020-06-26 15:02:08 Result: did not find hashed password line in this file
2020-06-26 15:02:08 Found file /etc/grub.d/00_tuned, proceeding with tests.
2020-06-26 15:02:08 Test: check if we can access /etc/grub.d/00_tuned (escaped: /etc/grub.d/00_tuned)
2020-06-26 15:02:08 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:08 Result: file /etc/grub.d/00_tuned is readable (or directory accessible).
2020-06-26 15:02:08 Result: did not find hashed password line in this file
2020-06-26 15:02:08 Result: GRUB has password protection.
2020-06-26 15:02:08 Hardening: assigned maximum number of hardening points for this item (4). Currently having 4 points (out of 4)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test BOOT-5124 (Check for FreeBSD boot loader presence)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test BOOT-5261 (Check for DragonFly boot loader presence)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (DragonFly only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test BOOT-5126 (Check for NetBSD boot loader presence)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (NetBSD only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID BOOT-5139 (Check for LILO boot loader presence)
2020-06-26 15:02:08 Test: checking for presence LILO configuration file
2020-06-26 15:02:08 Result: LILO configuration file not found
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID BOOT-5142 (Check SPARC Improved boot loader (SILO))
2020-06-26 15:02:08 Result: no SILO configuration file found.
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID BOOT-5155 (Check for YABOOT boot loader configuration file)
2020-06-26 15:02:08 Test: Check for /etc/yaboot.conf
2020-06-26 15:02:08 Result: no YABOOT configuration file found.
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test BOOT-5159 (Check for OpenBSD boot loader presence)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (OpenBSD only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test BOOT-5165 (Check for FreeBSD boot services)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID BOOT-5177 (Check for Linux boot and running services)
2020-06-26 15:02:08 Test: checking presence systemctl binary
2020-06-26 15:02:08 Result: systemctl binary found, trying that to discover information
2020-06-26 15:02:08 Searching for running services (systemctl services only)
2020-06-26 15:02:08 Found running service: auditd
2020-06-26 15:02:08 Found running service: chronyd
2020-06-26 15:02:08 Found running service: crond
2020-06-26 15:02:08 Found running service: dbus
2020-06-26 15:02:08 Found running service: firewalld
2020-06-26 15:02:08 Found running service: getty@tty1
2020-06-26 15:02:08 Found running service: gssproxy
2020-06-26 15:02:08 Found running service: irqbalance
2020-06-26 15:02:08 Found running service: polkit
2020-06-26 15:02:08 Found running service: postfix
2020-06-26 15:02:08 Found running service: rpcbind
2020-06-26 15:02:08 Found running service: rsyslog
2020-06-26 15:02:08 Found running service: serial-getty@ttyS0
2020-06-26 15:02:08 Found running service: sshd
2020-06-26 15:02:08 Found running service: systemd-journald
2020-06-26 15:02:08 Found running service: systemd-logind
2020-06-26 15:02:08 Found running service: systemd-udevd
2020-06-26 15:02:08 Found running service: tuned
2020-06-26 15:02:08 Hint: Run systemctl --full --type=service to see all services
2020-06-26 15:02:08 Result: Found 18 running services
2020-06-26 15:02:08 Searching for enabled services (systemctl services only)
2020-06-26 15:02:08 Found enabled service at boot: auditd
2020-06-26 15:02:08 Found enabled service at boot: autovt@
2020-06-26 15:02:08 Found enabled service at boot: chronyd
2020-06-26 15:02:08 Found enabled service at boot: cloud-config
2020-06-26 15:02:08 Found enabled service at boot: cloud-final
2020-06-26 15:02:08 Found enabled service at boot: cloud-init-local
2020-06-26 15:02:08 Found enabled service at boot: cloud-init
2020-06-26 15:02:08 Found enabled service at boot: crond
2020-06-26 15:02:08 Found enabled service at boot: dbus-org.fedoraproject.FirewallD1
2020-06-26 15:02:08 Found enabled service at boot: firewalld
2020-06-26 15:02:08 Found enabled service at boot: getty@
2020-06-26 15:02:08 Found enabled service at boot: irqbalance
2020-06-26 15:02:08 Found enabled service at boot: microcode
2020-06-26 15:02:08 Found enabled service at boot: postfix
2020-06-26 15:02:08 Found enabled service at boot: qemu-guest-agent
2020-06-26 15:02:08 Found enabled service at boot: rhel-autorelabel-mark
2020-06-26 15:02:08 Found enabled service at boot: rhel-autorelabel
2020-06-26 15:02:08 Found enabled service at boot: rhel-configure
2020-06-26 15:02:08 Found enabled service at boot: rhel-dmesg
2020-06-26 15:02:08 Found enabled service at boot: rhel-domainname
2020-06-26 15:02:08 Found enabled service at boot: rhel-import-state
2020-06-26 15:02:08 Found enabled service at boot: rhel-loadmodules
2020-06-26 15:02:08 Found enabled service at boot: rhel-readonly
2020-06-26 15:02:08 Found enabled service at boot: rpcbind
2020-06-26 15:02:08 Found enabled service at boot: rsyslog
2020-06-26 15:02:08 Found enabled service at boot: sshd
2020-06-26 15:02:08 Found enabled service at boot: systemd-readahead-collect
2020-06-26 15:02:08 Found enabled service at boot: systemd-readahead-drop
2020-06-26 15:02:08 Found enabled service at boot: systemd-readahead-replay
2020-06-26 15:02:08 Found enabled service at boot: tuned
2020-06-26 15:02:08 Hint: Run systemctl list-unit-files --type=service to see all services
2020-06-26 15:02:08 Result: Found 30 enabled services
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test BOOT-5180 (Check for Linux boot services (Debian style))
2020-06-26 15:02:08 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID BOOT-5184 (Check permissions for boot files/scripts)
2020-06-26 15:02:08 Result: checking /etc/init.d scripts for writable bit
2020-06-26 15:02:08 Test: checking if directory /etc/init.d exists
2020-06-26 15:02:08 Result: directory /etc/init.d found
2020-06-26 15:02:08 Test: checking for available files in directory
2020-06-26 15:02:08 Result: found no files in directory.
2020-06-26 15:02:08 Test: checking if directory /etc/rc.d exists
2020-06-26 15:02:08 Result: directory /etc/rc.d found
2020-06-26 15:02:08 Test: checking for available files in directory
2020-06-26 15:02:08 Result: found files in directory, checking permissions now
2020-06-26 15:02:08 Test: checking permissions of file /etc/rc.d/init.d/README
2020-06-26 15:02:08 Result: good, file /etc/rc.d/init.d/README not world writable
2020-06-26 15:02:08 Test: checking permissions of file /etc/rc.d/init.d/functions
2020-06-26 15:02:08 Result: good, file /etc/rc.d/init.d/functions not world writable
2020-06-26 15:02:08 Test: checking permissions of file /etc/rc.d/init.d/netconsole
2020-06-26 15:02:08 Result: good, file /etc/rc.d/init.d/netconsole not world writable
2020-06-26 15:02:08 Test: checking permissions of file /etc/rc.d/init.d/network
2020-06-26 15:02:08 Result: good, file /etc/rc.d/init.d/network not world writable
2020-06-26 15:02:08 Test: checking permissions of file /etc/rc.d/rc.local
2020-06-26 15:02:08 Result: good, file /etc/rc.d/rc.local not world writable
2020-06-26 15:02:08 Test: checking if directory /etc/rcS.d exists
2020-06-26 15:02:08 Result: directory /etc/rcS.d not found. Skipping..
2020-06-26 15:02:08 Test: Checking /etc/rc0.d scripts for writable bit
2020-06-26 15:02:08 Test: Checking /etc/rc1.d scripts for writable bit
2020-06-26 15:02:08 Test: Checking /etc/rc2.d scripts for writable bit
2020-06-26 15:02:08 Test: Checking /etc/rc3.d scripts for writable bit
2020-06-26 15:02:08 Test: Checking /etc/rc4.d scripts for writable bit
2020-06-26 15:02:08 Test: Checking /etc/rc5.d scripts for writable bit
2020-06-26 15:02:08 Test: Checking /etc/rc6.d scripts for writable bit
2020-06-26 15:02:08 Action: checking symlink for file /etc/rc.local
2020-06-26 15:02:08 Note: Using real readlink binary to determine symlink on /etc/rc.local
2020-06-26 15:02:08 Result: readlink shows /etc/rc.d/rc.local as output
2020-06-26 15:02:08 Result: symlink found, pointing to file /etc/rc.d/rc.local
2020-06-26 15:02:08 Result: found the path behind this symlink (/etc/rc.d/rc.local --> /etc/rc.local)
2020-06-26 15:02:08 Test: Checking /etc/rc.d/rc.local file for writable bit
2020-06-26 15:02:08 Result: good, file /etc/rc.d/rc.local not world writable
2020-06-26 15:02:08 Hardening: assigned maximum number of hardening points for this item (3). Currently having 7 points (out of 7)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID BOOT-5202 (Check uptime of system)
2020-06-26 15:02:08 Uptime (in seconds): 10074
2020-06-26 15:02:08 Uptime (in days): 0
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID BOOT-5260 (Check single user mode for systemd)
2020-06-26 15:02:08 Test: Searching /usr/lib/systemd/system/rescue.service
2020-06-26 15:02:08 Result: file /usr/lib/systemd/system/rescue.service
2020-06-26 15:02:08 Test: checking presence sulogin for single user mode
2020-06-26 15:02:08 Result: found sulogin, so single user is protected
2020-06-26 15:02:08 Hardening: assigned maximum number of hardening points for this item (3). Currently having 10 points (out of 10)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test BOOT-5262 (Check for OpenBSD boot daemons)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (OpenBSD only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test BOOT-5263 (Check permissions for boot files/scripts)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (OpenBSD only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test BOOT-5264 (Run systemd-analyze security)
2020-06-26 15:02:08 Reason to skip: systemd-analyze too old (v219), need at least v240
2020-06-26 15:02:08 Security check: file is normal
2020-06-26 15:02:08 Checking permissions of /usr/share/lynis/include/tests_kernel
2020-06-26 15:02:08 File permissions are OK
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Action: Performing tests from category: Kernel
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID KRNL-5622 (Determine Linux default run level)
2020-06-26 15:02:08 Test: Checking for systemd default.target
2020-06-26 15:02:08 Result: symlink found
2020-06-26 15:02:08 Result: No match found on runlevel, defaulting to runlevel 3
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID KRNL-5677 (Check CPU options and support)
2020-06-26 15:02:08 Test: Checking /proc/cpuinfo
2020-06-26 15:02:08 Result: found /proc/cpuinfo
2020-06-26 15:02:08 Test: Checking CPU options (XD/NX/PAE)
2020-06-26 15:02:08 PAE: Yes
2020-06-26 15:02:08 NX: Yes
2020-06-26 15:02:08 Result: PAE or No eXecute option(s) both found
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID KRNL-5695 (Determine Linux kernel version and release number)
2020-06-26 15:02:08 Result: found kernel release 3.10.0-1062.12.1.el7.x86_64
2020-06-26 15:02:08 Result: found kernel version #1 SMP Tue Feb 4 23:02:59 UTC 2020
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID KRNL-5723 (Determining if Linux kernel is monolithic)
2020-06-26 15:02:08 Test: checking if kernel is monolithic or modular
2020-06-26 15:02:08 Result: Found modular kernel
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID KRNL-5726 (Checking Linux loaded kernel modules)
2020-06-26 15:02:08 Loaded modules according lsmod:
2020-06-26 15:02:08 Loaded module: ablk_helper
2020-06-26 15:02:08 Loaded module: aesni_intel
2020-06-26 15:02:08 Loaded module: bridge
2020-06-26 15:02:08 Loaded module: btrfs
2020-06-26 15:02:08 Loaded module: crc32_pclmul
2020-06-26 15:02:08 Loaded module: crc32c_intel
2020-06-26 15:02:08 Loaded module: crct10dif_common
2020-06-26 15:02:08 Loaded module: crct10dif_pclmul
2020-06-26 15:02:08 Loaded module: cryptd
2020-06-26 15:02:08 Loaded module: dm_mod
2020-06-26 15:02:08 Loaded module: ebtable_broute
2020-06-26 15:02:08 Loaded module: ebtable_filter
2020-06-26 15:02:08 Loaded module: ebtable_nat
2020-06-26 15:02:08 Loaded module: ebtables
2020-06-26 15:02:08 Loaded module: ena
2020-06-26 15:02:08 Loaded module: ext4
2020-06-26 15:02:08 Loaded module: fat
2020-06-26 15:02:08 Loaded module: fuse
2020-06-26 15:02:08 Loaded module: gf128mul
2020-06-26 15:02:08 Loaded module: ghash_clmulni_intel
2020-06-26 15:02:08 Loaded module: glue_helper
2020-06-26 15:02:08 Loaded module: i2c_piix4
2020-06-26 15:02:08 Loaded module: iosf_mbi
2020-06-26 15:02:08 Loaded module: ip6_tables
2020-06-26 15:02:08 Loaded module: ip6t_REJECT
2020-06-26 15:02:08 Loaded module: ip6t_rpfilter
2020-06-26 15:02:08 Loaded module: ip6table_filter
2020-06-26 15:02:08 Loaded module: ip6table_mangle
2020-06-26 15:02:08 Loaded module: ip6table_nat
2020-06-26 15:02:08 Loaded module: ip6table_raw
2020-06-26 15:02:08 Loaded module: ip6table_security
2020-06-26 15:02:08 Loaded module: ip_set
2020-06-26 15:02:08 Loaded module: ip_tables
2020-06-26 15:02:08 Loaded module: ipt_REJECT
2020-06-26 15:02:08 Loaded module: iptable_filter
2020-06-26 15:02:08 Loaded module: iptable_mangle
2020-06-26 15:02:08 Loaded module: iptable_nat
2020-06-26 15:02:08 Loaded module: iptable_raw
2020-06-26 15:02:08 Loaded module: iptable_security
2020-06-26 15:02:08 Loaded module: jbd2
2020-06-26 15:02:08 Loaded module: libcrc32c
2020-06-26 15:02:08 Loaded module: libnvdimm
2020-06-26 15:02:08 Loaded module: llc
2020-06-26 15:02:08 Loaded module: lrw
2020-06-26 15:02:08 Loaded module: mbcache
2020-06-26 15:02:08 Loaded module: msdos
2020-06-26 15:02:08 Loaded module: nf_conntrack
2020-06-26 15:02:08 Loaded module: nf_conntrack_ipv4
2020-06-26 15:02:08 Loaded module: nf_conntrack_ipv6
2020-06-26 15:02:08 Loaded module: nf_defrag_ipv4
2020-06-26 15:02:08 Loaded module: nf_defrag_ipv6
2020-06-26 15:02:08 Loaded module: nf_nat
2020-06-26 15:02:08 Loaded module: nf_nat_ipv4
2020-06-26 15:02:08 Loaded module: nf_nat_ipv6
2020-06-26 15:02:08 Loaded module: nf_reject_ipv4
2020-06-26 15:02:08 Loaded module: nf_reject_ipv6
2020-06-26 15:02:08 Loaded module: nfit
2020-06-26 15:02:08 Loaded module: nfnetlink
2020-06-26 15:02:08 Loaded module: nvme
2020-06-26 15:02:08 Loaded module: nvme_core
2020-06-26 15:02:08 Loaded module: parport
2020-06-26 15:02:08 Loaded module: parport_pc
2020-06-26 15:02:08 Loaded module: pcspkr
2020-06-26 15:02:08 Loaded module: ppdev
2020-06-26 15:02:08 Loaded module: raid6_pq
2020-06-26 15:02:08 Loaded module: serio_raw
2020-06-26 15:02:08 Loaded module: stp
2020-06-26 15:02:08 Loaded module: sunrpc
2020-06-26 15:02:08 Loaded module: vfat
2020-06-26 15:02:08 Loaded module: xfs
2020-06-26 15:02:08 Loaded module: xor
2020-06-26 15:02:08 Loaded module: xt_conntrack
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID KRNL-5728 (Checking Linux kernel config)
2020-06-26 15:02:08 Result: found config (/boot/config-3.10.0-1062.12.1.el7.x86_64)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID KRNL-5730 (Checking disk I/O kernel scheduler)
2020-06-26 15:02:08 Test: Checking the default I/O kernel scheduler
2020-06-26 15:02:08 Result: found IO scheduler 'deadline'
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test KRNL-5745 (Checking FreeBSD loaded kernel modules)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test KRNL-5831 (Checking DragonFly loaded kernel modules)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (DragonFly only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test KRNL-5770 (Checking active kernel modules)
2020-06-26 15:02:08 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Skipped test KRNL-5788 (Checking availability new Linux kernel)
2020-06-26 15:02:08 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:08 ====
2020-06-26 15:02:08 Performing test ID KRNL-5820 (Checking core dumps configuration)
2020-06-26 15:02:08 Test: Checking presence of systemd
2020-06-26 15:02:08 Result: systemd is present on this system
2020-06-26 15:02:08 Test: Checking if core dumps are disabled in /etc/systemd/coredump.conf and /etc/systemd/coredump.conf.d/*.conf
2020-06-26 15:02:09 Result: core dumps are not disabled in systemd configuration. Didn't find settings 'ProcessSizeMax=0' and 'Storage=none'
2020-06-26 15:02:09 Hardening: assigned partial number of hardening points (0 of 1). Currently having 10 points (out of 11)
2020-06-26 15:02:09 Test: Checking presence /etc/profile
2020-06-26 15:02:09 Test: Checking if 'ulimit -c 0' exists in /etc/profile or /etc/profile.d/*.sh
2020-06-26 15:02:09 Result: core dumps are not disabled in /etc/profile or /etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0'
2020-06-26 15:02:09 Hardening: assigned partial number of hardening points (0 of 1). Currently having 10 points (out of 12)
2020-06-26 15:02:09 Test: Checking presence /etc/security/limits.conf
2020-06-26 15:02:09 Result: file /etc/security/limits.conf exists
2020-06-26 15:02:09 Test: Checking if core dumps are disabled in /etc/security/limits.conf and /etc/security/limits.d/*
2020-06-26 15:02:09 Result: core dumps are not explicitly disabled
2020-06-26 15:02:09 Suggestion: If not required, consider explicit disabling of core dump in /etc/security/limits.conf file [test:KRNL-5820] [details:-] [solution:-]
2020-06-26 15:02:09 Hardening: assigned partial number of hardening points (1 of 3). Currently having 11 points (out of 15)
2020-06-26 15:02:09 Test: Checking sysctl value of fs.suid_dumpable
2020-06-26 15:02:09 Result: value 0 found
2020-06-26 15:02:09 Result: found default option (0), no execute only program or program with changed privilege levels can dump
2020-06-26 15:02:09 Hardening: assigned maximum number of hardening points for this item (1). Currently having 12 points (out of 16)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID KRNL-5830 (Checking if system is running on the latest installed kernel)
2020-06-26 15:02:09 Test: Checking presence /var/run/reboot-required.pkgs
2020-06-26 15:02:09 Result: file /var/run/reboot-required.pkgs not found
2020-06-26 15:02:09 Result: /boot exists, performing more tests from here
2020-06-26 15:02:09 Result: found /boot/vmlinuz-3.10.0-1127.13.1.el7.x86_64
2020-06-26 15:02:09 Test: checking kernel version on disk
2020-06-26 15:02:09 Result: found version 3.10.0-1127.13.1.el7.x86_64
2020-06-26 15:02:09 Result: active kernel version 3.10.0-1062.12.1.el7.x86_64
2020-06-26 15:02:09 Result: reboot needed, as there is a difference between active kernel and the one on disk
2020-06-26 15:02:09 Result: /var/cache/apt/archives/ does not exist
2020-06-26 15:02:09 Warning: Reboot of system is most likely needed [test:KRNL-5830] [details:] [solution:text:reboot]
2020-06-26 15:02:09 Hardening: assigned partial number of hardening points (0 of 5). Currently having 12 points (out of 21)
2020-06-26 15:02:09 Security check: file is normal
2020-06-26 15:02:09 Checking permissions of /usr/share/lynis/include/tests_memory_processes
2020-06-26 15:02:09 File permissions are OK
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Action: Performing tests from category: Memory and Processes
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID PROC-3602 (Checking /proc/meminfo for memory details)
2020-06-26 15:02:09 Result: found /proc/meminfo
2020-06-26 15:02:09 Result: Found 3818920 kB memory
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Skipped test PROC-3604 (Query prtconf for memory details)
2020-06-26 15:02:09 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID PROC-3612 (Check dead or zombie processes)
2020-06-26 15:02:09 Result: no zombie processes found
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID PROC-3614 (Check heavy IO waiting based processes)
2020-06-26 15:02:09 Result: No processes were waiting for IO requests to be handled first
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID PROC-3802 (Check presence of prelink tooling)
2020-06-26 15:02:09 Result: prelink package is NOT installed
2020-06-26 15:02:09 Hardening: assigned maximum number of hardening points for this item (3). Currently having 15 points (out of 24)
2020-06-26 15:02:09 Security check: file is normal
2020-06-26 15:02:09 Checking permissions of /usr/share/lynis/include/tests_authentication
2020-06-26 15:02:09 File permissions are OK
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Action: Performing tests from category: Users, Groups and Authentication
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9204 (Check users with an UID of zero)
2020-06-26 15:02:09 Test: Searching accounts with UID 0
2020-06-26 15:02:09 Result: No accounts found with UID 0 other than root.
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9208 (Check non-unique accounts in passwd file)
2020-06-26 15:02:09 Test: Checking for non-unique accounts
2020-06-26 15:02:09 Result: all accounts found in /etc/passwd are unique
2020-06-26 15:02:09 Remarks: Non unique UIDs can be a risk for the system or part of a configuration mistake
2020-06-26 15:02:09 Prerequisite test: /usr/sbin/chkgrp
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Skipped test AUTH-9212 (Test group file)
2020-06-26 15:02:09 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9216 (Check group and shadow group files)
2020-06-26 15:02:09 Test: Checking for grpck binary output
2020-06-26 15:02:09 Result: grpck binary didn't find any errors in the group files
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Skipped test AUTH-9218 (Check login shells for passwordless accounts)
2020-06-26 15:02:09 Reason to skip: Incorrect guest OS (DragonFly FreeBSD NetBSD OpenBSD only)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9222 (Check unique groups (IDs))
2020-06-26 15:02:09 Test: Checking for non unique group ID's in /etc/group
2020-06-26 15:02:09 Result: All group ID's are unique
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9226 (Check unique group names)
2020-06-26 15:02:09 Test: Checking for non unique group names in /etc/group
2020-06-26 15:02:09 Result: All group names are unique
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9228 (Check password file consistency with pwck)
2020-06-26 15:02:09 Test: Checking password file consistency (pwck)
2020-06-26 15:02:09 Result: pwck check didn't find any problems
2020-06-26 15:02:09 Hardening: assigned maximum number of hardening points for this item (2). Currently having 17 points (out of 26)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9229 (Check password hashing methods)
2020-06-26 15:02:09 Test: Checking password hashing methods
2020-06-26 15:02:09 Result: poor password hashing methods found: sha256crypt/sha512crypt(default<=5000rounds)
2020-06-26 15:02:09 Suggestion: Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values [test:AUTH-9229] [details:-] [solution:-]
2020-06-26 15:02:09 Hardening: assigned partial number of hardening points (0 of 2). Currently having 17 points (out of 28)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9230 (Check group password hashing rounds)
2020-06-26 15:02:09 Test: Checking SHA_CRYPT_MIN_ROUNDS option in /etc/login.defs
2020-06-26 15:02:09 Result: number of minimum rounds used by the encryption algorithm is not configured
2020-06-26 15:02:09 Suggestion: Configure minimum encryption algorithm rounds in /etc/login.defs [test:AUTH-9230] [details:-] [solution:-]
2020-06-26 15:02:09 Hardening: assigned partial number of hardening points (0 of 2). Currently having 17 points (out of 30)
2020-06-26 15:02:09 Test: Checking SHA_CRYPT_MAX_ROUNDS option in /etc/login.defs
2020-06-26 15:02:09 Result: number of maximum rounds used by the encryption algorithm is not configured
2020-06-26 15:02:09 Suggestion: Configure maximum encryption algorithm rounds in /etc/login.defs [test:AUTH-9230] [details:-] [solution:-]
2020-06-26 15:02:09 Hardening: assigned partial number of hardening points (0 of 2). Currently having 17 points (out of 32)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9234 (Query user accounts)
2020-06-26 15:02:09 Test: Read system users (including root user) from password database (e.g. /etc/passwd)
2020-06-26 15:02:09 Result: found minimal user id specified: 1000
2020-06-26 15:02:09 Linux real users output (ID = 0, or 1000+, but not 65534):
2020-06-26 15:02:09 Real user: root,0
2020-06-26 15:02:09 Real user: centos,1000
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9240 (Query NIS+ authentication support)
2020-06-26 15:02:09 Result: NIS+ authentication not enabled
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9242 (Query NIS authentication support)
2020-06-26 15:02:09 Result: NIS authentication not enabled
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9250 (Checking sudoers file)
2020-06-26 15:02:09 Test: checking presence /etc/sudoers
2020-06-26 15:02:09 Result: found file (/etc/sudoers)
2020-06-26 15:02:09 Test: checking presence /usr/local/etc/sudoers
2020-06-26 15:02:09 Result: file /usr/local/etc/sudoers not found
2020-06-26 15:02:09 Test: checking presence /usr/pkg/etc/sudoers
2020-06-26 15:02:09 Result: file /usr/pkg/etc/sudoers not found
2020-06-26 15:02:09 Result: sudoers file found (/etc/sudoers)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9252 (Check ownership and permissions for sudo configuration files)
2020-06-26 15:02:09 Test: checking drop-in directory (/etc/sudoers.d)
2020-06-26 15:02:09 Result: Found directory permissions: rwxr-x--- and owner UID GID: 00
2020-06-26 15:02:09 Result: directory /etc/sudoers.d permissions OK
2020-06-26 15:02:09 Result: directory /etc/sudoers.d ownership OK
2020-06-26 15:02:09 Test: checking file (/etc/sudoers)
2020-06-26 15:02:09 Result: Found file permissions: r--r----- and owner UID GID: 00
2020-06-26 15:02:09 Result: file /etc/sudoers permissions OK
2020-06-26 15:02:09 Result: file /etc/sudoers ownership OK
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Skipped test AUTH-9254 (Solaris passwordless accounts)
2020-06-26 15:02:09 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9262 (Checking presence password strength testing tools (PAM))
2020-06-26 15:02:09 Searching PAM password testing modules (cracklib, passwdqc, pwquality)
2020-06-26 15:02:09 Result: found pam_cracklib.so (crack library PAM) in /lib64/security
2020-06-26 15:02:09 Result: found pam_pwquality.so (password quality control PAM) in /lib64/security
2020-06-26 15:02:09 Result: pam_cracklib.so found
2020-06-26 15:02:09 Result: pam_passwdqc.so NOT found (passwd quality control PAM)
2020-06-26 15:02:09 Result: pam_pwquality.so found
2020-06-26 15:02:09 Result: found at least one PAM module for password strength testing
2020-06-26 15:02:09 Hardening: assigned maximum number of hardening points for this item (3). Currently having 20 points (out of 35)
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9264 (Checking presence pam.conf)
2020-06-26 15:02:09 Test: Checking file /etc/pam.conf
2020-06-26 15:02:09 Result: file /etc/pam.conf could not be found
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9266 (Checking presence pam.d files)
2020-06-26 15:02:09 Test: Checking directory /etc/pam.d
2020-06-26 15:02:09 Result: directory /etc/pam.d exists
2020-06-26 15:02:09 Test: searching PAM configuration files
2020-06-26 15:02:09 Found file: /etc/pam.d/chfn
2020-06-26 15:02:09 Found file: /etc/pam.d/chsh
2020-06-26 15:02:09 Found file: /etc/pam.d/config-util
2020-06-26 15:02:09 Found file: /etc/pam.d/crond
2020-06-26 15:02:09 Found file: /etc/pam.d/fingerprint-auth-ac
2020-06-26 15:02:09 Found file: /etc/pam.d/login
2020-06-26 15:02:09 Found file: /etc/pam.d/other
2020-06-26 15:02:09 Found file: /etc/pam.d/passwd
2020-06-26 15:02:09 Found file: /etc/pam.d/password-auth-ac
2020-06-26 15:02:09 Found file: /etc/pam.d/polkit-1
2020-06-26 15:02:09 Found file: /etc/pam.d/postlogin-ac
2020-06-26 15:02:09 Found file: /etc/pam.d/remote
2020-06-26 15:02:09 Found file: /etc/pam.d/runuser
2020-06-26 15:02:09 Found file: /etc/pam.d/runuser-l
2020-06-26 15:02:09 Found file: /etc/pam.d/screen
2020-06-26 15:02:09 Found file: /etc/pam.d/smartcard-auth-ac
2020-06-26 15:02:09 Found file: /etc/pam.d/smtp.postfix
2020-06-26 15:02:09 Found file: /etc/pam.d/sshd
2020-06-26 15:02:09 Found file: /etc/pam.d/su
2020-06-26 15:02:09 Found file: /etc/pam.d/su-l
2020-06-26 15:02:09 Found file: /etc/pam.d/sudo
2020-06-26 15:02:09 Found file: /etc/pam.d/sudo-i
2020-06-26 15:02:09 Found file: /etc/pam.d/system-auth-ac
2020-06-26 15:02:09 Found file: /etc/pam.d/systemd-user
2020-06-26 15:02:09 Found file: /etc/pam.d/vlock
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9268 (Checking presence pam.d files)
2020-06-26 15:02:09 Test: Searching pam modules
2020-06-26 15:02:09 Test: Checking /lib/arm-linux-gnueabihf/security
2020-06-26 15:02:09 Result: directory /lib/arm-linux-gnueabihf/security could not be found or is a symlink to another directory
2020-06-26 15:02:09 Test: Checking /lib/i386-linux-gnu/security
2020-06-26 15:02:09 Result: directory /lib/i386-linux-gnu/security could not be found or is a symlink to another directory
2020-06-26 15:02:09 Test: Checking /lib/security
2020-06-26 15:02:09 Result: directory /lib/security could not be found or is a symlink to another directory
2020-06-26 15:02:09 Test: Checking /lib/x86_64-linux-gnu/security
2020-06-26 15:02:09 Result: directory /lib/x86_64-linux-gnu/security could not be found or is a symlink to another directory
2020-06-26 15:02:09 Test: Checking /lib64/security
2020-06-26 15:02:09 Result: directory /lib64/security exists
2020-06-26 15:02:09 Found file: /lib64/security/pam_access.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_cap.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_chroot.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_console.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_cracklib.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_debug.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_deny.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_echo.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_env.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_exec.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_faildelay.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_faillock.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_filter.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_ftp.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_group.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_issue.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_keyinit.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_lastlog.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_limits.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_listfile.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_localuser.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_loginuid.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_mail.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_mkhomedir.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_motd.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_namespace.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_nologin.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_permit.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_pkcs11.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_postgresok.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_pwhistory.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_pwquality.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_rhosts.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_rootok.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_securetty.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_selinux.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_sepermit.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_shells.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_stress.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_succeed_if.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_systemd.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_tally2.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_time.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_timestamp.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_tty_audit.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_umask.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_unix.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_userdb.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_warn.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_wheel.so
2020-06-26 15:02:09 Found file: /lib64/security/pam_xauth.so
2020-06-26 15:02:09 Test: Checking /usr/lib
2020-06-26 15:02:09 Result: directory /usr/lib exists
2020-06-26 15:02:09 Test: Checking /usr/lib/security
2020-06-26 15:02:09 Result: directory /usr/lib/security could not be found or is a symlink to another directory
2020-06-26 15:02:09 ====
2020-06-26 15:02:09 Performing test ID AUTH-9278 (Determine LDAP support in PAM files)
2020-06-26 15:02:09 Test: checking presence /etc/pam.d/common-auth
2020-06-26 15:02:09 Result: file /etc/pam.d/common-auth not found, skipping test
2020-06-26 15:02:09 Test: checking presence /etc/pam.d/system-auth
2020-06-26 15:02:09 Result: file /etc/pam.d/system-auth exists
2020-06-26 15:02:09 Test: checking presence LDAP module
2020-06-26 15:02:09 Result: LDAP module not found
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID AUTH-9282 (Checking password protected account without expire date)
2020-06-26 15:02:10 Test: Checking Linux version and password expire date status
2020-06-26 15:02:10 Result: found one or more accounts without expire date set
2020-06-26 15:02:10 Account without expire date: centos
2020-06-26 15:02:10 Suggestion: When possible set expire dates for all password protected accounts [test:AUTH-9282] [details:-] [solution:-]
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID AUTH-9283 (Checking accounts without password)
2020-06-26 15:02:10 Test: Checking passwordless accounts
2020-06-26 15:02:10 Result: all accounts seem to have a password
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID AUTH-9286 (Checking user password aging)
2020-06-26 15:02:10 Test: Checking PASS_MIN_DAYS option in /etc/login.defs
2020-06-26 15:02:10 Result: password needs to be at least 1 days old
2020-06-26 15:02:10 Hardening: assigned maximum number of hardening points for this item (3). Currently having 23 points (out of 38)
2020-06-26 15:02:10 Test: Checking PASS_MAX_DAYS option in /etc/login.defs
2020-06-26 15:02:10 Result: max password age is 60 days
2020-06-26 15:02:10 Hardening: assigned maximum number of hardening points for this item (3). Currently having 26 points (out of 41)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID AUTH-9288 (Checking for expired passwords)
2020-06-26 15:02:10 Test: check if we can access /etc/shadow (escaped: /etc/shadow)
2020-06-26 15:02:10 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:10 Result: file /etc/shadow is readable (or directory accessible).
2020-06-26 15:02:10 Data: Days since epoch is 18439
2020-06-26 15:02:10 Test: collecting accounts which have an expired password (last day changed + maximum change time)
2020-06-26 15:02:10 Result: good, no passwords have been expired
2020-06-26 15:02:10 Hardening: assigned maximum number of hardening points for this item (10). Currently having 36 points (out of 51)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Skipped test AUTH-9304 (Check single user login configuration)
2020-06-26 15:02:10 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Skipped test AUTH-9306 (Check single boot authentication)
2020-06-26 15:02:10 Reason to skip: Incorrect guest OS (HP-UX only)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID AUTH-9308 (Check single user login configuration)
2020-06-26 15:02:10 Test: going to check several systemd targets now
2020-06-26 15:02:10 Test: checking if target console-shell.service is available (/lib/systemd/system/console-shell.service)
2020-06-26 15:02:10 Result: found target console-shell.service
2020-06-26 15:02:10 Result: sulogin was found, which is a good measure to protect single user mode
2020-06-26 15:02:10 Test: checking if target emergency.service is available (/lib/systemd/system/emergency.service)
2020-06-26 15:02:10 Result: found target emergency.service
2020-06-26 15:02:10 Result: sulogin was found, which is a good measure to protect single user mode
2020-06-26 15:02:10 Test: checking if target rescue.service is available (/lib/systemd/system/rescue.service)
2020-06-26 15:02:10 Result: found target rescue.service
2020-06-26 15:02:10 Result: sulogin was found, which is a good measure to protect single user mode
2020-06-26 15:02:10 Result: option set, password is needed at single user mode boot
2020-06-26 15:02:10 Hardening: assigned maximum number of hardening points for this item (2). Currently having 38 points (out of 53)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID AUTH-9328 (Default umask values)
2020-06-26 15:02:10 Test: Checking /etc/profile.d directory
2020-06-26 15:02:10 Result: found /etc/profile.d, with one or more files in it
2020-06-26 15:02:10 Test: Checking /etc/profile
2020-06-26 15:02:10 Result: file /etc/profile exists
2020-06-26 15:02:10 Test: Checking umask value in /etc/profile
2020-06-26 15:02:10 Result: found multiple umask values configured in /etc/profile
2020-06-26 15:02:10 Result: umask 002 could be more strict
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (1 of 2). Currently having 39 points (out of 55)
2020-06-26 15:02:10 Result: umask 022 could be more strict
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (1 of 2). Currently having 40 points (out of 57)
2020-06-26 15:02:10 Suggestion: Default umask in /etc/profile or /etc/profile.d/custom.sh could be more strict (e.g. 027) [test:AUTH-9328] [details:-] [solution:-]
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (0 of 2). Currently having 40 points (out of 59)
2020-06-26 15:02:10 Test: Checking umask entries in /etc/passwd (pam_umask)
2020-06-26 15:02:10 Result: file /etc/passwd exists
2020-06-26 15:02:10 Test: Checking umask value in /etc/passwd
2020-06-26 15:02:10 Manual: one or more manual actions are required for further testing of this control/plugin
2020-06-26 15:02:10 Test: Checking /etc/login.defs
2020-06-26 15:02:10 Result: file /etc/login.defs exists
2020-06-26 15:02:10 Test: Checking umask value in /etc/login.defs
2020-06-26 15:02:10 Result: umask is 077, which is fine
2020-06-26 15:02:10 Hardening: assigned maximum number of hardening points for this item (2). Currently having 42 points (out of 61)
2020-06-26 15:02:10 Test: Checking /etc/init.d/functions
2020-06-26 15:02:10 Result: file /etc/init.d/functions exists
2020-06-26 15:02:10 Test: Checking umask value in /etc/init.d/functions
2020-06-26 15:02:10 Result: found umask 022, which could be improved
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (0 of 2). Currently having 42 points (out of 63)
2020-06-26 15:02:10 Test: Checking /etc/init.d/rc
2020-06-26 15:02:10 Result: file /etc/init.d/rc does not exist
2020-06-26 15:02:10 Test: Checking /etc/init.d/rcS
2020-06-26 15:02:10 Result: file /etc/init.d/rcS does not exist
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Skipped test AUTH-9340 (Solaris account locking)
2020-06-26 15:02:10 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID AUTH-9402 (Query LDAP authentication support)
2020-06-26 15:02:10 Result: LDAP authentication not enabled
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Skipped test AUTH-9406 (Query LDAP servers in client configuration)
2020-06-26 15:02:10 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID AUTH-9408 (Logging of failed login attempts)
2020-06-26 15:02:10 Test: Checking FAILLOG_ENAB option in /etc/login.defs
2020-06-26 15:02:10 Result: failed login attempts may not logged
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (0 of 1). Currently having 42 points (out of 64)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Skipped test AUTH-9409 (Checking /etc/doas.conf file)
2020-06-26 15:02:10 Reason to skip: Incorrect guest OS (OpenBSD only)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Skipped test AUTH-9410 (Check /etc/doas.conf file permissions)
2020-06-26 15:02:10 Reason to skip: Incorrect guest OS (OpenBSD only)
2020-06-26 15:02:10 Security check: file is normal
2020-06-26 15:02:10 Checking permissions of /usr/share/lynis/include/tests_shells
2020-06-26 15:02:10 File permissions are OK
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Action: Performing tests from category: Shells
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Skipped test SHLL-6202 (Check console TTYs)
2020-06-26 15:02:10 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID SHLL-6211 (Available and valid shells)
2020-06-26 15:02:10 Test: Searching for /etc/shells
2020-06-26 15:02:10 Result: Found /etc/shells file
2020-06-26 15:02:10 Test: Reading available shells from /etc/shells
2020-06-26 15:02:10 Found installed shell: /bin/sh
2020-06-26 15:02:10 Found installed shell: /bin/bash
2020-06-26 15:02:10 Found installed shell: /usr/bin/sh
2020-06-26 15:02:10 Found installed shell: /usr/bin/bash
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID SHLL-6220 (Idle session killing tools or settings)
2020-06-26 15:02:10 Test: Search for session timeout tools or settings in shell
2020-06-26 15:02:10 Performing pgrep scan without uid
2020-06-26 15:02:10 IsRunning: process 'timeoutd' not found
2020-06-26 15:02:10 Performing pgrep scan without uid
2020-06-26 15:02:10 IsRunning: process 'autolog' not found
2020-06-26 15:02:10 Result: could not find TMOUT setting in /etc/profile
2020-06-26 15:02:10 Result: could not find export, readonly or typeset -r in /etc/profile
2020-06-26 15:02:10 Output: 600
2020-06-26 15:02:10 Result: found TMOUT value configured in one of the files in /etc/profile.d directory
2020-06-26 15:02:10 Output: readonly
2020-06-26 15:02:10 Output: export
2020-06-26 15:02:10 Result: found readonly setting in /etc/profile (readonly or typeset -r)
2020-06-26 15:02:10 Hardening: assigned maximum number of hardening points for this item (3). Currently having 45 points (out of 67)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID SHLL-6230 (Perform umask check for shell configurations)
2020-06-26 15:02:10 Result: file /etc/bashrc exists
2020-06-26 15:02:10 Result: found umask 002 in /etc/bashrc
2020-06-26 15:02:10 Result: umask 002 can be hardened
2020-06-26 15:02:10 Result: found umask 022 in /etc/bashrc
2020-06-26 15:02:10 Result: umask 022 can be hardened
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (1 of 3). Currently having 46 points (out of 70)
2020-06-26 15:02:10 Result: file /etc/bash.bashrc not found
2020-06-26 15:02:10 Result: file /etc/bash.bashrc.local not found
2020-06-26 15:02:10 Result: file /etc/csh.cshrc exists
2020-06-26 15:02:10 Result: found umask 002 in /etc/csh.cshrc
2020-06-26 15:02:10 Result: umask 002 can be hardened
2020-06-26 15:02:10 Result: found umask 022 in /etc/csh.cshrc
2020-06-26 15:02:10 Result: umask 022 can be hardened
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (1 of 3). Currently having 47 points (out of 73)
2020-06-26 15:02:10 Result: file /etc/profile exists
2020-06-26 15:02:10 Result: found umask 002 in /etc/profile
2020-06-26 15:02:10 Result: umask 002 can be hardened
2020-06-26 15:02:10 Result: found umask 022 in /etc/profile
2020-06-26 15:02:10 Result: umask 022 can be hardened
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (1 of 3). Currently having 48 points (out of 76)
2020-06-26 15:02:10 Security check: file is normal
2020-06-26 15:02:10 Checking permissions of /usr/share/lynis/include/tests_filesystems
2020-06-26 15:02:10 File permissions are OK
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Action: Performing tests from category: File systems
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID FILE-6310 (Checking /tmp, /home and /var directory)
2020-06-26 15:02:10 Test: Checking if /home is mounted separately or mounted on / file system
2020-06-26 15:02:10 Result: directory /home exists
2020-06-26 15:02:10 Result: /home not found in mount list. Directory most likely stored on / file system
2020-06-26 15:02:10 Suggestion: To decrease the impact of a full /home file system, place /home on a separate partition [test:FILE-6310] [details:-] [solution:-]
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (9 of 10). Currently having 57 points (out of 86)
2020-06-26 15:02:10 Test: Checking if /tmp is mounted separately or mounted on / file system
2020-06-26 15:02:10 Result: directory /tmp exists
2020-06-26 15:02:10 Result: found /tmp as a separated mount point
2020-06-26 15:02:10 Hardening: assigned maximum number of hardening points for this item (10). Currently having 67 points (out of 96)
2020-06-26 15:02:10 Test: Checking if /var is mounted separately or mounted on / file system
2020-06-26 15:02:10 Result: directory /var exists
2020-06-26 15:02:10 Result: /var not found in mount list. Directory most likely stored on / file system
2020-06-26 15:02:10 Suggestion: To decrease the impact of a full /var file system, place /var on a separate partition [test:FILE-6310] [details:-] [solution:-]
2020-06-26 15:02:10 Hardening: assigned partial number of hardening points (9 of 10). Currently having 76 points (out of 106)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Skipped test FILE-6311 (Checking LVM volume groups)
2020-06-26 15:02:10 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Skipped test FILE-6312 (Checking LVM volumes)
2020-06-26 15:02:10 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID FILE-6323 (Checking EXT file systems)
2020-06-26 15:02:10 Test: Checking for Linux EXT file systems
2020-06-26 15:02:10 Result: no EXT file systems found
2020-06-26 15:02:10 ====
2020-06-26 15:02:10 Performing test ID FILE-6324 (Checking XFS file systems)
2020-06-26 15:02:10 Test: Checking for Linux XFS file systems
2020-06-26 15:02:10 Result: found one or more XFS file systems
2020-06-26 15:02:10 File system: / (type: xfs)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6329 (Checking FFS/UFS file systems)
2020-06-26 15:02:11 Test: Query /etc/fstab for available FFS/UFS mount points
2020-06-26 15:02:11 Result: unable to find any single mount point (FFS/UFS)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Skipped test FILE-6330 (Checking ZFS file systems)
2020-06-26 15:02:11 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Skipped test FILE-6439 (Checking HAMMER PFS mounts)
2020-06-26 15:02:11 Reason to skip: Incorrect guest OS (DragonFly only)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6332 (Checking swap partitions)
2020-06-26 15:02:11 Test: query swap partitions from /etc/fstab file
2020-06-26 15:02:11 Result: no swap partitions found in /etc/fstab
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6336 (Checking swap mount options)
2020-06-26 15:02:11 Test: check swap partitions with incorrect mount options
2020-06-26 15:02:11 Result: all swap partitions have correct options (sw or swap)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6344 (Checking proc mount options)
2020-06-26 15:02:11 Test: check proc mount with incorrect mount options
2020-06-26 15:02:11 Hardening: assigned partial number of hardening points (0 of 3). Currently having 76 points (out of 109)
2020-06-26 15:02:11 Result: /proc filesystem is not mounted with option hidepid=1 or hidepid=2
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6354 (Searching for old files in /tmp)
2020-06-26 15:02:11 Test: Searching for old files in /tmp
2020-06-26 15:02:11 Result: no files found in /tmp which are older than 3 months
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6362 (Checking /tmp sticky bit)
2020-06-26 15:02:11 Result: sticky bit found on /tmp directory
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 79 points (out of 112)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6363 (Checking /var/tmp sticky bit)
2020-06-26 15:02:11 Result: sticky bit found on /var/tmp directory
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 82 points (out of 115)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6368 (Checking ACL support on root file system)
2020-06-26 15:02:11 Test: Checking acl option on ext[2-4] root file system
2020-06-26 15:02:11 Result: mount point probably mounted with defaults
2020-06-26 15:02:11 Test: Checking device which holds root file system
2020-06-26 15:02:11 Result: No file system found with root file system
2020-06-26 15:02:11 Test: Checking acl option on xfs root file system
2020-06-26 15:02:11 Result: ACL option enabled on root file system
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 85 points (out of 118)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6372 (Checking / mount options)
2020-06-26 15:02:11 Result: mount system / is configured with options: defaults
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6374 (Linux mount options)
2020-06-26 15:02:11 Result: file system /boot not found in /etc/fstab
2020-06-26 15:02:11 File system: /dev
2020-06-26 15:02:11 Expected flags: noexec nosuid
2020-06-26 15:02:11 Found flags: (rw nosuid seclabel size=1885528k nr_inodes=471382 mode=755)
2020-06-26 15:02:11 Result: Could not find mount option noexec on file system /dev
2020-06-26 15:02:11 Result: GOOD, found mount option nosuid on file system /dev
2020-06-26 15:02:11 Result: marked /dev as partially hardened
2020-06-26 15:02:11 Hardening: assigned partial number of hardening points (4 of 5). Currently having 89 points (out of 123)
2020-06-26 15:02:11 File system: /dev/shm
2020-06-26 15:02:11 Expected flags: nosuid nodev noexec
2020-06-26 15:02:11 Found flags: defaults nodev nosuid noexec
2020-06-26 15:02:11 Result: GOOD, found mount option nosuid on file system /dev/shm
2020-06-26 15:02:11 Result: GOOD, found mount option nodev on file system /dev/shm
2020-06-26 15:02:11 Result: GOOD, found mount option noexec on file system /dev/shm
2020-06-26 15:02:11 Result: marked /dev/shm as fully hardened
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (5). Currently having 94 points (out of 128)
2020-06-26 15:02:11 Result: file system /home not found in /etc/fstab
2020-06-26 15:02:11 File system: /run
2020-06-26 15:02:11 Expected flags: nodev nosuid
2020-06-26 15:02:11 Found flags: (rw nosuid nodev seclabel mode=755)
2020-06-26 15:02:11 Result: GOOD, found mount option nodev on file system /run
2020-06-26 15:02:11 Result: GOOD, found mount option nosuid on file system /run
2020-06-26 15:02:11 Result: marked /run as fully hardened
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (5). Currently having 99 points (out of 133)
2020-06-26 15:02:11 File system: /tmp
2020-06-26 15:02:11 Expected flags: nodev noexec nosuid
2020-06-26 15:02:11 Found flags: (rw seclabel)
2020-06-26 15:02:11 Result: Could not find mount option nodev on file system /tmp
2020-06-26 15:02:11 Result: Could not find mount option noexec on file system /tmp
2020-06-26 15:02:11 Result: Could not find mount option nosuid on file system /tmp
2020-06-26 15:02:11 Result: marked /tmp options as non-default (unclear about hardening)
2020-06-26 15:02:11 Hardening: assigned partial number of hardening points (4 of 5). Currently having 103 points (out of 138)
2020-06-26 15:02:11 Result: file system /var not found in /etc/fstab
2020-06-26 15:02:11 Result: file system /var/log not found in /etc/fstab
2020-06-26 15:02:11 Result: file system /var/log/audit not found in /etc/fstab
2020-06-26 15:02:11 Result: file system /var/tmp not found in /etc/fstab
2020-06-26 15:02:11 Result: Total without nodev:11 noexec:12 nosuid:9 ro or noexec (W^X): 12, of total 30
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6376 (Determine if /var/tmp is bound to /tmp)
2020-06-26 15:02:11 Result: no mount point /var/tmp or expected options found
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6394 (Determine level of swappiness.)
2020-06-26 15:02:11 Test: checking level of vm.swappiness: 30
2020-06-26 15:02:11 Result: vm.swappiness=30 meaning that swapping is less frequent than default. This is only recommended for servers.
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Skipped test FILE-6410 (Checking Locate database)
2020-06-26 15:02:11 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID FILE-6430 (Disable mounting of some filesystems)
2020-06-26 15:02:11 Result: found cramfs support in the kernel (output = insmod /lib/modules/3.10.0-1062.12.1.el7.x86_64/kernel/fs/cramfs/cramfs.ko.xz )
2020-06-26 15:02:11 Test: Checking if cramfs is active
2020-06-26 15:02:11 Result: module cramfs is currently not loaded in the kernel.
2020-06-26 15:02:11 Hardening: assigned partial number of hardening points (2 of 3). Currently having 105 points (out of 141)
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 108 points (out of 144)
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 111 points (out of 147)
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 114 points (out of 150)
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 117 points (out of 153)
2020-06-26 15:02:11 Result: found squashfs support in the kernel (output = insmod /lib/modules/3.10.0-1062.12.1.el7.x86_64/kernel/fs/squashfs/squashfs.ko.xz )
2020-06-26 15:02:11 Test: Checking if squashfs is active
2020-06-26 15:02:11 Result: module squashfs is currently not loaded in the kernel.
2020-06-26 15:02:11 Hardening: assigned partial number of hardening points (2 of 3). Currently having 119 points (out of 156)
2020-06-26 15:02:11 Result: found udf support in the kernel (output = insmod /lib/modules/3.10.0-1062.12.1.el7.x86_64/kernel/fs/udf/udf.ko.xz )
2020-06-26 15:02:11 Test: Checking if udf is active
2020-06-26 15:02:11 Result: module udf is currently not loaded in the kernel.
2020-06-26 15:02:11 Hardening: assigned partial number of hardening points (2 of 3). Currently having 121 points (out of 159)
2020-06-26 15:02:11 Suggestion: Consider disabling unused kernel modules [test:FILE-6430] [details:/etc/modprobe.d/blacklist.conf] [solution:Add 'install MODULENAME /bin/true' (without quotes)]
2020-06-26 15:02:11 Security check: file is normal
2020-06-26 15:02:11 Checking permissions of /usr/share/lynis/include/tests_usb
2020-06-26 15:02:11 File permissions are OK
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Action: Performing tests from category: USB Devices
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID USB-1000 (Check if USB storage is disabled)
2020-06-26 15:02:11 Test: Checking USB storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf
2020-06-26 15:02:11 Result: found usb-storage driver in disabled state (blacklisted)
2020-06-26 15:02:11 Result: usb-storage driver is disabled
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 124 points (out of 162)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID USB-2000 (Check USB authorizations)
2020-06-26 15:02:11 Test: checking presence of USB devices path (/sys/bus/usb/devices)
2020-06-26 15:02:11 Test: Checking USB devices authorization to connect to the system
2020-06-26 15:02:11 Result: None USB devices are authorized by default (or temporary) to connect to the system
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 127 points (out of 165)
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID USB-3000 (Check for presence of USBGuard)
2020-06-26 15:02:11 Result: USBGuard is installed (/usr/bin/usbguard)
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (1). Currently having 128 points (out of 166)
2020-06-26 15:02:11 Checking USBGuard configuration file
2020-06-26 15:02:11 Result: USBGuard configuration found (/etc/usbguard/usbguard-daemon.conf)
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (1). Currently having 129 points (out of 167)
2020-06-26 15:02:11 Checking USBGuard restore controller device state (RestoreControllerDeviceState)
2020-06-26 15:02:11 Result: RestoreControllerDeviceState = false
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (1). Currently having 130 points (out of 168)
2020-06-26 15:02:11 Checking USBGuard rule for controllers connected before daemon starts (PresentControllerPolicy)
2020-06-26 15:02:11 Result: PresentControllerPolicy = keep
2020-06-26 15:02:11 Consider changing PresentControllerPolicy to "apply-policy", "block" or "reject"
2020-06-26 15:02:11 Hardening: assigned partial number of hardening points (0 of 1). Currently having 130 points (out of 169)
2020-06-26 15:02:11 Checking USBGuard rule for devices connected before daemon starts (PresentDevicePolicy)
2020-06-26 15:02:11 Result: PresentDevicePolicy = apply-policy
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (1). Currently having 131 points (out of 170)
2020-06-26 15:02:11 Checking USBGuard rule for devices inserted after daemon starts (InsertedDevicePolicy)
2020-06-26 15:02:11 Result: InsertedDevicePolicy = apply-policy
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (1). Currently having 132 points (out of 171)
2020-06-26 15:02:11 Checking USBGuard rule for devices not in RuleFile (ImplicitPolicyTarget)
2020-06-26 15:02:11 Result: ImplicitPolicyTarget = block
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (1). Currently having 133 points (out of 172)
2020-06-26 15:02:11 Checking RuleFile
2020-06-26 15:02:11 Result: RuleFile found (/etc/usbguard/rules.conf)
2020-06-26 15:02:11 Hardening: assigned maximum number of hardening points for this item (1). Currently having 134 points (out of 173)
2020-06-26 15:02:11 Security check: file is normal
2020-06-26 15:02:11 Checking permissions of /usr/share/lynis/include/tests_storage
2020-06-26 15:02:11 File permissions are OK
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Action: Performing tests from category: Storage
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID STRG-1846 (Check if firewire storage is disabled)
2020-06-26 15:02:11 Test: Checking firewire storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf
2020-06-26 15:02:11 Result: firewire ohci driver is not explicitly disabled
2020-06-26 15:02:11 Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846] [details:-] [solution:-]
2020-06-26 15:02:11 Hardening: assigned partial number of hardening points (2 of 3). Currently having 136 points (out of 176)
2020-06-26 15:02:11 Security check: file is normal
2020-06-26 15:02:11 Checking permissions of /usr/share/lynis/include/tests_storage_nfs
2020-06-26 15:02:11 File permissions are OK
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Action: Performing tests from category: NFS
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID STRG-1902 (Check rpcinfo registered programs)
2020-06-26 15:02:11 Test: Checking rpcinfo registered programs
2020-06-26 15:02:11 rpcinfo: ,program,vers,proto,port,service
2020-06-26 15:02:11 rpcinfo: ,100000,4,tcp,111,portmapper
2020-06-26 15:02:11 rpcinfo: ,100000,3,tcp,111,portmapper
2020-06-26 15:02:11 rpcinfo: ,100000,2,tcp,111,portmapper
2020-06-26 15:02:11 rpcinfo: ,100000,4,udp,111,portmapper
2020-06-26 15:02:11 rpcinfo: ,100000,3,udp,111,portmapper
2020-06-26 15:02:11 rpcinfo: ,100000,2,udp,111,portmapper
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID STRG-1904 (Check nfs rpc)
2020-06-26 15:02:11 Test: Checking NFS registered versions
2020-06-26 15:02:11 ====
2020-06-26 15:02:11 Performing test ID STRG-1906 (Check nfs rpc)
2020-06-26 15:02:11 Test: Checking NFS registered protocols
2020-06-26 15:02:11 Output: no NFS protocols found
2020-06-26 15:02:11 Test: Checking NFS registered ports
2020-06-26 15:02:11 Output: no NFS port number found
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID STRG-1920 (Checking NFS daemon)
2020-06-26 15:02:12 Test: Checking running NFS daemon
2020-06-26 15:02:12 Output: NFS daemon is not running
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test STRG-1926 (Checking NFS exports)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test STRG-1928 (Checking empty /etc/exports)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test STRG-1930 (Check client access to nfs share)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 Security check: file is normal
2020-06-26 15:02:12 Checking permissions of /usr/share/lynis/include/tests_nameservices
2020-06-26 15:02:12 File permissions are OK
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Action: Performing tests from category: Name services
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4016 (Check /etc/resolv.conf default domain)
2020-06-26 15:02:12 Test: check /etc/resolv.conf for default domain
2020-06-26 15:02:12 Result: /etc/resolv.conf found
2020-06-26 15:02:12 Result: no default domain found
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4018 (Check /etc/resolv.conf search domains)
2020-06-26 15:02:12 Test: check /etc/resolv.conf for search domains
2020-06-26 15:02:12 Result: /etc/resolv.conf found
2020-06-26 15:02:12 Found search domain: ec2.internal
2020-06-26 15:02:12 Result: Found 1 search domains
2020-06-26 15:02:12 Result: found 1 line(s) with a search statement (expecting less than 2 lines)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4020 (Check non default options)
2020-06-26 15:02:12 Test: check /etc/resolv.conf for non default options
2020-06-26 15:02:12 Result: /etc/resolv.conf found
2020-06-26 15:02:12 Result: no specific other options configured in /etc/resolv.conf
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4024 (Solaris uname -n output)
2020-06-26 15:02:12 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4026 (Check /etc/nodename)
2020-06-26 15:02:12 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4028 (Check domain name)
2020-06-26 15:02:12 Test: Checking if dnsdomainname command is available
2020-06-26 15:02:12 Result: dnsdomainname command returned a value
2020-06-26 15:02:12 Found domain name: ec2.internal
2020-06-26 15:02:12 Result: found domain name
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4032 (Check nscd status)
2020-06-26 15:02:12 Test: checking nscd status
2020-06-26 15:02:12 Performing pgrep scan without uid
2020-06-26 15:02:12 IsRunning: process 'nscd' not found
2020-06-26 15:02:12 Result: nscd is not running
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4034 (Check Unbound status)
2020-06-26 15:02:12 Test: checking Unbound (unbound) status
2020-06-26 15:02:12 Performing pgrep scan without uid
2020-06-26 15:02:12 IsRunning: process 'unbound' not found
2020-06-26 15:02:12 Result: Unbound daemon is not running
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4036 (Check Unbound configuration file)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4202 (Check BIND status)
2020-06-26 15:02:12 Test: Checking for running BIND instance
2020-06-26 15:02:12 Performing pgrep scan without uid
2020-06-26 15:02:12 IsRunning: process 'named' not found
2020-06-26 15:02:12 Result: BIND not running
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4204 (Search BIND configuration file)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4206 (Check BIND configuration consistency)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4210 (Check DNS banner)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4230 (Check PowerDNS status)
2020-06-26 15:02:12 Test: Checking for running PowerDNS instance
2020-06-26 15:02:12 Performing pgrep scan without uid
2020-06-26 15:02:12 IsRunning: process 'pdns_server' not found
2020-06-26 15:02:12 Result: PowerDNS not running
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4232 (Search PowerDNS configuration file)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4236 (Check PowerDNS backends)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4238 (Check PowerDNS authoritative status)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4304 (Check NIS ypbind status)
2020-06-26 15:02:12 Test: Checking status of ypbind daemon
2020-06-26 15:02:12 Performing pgrep scan without uid
2020-06-26 15:02:12 IsRunning: process 'ypbind' not found
2020-06-26 15:02:12 Result: ypbind is not active
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test NAME-4306 (Check NIS domain)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4402 (Check duplicate line in /etc/hosts)
2020-06-26 15:02:12 Test: check duplicate line in /etc/hosts
2020-06-26 15:02:12 Result: OK, no duplicate lines found
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4404 (Check /etc/hosts contains an entry for this server name)
2020-06-26 15:02:12 Test: Check /etc/hosts contains an entry for this server name
2020-06-26 15:02:12 Result: No entry found for ip-172-20-38-179 in /etc/hosts
2020-06-26 15:02:12 Suggestion: Add the IP name and FQDN to /etc/hosts for proper name resolving [test:NAME-4404] [details:-] [solution:-]
2020-06-26 15:02:12 Risk: No entry for the server name [hostname] in /etc/hosts may cause unexpected performance problems for local connections
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4406 (Check server hostname mapping)
2020-06-26 15:02:12 Test: Check server hostname not locally mapped in /etc/hosts
2020-06-26 15:02:12 Result: this server hostname is not mapped to a local address
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID NAME-4408 (Check localhost entry)
2020-06-26 15:02:12 Test: Check server hostname not locally mapped in /etc/hosts
2020-06-26 15:02:12 Result: localhost mapped to ::1
2020-06-26 15:02:12 Security check: file is normal
2020-06-26 15:02:12 Checking permissions of /usr/share/lynis/include/tests_dns
2020-06-26 15:02:12 File permissions are OK
2020-06-26 15:02:12 Security check: file is normal
2020-06-26 15:02:12 Checking permissions of /usr/share/lynis/include/tests_ports_packages
2020-06-26 15:02:12 File permissions are OK
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Action: Performing tests from category: Ports and packages
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test PKGS-7301 (Query FreeBSD pkg)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test PKGS-7302 (Query FreeBSD/NetBSD pkg_info)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test PKGS-7303 (Query brew package manager)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 Result: brew can NOT be found on this system
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test PKGS-7304 (Querying Gentoo packages)
2020-06-26 15:02:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:12 Result: emerge can NOT be found on this system
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Skipped test PKGS-7306 (Querying Solaris packages)
2020-06-26 15:02:12 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:12 Result: pkginfo can NOT be found on this system
2020-06-26 15:02:12 ====
2020-06-26 15:02:12 Performing test ID PKGS-7308 (Checking package list with RPM)
2020-06-26 15:02:12 Result: Found rpm binary (/usr/bin/rpm)
2020-06-26 15:02:12 Test: Querying 'rpm -qa' to get package list
2020-06-26 15:02:12 Output:
2020-06-26 15:02:12 --------
2020-06-26 15:02:13 Found package: PyYAML,3.10-11.el7.x86_64
2020-06-26 15:02:13 Found package: acl,2.2.51-15.el7.x86_64
2020-06-26 15:02:13 Found package: aide,0.15.1-13.el7.x86_64
2020-06-26 15:02:13 Found package: audispd-plugins,2.8.5-4.el7.x86_64
2020-06-26 15:02:13 Found package: audit,2.8.5-4.el7.x86_64
2020-06-26 15:02:13 Found package: audit-libs,2.8.5-4.el7.x86_64
2020-06-26 15:02:13 Found package: audit-libs-python,2.8.5-4.el7.x86_64
2020-06-26 15:02:13 Found package: authconfig,6.2.8-30.el7.x86_64
2020-06-26 15:02:13 Found package: basesystem,10.0-7.el7.centos.noarch
2020-06-26 15:02:13 Found package: bash,4.2.46-34.el7.x86_64
2020-06-26 15:02:13 Found package: bind-export-libs,9.11.4-16.P2.el7_8.6.x86_64
2020-06-26 15:02:13 Found package: binutils,2.27-43.base.el7_8.1.x86_64
2020-06-26 15:02:13 Found package: btrfs-progs,4.9.1-1.el7.x86_64
2020-06-26 15:02:13 Found package: bzip2-libs,1.0.6-13.el7.x86_64
2020-06-26 15:02:13 Found package: ca-certificates,2020.2.41-70.0.el7_8.noarch
2020-06-26 15:02:13 Found package: centos-release,7-8.2003.0.el7.centos.x86_64
2020-06-26 15:02:13 Found package: checkpolicy,2.5-8.el7.x86_64
2020-06-26 15:02:13 Found package: chkconfig,1.7.4-1.el7.x86_64
2020-06-26 15:02:13 Found package: chrony,3.4-1.el7.x86_64
2020-06-26 15:02:13 Found package: cloud-init,18.5-6.el7.centos.5.x86_64
2020-06-26 15:02:13 Found package: cloud-utils-growpart,0.29-5.el7.noarch
2020-06-26 15:02:13 Found package: coreutils,8.22-24.el7.x86_64
2020-06-26 15:02:13 Found package: cpio,2.11-27.el7.x86_64
2020-06-26 15:02:13 Found package: cracklib,2.9.0-11.el7.x86_64
2020-06-26 15:02:13 Found package: cracklib-dicts,2.9.0-11.el7.x86_64
2020-06-26 15:02:13 Found package: cronie,1.4.11-23.el7.x86_64
2020-06-26 15:02:13 Found package: cronie-anacron,1.4.11-23.el7.x86_64
2020-06-26 15:02:13 Found package: crontabs,1.11-6.20121102git.el7.noarch
2020-06-26 15:02:13 Found package: cryptsetup-libs,2.0.3-6.el7.x86_64
2020-06-26 15:02:13 Found package: curl,7.29.0-57.el7.x86_64
2020-06-26 15:02:13 Found package: cyrus-sasl-lib,2.1.26-23.el7.x86_64
2020-06-26 15:02:13 Found package: dbus,1.10.24-13.el7_6.x86_64
2020-06-26 15:02:13 Found package: dbus-glib,0.100-7.el7.x86_64
2020-06-26 15:02:13 Found package: dbus-libs,1.10.24-13.el7_6.x86_64
2020-06-26 15:02:13 Found package: dbus-python,1.1.1-9.el7.x86_64
2020-06-26 15:02:13 Found package: device-mapper,1.02.164-7.el7_8.2.x86_64
2020-06-26 15:02:13 Found package: device-mapper-libs,1.02.164-7.el7_8.2.x86_64
2020-06-26 15:02:13 Found package: dhclient,4.2.5-79.el7.centos.x86_64
2020-06-26 15:02:13 Found package: dhcp-common,4.2.5-79.el7.centos.x86_64
2020-06-26 15:02:13 Found package: dhcp-libs,4.2.5-79.el7.centos.x86_64
2020-06-26 15:02:13 Found package: diffutils,3.3-5.el7.x86_64
2020-06-26 15:02:13 Found package: dmidecode,3.2-3.el7.x86_64
2020-06-26 15:02:13 Found package: dracut,033-568.el7.x86_64
2020-06-26 15:02:13 Found package: dracut-config-generic,033-568.el7.x86_64
2020-06-26 15:02:13 Found package: dracut-config-rescue,033-568.el7.x86_64
2020-06-26 15:02:13 Found package: dracut-fips,033-568.el7.x86_64
2020-06-26 15:02:13 Found package: dracut-fips-aesni,033-568.el7.x86_64
2020-06-26 15:02:13 Found package: dracut-network,033-568.el7.x86_64
2020-06-26 15:02:13 Found package: e2fsprogs,1.42.9-17.el7.x86_64
2020-06-26 15:02:13 Found package: e2fsprogs-libs,1.42.9-17.el7.x86_64
2020-06-26 15:02:13 Found package: ebtables,2.0.10-16.el7.x86_64
2020-06-26 15:02:13 Found package: elfutils-default-yama-scope,0.176-4.el7.noarch
2020-06-26 15:02:13 Found package: elfutils-libelf,0.176-4.el7.x86_64
2020-06-26 15:02:13 Found package: elfutils-libs,0.176-4.el7.x86_64
2020-06-26 15:02:13 Found package: epel-release,7-12.noarch
2020-06-26 15:02:13 Found package: ethtool,4.8-10.el7.x86_64
2020-06-26 15:02:13 Found package: expat,2.1.0-11.el7.x86_64
2020-06-26 15:02:13 Found package: fail2ban,0.10.5-2.el7.noarch
2020-06-26 15:02:13 Found package: fail2ban-firewalld,0.10.5-2.el7.noarch
2020-06-26 15:02:13 Found package: fail2ban-sendmail,0.10.5-2.el7.noarch
2020-06-26 15:02:13 Found package: fail2ban-server,0.10.5-2.el7.noarch
2020-06-26 15:02:13 Found package: file,5.11-36.el7.x86_64
2020-06-26 15:02:13 Found package: file-libs,5.11-36.el7.x86_64
2020-06-26 15:02:13 Found package: filesystem,3.2-25.el7.x86_64
2020-06-26 15:02:13 Found package: findutils,4.5.11-6.el7.x86_64
2020-06-26 15:02:13 Found package: fipscheck,1.4.1-6.el7.x86_64
2020-06-26 15:02:13 Found package: fipscheck-lib,1.4.1-6.el7.x86_64
2020-06-26 15:02:13 Found package: firewalld,0.6.3-8.el7_8.1.noarch
2020-06-26 15:02:13 Found package: firewalld-filesystem,0.6.3-8.el7_8.1.noarch
2020-06-26 15:02:13 Found package: freetype,2.8-14.el7.x86_64
2020-06-26 15:02:13 Found package: gawk,4.0.2-4.el7_3.1.x86_64
2020-06-26 15:02:13 Found package: gdbm,1.10-8.el7.x86_64
2020-06-26 15:02:13 Found package: gettext,0.19.8.1-3.el7.x86_64
2020-06-26 15:02:13 Found package: gettext-libs,0.19.8.1-3.el7.x86_64
2020-06-26 15:02:13 Found package: glib2,2.56.1-5.el7.x86_64
2020-06-26 15:02:13 Found package: glibc,2.17-307.el7.1.x86_64
2020-06-26 15:02:13 Found package: glibc-common,2.17-307.el7.1.x86_64
2020-06-26 15:02:13 Found package: gmp,6.0.0-15.el7.x86_64
2020-06-26 15:02:13 Found package: gnupg2,2.0.22-5.el7_5.x86_64
2020-06-26 15:02:13 Found package: gobject-introspection,1.56.1-1.el7.x86_64
2020-06-26 15:02:13 Found package: gpg-pubkey,0acf951b-576b7a7f.(none)
2020-06-26 15:02:13 Found package: gpg-pubkey,352c64e5-52ae6884.(none)
2020-06-26 15:02:13 Found package: gpg-pubkey,f4a80eb5-53a7ff4b.(none)
2020-06-26 15:02:13 Found package: gpgme,1.3.2-5.el7.x86_64
2020-06-26 15:02:13 Found package: grep,2.20-3.el7.x86_64
2020-06-26 15:02:13 Found package: groff-base,1.22.2-8.el7.x86_64
2020-06-26 15:02:13 Found package: grub2,2.02-0.81.el7.centos.x86_64
2020-06-26 15:02:13 Found package: grub2-common,2.02-0.81.el7.centos.noarch
2020-06-26 15:02:13 Found package: grub2-pc,2.02-0.81.el7.centos.x86_64
2020-06-26 15:02:13 Found package: grub2-pc-modules,2.02-0.81.el7.centos.noarch
2020-06-26 15:02:13 Found package: grub2-tools,2.02-0.81.el7.centos.x86_64
2020-06-26 15:02:13 Found package: grub2-tools-extra,2.02-0.81.el7.centos.x86_64
2020-06-26 15:02:13 Found package: grub2-tools-minimal,2.02-0.81.el7.centos.x86_64
2020-06-26 15:02:13 Found package: grubby,8.28-26.el7.x86_64
2020-06-26 15:02:13 Found package: gssproxy,0.7.0-28.el7.x86_64
2020-06-26 15:02:13 Found package: gzip,1.5-10.el7.x86_64
2020-06-26 15:02:13 Found package: hardlink,1.0-19.el7.x86_64
2020-06-26 15:02:13 Found package: hmaccalc,0.9.13-4.el7.x86_64
2020-06-26 15:02:13 Found package: hostname,3.13-3.el7_7.1.x86_64
2020-06-26 15:02:13 Found package: hwdata,0.252-9.5.el7.x86_64
2020-06-26 15:02:13 Found package: info,5.1-5.el7.x86_64
2020-06-26 15:02:13 Found package: initscripts,9.49.49-1.el7.x86_64
2020-06-26 15:02:13 Found package: iproute,4.11.0-25.el7_7.2.x86_64
2020-06-26 15:02:13 Found package: ipset,7.1-1.el7.x86_64
2020-06-26 15:02:13 Found package: ipset-libs,7.1-1.el7.x86_64
2020-06-26 15:02:13 Found package: iptables,1.4.21-34.el7.x86_64
2020-06-26 15:02:13 Found package: iputils,20160308-10.el7.x86_64
2020-06-26 15:02:13 Found package: irqbalance,1.0.7-12.el7.x86_64
2020-06-26 15:02:13 Found package: iwl7260-firmware,25.30.13.0-76.el7.noarch
2020-06-26 15:02:13 Found package: jansson,2.10-1.el7.x86_64
2020-06-26 15:02:13 Found package: json-c,0.11-4.el7_0.x86_64
2020-06-26 15:02:13 Found package: kbd,1.15.5-15.el7.x86_64
2020-06-26 15:02:13 Found package: kbd-legacy,1.15.5-15.el7.noarch
2020-06-26 15:02:13 Found package: kbd-misc,1.15.5-15.el7.noarch
2020-06-26 15:02:13 Found package: kernel,3.10.0-1062.12.1.el7.x86_64
2020-06-26 15:02:13 Found package: kernel,3.10.0-1127.13.1.el7.x86_64
2020-06-26 15:02:13 Found package: kernel-tools,3.10.0-1127.13.1.el7.x86_64
2020-06-26 15:02:13 Found package: kernel-tools-libs,3.10.0-1127.13.1.el7.x86_64
2020-06-26 15:02:13 Found package: kexec-tools,2.0.15-43.el7.x86_64
2020-06-26 15:02:13 Found package: keyutils,1.5.8-3.el7.x86_64
2020-06-26 15:02:13 Found package: keyutils-libs,1.5.8-3.el7.x86_64
2020-06-26 15:02:13 Found package: kmod,20-28.el7.x86_64
2020-06-26 15:02:13 Found package: kmod-libs,20-28.el7.x86_64
2020-06-26 15:02:13 Found package: kpartx,0.4.9-131.el7.x86_64
2020-06-26 15:02:13 Found package: krb5-libs,1.15.1-46.el7.x86_64
2020-06-26 15:02:14 Found package: less,458-9.el7.x86_64
2020-06-26 15:02:14 Found package: libacl,2.2.51-15.el7.x86_64
2020-06-26 15:02:14 Found package: libassuan,2.1.0-3.el7.x86_64
2020-06-26 15:02:14 Found package: libattr,2.4.46-13.el7.x86_64
2020-06-26 15:02:14 Found package: libbasicobjects,0.1.1-32.el7.x86_64
2020-06-26 15:02:14 Found package: libblkid,2.23.2-63.el7.x86_64
2020-06-26 15:02:14 Found package: libcap,2.22-11.el7.x86_64
2020-06-26 15:02:14 Found package: libcap-ng,0.7.5-4.el7.x86_64
2020-06-26 15:02:14 Found package: libcgroup,0.41-21.el7.x86_64
2020-06-26 15:02:14 Found package: libcollection,0.7.0-32.el7.x86_64
2020-06-26 15:02:14 Found package: libcom_err,1.42.9-17.el7.x86_64
2020-06-26 15:02:14 Found package: libcroco,0.6.12-4.el7.x86_64
2020-06-26 15:02:14 Found package: libcurl,7.29.0-57.el7.x86_64
2020-06-26 15:02:14 Found package: libdaemon,0.14-7.el7.x86_64
2020-06-26 15:02:14 Found package: libdb,5.3.21-25.el7.x86_64
2020-06-26 15:02:14 Found package: libdb-utils,5.3.21-25.el7.x86_64
2020-06-26 15:02:14 Found package: libedit,3.0-12.20121213cvs.el7.x86_64
2020-06-26 15:02:14 Found package: libestr,0.1.9-2.el7.x86_64
2020-06-26 15:02:14 Found package: libevent,2.0.21-4.el7.x86_64
2020-06-26 15:02:14 Found package: libfastjson,0.99.4-3.el7.x86_64
2020-06-26 15:02:14 Found package: libffi,3.0.13-19.el7.x86_64
2020-06-26 15:02:14 Found package: libgcc,4.8.5-39.el7.x86_64
2020-06-26 15:02:14 Found package: libgcrypt,1.5.3-14.el7.x86_64
2020-06-26 15:02:14 Found package: libgomp,4.8.5-39.el7.x86_64
2020-06-26 15:02:14 Found package: libgpg-error,1.12-3.el7.x86_64
2020-06-26 15:02:14 Found package: libidn,1.28-4.el7.x86_64
2020-06-26 15:02:14 Found package: libini_config,1.3.1-32.el7.x86_64
2020-06-26 15:02:14 Found package: libmnl,1.0.3-7.el7.x86_64
2020-06-26 15:02:14 Found package: libmount,2.23.2-63.el7.x86_64
2020-06-26 15:02:14 Found package: libndp,1.2-9.el7.x86_64
2020-06-26 15:02:14 Found package: libnetfilter_conntrack,1.0.6-1.el7_3.x86_64
2020-06-26 15:02:14 Found package: libnfnetlink,1.0.1-4.el7.x86_64
2020-06-26 15:02:14 Found package: libnfsidmap,0.25-19.el7.x86_64
2020-06-26 15:02:14 Found package: libnl3,3.2.28-4.el7.x86_64
2020-06-26 15:02:14 Found package: libnl3-cli,3.2.28-4.el7.x86_64
2020-06-26 15:02:14 Found package: libpath_utils,0.2.1-32.el7.x86_64
2020-06-26 15:02:14 Found package: libpipeline,1.2.3-3.el7.x86_64
2020-06-26 15:02:14 Found package: libpng,1.5.13-7.el7_2.x86_64
2020-06-26 15:02:14 Found package: libpwquality,1.2.3-5.el7.x86_64
2020-06-26 15:02:14 Found package: libqb,1.0.1-9.el7.x86_64
2020-06-26 15:02:14 Found package: libref_array,0.1.5-32.el7.x86_64
2020-06-26 15:02:14 Found package: libseccomp,2.3.1-4.el7.x86_64
2020-06-26 15:02:14 Found package: libselinux,2.5-15.el7.x86_64
2020-06-26 15:02:14 Found package: libselinux-python,2.5-15.el7.x86_64
2020-06-26 15:02:14 Found package: libselinux-python3,2.5-15.el7.x86_64
2020-06-26 15:02:14 Found package: libselinux-utils,2.5-15.el7.x86_64
2020-06-26 15:02:14 Found package: libsemanage,2.5-14.el7.x86_64
2020-06-26 15:02:14 Found package: libsemanage-python,2.5-14.el7.x86_64
2020-06-26 15:02:14 Found package: libsepol,2.5-10.el7.x86_64
2020-06-26 15:02:14 Found package: libsmartcols,2.23.2-63.el7.x86_64
2020-06-26 15:02:14 Found package: libss,1.42.9-17.el7.x86_64
2020-06-26 15:02:14 Found package: libssh2,1.8.0-3.el7.x86_64
2020-06-26 15:02:14 Found package: libstdc++,4.8.5-39.el7.x86_64
2020-06-26 15:02:14 Found package: libsysfs,2.1.0-16.el7.x86_64
2020-06-26 15:02:14 Found package: libtasn1,4.10-1.el7.x86_64
2020-06-26 15:02:14 Found package: libteam,1.29-1.el7.x86_64
2020-06-26 15:02:14 Found package: libtirpc,0.2.4-0.16.el7.x86_64
2020-06-26 15:02:14 Found package: libunistring,0.9.3-9.el7.x86_64
2020-06-26 15:02:14 Found package: libuser,0.60-9.el7.x86_64
2020-06-26 15:02:14 Found package: libutempter,1.1.6-4.el7.x86_64
2020-06-26 15:02:14 Found package: libuuid,2.23.2-63.el7.x86_64
2020-06-26 15:02:14 Found package: libverto,0.2.5-4.el7.x86_64
2020-06-26 15:02:14 Found package: libverto-libevent,0.2.5-4.el7.x86_64
2020-06-26 15:02:14 Found package: libxml2,2.9.1-6.el7.4.x86_64
2020-06-26 15:02:14 Found package: libxml2-python,2.9.1-6.el7.4.x86_64
2020-06-26 15:02:14 Found package: libyaml,0.1.4-11.el7_0.x86_64
2020-06-26 15:02:14 Found package: linux-firmware,20191203-76.gite8a0f4c.el7.noarch
2020-06-26 15:02:14 Found package: logrotate,3.8.6-19.el7.x86_64
2020-06-26 15:02:14 Found package: lshw,B.02.18-14.el7.x86_64
2020-06-26 15:02:14 Found package: lua,5.1.4-15.el7.x86_64
2020-06-26 15:02:14 Found package: lynis,3.0.0-100.noarch
2020-06-26 15:02:14 Found package: lz4,1.7.5-3.el7.x86_64
2020-06-26 15:02:14 Found package: lzo,2.06-8.el7.x86_64
2020-06-26 15:02:14 Found package: make,3.82-24.el7.x86_64
2020-06-26 15:02:14 Found package: man-db,2.6.3-11.el7.x86_64
2020-06-26 15:02:14 Found package: mariadb-libs,5.5.65-1.el7.x86_64
2020-06-26 15:02:14 Found package: microcode_ctl,2.1-61.10.el7_8.x86_64
2020-06-26 15:02:14 Found package: mozjs17,17.0.0-20.el7.x86_64
2020-06-26 15:02:14 Found package: ncurses,5.9-14.20130511.el7_4.x86_64
2020-06-26 15:02:14 Found package: ncurses-base,5.9-14.20130511.el7_4.noarch
2020-06-26 15:02:14 Found package: ncurses-libs,5.9-14.20130511.el7_4.x86_64
2020-06-26 15:02:14 Found package: net-tools,2.0-0.25.20131004git.el7.x86_64
2020-06-26 15:02:14 Found package: newt,0.52.15-4.el7.x86_64
2020-06-26 15:02:14 Found package: newt-python,0.52.15-4.el7.x86_64
2020-06-26 15:02:14 Found package: nfs-utils,1.3.0-0.66.el7.x86_64
2020-06-26 15:02:14 Found package: nspr,4.21.0-1.el7.x86_64
2020-06-26 15:02:14 Found package: nss,3.44.0-7.el7_7.x86_64
2020-06-26 15:02:14 Found package: nss-pem,1.0.3-7.el7.x86_64
2020-06-26 15:02:14 Found package: nss-softokn,3.44.0-8.el7_7.x86_64
2020-06-26 15:02:14 Found package: nss-softokn-freebl,3.44.0-8.el7_7.x86_64
2020-06-26 15:02:14 Found package: nss-sysinit,3.44.0-7.el7_7.x86_64
2020-06-26 15:02:14 Found package: nss-tools,3.44.0-7.el7_7.x86_64
2020-06-26 15:02:14 Found package: nss-util,3.44.0-4.el7_7.x86_64
2020-06-26 15:02:14 Found package: numactl-libs,2.0.12-5.el7.x86_64
2020-06-26 15:02:14 Found package: openldap,2.4.44-21.el7_6.x86_64
2020-06-26 15:02:14 Found package: openssh,7.4p1-21.el7.x86_64
2020-06-26 15:02:14 Found package: openssh-clients,7.4p1-21.el7.x86_64
2020-06-26 15:02:14 Found package: openssh-server,7.4p1-21.el7.x86_64
2020-06-26 15:02:14 Found package: openssl,1.0.2k-19.el7.x86_64
2020-06-26 15:02:14 Found package: openssl-libs,1.0.2k-19.el7.x86_64
2020-06-26 15:02:14 Found package: os-prober,1.58-9.el7.x86_64
2020-06-26 15:02:14 Found package: p11-kit,0.23.5-3.el7.x86_64
2020-06-26 15:02:14 Found package: p11-kit-trust,0.23.5-3.el7.x86_64
2020-06-26 15:02:14 Found package: pam,1.1.8-23.el7.x86_64
2020-06-26 15:02:14 Found package: pam_pkcs11,0.6.2-30.el7.x86_64
2020-06-26 15:02:14 Found package: parted,3.1-32.el7.x86_64
2020-06-26 15:02:14 Found package: passwd,0.79-6.el7.x86_64
2020-06-26 15:02:14 Found package: pciutils-libs,3.5.1-3.el7.x86_64
2020-06-26 15:02:14 Found package: pcre,8.32-17.el7.x86_64
2020-06-26 15:02:14 Found package: pcsc-lite-libs,1.8.8-8.el7.x86_64
2020-06-26 15:02:14 Found package: pinentry,0.8.1-17.el7.x86_64
2020-06-26 15:02:14 Found package: pkgconfig,0.27.1-4.el7.x86_64
2020-06-26 15:02:14 Found package: policycoreutils,2.5-34.el7.x86_64
2020-06-26 15:02:14 Found package: policycoreutils-python,2.5-34.el7.x86_64
2020-06-26 15:02:14 Found package: polkit,0.112-26.el7.x86_64
2020-06-26 15:02:14 Found package: polkit-pkla-compat,0.1-4.el7.x86_64
2020-06-26 15:02:14 Found package: popt,1.13-16.el7.x86_64
2020-06-26 15:02:14 Found package: postfix,2.10.1-9.el7.x86_64
2020-06-26 15:02:14 Found package: procps-ng,3.3.10-27.el7.x86_64
2020-06-26 15:02:14 Found package: protobuf,2.5.0-8.el7.x86_64
2020-06-26 15:02:14 Found package: pth,2.0.7-23.el7.x86_64
2020-06-26 15:02:14 Found package: pygpgme,0.3-9.el7.x86_64
2020-06-26 15:02:14 Found package: pyliblzma,0.5.3-11.el7.x86_64
2020-06-26 15:02:14 Found package: pyserial,2.6-6.el7.noarch
2020-06-26 15:02:14 Found package: python,2.7.5-88.el7.x86_64
2020-06-26 15:02:14 Found package: python-IPy,0.75-6.el7.noarch
2020-06-26 15:02:14 Found package: python-babel,0.9.6-8.el7.noarch
2020-06-26 15:02:14 Found package: python-backports,1.0-8.el7.x86_64
2020-06-26 15:02:14 Found package: python-backports-ssl_match_hostname,3.5.0.1-1.el7.noarch
2020-06-26 15:02:14 Found package: python-chardet,2.2.1-3.el7.noarch
2020-06-26 15:02:14 Found package: python-configobj,4.7.2-7.el7.noarch
2020-06-26 15:02:14 Found package: python-decorator,3.4.0-3.el7.noarch
2020-06-26 15:02:14 Found package: python-firewall,0.6.3-8.el7_8.1.noarch
2020-06-26 15:02:14 Found package: python-gobject-base,3.22.0-1.el7_4.1.x86_64
2020-06-26 15:02:14 Found package: python-iniparse,0.4-9.el7.noarch
2020-06-26 15:02:14 Found package: python-ipaddress,1.0.16-2.el7.noarch
2020-06-26 15:02:14 Found package: python-jinja2,2.7.2-4.el7.noarch
2020-06-26 15:02:14 Found package: python-jsonpatch,1.2-4.el7.noarch
2020-06-26 15:02:14 Found package: python-jsonpointer,1.9-2.el7.noarch
2020-06-26 15:02:14 Found package: python-kitchen,1.1.1-5.el7.noarch
2020-06-26 15:02:14 Found package: python-libs,2.7.5-88.el7.x86_64
2020-06-26 15:02:14 Found package: python-linux-procfs,0.4.11-4.el7.noarch
2020-06-26 15:02:14 Found package: python-markupsafe,0.11-10.el7.x86_64
2020-06-26 15:02:14 Found package: python-perf,3.10.0-1127.13.1.el7.x86_64
2020-06-26 15:02:14 Found package: python-prettytable,0.7.2-3.el7.noarch
2020-06-26 15:02:14 Found package: python-pycurl,7.19.0-19.el7.x86_64
2020-06-26 15:02:14 Found package: python-pyudev,0.15-9.el7.noarch
2020-06-26 15:02:14 Found package: python-requests,2.6.0-9.el7_8.noarch
2020-06-26 15:02:14 Found package: python-schedutils,0.4-6.el7.x86_64
2020-06-26 15:02:14 Found package: python-setuptools,0.9.8-7.el7.noarch
2020-06-26 15:02:14 Found package: python-six,1.9.0-2.el7.noarch
2020-06-26 15:02:14 Found package: python-slip,0.4.0-4.el7.noarch
2020-06-26 15:02:14 Found package: python-slip-dbus,0.4.0-4.el7.noarch
2020-06-26 15:02:14 Found package: python-urlgrabber,3.10-10.el7.noarch
2020-06-26 15:02:14 Found package: python-urllib3,1.10.2-7.el7.noarch
2020-06-26 15:02:14 Found package: python2-jmespath,0.9.4-2.el7.noarch
2020-06-26 15:02:14 Found package: python3,3.6.8-13.el7.x86_64
2020-06-26 15:02:14 Found package: python3-libs,3.6.8-13.el7.x86_64
2020-06-26 15:02:14 Found package: python3-pip,9.0.3-7.el7_7.noarch
2020-06-26 15:02:14 Found package: python3-setuptools,39.2.0-10.el7.noarch
2020-06-26 15:02:14 Found package: pyxattr,0.5.1-5.el7.x86_64
2020-06-26 15:02:14 Found package: qemu-guest-agent,2.12.0-3.el7.x86_64
2020-06-26 15:02:14 Found package: qrencode-libs,3.4.1-3.el7.x86_64
2020-06-26 15:02:14 Found package: quota,4.01-19.el7.x86_64
2020-06-26 15:02:14 Found package: quota-nls,4.01-19.el7.noarch
2020-06-26 15:02:14 Found package: readline,6.2-11.el7.x86_64
2020-06-26 15:02:14 Found package: rootfiles,8.1-11.el7.noarch
2020-06-26 15:02:14 Found package: rpcbind,0.2.0-49.el7.x86_64
2020-06-26 15:02:14 Found package: rpm,4.11.3-43.el7.x86_64
2020-06-26 15:02:14 Found package: rpm-build-libs,4.11.3-43.el7.x86_64
2020-06-26 15:02:14 Found package: rpm-libs,4.11.3-43.el7.x86_64
2020-06-26 15:02:14 Found package: rpm-python,4.11.3-43.el7.x86_64
2020-06-26 15:02:14 Found package: rsync,3.1.2-10.el7.x86_64
2020-06-26 15:02:14 Found package: rsyslog,8.24.0-52.el7_8.2.x86_64
2020-06-26 15:02:14 Found package: screen,4.1.0-0.25.20120314git3c2946.el7.x86_64
2020-06-26 15:02:14 Found package: sed,4.2.2-6.el7.x86_64
2020-06-26 15:02:14 Found package: selinux-policy,3.13.1-266.el7.noarch
2020-06-26 15:02:14 Found package: selinux-policy-targeted,3.13.1-266.el7.noarch
2020-06-26 15:02:15 Found package: setools-libs,3.3.8-4.el7.x86_64
2020-06-26 15:02:15 Found package: setup,2.8.71-11.el7.noarch
2020-06-26 15:02:15 Found package: sg3_utils,1.37-19.el7.x86_64
2020-06-26 15:02:15 Found package: sg3_utils-libs,1.37-19.el7.x86_64
2020-06-26 15:02:15 Found package: shadow-utils,4.6-5.el7.x86_64
2020-06-26 15:02:15 Found package: shared-mime-info,1.8-5.el7.x86_64
2020-06-26 15:02:15 Found package: slang,2.2.4-11.el7.x86_64
2020-06-26 15:02:15 Found package: snappy,1.1.0-3.el7.x86_64
2020-06-26 15:02:15 Found package: sqlite,3.7.17-8.el7_7.1.x86_64
2020-06-26 15:02:15 Found package: sudo,1.8.23-9.el7.x86_64
2020-06-26 15:02:15 Found package: systemd,219-73.el7_8.6.x86_64
2020-06-26 15:02:15 Found package: systemd-libs,219-73.el7_8.6.x86_64
2020-06-26 15:02:15 Found package: systemd-python,219-73.el7_8.6.x86_64
2020-06-26 15:02:15 Found package: systemd-sysv,219-73.el7_8.6.x86_64
2020-06-26 15:02:15 Found package: sysvinit-tools,2.88-14.dsf.el7.x86_64
2020-06-26 15:02:15 Found package: tar,1.26-35.el7.x86_64
2020-06-26 15:02:15 Found package: tcp_wrappers,7.6-77.el7.x86_64
2020-06-26 15:02:15 Found package: tcp_wrappers-libs,7.6-77.el7.x86_64
2020-06-26 15:02:15 Found package: teamd,1.29-1.el7.x86_64
2020-06-26 15:02:15 Found package: tuned,2.11.0-8.el7.noarch
2020-06-26 15:02:15 Found package: tzdata,2020a-1.el7.noarch
2020-06-26 15:02:15 Found package: usbguard,0.7.4-3.el7.x86_64
2020-06-26 15:02:15 Found package: ustr,1.0.4-16.el7.x86_64
2020-06-26 15:02:15 Found package: util-linux,2.23.2-63.el7.x86_64
2020-06-26 15:02:15 Found package: vim-minimal,7.4.629-6.el7.x86_64
2020-06-26 15:02:15 Found package: virt-what,1.18-4.el7.x86_64
2020-06-26 15:02:15 Found package: which,2.20-7.el7.x86_64
2020-06-26 15:02:15 Found package: wpa_supplicant,2.6-12.el7.x86_64
2020-06-26 15:02:15 Found package: xfsprogs,4.5.0-20.el7.x86_64
2020-06-26 15:02:15 Found package: xz,5.2.2-1.el7.x86_64
2020-06-26 15:02:15 Found package: xz-libs,5.2.2-1.el7.x86_64
2020-06-26 15:02:15 Found package: yum,3.4.3-167.el7.centos.noarch
2020-06-26 15:02:15 Found package: yum-metadata-parser,1.1.4-10.el7.x86_64
2020-06-26 15:02:15 Found package: yum-plugin-fastestmirror,1.1.31-54.el7_8.noarch
2020-06-26 15:02:15 Found package: yum-utils,1.1.31-54.el7_8.noarch
2020-06-26 15:02:15 Found package: zlib,1.2.7-18.el7.x86_64
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7310 (Checking package list with pacman)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7312 (Checking available updates for pacman based system)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 Result: pacman binary NOT found on this system, test skipped
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7314 (Checking pacman configuration options)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7320 (Checking for arch-audit tooling)
2020-06-26 15:02:15 Reason to skip: Test only applies to Arch Linux
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7322 (Discover vulnerable packages with arch-audit)
2020-06-26 15:02:15 Reason to skip: arch-audit not found
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7328 (Querying Zypper for installed packages)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7330 (Querying Zypper for vulnerable packages)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7332 (Query macOS ports)
2020-06-26 15:02:15 Reason to skip: Incorrect guest OS (macOS only)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7334 (Query port for port upgrades)
2020-06-26 15:02:15 Reason to skip: Incorrect guest OS (macOS only)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7345 (Querying dpkg)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 Result: dpkg can NOT be found on this system, test skipped
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7346 (Search unpurged packages on system)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 Result: dpkg can NOT be found on this system, test skipped
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7348 (Check for old distfiles)
2020-06-26 15:02:15 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7350 (Checking for installed packages with DNF utility)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7352 (Checking for security updates with DNF utility)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7354 (Checking package database integrity)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7366 (Checking for debsecan utility)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7370 (Checking for debsums utility)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7378 (Query portmaster for port upgrades)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7380 (Check for vulnerable NetBSD packages)
2020-06-26 15:02:15 Reason to skip: Incorrect guest OS (NetBSD only)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7381 (Check for vulnerable FreeBSD packages with pkg)
2020-06-26 15:02:15 Reason to skip: pkg tool not available
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Skipped test PKGS-7382 (Check for vulnerable FreeBSD packages with portaudit)
2020-06-26 15:02:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:15 ====
2020-06-26 15:02:15 Performing test ID PKGS-7383 (Check for YUM package update management)
2020-06-26 15:02:15 Test: YUM package update management
2020-06-26 15:02:16 Result: YUM repository available (24714)
2020-06-26 15:02:16 ====
2020-06-26 15:02:16 Performing test ID PKGS-7384 (Check for YUM utils package)
2020-06-26 15:02:16 Result: found YUM utils package (package-cleanup)
2020-06-26 15:02:16 Test: Checking for duplicate packages
2020-06-26 15:02:16 Result: No duplicate packages found
2020-06-26 15:02:16 Test: Checking for database problems
2020-06-26 15:02:17 Result: No package database problems found
2020-06-26 15:02:17 ====
2020-06-26 15:02:17 Performing test ID PKGS-7386 (Check for YUM security package)
2020-06-26 15:02:17 Test: Determining if yum-security package installed
2020-06-26 15:02:17 Test: checking if file /usr/share/yum-cli/cli.py exists
2020-06-26 15:02:17 Result: file /usr/share/yum-cli/cli.py exists
2020-06-26 15:02:17 Test: search string \-\-security in file /usr/share/yum-cli/cli.py
2020-06-26 15:02:17 Result: found search string '\-\-security'
2020-06-26 15:02:17 Full string returned: group.add_option("--security", action="store_true",
2020-06-26 15:02:17 Result: found built-in security in yum
2020-06-26 15:02:17 Test: Checking for vulnerable packages
2020-06-26 15:02:20 Result: no vulnerable packages found
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Performing test ID PKGS-7387 (Check for GPG signing in YUM security package)
2020-06-26 15:02:20 Test: checking enabled repositories
2020-06-26 15:02:20 Result: software repository 'base' is signed
2020-06-26 15:02:20 Hardening: assigned maximum number of hardening points for this item (4). Currently having 140 points (out of 180)
2020-06-26 15:02:20 Result: software repository 'epel' is signed
2020-06-26 15:02:20 Hardening: assigned maximum number of hardening points for this item (4). Currently having 144 points (out of 184)
2020-06-26 15:02:20 Result: software repository 'extras' is signed
2020-06-26 15:02:20 Hardening: assigned maximum number of hardening points for this item (4). Currently having 148 points (out of 188)
2020-06-26 15:02:20 Result: software repository 'lynis' is signed
2020-06-26 15:02:20 Hardening: assigned maximum number of hardening points for this item (4). Currently having 152 points (out of 192)
2020-06-26 15:02:20 Result: software repository 'updates' is signed
2020-06-26 15:02:20 Hardening: assigned maximum number of hardening points for this item (4). Currently having 156 points (out of 196)
2020-06-26 15:02:20 Test: checking if file /etc/yum.conf exists
2020-06-26 15:02:20 Result: file /etc/yum.conf exists
2020-06-26 15:02:20 Test: search string ^gpgenabled\s*=\s*1$ in file /etc/yum.conf
2020-06-26 15:02:20 Result: search search string '^gpgenabled\s*=\s*1$' NOT found
2020-06-26 15:02:20 Test: search string ^gpgcheck\s*=\s*1$ in file /etc/yum.conf
2020-06-26 15:02:20 Result: found search string '^gpgcheck\s*=\s*1$'
2020-06-26 15:02:20 Full string returned: gpgcheck=1
2020-06-26 15:02:20 Result: GPG check is enabled
2020-06-26 15:02:20 Hardening: assigned maximum number of hardening points for this item (3). Currently having 159 points (out of 199)
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Skipped test PKGS-7388 (Check security repository in apt sources.list file)
2020-06-26 15:02:20 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Skipped test PKGS-7390 (Check Ubuntu database consistency)
2020-06-26 15:02:20 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Skipped test PKGS-7392 (Check for Debian/Ubuntu security updates)
2020-06-26 15:02:20 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Skipped test PKGS-7393 (Check for Gentoo vulnerable packages)
2020-06-26 15:02:20 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Skipped test PKGS-7394 (Check for Ubuntu updates)
2020-06-26 15:02:20 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Performing test ID PKGS-7398 (Check for package audit tool)
2020-06-26 15:02:20 Test: checking for package audit tool
2020-06-26 15:02:20 Result: found package audit tool: yum-security
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Performing test ID PKGS-7410 (Count installed kernel packages)
2020-06-26 15:02:20 Test: Checking how many kernel packages are installed
2020-06-26 15:02:20 Result: found 2 kernel packages on the system, which is fine
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Performing test ID PKGS-7420 (Detect toolkit to automatically download and apply upgrades)
2020-06-26 15:02:20 Hardening: assigned partial number of hardening points (1 of 5). Currently having 160 points (out of 204)
2020-06-26 15:02:20 Result: no toolkit for automatic updates discovered
2020-06-26 15:02:20 Suggestion: Consider using a tool to automatically apply upgrades [test:PKGS-7420] [details:-] [solution:-]
2020-06-26 15:02:20 Security check: file is normal
2020-06-26 15:02:20 Checking permissions of /usr/share/lynis/include/tests_networking
2020-06-26 15:02:20 File permissions are OK
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Action: Performing tests from category: Networking
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Performing test ID NETW-2400 (Hostname length and value check)
2020-06-26 15:02:20 Result: FQDN is defined and not longer than 253 characters (29 characters)
2020-06-26 15:02:20 Result: hostnamed is defined and not longer than 63 characters
2020-06-26 15:02:20 Result: good, no unexpected characters discovered in hostname
2020-06-26 15:02:20 ====
2020-06-26 15:02:20 Performing test ID NETW-2600 (Checking IPv6 configuration)
2020-06-26 15:02:21 Result: IPV6 mode is auto
2020-06-26 15:02:21 Result: IPv6 only configuration: NO
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-2704 (Basic nameserver configuration tests)
2020-06-26 15:02:21 Test: Checking /etc/resolv.conf file
2020-06-26 15:02:21 Result: Found /etc/resolv.conf file
2020-06-26 15:02:21 Test: Querying nameservers
2020-06-26 15:02:21 Found nameserver: 172.20.0.2
2020-06-26 15:02:21 Result: Nameserver test for 172.20.0.2 skipped, 'dig' not installed
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-2705 (Check availability two nameservers)
2020-06-26 15:02:21 Result: dig not installed, test can't be fully performed
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Skipped test NETW-2706 (Check systemd-resolved and upstream DNSSEC status)
2020-06-26 15:02:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:21 Result: Test most likely skipped due to not having resolvectl
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3001 (Find default gateway (route))
2020-06-26 15:02:21 Test: Searching default gateway(s)
2020-06-26 15:02:21 Result: Found default gateway 172.20.32.1
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3004 (Search for available network interfaces)
2020-06-26 15:02:21 Found network interface: lo
2020-06-26 15:02:21 Found network interface: ens5
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3006 (Get network MAC addresses)
2020-06-26 15:02:21 Found MAC address: 02:1c:6e:f4:67:3f
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3008 (Get network IP addresses)
2020-06-26 15:02:21 Found IPv4 address: 172.20.38.179
2020-06-26 15:02:21 Found IPv4 address: 127.0.0.1
2020-06-26 15:02:21 Found IPv6 address: fe80::1c:6eff:fef4:673f
2020-06-26 15:02:21 Found IPv6 address: ::1
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3012 (Check listening ports)
2020-06-26 15:02:21 Test: Retrieving ss information to find listening ports
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Skipped test NETW-3014 (Checking promiscuous interfaces (BSD))
2020-06-26 15:02:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3015 (Checking promiscuous interfaces (Linux))
2020-06-26 15:02:21 Test: Using ip binary to retrieve network interfaces
2020-06-26 15:02:21 Test: Checking all interfaces to discover any with promiscuous mode enabled
2020-06-26 15:02:21 Result: No promiscuous interfaces found
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3028 (Checking connections in WAIT state)
2020-06-26 15:02:21 Test: Using netstat for check for connections in WAIT state
2020-06-26 15:02:21 Result: currently 105 connections are in a waiting state (max configured: 5000).
2020-06-26 15:02:21 Result: 105 connections are in WAIT state
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3030 (Checking DHCP client status)
2020-06-26 15:02:21 Performing pgrep scan without uid
2020-06-26 15:02:21 IsRunning: process 'dhclient' found (970 )
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3032 (Checking for ARP monitoring software)
2020-06-26 15:02:21 Performing pgrep scan without uid
2020-06-26 15:02:21 IsRunning: process 'addrwatch' not found
2020-06-26 15:02:21 Performing pgrep scan without uid
2020-06-26 15:02:21 IsRunning: process 'arpwatch' not found
2020-06-26 15:02:21 Performing pgrep scan without uid
2020-06-26 15:02:21 IsRunning: process 'arpon' not found
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Performing test ID NETW-3200 (Determine available network protocols)
2020-06-26 15:02:21 Test: checking the status of some network protocols that typically are not used
2020-06-26 15:02:21 Test: now checking module 'dccp'
2020-06-26 15:02:21 Result: found dccp module disabled via /etc/modprobe.d/nodccp.conf
2020-06-26 15:02:21 Test: now checking module 'sctp'
2020-06-26 15:02:21 Suggestion: Determine if protocol 'sctp' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
2020-06-26 15:02:21 Test: now checking module 'rds'
2020-06-26 15:02:21 Suggestion: Determine if protocol 'rds' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
2020-06-26 15:02:21 Test: now checking module 'tipc'
2020-06-26 15:02:21 Suggestion: Determine if protocol 'tipc' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
2020-06-26 15:02:21 Security check: file is normal
2020-06-26 15:02:21 Checking permissions of /usr/share/lynis/include/tests_printers_spoolers
2020-06-26 15:02:21 File permissions are OK
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Action: Performing tests from category: Printers and Spools
2020-06-26 15:02:21 ====
2020-06-26 15:02:21 Skipped test PRNT-2302 (Check for printcap consistency)
2020-06-26 15:02:21 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:21 ====
2020-06-26 15:02:22 Performing test ID PRNT-2304 (Check cupsd status)
2020-06-26 15:02:22 Test: Checking cupsd status
2020-06-26 15:02:22 Performing pgrep scan without uid
2020-06-26 15:02:22 IsRunning: process 'cupsd' not found
2020-06-26 15:02:22 Result: cups daemon not running, cups daemon tests skipped
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Skipped test PRNT-2306 (Check CUPSd configuration file)
2020-06-26 15:02:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Skipped test PRNT-2307 (Check CUPSd configuration file permissions)
2020-06-26 15:02:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Skipped test PRNT-2308 (Check CUPSd network configuration)
2020-06-26 15:02:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID PRNT-2314 (Check lpd status)
2020-06-26 15:02:22 Test: Checking lpd status
2020-06-26 15:02:22 Performing pgrep scan without uid
2020-06-26 15:02:22 IsRunning: process 'lpd' not found
2020-06-26 15:02:22 Result: lp daemon not running
2020-06-26 15:02:22 Hardening: assigned maximum number of hardening points for this item (4). Currently having 164 points (out of 208)
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Skipped test PRNT-2316 (Checking /etc/qconfig file)
2020-06-26 15:02:22 Reason to skip: Incorrect guest OS (AIX only)
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Skipped test PRNT-2418 (Checking qdaemon printer spooler status)
2020-06-26 15:02:22 Reason to skip: Incorrect guest OS (AIX only)
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Skipped test PRNT-2420 (Checking old print jobs)
2020-06-26 15:02:22 Reason to skip: Incorrect guest OS (AIX only)
2020-06-26 15:02:22 Security check: file is normal
2020-06-26 15:02:22 Checking permissions of /usr/share/lynis/include/tests_mail_messaging
2020-06-26 15:02:22 File permissions are OK
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Action: Performing tests from category: Software: e-mail and messaging
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID MAIL-8802 (Check Exim status)
2020-06-26 15:02:22 Test: check Exim status
2020-06-26 15:02:22 Performing pgrep scan without uid
2020-06-26 15:02:22 IsRunning: process 'exim4' not found
2020-06-26 15:02:22 Performing pgrep scan without uid
2020-06-26 15:02:22 IsRunning: process 'exim' not found
2020-06-26 15:02:22 Result: no running Exim processes found
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Skipped test MAIL-8804 (Exim configuration options)
2020-06-26 15:02:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID MAIL-8814 (Check postfix process status)
2020-06-26 15:02:22 Test: check Postfix status
2020-06-26 15:02:22 Result: found running Postfix process
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID MAIL-8816 (Check Postfix configuration)
2020-06-26 15:02:22 Postfix configuration directory: /etc/postfix
2020-06-26 15:02:22 Postfix configuration file: /etc/postfix/main.cf
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID MAIL-8817 (Check Postfix configuration errors)
2020-06-26 15:02:22 Test: using postconf to see if Postfix configuration has errors
2020-06-26 15:02:22 Result: all looks to be fine with Postfix configuration
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID MAIL-8818 (Check Postfix configuration: banner)
2020-06-26 15:02:22 Test: Checking Postfix banner
2020-06-26 15:02:22 Result: found OS, or mail_name in SMTP banner, and/or mail_name contains 'Postfix'.
2020-06-26 15:02:22 Warning: Found some information disclosure in SMTP banner (OS or software name) [test:MAIL-8818] [details:-] [solution:-]
2020-06-26 15:02:22 Suggestion: You are advised to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (/etc/postfix/main.cf) [test:MAIL-8818] [details:-] [solution:-]
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID MAIL-8820 (Postfix configuration scan)
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID MAIL-8838 (Check dovecot process)
2020-06-26 15:02:22 Test: check dovecot status
2020-06-26 15:02:22 Performing pgrep scan without uid
2020-06-26 15:02:22 IsRunning: process 'dovecot' not found
2020-06-26 15:02:22 Result: dovecot not found
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID MAIL-8860 (Check Qmail status)
2020-06-26 15:02:22 Test: check Qmail status
2020-06-26 15:02:22 Performing pgrep scan without uid
2020-06-26 15:02:22 IsRunning: process 'qmail-smtpd' not found
2020-06-26 15:02:22 Result: no running Qmail processes found
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID MAIL-8880 (Check Sendmail status)
2020-06-26 15:02:22 Test: check sendmail status
2020-06-26 15:02:22 Performing pgrep scan without uid
2020-06-26 15:02:22 IsRunning: process 'sendmail' not found
2020-06-26 15:02:22 Result: no running Sendmail processes found
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Skipped test MAIL-8920 (Check OpenSMTPD status)
2020-06-26 15:02:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:22 Security check: file is normal
2020-06-26 15:02:22 Checking permissions of /usr/share/lynis/include/tests_firewalls
2020-06-26 15:02:22 File permissions are OK
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Action: Performing tests from category: Software: firewalls
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID FIRE-4502 (Check iptables kernel module)
2020-06-26 15:02:22 Result: Found iptables in loaded kernel modules
2020-06-26 15:02:22 Found module: ip_tables
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID FIRE-4508 (Check used policies of iptables chains)
2020-06-26 15:02:22 Test: gathering information from table filter
2020-06-26 15:02:22 Result: iptables \nfilter -- INPUT policy is ACCEPT.
2020-06-26 15:02:22 Result: ACCEPT
2020-06-26 15:02:22 Result: Found ACCEPT for INPUT (table: \nfilter)
2020-06-26 15:02:22 Hardening: assigned partial number of hardening points (1 of 3). Currently having 165 points (out of 211)
2020-06-26 15:02:22 Result: iptables filter -- ACCEPT policy is RELATED.
2020-06-26 15:02:22 Result: RELATED
2020-06-26 15:02:22 Result: iptables filter -- ESTABLISHED policy is ACCEPT.
2020-06-26 15:02:22 Result: ACCEPT
2020-06-26 15:02:22 Result: iptables filter -- DROP policy is INVALID.
2020-06-26 15:02:22 Result: INVALID
2020-06-26 15:02:22 Result: iptables filter -- REJECT policy is FORWARD.
2020-06-26 15:02:22 Result: FORWARD
2020-06-26 15:02:22 Result: iptables filter -- ACCEPT policy is ACCEPT.
2020-06-26 15:02:22 Result: ACCEPT
2020-06-26 15:02:22 Result: iptables filter -- RELATED policy is ESTABLISHED.
2020-06-26 15:02:22 Result: ESTABLISHED
2020-06-26 15:02:22 Result: iptables filter -- ACCEPT policy is DROP.
2020-06-26 15:02:22 Result: DROP
2020-06-26 15:02:22 Result: iptables filter -- INVALID policy is REJECT.
2020-06-26 15:02:22 Result: REJECT
2020-06-26 15:02:22 Result: iptables filter -- OUTPUT policy is ACCEPT.
2020-06-26 15:02:22 Result: ACCEPT
2020-06-26 15:02:22 Result: iptables filter -- ACCEPT policy is ACCEPT.
2020-06-26 15:02:22 Result: ACCEPT
2020-06-26 15:02:22 Result: iptables filter -- ACCEPT policy is ACCEPT.
2020-06-26 15:02:22 Result: ACCEPT
2020-06-26 15:02:22 Result: iptables filter -- NEW policy is UNTRACKED.
2020-06-26 15:02:22 Result: UNTRACKED
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID FIRE-4512 (Check iptables for empty ruleset)
2020-06-26 15:02:22 Result: one or more rules are available (33 rules)
2020-06-26 15:02:22 ====
2020-06-26 15:02:22 Performing test ID FIRE-4513 (Check iptables for unused rules)
2020-06-26 15:02:22 Result: Found one or more possible unused rules
2020-06-26 15:02:22 Description: Unused rules can be a sign that the firewall rules aren't optimized or up-to-date
2020-06-26 15:02:22 Note: Sometimes rules aren't triggered but still in use. Keep this in mind before cleaning up rules.
2020-06-26 15:02:22 Output: iptables rule numbers: 2 6 7 1 2 3 4 5 6 7 8 9 1 1 1 1 2 3 4 1 2 3 4
2020-06-26 15:02:22 Suggestion: Check iptables rules to see which rules are currently not used [test:FIRE-4513] [details:-] [solution:-]
2020-06-26 15:02:22 Tip: iptables --list --numeric --line-numbers --verbose
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test FIRE-4518 (Check pf firewall components)
2020-06-26 15:02:23 Reason to skip: No /dev/pf device
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test FIRE-4520 (Check pf configuration consistency)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID FIRE-4524 (Check for CSF presence)
2020-06-26 15:02:23 Test: check /etc/csf/csf.conf
2020-06-26 15:02:23 Result: /etc/csf/csf.conf does NOT exist
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test FIRE-4526 (Check ipf status)
2020-06-26 15:02:23 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test FIRE-4530 (Check IPFW status)
2020-06-26 15:02:23 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test FIRE-4532 (Check macOS application firewall)
2020-06-26 15:02:23 Reason to skip: Incorrect guest OS (macOS only)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test FIRE-4534 (Check for presence of outbound firewalls on macOS)
2020-06-26 15:02:23 Reason to skip: Incorrect guest OS (macOS only)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test FIRE-4536 (Check nftables status)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test FIRE-4538 (Check nftables basic configuration)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test FIRE-4540 (Check for empty nftables configuration)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID FIRE-4586 (Check firewall logging)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID FIRE-4590 (Check firewall status)
2020-06-26 15:02:23 Result: host based firewall or packet filter is active
2020-06-26 15:02:23 Hardening: assigned maximum number of hardening points for this item (5). Currently having 169 points (out of 213)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID FIRE-4594 (Check for APF presence)
2020-06-26 15:02:23 Test: check /etc/apf/conf.apf
2020-06-26 15:02:23 Result: /etc/apf/conf.apf does NOT exist
2020-06-26 15:02:23 Security check: file is normal
2020-06-26 15:02:23 Checking permissions of /usr/share/lynis/include/tests_webservers
2020-06-26 15:02:23 File permissions are OK
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Action: Performing tests from category: Software: webserver
2020-06-26 15:02:23 Action: created temporary file /tmp/lynis.CeyvUgDmAf
2020-06-26 15:02:23 Action: created temporary file /tmp/lynis.jUHgD069VQ
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID HTTP-6622 (Checking Apache presence)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6624 (Testing main Apache configuration file)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6626 (Testing other Apache configuration file)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6632 (Determining all available Apache modules)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6640 (Determining existence of specific Apache modules)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6641 (Determining existence of specific Apache modules)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6643 (Determining existence of specific Apache modules)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID HTTP-6702 (Check nginx process)
2020-06-26 15:02:23 Test: searching running nginx process
2020-06-26 15:02:23 Performing pgrep scan without uid
2020-06-26 15:02:23 IsRunning: process 'nginx' not found
2020-06-26 15:02:23 Result: no running nginx process found
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6704 (Check nginx configuration file)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6706 (Check for additional nginx configuration files)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6708 (Check discovered nginx configuration settings)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6710 (Check nginx SSL configuration settings)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6712 (Check nginx access logging)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6714 (Check for missing error logs in nginx)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6716 (Check for debug mode on error log in nginx)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Skipped test HTTP-6720 (Check Nginx log files)
2020-06-26 15:02:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:23 Security check: file is normal
2020-06-26 15:02:23 Checking permissions of /usr/share/lynis/include/tests_ssh
2020-06-26 15:02:23 File permissions are OK
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Action: Performing tests from category: SSH Support
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID SSH-7402 (Check for running SSH daemon)
2020-06-26 15:02:23 Test: Searching for a SSH daemon
2020-06-26 15:02:23 Performing pgrep scan without uid
2020-06-26 15:02:23 IsRunning: process 'sshd' found (11099 11103 29537 )
2020-06-26 15:02:23 Action: created temporary file /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID SSH-7404 (Check SSH daemon file location)
2020-06-26 15:02:23 Test: searching for sshd_config file
2020-06-26 15:02:23 Result: /etc/ssh/sshd_config exists
2020-06-26 15:02:23 Test: check if we can access /etc/ssh/sshd_config (escaped: /etc/ssh/sshd_config)
2020-06-26 15:02:23 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:23 Result: file /etc/ssh/sshd_config is readable (or directory accessible).
2020-06-26 15:02:23 Result: using last found configuration file: /etc/ssh/sshd_config
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID SSH-7406 (Determine OpenSSH version)
2020-06-26 15:02:23 Result: discovered OpenSSH version is 7.4
2020-06-26 15:02:23 Result: OpenSSH major version: 7
2020-06-26 15:02:23 Result: OpenSSH minor version: 4
2020-06-26 15:02:23 ====
2020-06-26 15:02:23 Performing test ID SSH-7408 (Check SSH specific defined options)
2020-06-26 15:02:23 Test: Checking specific defined options in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: added additional options for OpenSSH < 7.5
2020-06-26 15:02:23 Test: Checking AllowTcpForwarding in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option AllowTcpForwarding found
2020-06-26 15:02:23 Result: Option AllowTcpForwarding value is YES
2020-06-26 15:02:23 Result: OpenSSH option AllowTcpForwarding is in a weak configuration state and should be fixed
2020-06-26 15:02:23 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:AllowTcpForwarding (set YES to NO)] [solution:-]
2020-06-26 15:02:23 Hardening: assigned partial number of hardening points (0 of 3). Currently having 169 points (out of 216)
2020-06-26 15:02:23 Test: Checking ClientAliveCountMax in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option ClientAliveCountMax found
2020-06-26 15:02:23 Result: Option ClientAliveCountMax value is 0
2020-06-26 15:02:23 Result: OpenSSH option ClientAliveCountMax is configured very well
2020-06-26 15:02:23 Hardening: assigned maximum number of hardening points for this item (3). Currently having 172 points (out of 219)
2020-06-26 15:02:23 Test: Checking ClientAliveInterval in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option ClientAliveInterval found
2020-06-26 15:02:23 Result: Option ClientAliveInterval value is 600
2020-06-26 15:02:23 Result: OpenSSH option ClientAliveInterval is configured reasonably
2020-06-26 15:02:23 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:ClientAliveInterval (set 600 to 300)] [solution:-]
2020-06-26 15:02:23 Hardening: assigned partial number of hardening points (1 of 3). Currently having 173 points (out of 222)
2020-06-26 15:02:23 Test: Checking Compression in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option Compression found
2020-06-26 15:02:23 Result: Option Compression value is NO
2020-06-26 15:02:23 Result: OpenSSH option Compression is configured very well
2020-06-26 15:02:23 Hardening: assigned maximum number of hardening points for this item (3). Currently having 176 points (out of 225)
2020-06-26 15:02:23 Test: Checking FingerprintHash in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option FingerprintHash found
2020-06-26 15:02:23 Result: Option FingerprintHash value is SHA256
2020-06-26 15:02:23 Result: OpenSSH option FingerprintHash is configured very well
2020-06-26 15:02:23 Hardening: assigned maximum number of hardening points for this item (3). Currently having 179 points (out of 228)
2020-06-26 15:02:23 Test: Checking GatewayPorts in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option GatewayPorts found
2020-06-26 15:02:23 Result: Option GatewayPorts value is NO
2020-06-26 15:02:23 Result: OpenSSH option GatewayPorts is configured very well
2020-06-26 15:02:23 Hardening: assigned maximum number of hardening points for this item (3). Currently having 182 points (out of 231)
2020-06-26 15:02:23 Test: Checking IgnoreRhosts in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option IgnoreRhosts found
2020-06-26 15:02:23 Result: Option IgnoreRhosts value is YES
2020-06-26 15:02:23 Result: OpenSSH option IgnoreRhosts is configured very well
2020-06-26 15:02:23 Hardening: assigned maximum number of hardening points for this item (3). Currently having 185 points (out of 234)
2020-06-26 15:02:23 Test: Checking LoginGraceTime in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option LoginGraceTime found
2020-06-26 15:02:23 Result: Option LoginGraceTime value is 120
2020-06-26 15:02:23 Result: OpenSSH option LoginGraceTime is configured very well
2020-06-26 15:02:23 Hardening: assigned maximum number of hardening points for this item (3). Currently having 188 points (out of 237)
2020-06-26 15:02:23 Test: Checking LogLevel in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option LogLevel found
2020-06-26 15:02:23 Result: Option LogLevel value is INFO
2020-06-26 15:02:23 Result: OpenSSH option LogLevel is configured reasonably
2020-06-26 15:02:23 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:LogLevel (set INFO to VERBOSE)] [solution:-]
2020-06-26 15:02:23 Hardening: assigned partial number of hardening points (1 of 3). Currently having 189 points (out of 240)
2020-06-26 15:02:23 Test: Checking MaxAuthTries in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:23 Result: Option MaxAuthTries found
2020-06-26 15:02:23 Result: Option MaxAuthTries value is 6
2020-06-26 15:02:23 Result: OpenSSH option MaxAuthTries is configured reasonably
2020-06-26 15:02:23 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxAuthTries (set 6 to 3)] [solution:-]
2020-06-26 15:02:23 Hardening: assigned partial number of hardening points (1 of 3). Currently having 190 points (out of 243)
2020-06-26 15:02:24 Test: Checking MaxSessions in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option MaxSessions found
2020-06-26 15:02:24 Result: Option MaxSessions value is 10
2020-06-26 15:02:24 Result: OpenSSH option MaxSessions is in a weak configuration state and should be fixed
2020-06-26 15:02:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxSessions (set 10 to 2)] [solution:-]
2020-06-26 15:02:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 190 points (out of 246)
2020-06-26 15:02:24 Test: Checking PermitRootLogin in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option PermitRootLogin found
2020-06-26 15:02:24 Result: Option PermitRootLogin value is NO
2020-06-26 15:02:24 Expected value has multiple values, testing if active value is in list ((FORCED-COMMANDS-ONLY|NO|PROHIBIT-PASSWORD|WITHOUT-PASSWORD))
2020-06-26 15:02:24 Result: found
2020-06-26 15:02:24 Result: OpenSSH option PermitRootLogin is configured very well
2020-06-26 15:02:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 193 points (out of 249)
2020-06-26 15:02:24 Test: Checking PermitUserEnvironment in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option PermitUserEnvironment found
2020-06-26 15:02:24 Result: Option PermitUserEnvironment value is NO
2020-06-26 15:02:24 Result: OpenSSH option PermitUserEnvironment is configured very well
2020-06-26 15:02:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 196 points (out of 252)
2020-06-26 15:02:24 Test: Checking PermitTunnel in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option PermitTunnel found
2020-06-26 15:02:24 Result: Option PermitTunnel value is NO
2020-06-26 15:02:24 Result: OpenSSH option PermitTunnel is configured very well
2020-06-26 15:02:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 199 points (out of 255)
2020-06-26 15:02:24 Test: Checking Port in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option Port found
2020-06-26 15:02:24 Result: Option Port value is 22
2020-06-26 15:02:24 Result: OpenSSH option Port is in a weak configuration state and should be fixed
2020-06-26 15:02:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:Port (set 22 to )] [solution:-]
2020-06-26 15:02:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 199 points (out of 258)
2020-06-26 15:02:24 Test: Checking PrintLastLog in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option PrintLastLog found
2020-06-26 15:02:24 Result: Option PrintLastLog value is YES
2020-06-26 15:02:24 Result: OpenSSH option PrintLastLog is configured very well
2020-06-26 15:02:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 202 points (out of 261)
2020-06-26 15:02:24 Test: Checking StrictModes in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option StrictModes found
2020-06-26 15:02:24 Result: Option StrictModes value is YES
2020-06-26 15:02:24 Result: OpenSSH option StrictModes is configured very well
2020-06-26 15:02:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 205 points (out of 264)
2020-06-26 15:02:24 Test: Checking TCPKeepAlive in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option TCPKeepAlive found
2020-06-26 15:02:24 Result: Option TCPKeepAlive value is YES
2020-06-26 15:02:24 Result: OpenSSH option TCPKeepAlive is in a weak configuration state and should be fixed
2020-06-26 15:02:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:TCPKeepAlive (set YES to NO)] [solution:-]
2020-06-26 15:02:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 205 points (out of 267)
2020-06-26 15:02:24 Test: Checking UseDNS in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option UseDNS found
2020-06-26 15:02:24 Result: Option UseDNS value is YES
2020-06-26 15:02:24 Result: OpenSSH option UseDNS is in a weak configuration state and should be fixed
2020-06-26 15:02:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:UseDNS (set YES to NO)] [solution:-]
2020-06-26 15:02:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 205 points (out of 270)
2020-06-26 15:02:24 Test: Checking X11Forwarding in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option X11Forwarding found
2020-06-26 15:02:24 Result: Option X11Forwarding value is YES
2020-06-26 15:02:24 Result: OpenSSH option X11Forwarding is in a weak configuration state and should be fixed
2020-06-26 15:02:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:X11Forwarding (set YES to NO)] [solution:-]
2020-06-26 15:02:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 205 points (out of 273)
2020-06-26 15:02:24 Test: Checking AllowAgentForwarding in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option AllowAgentForwarding found
2020-06-26 15:02:24 Result: Option AllowAgentForwarding value is YES
2020-06-26 15:02:24 Result: OpenSSH option AllowAgentForwarding is in a weak configuration state and should be fixed
2020-06-26 15:02:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:AllowAgentForwarding (set YES to NO)] [solution:-]
2020-06-26 15:02:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 205 points (out of 276)
2020-06-26 15:02:24 Test: Checking UsePrivilegeSeparation in /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:24 Result: Option UsePrivilegeSeparation found
2020-06-26 15:02:24 Result: Option UsePrivilegeSeparation value is SANDBOX
2020-06-26 15:02:24 Result: OpenSSH option UsePrivilegeSeparation is configured very well
2020-06-26 15:02:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 208 points (out of 279)
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups)
2020-06-26 15:02:24 Result: AllowUsers is not set
2020-06-26 15:02:24 Result: AllowGroups is not set
2020-06-26 15:02:24 Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine.
2020-06-26 15:02:24 Hardening: assigned partial number of hardening points (0 of 1). Currently having 208 points (out of 280)
2020-06-26 15:02:24 Security check: file is normal
2020-06-26 15:02:24 Checking permissions of /usr/share/lynis/include/tests_snmp
2020-06-26 15:02:24 File permissions are OK
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Action: Performing tests from category: SNMP Support
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID SNMP-3302 (Check for running SNMP daemon)
2020-06-26 15:02:24 Test: Searching for a SNMP daemon
2020-06-26 15:02:24 Performing pgrep scan without uid
2020-06-26 15:02:24 IsRunning: process 'snmpd' not found
2020-06-26 15:02:24 Result: No running SNMP daemon found
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Skipped test SNMP-3304 (Check SNMP daemon file location)
2020-06-26 15:02:24 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Skipped test SNMP-3306 (Check SNMP communities)
2020-06-26 15:02:24 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:24 Security check: file is normal
2020-06-26 15:02:24 Checking permissions of /usr/share/lynis/include/tests_databases
2020-06-26 15:02:24 File permissions are OK
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Action: Performing tests from category: Databases
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID DBS-1804 (Checking active MySQL process)
2020-06-26 15:02:24 Result: MySQL process not active
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Skipped test DBS-1816 (Checking MySQL root password)
2020-06-26 15:02:24 Reason to skip: MySQL not installed, or not running
2020-06-26 15:02:24 Test skipped, MySQL daemon not running or no MySQL client available
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID DBS-1818 (Check status of MongoDB server)
2020-06-26 15:02:24 Performing pgrep scan without uid
2020-06-26 15:02:24 IsRunning: process 'mongod' not found
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID DBS-1820 (Check for authorization in MongoDB)
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID DBS-1826 (Checking active PostgreSQL processes)
2020-06-26 15:02:24 Performing pgrep scan without uid
2020-06-26 15:02:24 IsRunning: process 'postgres:' not found
2020-06-26 15:02:24 Result: PostgreSQL process not active
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Skipped test DBS-1828 (Test PostgreSQL configuration)
2020-06-26 15:02:24 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID DBS-1840 (Checking active Oracle processes)
2020-06-26 15:02:24 Result: Oracle process(es) not active
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID DBS-1860 (Checking active DB2 instances)
2020-06-26 15:02:24 Performing pgrep scan without uid
2020-06-26 15:02:24 IsRunning: process 'db2sysc' not found
2020-06-26 15:02:24 Result: No DB2 instances are running
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID DBS-1880 (Check for active Redis server)
2020-06-26 15:02:24 Performing pgrep scan without uid
2020-06-26 15:02:24 IsRunning: process 'redis-server' not found
2020-06-26 15:02:24 Result: No Redis processes are running
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Skipped test DBS-1882 (Redis configuration file)
2020-06-26 15:02:24 Reason to skip: Redis not running
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Skipped test DBS-1884 (Redis: requirepass option configured)
2020-06-26 15:02:24 Reason to skip: Redis not running, or no configuration file found
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Skipped test DBS-1886 (Redis: rename-command CONFIG used)
2020-06-26 15:02:24 Reason to skip: Redis not running, or no configuration found
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Skipped test DBS-1888 (Redis: bind on localhost)
2020-06-26 15:02:24 Reason to skip: Redis not running, or no configuration found
2020-06-26 15:02:24 Security check: file is normal
2020-06-26 15:02:24 Checking permissions of /usr/share/lynis/include/tests_ldap
2020-06-26 15:02:24 File permissions are OK
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Action: Performing tests from category: LDAP Services
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID LDAP-2219 (Check running OpenLDAP instance)
2020-06-26 15:02:24 Performing pgrep scan without uid
2020-06-26 15:02:24 IsRunning: process 'slapd' not found
2020-06-26 15:02:24 Result: No running slapd process found.
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Skipped test LDAP-2224 (Check presence slapd.conf)
2020-06-26 15:02:24 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:24 Security check: file is normal
2020-06-26 15:02:24 Checking permissions of /usr/share/lynis/include/tests_php
2020-06-26 15:02:24 File permissions are OK
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Action: Performing tests from category: PHP
2020-06-26 15:02:24 ====
2020-06-26 15:02:24 Performing test ID PHP-2211 (Check php.ini presence)
2020-06-26 15:02:24 Test: Checking for presence php.ini
2020-06-26 15:02:24 Test: checking presence /etc/php.ini
2020-06-26 15:02:24 Result: file /etc/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php.ini.default
2020-06-26 15:02:24 Result: file /etc/php.ini.default not found
2020-06-26 15:02:24 Test: checking presence /etc/php/php.ini
2020-06-26 15:02:24 Result: file /etc/php/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php5.5/php.ini
2020-06-26 15:02:24 Result: file /etc/php5.5/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php5.6/php.ini
2020-06-26 15:02:24 Result: file /etc/php5.6/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php7.0/php.ini
2020-06-26 15:02:24 Result: file /etc/php7.0/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php7.1/php.ini
2020-06-26 15:02:24 Result: file /etc/php7.1/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php7.2/php.ini
2020-06-26 15:02:24 Result: file /etc/php7.2/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php7.3/php.ini
2020-06-26 15:02:24 Result: file /etc/php7.3/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/cgi-php5/php.ini
2020-06-26 15:02:24 Result: file /etc/php/cgi-php5/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/cli-php5/php.ini
2020-06-26 15:02:24 Result: file /etc/php/cli-php5/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/apache2-php5/php.ini
2020-06-26 15:02:24 Result: file /etc/php/apache2-php5/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/apache2-php5.5/php.ini
2020-06-26 15:02:24 Result: file /etc/php/apache2-php5.5/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/apache2-php5.6/php.ini
2020-06-26 15:02:24 Result: file /etc/php/apache2-php5.6/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/apache2-php7.0/php.ini
2020-06-26 15:02:24 Result: file /etc/php/apache2-php7.0/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/apache2-php7.1/php.ini
2020-06-26 15:02:24 Result: file /etc/php/apache2-php7.1/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/apache2-php7.2/php.ini
2020-06-26 15:02:24 Result: file /etc/php/apache2-php7.2/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/apache2-php7.3/php.ini
2020-06-26 15:02:24 Result: file /etc/php/apache2-php7.3/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/cgi-php5.5/php.ini
2020-06-26 15:02:24 Result: file /etc/php/cgi-php5.5/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/cgi-php5.6/php.ini
2020-06-26 15:02:24 Result: file /etc/php/cgi-php5.6/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/cgi-php7.0/php.ini
2020-06-26 15:02:24 Result: file /etc/php/cgi-php7.0/php.ini not found
2020-06-26 15:02:24 Test: checking presence /etc/php/cgi-php7.1/php.ini
2020-06-26 15:02:24 Result: file /etc/php/cgi-php7.1/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/cgi-php7.2/php.ini
2020-06-26 15:02:25 Result: file /etc/php/cgi-php7.2/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/cgi-php7.3/php.ini
2020-06-26 15:02:25 Result: file /etc/php/cgi-php7.3/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/cli-php5.5/php.ini
2020-06-26 15:02:25 Result: file /etc/php/cli-php5.5/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/cli-php5.6/php.ini
2020-06-26 15:02:25 Result: file /etc/php/cli-php5.6/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/cli-php7.0/php.ini
2020-06-26 15:02:25 Result: file /etc/php/cli-php7.0/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/cli-php7.1/php.ini
2020-06-26 15:02:25 Result: file /etc/php/cli-php7.1/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/cli-php7.2/php.ini
2020-06-26 15:02:25 Result: file /etc/php/cli-php7.2/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/cli-php7.3/php.ini
2020-06-26 15:02:25 Result: file /etc/php/cli-php7.3/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/embed-php5.5/php.ini
2020-06-26 15:02:25 Result: file /etc/php/embed-php5.5/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/embed-php5.6/php.ini
2020-06-26 15:02:25 Result: file /etc/php/embed-php5.6/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/embed-php7.0/php.ini
2020-06-26 15:02:25 Result: file /etc/php/embed-php7.0/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/embed-php7.1/php.ini
2020-06-26 15:02:25 Result: file /etc/php/embed-php7.1/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/embed-php7.2/php.ini
2020-06-26 15:02:25 Result: file /etc/php/embed-php7.2/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/embed-php7.3/php.ini
2020-06-26 15:02:25 Result: file /etc/php/embed-php7.3/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/fpm-php7.3/php.ini
2020-06-26 15:02:25 Result: file /etc/php/fpm-php7.3/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/fpm-php7.2/php.ini
2020-06-26 15:02:25 Result: file /etc/php/fpm-php7.2/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/fpm-php7.1/php.ini
2020-06-26 15:02:25 Result: file /etc/php/fpm-php7.1/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/fpm-php7.0/php.ini
2020-06-26 15:02:25 Result: file /etc/php/fpm-php7.0/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/fpm-php5.5/php.ini
2020-06-26 15:02:25 Result: file /etc/php/fpm-php5.5/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/fpm-php5.6/php.ini
2020-06-26 15:02:25 Result: file /etc/php/fpm-php5.6/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php5/cgi/php.ini
2020-06-26 15:02:25 Result: file /etc/php5/cgi/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php5/cli/php.ini
2020-06-26 15:02:25 Result: file /etc/php5/cli/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php5/cli-php5.4/php.ini
2020-06-26 15:02:25 Result: file /etc/php5/cli-php5.4/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php5/cli-php5.5/php.ini
2020-06-26 15:02:25 Result: file /etc/php5/cli-php5.5/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php5/cli-php5.6/php.ini
2020-06-26 15:02:25 Result: file /etc/php5/cli-php5.6/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php5/apache2/php.ini
2020-06-26 15:02:25 Result: file /etc/php5/apache2/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php5/fpm/php.ini
2020-06-26 15:02:25 Result: file /etc/php5/fpm/php.ini not found
2020-06-26 15:02:25 Test: checking presence /private/etc/php.ini
2020-06-26 15:02:25 Result: file /private/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.0/apache2/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.0/apache2/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.1/apache2/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.1/apache2/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.2/apache2/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.2/apache2/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.3/apache2/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.3/apache2/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.0/cli/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.0/cli/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.0/fpm/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.0/fpm/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.1/cli/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.1/cli/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.1/fpm/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.1/fpm/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.2/cli/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.2/cli/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.2/fpm/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.2/fpm/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.3/cli/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.3/cli/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php/7.3/fpm/php.ini
2020-06-26 15:02:25 Result: file /etc/php/7.3/fpm/php.ini not found
2020-06-26 15:02:25 Test: checking presence /var/www/conf/php.ini
2020-06-26 15:02:25 Result: file /var/www/conf/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/etc/php.ini
2020-06-26 15:02:25 Result: file /usr/local/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/lib/php.ini
2020-06-26 15:02:25 Result: file /usr/local/lib/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/etc/php5/cgi/php.ini
2020-06-26 15:02:25 Result: file /usr/local/etc/php5/cgi/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/php54/lib/php.ini
2020-06-26 15:02:25 Result: file /usr/local/php54/lib/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/php56/lib/php.ini
2020-06-26 15:02:25 Result: file /usr/local/php56/lib/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/php70/lib/php.ini
2020-06-26 15:02:25 Result: file /usr/local/php70/lib/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/php71/lib/php.ini
2020-06-26 15:02:25 Result: file /usr/local/php71/lib/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/php72/lib/php.ini
2020-06-26 15:02:25 Result: file /usr/local/php72/lib/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/php73/lib/php.ini
2020-06-26 15:02:25 Result: file /usr/local/php73/lib/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/local/zend/etc/php.ini
2020-06-26 15:02:25 Result: file /usr/local/zend/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /usr/pkg/etc/php.ini
2020-06-26 15:02:25 Result: file /usr/pkg/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/cpanel/ea-php54/root/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/cpanel/ea-php54/root/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/cpanel/ea-php55/root/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/cpanel/ea-php55/root/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/cpanel/ea-php56/root/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/cpanel/ea-php56/root/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/cpanel/ea-php70/root/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/cpanel/ea-php70/root/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/cpanel/ea-php71/root/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/cpanel/ea-php71/root/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/cpanel/ea-php72/root/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/cpanel/ea-php72/root/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/cpanel/ea-php73/root/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/cpanel/ea-php73/root/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php44/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php44/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php51/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php51/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php52/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php52/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php53/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php53/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php54/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php54/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php55/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php55/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php56/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php56/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php70/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php70/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php71/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php71/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php72/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php72/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /opt/alt/php73/etc/php.ini
2020-06-26 15:02:25 Result: file /opt/alt/php73/etc/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/opt/remi/php56/php.ini
2020-06-26 15:02:25 Result: file /etc/opt/remi/php56/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/opt/remi/php70/php.ini
2020-06-26 15:02:25 Result: file /etc/opt/remi/php70/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/opt/remi/php71/php.ini
2020-06-26 15:02:25 Result: file /etc/opt/remi/php71/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/opt/remi/php72/php.ini
2020-06-26 15:02:25 Result: file /etc/opt/remi/php72/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/opt/remi/php73/php.ini
2020-06-26 15:02:25 Result: file /etc/opt/remi/php73/php.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php-5.6.ini
2020-06-26 15:02:25 Result: file /etc/php-5.6.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php-7.0.ini
2020-06-26 15:02:25 Result: file /etc/php-7.0.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php-7.1.ini
2020-06-26 15:02:25 Result: file /etc/php-7.1.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php-7.2.ini
2020-06-26 15:02:25 Result: file /etc/php-7.2.ini not found
2020-06-26 15:02:25 Test: checking presence /etc/php-7.3.ini
2020-06-26 15:02:25 Result: file /etc/php-7.3.ini not found
2020-06-26 15:02:25 Result: no files found for /etc/php5/conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php/7.0/cli/conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php/7.1/cli/conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php/7.2/cli/conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php/7.3/cli/conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php/7.0/fpm/conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php/7.1/fpm/conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php/7.2/fpm/conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php/7.3/fpm/conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php.d
2020-06-26 15:02:25 Result: no files found for /opt/cpanel/ea-php54/root/etc/php.d
2020-06-26 15:02:25 Result: no files found for /opt/cpanel/ea-php55/root/etc/php.d
2020-06-26 15:02:25 Result: no files found for /opt/cpanel/ea-php56/root/etc/php.d
2020-06-26 15:02:25 Result: no files found for /opt/cpanel/ea-php70/root/etc/php.d
2020-06-26 15:02:25 Result: no files found for /opt/cpanel/ea-php71/root/etc/php.d
2020-06-26 15:02:25 Result: no files found for /opt/cpanel/ea-php72/root/etc/php.d
2020-06-26 15:02:25 Result: no files found for /opt/cpanel/ea-php73/root/etc/php.d
2020-06-26 15:02:25 Result: no files found for /opt/alt/php44/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php51/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php52/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php53/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php54/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php55/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php56/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php70/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php71/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php72/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /opt/alt/php73/etc/php.d.all
2020-06-26 15:02:25 Result: no files found for /usr/local/lib/php.conf.d
2020-06-26 15:02:25 Result: no files found for /usr/local/php70/lib/php.conf.d
2020-06-26 15:02:25 Result: no files found for /usr/local/php71/lib/php.conf.d
2020-06-26 15:02:25 Result: no files found for /usr/local/php72/lib/php.conf.d
2020-06-26 15:02:25 Result: no files found for /usr/local/php73/lib/php.conf.d
2020-06-26 15:02:25 Result: no files found for /etc/php-5.6
2020-06-26 15:02:25 Result: no files found for /etc/php-7.0
2020-06-26 15:02:25 Result: no files found for /etc/php-7.1
2020-06-26 15:02:25 Result: no files found for /etc/php-7.2
2020-06-26 15:02:25 Result: no files found for /etc/php-7.3
2020-06-26 15:02:25 Result: no php.ini file found
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test PHP-2320 (Check PHP disabled functions)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test PHP-2368 (Check PHP register_globals option)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test PHP-2372 (Check PHP expose_php option)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test PHP-2374 (Check PHP enable_dl option)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test PHP-2376 (Check PHP allow_url_fopen option)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test PHP-2378 (Check PHP allow_url_include option)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test PHP-2382 (Check PHP expose_php option)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 Security check: file is normal
2020-06-26 15:02:25 Checking permissions of /usr/share/lynis/include/tests_squid
2020-06-26 15:02:25 File permissions are OK
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Action: Performing tests from category: Squid Support
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Performing test ID SQD-3602 (Check for running Squid daemon)
2020-06-26 15:02:25 Test: Searching for a Squid daemon
2020-06-26 15:02:25 Result: No running Squid daemon found
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3604 (Check Squid daemon file location)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3606 (Check Squid version)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3610 (Gather Squid settings)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3613 (Check Squid file permissions)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3614 (Check Squid authentication methods)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3616 (Check external Squid authentication)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3620 (Check Squid access control lists)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3624 (Check Squid safe ports)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3630 (Check Squid reply_body_max_size option)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test SQD-3680 (Check Squid version suppression)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 Security check: file is normal
2020-06-26 15:02:25 Checking permissions of /usr/share/lynis/include/tests_logging
2020-06-26 15:02:25 File permissions are OK
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Action: Performing tests from category: Logging and files
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Performing test ID LOGG-2130 (Check for running syslog daemon)
2020-06-26 15:02:25 Test: Searching for a logging daemon
2020-06-26 15:02:25 Result: Found a logging daemon
2020-06-26 15:02:25 Hardening: assigned maximum number of hardening points for this item (3). Currently having 211 points (out of 283)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Performing test ID LOGG-2132 (Check for running syslog-ng daemon)
2020-06-26 15:02:25 Test: Searching for syslog-ng daemon in process list
2020-06-26 15:02:25 Performing pgrep scan without uid
2020-06-26 15:02:25 IsRunning: process 'syslog-ng' not found
2020-06-26 15:02:25 Result: Syslog-ng NOT found in process list
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Skipped test LOGG-2134 (Checking Syslog-NG configuration file consistency)
2020-06-26 15:02:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Performing test ID LOGG-2136 (Check for running systemd journal daemon)
2020-06-26 15:02:25 Test: Searching for systemd journal daemon in process list
2020-06-26 15:02:25 Performing pgrep scan without uid
2020-06-26 15:02:25 IsRunning: process 'systemd-journal' found (445 )
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Performing test ID LOGG-2210 (Check for running metalog daemon)
2020-06-26 15:02:25 Test: Searching for metalog daemon in process list
2020-06-26 15:02:25 Performing pgrep scan without uid
2020-06-26 15:02:25 IsRunning: process 'metalog' not found
2020-06-26 15:02:25 Result: metalog NOT found in process list
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Performing test ID LOGG-2230 (Check for running RSyslog daemon)
2020-06-26 15:02:25 Test: Searching for RSyslog daemon in process list
2020-06-26 15:02:25 Performing pgrep scan without uid
2020-06-26 15:02:25 IsRunning: process 'rsyslogd' found (23173 )
2020-06-26 15:02:25 Result: Found rsyslogd in process list
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Performing test ID LOGG-2240 (Check for running RFC 3195 compliant daemon)
2020-06-26 15:02:25 Test: Searching for RFC 3195 daemon (alias syslog reliable) in process list
2020-06-26 15:02:25 Performing pgrep scan without uid
2020-06-26 15:02:25 IsRunning: process 'rfc3195d' not found
2020-06-26 15:02:25 Result: rfc3195d NOT found in process list
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Performing test ID LOGG-2138 (Checking kernel logger daemon on Linux)
2020-06-26 15:02:25 Test: Searching kernel logger daemon (klogd)
2020-06-26 15:02:25 Result: test skipped, because other facility is being used to log kernel messages
2020-06-26 15:02:25 ====
2020-06-26 15:02:25 Performing test ID LOGG-2142 (Checking minilog daemon)
2020-06-26 15:02:25 Result: Checking for unkilled minilogd instances
2020-06-26 15:02:25 Performing pgrep scan without uid
2020-06-26 15:02:26 IsRunning: process 'minilogd' not found
2020-06-26 15:02:26 Result: No minilogd is running
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID LOGG-2146 (Checking logrotate.conf and logrotate.d)
2020-06-26 15:02:26 Test: Checking for /etc/logrotate.conf
2020-06-26 15:02:26 Result: /etc/logrotate.conf found (file)
2020-06-26 15:02:26 Test: Checking for /etc/logrotate.d (directory)
2020-06-26 15:02:26 Result: /etc/logrotate.d found
2020-06-26 15:02:26 Result: logrotate configuration found
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID LOGG-2148 (Checking logrotated files)
2020-06-26 15:02:26 Test: Checking which files are rotated with logrotate and if they exist
2020-06-26 15:02:26 Result: found one or more files which are rotated via logrotate
2020-06-26 15:02:26 Output: File:/var/log/fail2ban.log:does_not_exist
2020-06-26 15:02:26 Output: File:/var/log/wpa_supplicant.log:does_not_exist
2020-06-26 15:02:26 Output: File:/var/log/aide/aide.log:exists
2020-06-26 15:02:26 Output: File:/var/log/btmp:exists
2020-06-26 15:02:26 Output: File:/var/log/cron:exists
2020-06-26 15:02:26 Output: File:/var/log/fail2ban.log:exists
2020-06-26 15:02:26 Output: File:/var/log/maillog:exists
2020-06-26 15:02:26 Output: File:/var/log/messages:exists
2020-06-26 15:02:26 Output: File:/var/log/secure:exists
2020-06-26 15:02:26 Output: File:/var/log/spooler:exists
2020-06-26 15:02:26 Output: File:/var/log/wpa_supplicant.log:exists
2020-06-26 15:02:26 Output: File:/var/log/wtmp:exists
2020-06-26 15:02:26 Output: File:/var/log/yum.log:exists
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID LOGG-2150 (Checking directories in logrotate configuration)
2020-06-26 15:02:26 Test: Checking which directories can be found in logrotate configuration
2020-06-26 15:02:26 Result: found one or more directories (via logrotate configuration)
2020-06-26 15:02:26 Directory found: /var/log
2020-06-26 15:02:26 Directory found: /var/log/aide
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test LOGG-2152 (Checking loghost)
2020-06-26 15:02:26 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID LOGG-2154 (Checking syslog configuration file)
2020-06-26 15:02:26 Test: analyzing file /etc/rsyslog.conf for remote target
2020-06-26 15:02:26 Result: no remote target found
2020-06-26 15:02:26 Test: analyzing file /etc/rsyslog.d/listen.conf for remote target
2020-06-26 15:02:26 Result: no remote target found
2020-06-26 15:02:26 Test: analyzing file /etc/rsyslog.d/21-cloudinit.conf for remote target
2020-06-26 15:02:26 Result: no remote target found
2020-06-26 15:02:26 Result: no remote logging found
2020-06-26 15:02:26 Suggestion: Enable logging to an external logging host for archiving purposes and additional protection [test:LOGG-2154] [details:-] [solution:-]
2020-06-26 15:02:26 Hardening: assigned partial number of hardening points (1 of 3). Currently having 212 points (out of 286)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test LOGG-2160 (Checking /etc/newsyslog.conf)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test LOGG-2162 (Checking directories in /etc/newsyslog.conf)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test LOGG-2164 (Checking files specified /etc/newsyslog.conf)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID LOGG-2170 (Checking log paths)
2020-06-26 15:02:26 Test: Searching log paths
2020-06-26 15:02:26 Result: directory /var/log exists
2020-06-26 15:02:26 Result: directory /var/adm exists
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID LOGG-2180 (Checking open log files)
2020-06-26 15:02:26 Test: checking open log files with lsof
2020-06-26 15:02:26 Result: lsof not installed, skipping test
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test LOGG-2190 (Checking for deleted files in use)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test LOGG-2192 (Checking for open log files that are empty)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 Security check: file is normal
2020-06-26 15:02:26 Checking permissions of /usr/share/lynis/include/tests_insecure_services
2020-06-26 15:02:26 File permissions are OK
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Action: Performing tests from category: Insecure services
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8000 (Installed inetd package)
2020-06-26 15:02:26 Test: Checking if inetd is installed
2020-06-26 15:02:26 Result: inetd is NOT installed
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test INSE-8002 (Check for enabled inet daemon)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test INSE-8004 (Presence of inetd configuration file)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test INSE-8006 (Check configuration of inetd when disabled)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test INSE-8016 (Check for telnet via inetd)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8100 (Check for installed xinetd daemon)
2020-06-26 15:02:26 Test: Checking for installed xinetd daemon
2020-06-26 15:02:26 Result: xinetd is NOT installed
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8102 (Check for active xinet daemon)
2020-06-26 15:02:26 Test: Searching for active extended internet services daemon (xinetd)
2020-06-26 15:02:26 Performing pgrep scan without uid
2020-06-26 15:02:26 IsRunning: process 'xinetd' not found
2020-06-26 15:02:26 Result: xinetd is NOT running
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test INSE-8104 (Check for enabled xinet daemon)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test INSE-8106 (Check configuration of xinetd when disabled)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test INSE-8116 (Insecure services enabled via xinetd)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Skipped test INSE-8200 (Check if tcp_wrappers is installed when inetd/xinetd is active)
2020-06-26 15:02:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8300 (Check if rsh client is installed)
2020-06-26 15:02:26 Test: Checking if rsh client is installed
2020-06-26 15:02:26 Result: rsh client is NOT installed
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8304 (Check if rsh server is installed)
2020-06-26 15:02:26 Test: Checking if rsh server is installed
2020-06-26 15:02:26 Result: rsh server is NOT installed
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8310 (Check if telnet client is installed)
2020-06-26 15:02:26 Test: Checking if telnet client is installed
2020-06-26 15:02:26 Result: telnet client is NOT installed
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8322 (Check if telnet server is installed)
2020-06-26 15:02:26 Test: Checking if telnet server is installed
2020-06-26 15:02:26 Result: telnet server is NOT installed
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8314 (Check if NIS client is installed)
2020-06-26 15:02:26 Test: Checking if NIS client is installed
2020-06-26 15:02:26 Result: NIS client is NOT installed
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8316 (Check if NIS server is installed)
2020-06-26 15:02:26 Test: Checking if NIS server is installed
2020-06-26 15:02:26 Result: NIS server is NOT installed
2020-06-26 15:02:26 ====
2020-06-26 15:02:26 Performing test ID INSE-8318 (Check if TFTP client is installed)
2020-06-26 15:02:26 Test: Checking if TFTP client is installed
2020-06-26 15:02:27 Result: TFTP client is NOT installed
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID INSE-8320 (Check if TFTP server is installed)
2020-06-26 15:02:27 Test: Checking if TFTP server is installed
2020-06-26 15:02:27 Result: TFTP server is NOT installed
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Skipped test INSE-8050 (Check for insecure services on macOS)
2020-06-26 15:02:27 Reason to skip: Incorrect guest OS (macOS only)
2020-06-26 15:02:27 Security check: file is normal
2020-06-26 15:02:27 Checking permissions of /usr/share/lynis/include/tests_banners
2020-06-26 15:02:27 File permissions are OK
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Action: Performing tests from category: Banners and identification
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Skipped test BANN-7113 (Check COPYRIGHT banner file)
2020-06-26 15:02:27 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID BANN-7124 (Check issue banner file)
2020-06-26 15:02:27 Test: Checking file /etc/issue
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID BANN-7126 (Check issue banner file contents)
2020-06-26 15:02:27 Test: Checking file /etc/issue contents for legal key words
2020-06-26 15:02:27 Result: found string 'access'
2020-06-26 15:02:27 Result: found string 'authori'
2020-06-26 15:02:27 Result: found string 'condition'
2020-06-26 15:02:27 Result: found string 'consent'
2020-06-26 15:02:27 Result: found string 'enforce'
2020-06-26 15:02:27 Result: found string 'law'
2020-06-26 15:02:27 Result: found string 'monitor'
2020-06-26 15:02:27 Result: found string 'privacy'
2020-06-26 15:02:27 Result: found string 'private'
2020-06-26 15:02:27 Result: found string 'subject'
2020-06-26 15:02:27 Result: found string 'system'
2020-06-26 15:02:27 Result: Found 11 key words (5 or more suggested), to warn unauthorized users
2020-06-26 15:02:27 Hardening: assigned maximum number of hardening points for this item (2). Currently having 214 points (out of 288)
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID BANN-7128 (Check issue.net banner file)
2020-06-26 15:02:27 Test: Checking file /etc/issue.net
2020-06-26 15:02:27 Result: file /etc/issue.net exists
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID BANN-7130 (Check issue.net banner file contents)
2020-06-26 15:02:27 Test: Checking file /etc/issue.net contents for legal key words
2020-06-26 15:02:27 Result: found string 'access'
2020-06-26 15:02:27 Result: found string 'authori'
2020-06-26 15:02:27 Result: found string 'condition'
2020-06-26 15:02:27 Result: found string 'consent'
2020-06-26 15:02:27 Result: found string 'enforce'
2020-06-26 15:02:27 Result: found string 'law'
2020-06-26 15:02:27 Result: found string 'monitor'
2020-06-26 15:02:27 Result: found string 'privacy'
2020-06-26 15:02:27 Result: found string 'private'
2020-06-26 15:02:27 Result: found string 'subject'
2020-06-26 15:02:27 Result: found string 'system'
2020-06-26 15:02:27 Result: Found 11 key words, to warn unauthorized users
2020-06-26 15:02:27 Hardening: assigned maximum number of hardening points for this item (2). Currently having 216 points (out of 290)
2020-06-26 15:02:27 Security check: file is normal
2020-06-26 15:02:27 Checking permissions of /usr/share/lynis/include/tests_scheduling
2020-06-26 15:02:27 File permissions are OK
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Action: Performing tests from category: Scheduled tasks
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID SCHD-7702 (Check status of cron daemon)
2020-06-26 15:02:27 Result: cron daemon running
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID SCHD-7704 (Check crontab/cronjobs)
2020-06-26 15:02:27 Test: checking directory /etc/cron.d
2020-06-26 15:02:27 Test: check if we can access /etc/cron.d (escaped: /etc/cron.d)
2020-06-26 15:02:27 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:27 Result: file /etc/cron.d is readable (or directory accessible).
2020-06-26 15:02:27 Result: found directory /etc/cron.d
2020-06-26 15:02:27 Test: searching files in /etc/cron.d
2020-06-26 15:02:27 Result: found one or more files in /etc/cron.d. Analyzing files..
2020-06-26 15:02:27 Result: Found cronjob (/etc/cron.d/0hourly): 01,*,*,*,*,root,run-parts,/etc/cron.hourly
2020-06-26 15:02:27 Result: Found cronjob (/etc/cron.d/aide): 0,0,*,*,*,root,/usr/sbin/aide,--check
2020-06-26 15:02:27 Result: done with analyzing files in /etc/cron.d
2020-06-26 15:02:27 Test: checking directory /etc/cron.hourly
2020-06-26 15:02:27 Result: found directory /etc/cron.hourly
2020-06-26 15:02:27 Test: check if we can access /etc/cron.hourly (escaped: /etc/cron.hourly)
2020-06-26 15:02:27 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:27 Result: file /etc/cron.hourly is readable (or directory accessible).
2020-06-26 15:02:27 Test: searching files in /etc/cron.hourly
2020-06-26 15:02:27 Result: found one or more files in /etc/cron.hourly. Analyzing files..
2020-06-26 15:02:27 Result: Found cronjob (/etc/cron.hourly): /etc/cron.hourly/0anacron
2020-06-26 15:02:27 Result: done with analyzing files in /etc/cron.hourly
2020-06-26 15:02:27 Test: checking directory /etc/cron.daily
2020-06-26 15:02:27 Result: found directory /etc/cron.daily
2020-06-26 15:02:27 Test: check if we can access /etc/cron.daily (escaped: /etc/cron.daily)
2020-06-26 15:02:27 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:27 Result: file /etc/cron.daily is readable (or directory accessible).
2020-06-26 15:02:27 Test: searching files in /etc/cron.daily
2020-06-26 15:02:27 Result: found one or more files in /etc/cron.daily. Analyzing files..
2020-06-26 15:02:27 Result: Found cronjob (/etc/cron.daily): /etc/cron.daily/logrotate
2020-06-26 15:02:27 Result: Found cronjob (/etc/cron.daily): /etc/cron.daily/man-db.cron
2020-06-26 15:02:27 Result: done with analyzing files in /etc/cron.daily
2020-06-26 15:02:27 Test: checking directory /etc/cron.weekly
2020-06-26 15:02:27 Result: found directory /etc/cron.weekly
2020-06-26 15:02:27 Test: check if we can access /etc/cron.weekly (escaped: /etc/cron.weekly)
2020-06-26 15:02:27 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:27 Result: file /etc/cron.weekly is readable (or directory accessible).
2020-06-26 15:02:27 Test: searching files in /etc/cron.weekly
2020-06-26 15:02:27 Result: no files found in /etc/cron.weekly
2020-06-26 15:02:27 Test: checking directory /etc/cron.monthly
2020-06-26 15:02:27 Result: found directory /etc/cron.monthly
2020-06-26 15:02:27 Test: check if we can access /etc/cron.monthly (escaped: /etc/cron.monthly)
2020-06-26 15:02:27 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:27 Result: file /etc/cron.monthly is readable (or directory accessible).
2020-06-26 15:02:27 Test: searching files in /etc/cron.monthly
2020-06-26 15:02:27 Result: no files found in /etc/cron.monthly
2020-06-26 15:02:27 Test: checking anacrontab
2020-06-26 15:02:27 Found anacron job (/etc/anacrontab): 1,5,cron.daily,nice,run-parts,/etc/cron.daily
2020-06-26 15:02:27 Found anacron job (/etc/anacrontab): 7,25,cron.weekly,nice,run-parts,/etc/cron.weekly
2020-06-26 15:02:27 Found anacron job (/etc/anacrontab): @monthly,45,cron.monthly,nice,run-parts,/etc/cron.monthly
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID SCHD-7718 (Check at users)
2020-06-26 15:02:27 Test: Checking atd status
2020-06-26 15:02:27 Result: at daemon not active
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Skipped test SCHD-7720 (Check at users)
2020-06-26 15:02:27 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Skipped test SCHD-7724 (Check at jobs)
2020-06-26 15:02:27 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:27 Result: no scheduled Lynis execution found (e.g. crontab, cronjob)
2020-06-26 15:02:27 Security check: file is normal
2020-06-26 15:02:27 Checking permissions of /usr/share/lynis/include/tests_accounting
2020-06-26 15:02:27 File permissions are OK
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Action: Performing tests from category: Accounting
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Skipped test ACCT-2754 (Check for available FreeBSD accounting information)
2020-06-26 15:02:27 Reason to skip: Incorrect guest OS (FreeBSD only)
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Skipped test ACCT-2760 (Check for available OpenBSD accounting information)
2020-06-26 15:02:27 Reason to skip: Incorrect guest OS (OpenBSD only)
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID ACCT-9622 (Check for available Linux accounting information)
2020-06-26 15:02:27 Test: Check accounting information
2020-06-26 15:02:27 Result: No accounting information available (/var/account/pacct, /var/log/account/pact nor /var/log/pact exist)
2020-06-26 15:02:27 Remark: Possibly there is another location where the accounting data is stored
2020-06-26 15:02:27 Suggestion: Enable process accounting [test:ACCT-9622] [details:-] [solution:-]
2020-06-26 15:02:27 Hardening: assigned partial number of hardening points (2 of 3). Currently having 218 points (out of 293)
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID ACCT-9626 (Check for sysstat accounting data)
2020-06-26 15:02:27 Test: check /etc/default/sysstat presence
2020-06-26 15:02:27 Result: sysstat not found via /etc/default/sysstat or /etc/cron.d/sysstat
2020-06-26 15:02:27 Suggestion: Enable sysstat to collect accounting (no results) [test:ACCT-9626] [details:-] [solution:-]
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID ACCT-9628 (Check for auditd)
2020-06-26 15:02:27 Test: Check auditd status
2020-06-26 15:02:27 Performing pgrep scan without uid
2020-06-26 15:02:27 IsRunning: process 'auditd' found (30391 )
2020-06-26 15:02:27 Result: auditd running
2020-06-26 15:02:27 Hardening: assigned maximum number of hardening points for this item (4). Currently having 222 points (out of 297)
2020-06-26 15:02:27 ====
2020-06-26 15:02:27 Performing test ID ACCT-9630 (Check for auditd rules)
2020-06-26 15:02:27 Test: Checking auditd rules
2020-06-26 15:02:27 Result: found auditd rules
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/sbin/semanage -F auid>=1000 -F auid!=-1 -F key=privileged-priv_change
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/sbin/setsebool -F auid>=1000 -F auid!=-1 -F key=privileged-priv_change
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/bin/chcon -F auid>=1000 -F auid!=-1 -F key=privileged-priv_change
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/sbin/setfiles -F auid>=1000 -F auid!=-1 -F key=privileged-priv_change
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/bin/passwd -F auid>=1000 -F auid!=-1 -F key=privileged-passwd
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/sbin/unix_chkpwd -F auid>=1000 -F auid!=-1 -F key=privileged-passwd
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/bin/gpasswd -F auid>=1000 -F auid!=-1 -F key=privileged-passwd
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/bin/chage -F auid>=1000 -F auid!=-1 -F key=privileged-passwd
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/sbin/userhelper -F auid>=1000 -F auid!=-1 -F key=privileged-passwd
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/bin/su -F auid>=1000 -F auid!=-1 -F key=privileged-priv_change
2020-06-26 15:02:27 Output: -a always,exit -S all -F path=/usr/bin/sudo -F auid>=1000 -F auid!=-1 -F key=privileged-priv_change
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=-1 -F key=privileged-priv_change
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/bin/chsh -F auid>=1000 -F auid!=-1 -F key=privileged-priv_change
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/bin/mount -F auid>=1000 -F auid!=-1 -F key=privileged-mount
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/bin/umount -F auid>=1000 -F auid!=-1 -F key=privileged-mount
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/sbin/postdrop -F auid>=1000 -F auid!=-1 -F key=privileged-postfix
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/sbin/postqueue -F auid>=1000 -F auid!=-1 -F key=privileged-postfix
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/libexec/openssh/ssh-keysign -F auid>=1000 -F auid!=-1 -F key=privileged-ssh
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/bin/crontab -F auid>=1000 -F auid!=-1 -F key=privileged-cron
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/sbin/pam_timestamp_check -F auid>=1000 -F auid!=-1 -F key=privileged-pam
2020-06-26 15:02:28 Output: -a always,exit -S all -F path=/usr/bin/kmod -F perm=x -F auid!=-1 -F key=module-change
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -F key=setuid
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -F key=setuid
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -F key=setgid
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -F key=setgid
2020-06-26 15:02:28 Output: -w /var/run/faillock -p wa -k logins
2020-06-26 15:02:28 Output: -w /var/log/lastlog -p wa -k logins
2020-06-26 15:02:28 Output: -w /etc/sudoers -p wa -k privileged-actions
2020-06-26 15:02:28 Output: -w /etc/sudoers.d -p wa -k privileged-actions
2020-06-26 15:02:28 Output: -w /etc/passwd -p wa -k identity
2020-06-26 15:02:28 Output: -w /etc/group -p wa -k identity
2020-06-26 15:02:28 Output: -w /etc/gshadow -p wa -k identity
2020-06-26 15:02:28 Output: -w /etc/shadow -p wa -k identity
2020-06-26 15:02:28 Output: -w /etc/security/opasswd -p wa -k identity
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S chown -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S fchown -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S lchown -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S fchownat -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S chmod -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S fchmod -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S fchmodat -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S setxattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S fsetxattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S lsetxattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S removexattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S fremovexattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=-1 -F key=perm_mod
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=-1 -F key=privileged-mount
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=-1 -F key=privileged-mount
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S create_module -F key=module-change
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S create_module -F key=module-change
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S init_module -F key=module-change
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S init_module -F key=module-change
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S finit_module -F key=module-change
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S finit_module -F key=module-change
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S delete_module -F key=module-change
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S delete_module -F key=module-change
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S rename -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S rename -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S renameat -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S renameat -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S rmdir -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S rmdir -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S unlink -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S unlink -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 Output: -a always,exit -F arch=b64 -S unlinkat -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 Output: -a always,exit -F arch=b32 -S unlinkat -F auid>=1000 -F auid!=-1 -F key=delete
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Performing test ID ACCT-9632 (Check for auditd configuration file)
2020-06-26 15:02:28 Test: Checking auditd configuration file
2020-06-26 15:02:28 Result: /etc/auditd.conf not found
2020-06-26 15:02:28 Result: Found /etc/audit/auditd.conf
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Performing test ID ACCT-9634 (Check for auditd log file)
2020-06-26 15:02:28 Test: Checking auditd log file
2020-06-26 15:02:28 Result: log file is defined
2020-06-26 15:02:28 Defined value: /var/log/audit/audit.log
2020-06-26 15:02:28 Result: log file /var/log/audit/audit.log exists on disk
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Performing test ID ACCT-9636 (Check for Snoopy wrapper and logger)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test ACCT-9650 (Check Solaris audit daemon)
2020-06-26 15:02:28 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test ACCT-9652 (Check auditd SMF status)
2020-06-26 15:02:28 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test ACCT-9654 (Check BSM auditing in /etc/system)
2020-06-26 15:02:28 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test ACCT-9656 (Check BSM auditing in module list)
2020-06-26 15:02:28 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test ACCT-9660 (Check location of audit events)
2020-06-26 15:02:28 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test ACCT-9662 (Check Solaris auditing stats)
2020-06-26 15:02:28 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:28 Security check: file is normal
2020-06-26 15:02:28 Checking permissions of /usr/share/lynis/include/tests_time
2020-06-26 15:02:28 File permissions are OK
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Action: Performing tests from category: Time and Synchronization
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Performing test ID TIME-3104 (Check for running NTP daemon or client)
2020-06-26 15:02:28 Test: Searching for a running NTP daemon or available client
2020-06-26 15:02:28 result: found chrony configuration: /etc/chrony.conf
2020-06-26 15:02:28 Performing pgrep scan without uid
2020-06-26 15:02:28 IsRunning: process 'chronyd' found (30293 )
2020-06-26 15:02:28 Performing pgrep scan without uid
2020-06-26 15:02:28 IsRunning: process 'dntpd' not found
2020-06-26 15:02:28 Performing pgrep scan without uid
2020-06-26 15:02:28 IsRunning: process 'timed' not found
2020-06-26 15:02:28 Result: /etc/systemd/timesyncd.conf does not exist
2020-06-26 15:02:28 Test: checking for ntpdate or rdate in crontab file /etc/anacrontab
2020-06-26 15:02:28 Result: no ntpdate or rdate reference found in crontab file /etc/anacrontab
2020-06-26 15:02:28 Test: checking for ntpdate or rdate in crontab file /etc/crontab
2020-06-26 15:02:28 Result: no ntpdate or rdate reference found in crontab file /etc/crontab
2020-06-26 15:02:28 Test: check if we can access /etc/cron.d (escaped: /etc/cron.d)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.d is readable (or directory accessible).
2020-06-26 15:02:28 Test: checking for ntpdate or rdate in /etc/cron.d/0hourly
2020-06-26 15:02:28 Test: check if we can access /etc/cron.d/0hourly (escaped: /etc/cron.d/0hourly)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.d/0hourly is readable (or directory accessible).
2020-06-26 15:02:28 Test: checking for ntpdate or rdate in /etc/cron.d/aide
2020-06-26 15:02:28 Test: check if we can access /etc/cron.d/aide (escaped: /etc/cron.d/aide)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.d/aide is readable (or directory accessible).
2020-06-26 15:02:28 Test: check if we can access /etc/cron.hourly (escaped: /etc/cron.hourly)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.hourly is readable (or directory accessible).
2020-06-26 15:02:28 Test: checking for ntpdate or rdate in /etc/cron.hourly/0anacron
2020-06-26 15:02:28 Test: check if we can access /etc/cron.hourly/0anacron (escaped: /etc/cron.hourly/0anacron)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.hourly/0anacron is readable (or directory accessible).
2020-06-26 15:02:28 Test: check if we can access /etc/cron.daily (escaped: /etc/cron.daily)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.daily is readable (or directory accessible).
2020-06-26 15:02:28 Test: checking for ntpdate or rdate in /etc/cron.daily/logrotate
2020-06-26 15:02:28 Test: check if we can access /etc/cron.daily/logrotate (escaped: /etc/cron.daily/logrotate)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.daily/logrotate is readable (or directory accessible).
2020-06-26 15:02:28 Test: checking for ntpdate or rdate in /etc/cron.daily/man-db.cron
2020-06-26 15:02:28 Test: check if we can access /etc/cron.daily/man-db.cron (escaped: /etc/cron.daily/man-db.cron)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.daily/man-db.cron is readable (or directory accessible).
2020-06-26 15:02:28 Test: check if we can access /etc/cron.weekly (escaped: /etc/cron.weekly)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.weekly is readable (or directory accessible).
2020-06-26 15:02:28 Result: /etc/cron.weekly is empty, skipping search in directory
2020-06-26 15:02:28 Test: check if we can access /etc/cron.monthly (escaped: /etc/cron.monthly)
2020-06-26 15:02:28 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:28 Result: file /etc/cron.monthly is readable (or directory accessible).
2020-06-26 15:02:28 Result: /etc/cron.monthly is empty, skipping search in directory
2020-06-26 15:02:28 Result: no ntpdate or rdate found in cron directories
2020-06-26 15:02:28 Test: checking for file /etc/network/if-up.d/ntpdate
2020-06-26 15:02:28 Result: file /etc/network/if-up.d/ntpdate does not exist
2020-06-26 15:02:28 Result: Found a time syncing daemon/client.
2020-06-26 15:02:28 Hardening: assigned maximum number of hardening points for this item (3). Currently having 225 points (out of 300)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test TIME-3106 (Check systemd NTP time synchronization status)
2020-06-26 15:02:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test TIME-3112 (Check active NTP associations ID's)
2020-06-26 15:02:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test TIME-3116 (Check peers with stratum value of 16)
2020-06-26 15:02:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test TIME-3120 (Check unreliable NTP peers)
2020-06-26 15:02:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test TIME-3124 (Check selected time source)
2020-06-26 15:02:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test TIME-3128 (Check preferred time source)
2020-06-26 15:02:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test TIME-3132 (Check NTP falsetickers)
2020-06-26 15:02:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:28 ====
2020-06-26 15:02:28 Skipped test TIME-3136 (Check NTP protocol version)
2020-06-26 15:02:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:28 ====
2020-06-26 15:02:29 Performing test ID TIME-3148 (Check TZ variable)
2020-06-26 15:02:29 Test: testing for TZ variable
2020-06-26 15:02:29 Result: found TZ variable with value notset
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test TIME-3160 (Check empty NTP step-tickers)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID TIME-3170 (Check configuration files)
2020-06-26 15:02:29 Result: found /etc/chrony.conf
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test TIME-3180 (Report if ntpctl cannot communicate with OpenNTPD)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test TIME-3181 (Check status of OpenNTPD time synchronisation)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test TIME-3182 (Check OpenNTPD has working peers)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 Security check: file is normal
2020-06-26 15:02:29 Checking permissions of /usr/share/lynis/include/tests_crypto
2020-06-26 15:02:29 File permissions are OK
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Action: Performing tests from category: Cryptography
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID CRYP-7902 (Check expire date of SSL certificates)
2020-06-26 15:02:29 Paths to scan: /etc/apache2 /etc/dovecot /etc/httpd /etc/letsencrypt /etc/pki /etc/postfix /etc/ssl /opt/psa/var/certificates /usr/local/psa/var/certificates /usr/local/share/ca-certificates /usr/share/ca-certificates /usr/share/gnupg /var/www /srv/www
2020-06-26 15:02:29 Paths to ignore: /etc/letsencrypt/archive
2020-06-26 15:02:29 Result: SSL path /etc/apache2 does not exist
2020-06-26 15:02:29 Result: SSL path /etc/dovecot does not exist
2020-06-26 15:02:29 Result: SSL path /etc/httpd does not exist
2020-06-26 15:02:29 Result: SSL path /etc/letsencrypt does not exist
2020-06-26 15:02:29 Test: check if we can access /etc/pki (escaped: /etc/pki)
2020-06-26 15:02:29 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:29 Result: file /etc/pki is readable (or directory accessible).
2020-06-26 15:02:29 Result: found directory /etc/pki
2020-06-26 15:02:29 Test: check if we can access /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt (escaped: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt)
2020-06-26 15:02:29 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:29 Result: file /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt is readable (or directory accessible).
2020-06-26 15:02:29 Result: file '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt' belongs to package (ca)
2020-06-26 15:02:29 Test: check if we can access /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem (escaped: /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem)
2020-06-26 15:02:29 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:29 Result: file /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem is readable (or directory accessible).
2020-06-26 15:02:29 Result: file '/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem' belongs to package (ca)
2020-06-26 15:02:29 Test: check if we can access /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem (escaped: /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem)
2020-06-26 15:02:29 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:29 Result: file /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem is readable (or directory accessible).
2020-06-26 15:02:29 Result: file '/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem' belongs to package (ca)
2020-06-26 15:02:29 Test: check if we can access /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (escaped: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem)
2020-06-26 15:02:29 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:29 Result: file /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem is readable (or directory accessible).
2020-06-26 15:02:29 Result: file '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem' belongs to package (ca)
2020-06-26 15:02:29 Result: found 4 certificates in /etc/pki
2020-06-26 15:02:29 Test: check if we can access /etc/postfix (escaped: /etc/postfix)
2020-06-26 15:02:29 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:29 Result: file /etc/postfix is readable (or directory accessible).
2020-06-26 15:02:29 Result: found directory /etc/postfix
2020-06-26 15:02:29 Result: found 0 certificates in /etc/postfix
2020-06-26 15:02:29 Test: check if we can access /etc/ssl (escaped: /etc/ssl)
2020-06-26 15:02:29 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:29 Result: file /etc/ssl is readable (or directory accessible).
2020-06-26 15:02:29 Result: found directory /etc/ssl
2020-06-26 15:02:29 Result: found 0 certificates in /etc/ssl
2020-06-26 15:02:29 Result: SSL path /opt/psa/var/certificates does not exist
2020-06-26 15:02:29 Result: SSL path /usr/local/psa/var/certificates does not exist
2020-06-26 15:02:29 Result: SSL path /usr/local/share/ca-certificates does not exist
2020-06-26 15:02:29 Result: SSL path /usr/share/ca-certificates does not exist
2020-06-26 15:02:29 Test: check if we can access /usr/share/gnupg (escaped: /usr/share/gnupg)
2020-06-26 15:02:29 Result: file is owned by our current user ID (0), checking if it is readable
2020-06-26 15:02:29 Result: file /usr/share/gnupg is readable (or directory accessible).
2020-06-26 15:02:29 Result: found directory /usr/share/gnupg
2020-06-26 15:02:29 Result: found 0 certificates in /usr/share/gnupg
2020-06-26 15:02:29 Result: SSL path /var/www does not exist
2020-06-26 15:02:29 Result: SSL path /srv/www does not exist
2020-06-26 15:02:29 Result: found a total of 4 certificates
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID CRYP-7930 (Determine if system uses LUKS block device encryption)
2020-06-26 15:02:29 Result: crypttab (/etc/crypttab) exists
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test CRYP-7931 (Determine if system uses encrypted swap)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID CRYP-8002 (Gather available kernel entropy)
2020-06-26 15:02:29 Result: found kernel entropy value of 1178
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID CRYP-8004 (Presence of hardware random number generators)
2020-06-26 15:02:29 Test: looking for /sys/class/misc/hw_random/rng_current
2020-06-26 15:02:29 Result: no HW RNG available
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID CRYP-8005 (Presence of software pseudo random number generators)
2020-06-26 15:02:29 Test: looking for software pseudo random number generators
2020-06-26 15:02:29 Performing pgrep scan without uid
2020-06-26 15:02:29 IsRunning: process 'audio-entropyd' not found
2020-06-26 15:02:29 Performing pgrep scan without uid
2020-06-26 15:02:29 IsRunning: process 'haveged' not found
2020-06-26 15:02:29 Performing pgrep scan without uid
2020-06-26 15:02:29 IsRunning: process 'jitterentropy-rngd' not found
2020-06-26 15:02:29 Suggestion: Utilize software pseudo random number generators [test:CRYP-8005] [details:-] [solution:-]
2020-06-26 15:02:29 Security check: file is normal
2020-06-26 15:02:29 Checking permissions of /usr/share/lynis/include/tests_virtualization
2020-06-26 15:02:29 File permissions are OK
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Action: Performing tests from category: Virtualization
2020-06-26 15:02:29 Security check: file is normal
2020-06-26 15:02:29 Checking permissions of /usr/share/lynis/include/tests_containers
2020-06-26 15:02:29 File permissions are OK
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Action: Performing tests from category: Containers
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test CONT-8004 (Query running Solaris zones)
2020-06-26 15:02:29 Reason to skip: Incorrect guest OS (Solaris only)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID CONT-8102 (Checking Docker status and information)
2020-06-26 15:02:29 Performing pgrep scan without uid
2020-06-26 15:02:29 IsRunning: process 'dockerd' not found
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test CONT-8104 (Checking Docker info for any warnings)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test CONT-8106 (Gather basic stats from Docker)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test CONT-8107 (Check number of Docker containers)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test CONT-8108 (Check file permissions for Docker files)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 Security check: file is normal
2020-06-26 15:02:29 Checking permissions of /usr/share/lynis/include/tests_mac_frameworks
2020-06-26 15:02:29 File permissions are OK
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Action: Performing tests from category: Security frameworks
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID MACF-6204 (Check AppArmor presence)
2020-06-26 15:02:29 Result: aa-status binary not found, AppArmor not installed
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Skipped test MACF-6208 (Check if AppArmor is enabled)
2020-06-26 15:02:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID MACF-6232 (Check SELINUX presence)
2020-06-26 15:02:29 Test: checking if we have sestatus binary
2020-06-26 15:02:29 Result: found sestatus binary (/usr/sbin/sestatus)
2020-06-26 15:02:29 ====
2020-06-26 15:02:29 Performing test ID MACF-6234 (Check SELINUX status)
2020-06-26 15:02:29 Result: SELinux framework is enabled
2020-06-26 15:02:29 Result: current SELinux mode is enforcing
2020-06-26 15:02:29 Result: mode configured in config file is enforcing
2020-06-26 15:02:29 Result: Current SELinux mode is the same as in config file.
2020-06-26 15:02:31 Permissive SELinux object types:
2020-06-26 15:02:31 Unconfined processes: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 11103 sshd: centos@pts/0 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 11104 -bash unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 11122 sudo lynis audit system unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 11125 /bin/sh /bin/lynis audit system unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 32399 /bin/sh /bin/lynis audit system unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 32400 /usr/bin/ps -eo label,pid,command unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 32401 /usr/bin/grep [u]nconfined_t unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 32402 /usr/bin/tr \n
2020-06-26 15:02:31 Processes with initrc_t type:
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID MACF-6240 (Check TOMOYO Linux presence)
2020-06-26 15:02:31 Test: checking if we have tomoyo-init binary
2020-06-26 15:02:31 Result: tomoyo-init binary not found
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Skipped test MACF-6242 (Check TOMOYO Linux status)
2020-06-26 15:02:31 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID RBAC-6272 (Check grsecurity presence)
2020-06-26 15:02:31 Result: no grsecurity found in kernel config
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID MACF-6290 (Check for implemented MAC framework)
2020-06-26 15:02:31 Hardening: assigned maximum number of hardening points for this item (3). Currently having 228 points (out of 303)
2020-06-26 15:02:31 Result: found implemented MAC framework
2020-06-26 15:02:31 Security check: file is normal
2020-06-26 15:02:31 Checking permissions of /usr/share/lynis/include/tests_file_integrity
2020-06-26 15:02:31 File permissions are OK
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Action: Performing tests from category: Software: file integrity
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4310 (AFICK availability)
2020-06-26 15:02:31 Test: Checking AFICK binary
2020-06-26 15:02:31 Result: AFICK is not installed
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4314 (AIDE availability)
2020-06-26 15:02:31 Test: Checking AIDE binary
2020-06-26 15:02:31 Result: AIDE is installed (/usr/sbin/aide)
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4315 (Check AIDE configuration file)
2020-06-26 15:02:31 Test: search for aide.conf in /etc /etc/aide /usr/local/etc
2020-06-26 15:02:31 Result: found aide.conf in directory /etc
2020-06-26 15:02:31 Checking configuration file /etc/aide.conf for errors
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4316 (Presence of AIDE database and size check)
2020-06-26 15:02:31 Test: search for AIDE database on disk /var/lib/aide/aide.db.gz
2020-06-26 15:02:31 Checking database size /var/lib/aide/aide.db.gz
2020-06-26 15:02:31 Result: AIDE database /var/lib/aide/aide.db.gz exist and has a size greater than zero
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4318 (Osiris availability)
2020-06-26 15:02:31 Test: Checking Osiris binary
2020-06-26 15:02:31 Result: Osiris is not installed
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4322 (Samhain availability)
2020-06-26 15:02:31 Test: Checking Samhain binary
2020-06-26 15:02:31 Result: Samhain is not installed
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4326 (Tripwire availability)
2020-06-26 15:02:31 Test: Checking Tripwire binary
2020-06-26 15:02:31 Result: Tripwire is not installed
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4328 (OSSEC syscheck daemon running)
2020-06-26 15:02:31 Test: Checking if OSSEC syscheck daemon is running
2020-06-26 15:02:31 Performing pgrep scan without uid
2020-06-26 15:02:31 IsRunning: process 'ossec-syscheckd' not found
2020-06-26 15:02:31 Result: syscheck (OSSEC) is not active
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4330 (mtree availability)
2020-06-26 15:02:31 Test: Checking mtree binary
2020-06-26 15:02:31 Result: mtree is not installed
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Skipped test FINT-4334 (Check lfd daemon status)
2020-06-26 15:02:31 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Skipped test FINT-4336 (Check lfd configuration status)
2020-06-26 15:02:31 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4338 (osqueryd syscheck daemon running)
2020-06-26 15:02:31 Test: Checking if osqueryd syscheck daemon is running
2020-06-26 15:02:31 Performing pgrep scan without uid
2020-06-26 15:02:31 IsRunning: process 'osqueryd' not found
2020-06-26 15:02:31 Result: syscheck (osquery) not installed
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Skipped test FINT-4339 (Check IMA/EVM status)
2020-06-26 15:02:31 Reason to skip: No evmctl binary found
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Skipped test FINT-4340 (Check dm-integrity status)
2020-06-26 15:02:31 Reason to skip: No integritysetup binary found
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Skipped test FINT-4341 (Check dm-verity status)
2020-06-26 15:02:31 Reason to skip: No veritysetup binary found
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4402 (AIDE configuration: Checksums (SHA256 or SHA512))
2020-06-26 15:02:31 Result: Found SHA256 or SHA512 found for creating checksums
2020-06-26 15:02:31 Hardening: assigned maximum number of hardening points for this item (2). Currently having 230 points (out of 305)
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID FINT-4350 (File integrity software installed)
2020-06-26 15:02:31 Test: Check if at least on file integrity tool is available/installed
2020-06-26 15:02:31 Result: found at least one file integrity tool
2020-06-26 15:02:31 Hardening: assigned maximum number of hardening points for this item (5). Currently having 235 points (out of 310)
2020-06-26 15:02:31 Security check: file is normal
2020-06-26 15:02:31 Checking permissions of /usr/share/lynis/include/tests_tooling
2020-06-26 15:02:31 File permissions are OK
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Action: Performing tests from category: Software: System tooling
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID TOOL-5002 (Checking for automation tools)
2020-06-26 15:02:31 Test: checking if directory /root/.ansible exists
2020-06-26 15:02:31 Result: directory /root/.ansible NOT found
2020-06-26 15:02:31 Test: checking if directory /etc/ansible exists
2020-06-26 15:02:31 Result: directory /etc/ansible NOT found
2020-06-26 15:02:31 Test: checking if directory /root/.ansible exists
2020-06-26 15:02:31 Result: directory /root/.ansible NOT found
2020-06-26 15:02:31 Test: checking if directory /tmp/.ansible exists
2020-06-26 15:02:31 Result: directory /tmp/.ansible NOT found
2020-06-26 15:02:31 Test: checking if file /var/log/ansible.log exists
2020-06-26 15:02:31 Result: file /var/log/ansible.log NOT found
2020-06-26 15:02:31 Test: checking if file ~/.ansible-retry exists
2020-06-26 15:02:31 Result: file ~/.ansible-retry NOT found
2020-06-26 15:02:31 Performing pgrep scan without uid
2020-06-26 15:02:31 IsRunning: process 'puppet master' not found
2020-06-26 15:02:31 Suggestion: Determine if automation tools are present for system management [test:TOOL-5002] [details:-] [solution:-]
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID TOOL-5102 (Check for presence of Fail2ban)
2020-06-26 15:02:31 Result: Fail2ban is installed (/usr/bin/fail2ban-server)
2020-06-26 15:02:31 Checking Fail2ban configuration file
2020-06-26 15:02:31 ====
2020-06-26 15:02:31 Performing test ID TOOL-5104 (Enabled tests in Fail2ban)
2020-06-26 15:02:31 Result: Fail2ban installed but completely disabled
2020-06-26 15:02:31 Hardening: assigned partial number of hardening points (0 of 5). Currently having 235 points (out of 315)
2020-06-26 15:02:31 Warning: All jails in Fail2ban are disabled [test:TOOL-5104] [details:/etc/fail2ban/jail.conf] [solution:-]
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID TOOL-5120 (Check for presence of Snort)
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'snort' not found
2020-06-26 15:02:32 Result: Snort not present (Snort not running)
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID TOOL-5122 (Check Snort configuration file)
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID TOOL-5126 (Check for active OSSEC daemon)
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'ossec-analysisd' not found
2020-06-26 15:02:32 Result: OSSEC analysis daemon not active
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'ossec-agentd' not found
2020-06-26 15:02:32 Result: OSSEC agent daemon not active
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID TOOL-5190 (Check presence of IDS/IPS tool)
2020-06-26 15:02:32 Hardening: assigned maximum number of hardening points for this item (2). Currently having 237 points (out of 317)
2020-06-26 15:02:32 Security check: file is normal
2020-06-26 15:02:32 Checking permissions of /usr/share/lynis/include/tests_malware
2020-06-26 15:02:32 File permissions are OK
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Action: Performing tests from category: Software: Malware
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID MALW-3275 (Check for chkrootkit)
2020-06-26 15:02:32 Test: checking presence chkrootkit
2020-06-26 15:02:32 Result: chkrootkit not found
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID MALW-3276 (Check for Rootkit Hunter)
2020-06-26 15:02:32 Test: checking presence Rootkit Hunter
2020-06-26 15:02:32 Result: Rootkit Hunter not found
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID MALW-3278 (Check for LMD)
2020-06-26 15:02:32 Test: checking presence LMD
2020-06-26 15:02:32 Result: LMD not found
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID MALW-3280 (Check if anti-virus tool is installed)
2020-06-26 15:02:32 Test: checking process esets_daemon
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'esets_daemon' not found
2020-06-26 15:02:32 Test: checking process epagd
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'epagd' not found
2020-06-26 15:02:32 Test: checking process com.avast.daemon
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'com.avast.daemon' not found
2020-06-26 15:02:32 Test: checking process Avira daemon
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'avqmd' not found
2020-06-26 15:02:32 Test: checking process falcon-sensor (CrowdStrike)
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'falcon-sensor' not found
2020-06-26 15:02:32 Test: checking process CylanceSvc
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'CylanceSvc' not found
2020-06-26 15:02:32 Test: checking process wdserver or klnagent (Kaspersky)
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'klnagent' not found
2020-06-26 15:02:32 Test: checking process cma or cmdagent (McAfee)
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'cmdagent' not found
2020-06-26 15:02:32 Test: checking process savscand
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'savscand' not found
2020-06-26 15:02:32 Test: checking process SophosScanD
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'SophosScanD' not found
2020-06-26 15:02:32 Test: checking process rtvscand
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'rtvscand' not found
2020-06-26 15:02:32 Test: checking process Symantec management client service
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'smcd' not found
2020-06-26 15:02:32 Test: checking process Symantec Endpoint Protection configuration service
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'symcfgd' not found
2020-06-26 15:02:32 Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'TmccMac' not found
2020-06-26 15:02:32 Result: no commercial anti-virus tools found
2020-06-26 15:02:32 Hardening: assigned partial number of hardening points (0 of 3). Currently having 237 points (out of 320)
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID MALW-3282 (Check for clamscan)
2020-06-26 15:02:32 Test: checking presence clamscan
2020-06-26 15:02:32 Result: clamscan couldn't be found
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID MALW-3284 (Check for clamd)
2020-06-26 15:02:32 Test: checking running ClamAV daemon (clamd)
2020-06-26 15:02:32 Performing pgrep scan without uid
2020-06-26 15:02:32 IsRunning: process 'clamd' not found
2020-06-26 15:02:32 Result: clamd not running
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Skipped test MALW-3286 (Check for freshclam)
2020-06-26 15:02:32 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Skipped test MALW-3288 (Check for ClamXav)
2020-06-26 15:02:32 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution)
2020-06-26 15:02:32 Security check: file is normal
2020-06-26 15:02:32 Checking permissions of /usr/share/lynis/include/tests_file_permissions
2020-06-26 15:02:32 File permissions are OK
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Action: Performing tests from category: File Permissions
2020-06-26 15:02:32 ====
2020-06-26 15:02:32 Performing test ID FILE-7524 (Perform file permissions check)
2020-06-26 15:02:32 Test: Checking file permissions
2020-06-26 15:02:32 Using profile /etc/lynis/default.prf for baseline.
2020-06-26 15:02:32 Test: checking file/directory /boot/grub/grub.cfg
2020-06-26 15:02:32 Skipping file/directory /boot/grub/grub.cfg as it does not exist on this system
2020-06-26 15:02:32 Test: checking file/directory /boot/grub2/grub.cfg
2020-06-26 15:02:32 Test: checking if file /boot/grub2/grub.cfg has the permissions set to 600 or more restrictive
2020-06-26 15:02:32 Outcome: permissions of file /boot/grub2/grub.cfg are not matching expected value (644 != rw-------)
2020-06-26 15:02:32 Test: checking file/directory /boot/grub2/user.cfg
2020-06-26 15:02:32 Test: checking if file /boot/grub2/user.cfg has the permissions set to 600 or more restrictive
2020-06-26 15:02:32 Outcome: permissions of file /boot/grub2/user.cfg are not matching expected value (644 != rw-------)
2020-06-26 15:02:32 Test: checking file/directory /etc/at.allow
2020-06-26 15:02:32 Skipping file/directory /etc/at.allow as it does not exist on this system
2020-06-26 15:02:32 Test: checking file/directory /etc/at.deny
2020-06-26 15:02:32 Skipping file/directory /etc/at.deny as it does not exist on this system
2020-06-26 15:02:32 Test: checking file/directory /etc/cron.allow
2020-06-26 15:02:32 Skipping file/directory /etc/cron.allow as it does not exist on this system
2020-06-26 15:02:32 Test: checking file/directory /etc/cron.deny
2020-06-26 15:02:32 Test: checking if file /etc/cron.deny has the permissions set to 600 or more restrictive
2020-06-26 15:02:32 Outcome: correct permissions (600)
2020-06-26 15:02:32 Test: checking file/directory /etc/crontab
2020-06-26 15:02:32 Test: checking if file /etc/crontab has the permissions set to 600 or more restrictive
2020-06-26 15:02:32 Outcome: permissions of file /etc/crontab are not matching expected value (644 != rw-------)
2020-06-26 15:02:32 Test: checking file/directory /etc/group
2020-06-26 15:02:32 Test: checking if file /etc/group has the permissions set to 644 or more restrictive
2020-06-26 15:02:32 Outcome: correct permissions (644)
2020-06-26 15:02:32 Test: checking file/directory /etc/group-
2020-06-26 15:02:32 Test: checking if file /etc/group- has the permissions set to 644 or more restrictive
2020-06-26 15:02:32 Outcome: correct permissions (644)
2020-06-26 15:02:32 Test: checking file/directory /etc/hosts.allow
2020-06-26 15:02:32 Test: checking if file /etc/hosts.allow has the permissions set to 644 or more restrictive
2020-06-26 15:02:32 Outcome: correct permissions (644)
2020-06-26 15:02:32 Test: checking file/directory /etc/hosts.deny
2020-06-26 15:02:33 Test: checking if file /etc/hosts.deny has the permissions set to 644 or more restrictive
2020-06-26 15:02:33 Outcome: correct permissions (644)
2020-06-26 15:02:33 Test: checking file/directory /etc/issue
2020-06-26 15:02:33 Test: checking if file /etc/issue has the permissions set to 644 or more restrictive
2020-06-26 15:02:33 Outcome: correct permissions (644)
2020-06-26 15:02:33 Test: checking file/directory /etc/issue.net
2020-06-26 15:02:33 Test: checking if file /etc/issue.net has the permissions set to 644 or more restrictive
2020-06-26 15:02:33 Outcome: correct permissions (644)
2020-06-26 15:02:33 Test: checking file/directory /etc/lilo.conf
2020-06-26 15:02:33 Skipping file/directory /etc/lilo.conf as it does not exist on this system
2020-06-26 15:02:33 Test: checking file/directory /etc/motd
2020-06-26 15:02:33 Test: checking if file /etc/motd has the permissions set to 644 or more restrictive
2020-06-26 15:02:33 Outcome: correct permissions (644)
2020-06-26 15:02:33 Test: checking file/directory /etc/passwd
2020-06-26 15:02:33 Test: checking if file /etc/passwd has the permissions set to 644 or more restrictive
2020-06-26 15:02:33 Outcome: correct permissions (644)
2020-06-26 15:02:33 Test: checking file/directory /etc/passwd-
2020-06-26 15:02:33 Test: checking if file /etc/passwd- has the permissions set to 644 or more restrictive
2020-06-26 15:02:33 Outcome: correct permissions (644)
2020-06-26 15:02:33 Test: checking file/directory /etc/ssh/sshd_config
2020-06-26 15:02:33 Test: checking if file /etc/ssh/sshd_config has the permissions set to 600 or more restrictive
2020-06-26 15:02:33 Outcome: correct permissions (600)
2020-06-26 15:02:33 Test: checking file/directory /root/.ssh
2020-06-26 15:02:33 Test: checking if file /root/.ssh has the permissions set to 700 or more restrictive
2020-06-26 15:02:33 Outcome: correct permissions (700)
2020-06-26 15:02:33 Test: checking file/directory /etc/cron.d
2020-06-26 15:02:33 Test: checking if file /etc/cron.d has the permissions set to 700 or more restrictive
2020-06-26 15:02:33 Outcome: permissions of file /etc/cron.d are not matching expected value (755 != rwx------)
2020-06-26 15:02:33 Test: checking file/directory /etc/cron.daily
2020-06-26 15:02:33 Test: checking if file /etc/cron.daily has the permissions set to 700 or more restrictive
2020-06-26 15:02:33 Outcome: permissions of file /etc/cron.daily are not matching expected value (755 != rwx------)
2020-06-26 15:02:33 Test: checking file/directory /etc/cron.hourly
2020-06-26 15:02:33 Test: checking if file /etc/cron.hourly has the permissions set to 700 or more restrictive
2020-06-26 15:02:33 Outcome: permissions of file /etc/cron.hourly are not matching expected value (755 != rwx------)
2020-06-26 15:02:33 Test: checking file/directory /etc/cron.weekly
2020-06-26 15:02:33 Test: checking if file /etc/cron.weekly has the permissions set to 700 or more restrictive
2020-06-26 15:02:33 Outcome: permissions of file /etc/cron.weekly are not matching expected value (755 != rwx------)
2020-06-26 15:02:33 Test: checking file/directory /etc/cron.monthly
2020-06-26 15:02:33 Test: checking if file /etc/cron.monthly has the permissions set to 700 or more restrictive
2020-06-26 15:02:33 Outcome: permissions of file /etc/cron.monthly are not matching expected value (755 != rwx------)
2020-06-26 15:02:33 Suggestion: Consider restricting file permissions [test:FILE-7524] [details:See screen output or log file] [solution:text:Use chmod to change file permissions]
2020-06-26 15:02:33 Security check: file is normal
2020-06-26 15:02:33 Checking permissions of /usr/share/lynis/include/tests_homedirs
2020-06-26 15:02:33 File permissions are OK
2020-06-26 15:02:33 ====
2020-06-26 15:02:33 Action: Performing tests from category: Home directories
2020-06-26 15:02:33 ====
2020-06-26 15:02:33 Performing test ID HOME-9302 (Create list with home directories)
2020-06-26 15:02:33 Test: query /etc/passwd to obtain home directories
2020-06-26 15:02:33 Result: found home directory: / (directory exists)
2020-06-26 15:02:33 Result: found home directory: /bin (directory exists)
2020-06-26 15:02:33 Result: found home directory: /home/centos (directory exists)
2020-06-26 15:02:33 Result: found home directory: /root (directory exists)
2020-06-26 15:02:33 Result: found home directory: /sbin (directory exists)
2020-06-26 15:02:33 Result: found home directory: /var/adm (directory exists)
2020-06-26 15:02:33 Result: found home directory: /var/empty/sshd (directory exists)
2020-06-26 15:02:33 Result: found home directory: /var/lib/chrony (directory exists)
2020-06-26 15:02:33 Result: found home directory: /var/lib/nfs (directory exists)
2020-06-26 15:02:33 Result: found home directory: /var/lib/rpcbind (directory exists)
2020-06-26 15:02:33 Result: found home directory: /var/spool/lpd (directory exists)
2020-06-26 15:02:33 Result: found home directory: /var/spool/mail (directory exists)
2020-06-26 15:02:33 Result: found home directory: /var/spool/postfix (directory exists)
2020-06-26 15:02:33 ====
2020-06-26 15:02:33 Performing test ID HOME-9304 (Check if users' home directories permissions are 750 or more restrictive)
2020-06-26 15:02:33 Test: checking directory '/home/centos' for user 'centos'
2020-06-26 15:02:33 Result: permissions of home directory /home/centos of user centos are fine
2020-06-26 15:02:33 Result: OK, all permissions of the home directories are 750 or more restrictive
2020-06-26 15:02:33 ====
2020-06-26 15:02:33 Performing test ID HOME-9306 (Check if users own their home directories)
2020-06-26 15:02:33 Test: checking directory '/home/centos' for user 'centos'
2020-06-26 15:02:33 Result: ownership of home directory /home/centos for user centos looks to be correct
2020-06-26 15:02:33 Result: OK, all users own their home directories
2020-06-26 15:02:33 ====
2020-06-26 15:02:33 Performing test ID HOME-9310 (Checking for suspicious shell history files)
2020-06-26 15:02:33 Result: Ok, history files are type 'file'.
2020-06-26 15:02:33 Remark: History files are normally of the type 'file'. Symbolic links and other types are suspicious.
2020-06-26 15:02:33 ====
2020-06-26 15:02:33 Performing test ID HOME-9350 (Collecting information from home directories)
2020-06-26 15:02:33 Result: IGNORE_HOME_DIRS empty, no paths excluded
2020-06-26 15:02:33 Security check: file is normal
2020-06-26 15:02:33 Checking permissions of /usr/share/lynis/include/tests_kernel_hardening
2020-06-26 15:02:33 File permissions are OK
2020-06-26 15:02:33 ====
2020-06-26 15:02:33 Action: Performing tests from category: Kernel Hardening
2020-06-26 15:02:33 ====
2020-06-26 15:02:33 Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile)
2020-06-26 15:02:33 Result: sysctl key fs.protected_hardlinks contains equal expected and current value (1)
2020-06-26 15:02:33 Hardening: assigned maximum number of hardening points for this item (1). Currently having 238 points (out of 321)
2020-06-26 15:02:33 Result: sysctl key fs.protected_symlinks contains equal expected and current value (1)
2020-06-26 15:02:33 Hardening: assigned maximum number of hardening points for this item (1). Currently having 239 points (out of 322)
2020-06-26 15:02:33 Result: sysctl key fs.suid_dumpable contains equal expected and current value (0)
2020-06-26 15:02:33 Hardening: assigned maximum number of hardening points for this item (1). Currently having 240 points (out of 323)
2020-06-26 15:02:33 Result: key hw.kbd.keymap_restrict_change does not exist on this machine
2020-06-26 15:02:33 Result: key kern.sugid_coredump does not exist on this machine
2020-06-26 15:02:33 Result: key kernel.core_setuid_ok does not exist on this machine
2020-06-26 15:02:34 Result: sysctl key kernel.core_uses_pid contains equal expected and current value (1)
2020-06-26 15:02:34 Hardening: assigned maximum number of hardening points for this item (1). Currently having 241 points (out of 324)
2020-06-26 15:02:34 Result: sysctl key kernel.ctrl-alt-del contains equal expected and current value (0)
2020-06-26 15:02:34 Hardening: assigned maximum number of hardening points for this item (1). Currently having 242 points (out of 325)
2020-06-26 15:02:34 Result: sysctl key kernel.dmesg_restrict has a different value than expected in scan profile. Expected=1, Real=0
2020-06-26 15:02:34 Hardening: assigned partial number of hardening points (0 of 1). Currently having 242 points (out of 326)
2020-06-26 15:02:34 Result: key kernel.exec-shield-randomize does not exist on this machine
2020-06-26 15:02:34 Result: key kernel.exec-shield does not exist on this machine
2020-06-26 15:02:34 Result: sysctl key kernel.kptr_restrict has a different value than expected in scan profile. Expected=2, Real=0
2020-06-26 15:02:34 Hardening: assigned partial number of hardening points (0 of 1). Currently having 242 points (out of 327)
2020-06-26 15:02:34 Result: key kernel.maps_protect does not exist on this machine
2020-06-26 15:02:34 Result: sysctl key kernel.randomize_va_space contains equal expected and current value (2)
2020-06-26 15:02:34 Hardening: assigned maximum number of hardening points for this item (1). Currently having 243 points (out of 328)
2020-06-26 15:02:34 Result: key kernel.suid_dumpable does not exist on this machine
2020-06-26 15:02:34 Result: sysctl key kernel.sysrq has a different value than expected in scan profile. Expected=0, Real=16
2020-06-26 15:02:34 Hardening: assigned partial number of hardening points (0 of 1). Currently having 243 points (out of 329)
2020-06-26 15:02:34 Result: key kernel.use-nx does not exist on this machine
2020-06-26 15:02:34 Result: sysctl key kernel.yama.ptrace_scope has a different value than expected in scan profile. Expected=1 2 3, Real=0
2020-06-26 15:02:34 Hardening: assigned partial number of hardening points (0 of 1). Currently having 243 points (out of 330)
2020-06-26 15:02:34 Result: key net.inet.icmp.bmcastecho does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.icmp.drop_redirect does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.icmp.rediraccept does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.icmp.timestamp does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.ip.accept_sourceroute does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.ip.check_interface does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.ip.forwarding does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.ip.linklocal.in.allowbadttl does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.ip.process_options does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.ip.random_id does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.ip.redirect does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.ip.sourceroute does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.ip6.redirect does not exist on this machine
2020-06-26 15:02:34 Result: key net.inet.tcp.always_keepalive does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet.tcp.blackhole does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet.tcp.drop_synfin does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet.tcp.icmp_may_rst does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet.tcp.nolocaltimewait does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet.tcp.path_mtu_discovery does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet.udp.blackhole does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet6.icmp6.rediraccept does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet6.ip6.forwarding does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet6.ip6.fw.enable does not exist on this machine
2020-06-26 15:02:35 Result: key net.inet6.ip6.redirect does not exist on this machine
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.all.accept_redirects contains equal expected and current value (0)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 244 points (out of 331)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.all.accept_source_route contains equal expected and current value (0)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 245 points (out of 332)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.all.bootp_relay contains equal expected and current value (0)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 246 points (out of 333)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.all.forwarding contains equal expected and current value (0)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 247 points (out of 334)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.all.log_martians has a different value than expected in scan profile. Expected=1, Real=0
2020-06-26 15:02:35 Hardening: assigned partial number of hardening points (0 of 1). Currently having 247 points (out of 335)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.all.mc_forwarding contains equal expected and current value (0)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 248 points (out of 336)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.all.proxy_arp contains equal expected and current value (0)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 249 points (out of 337)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.all.rp_filter contains equal expected and current value (1)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 250 points (out of 338)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.all.send_redirects contains equal expected and current value (0)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 251 points (out of 339)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.default.accept_redirects contains equal expected and current value (0)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 252 points (out of 340)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 253 points (out of 341)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.conf.default.log_martians has a different value than expected in scan profile. Expected=1, Real=0
2020-06-26 15:02:35 Hardening: assigned partial number of hardening points (0 of 1). Currently having 253 points (out of 342)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.icmp_echo_ignore_broadcasts contains equal expected and current value (1)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 254 points (out of 343)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.icmp_ignore_bogus_error_responses contains equal expected and current value (1)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 255 points (out of 344)
2020-06-26 15:02:35 Result: sysctl key net.ipv4.tcp_syncookies contains equal expected and current value (1)
2020-06-26 15:02:35 Hardening: assigned maximum number of hardening points for this item (1). Currently having 256 points (out of 345)
2020-06-26 15:02:36 Result: sysctl key net.ipv4.tcp_timestamps contains equal expected and current value (0 1)
2020-06-26 15:02:36 Hardening: assigned maximum number of hardening points for this item (1). Currently having 257 points (out of 346)
2020-06-26 15:02:36 Result: sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
2020-06-26 15:02:36 Hardening: assigned partial number of hardening points (0 of 1). Currently having 257 points (out of 347)
2020-06-26 15:02:36 Result: sysctl key net.ipv6.conf.all.accept_source_route contains equal expected and current value (0)
2020-06-26 15:02:36 Hardening: assigned maximum number of hardening points for this item (1). Currently having 258 points (out of 348)
2020-06-26 15:02:36 Result: key net.ipv6.conf.all.send_redirects does not exist on this machine
2020-06-26 15:02:36 Result: sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
2020-06-26 15:02:36 Hardening: assigned partial number of hardening points (0 of 1). Currently having 258 points (out of 349)
2020-06-26 15:02:36 Result: sysctl key net.ipv6.conf.default.accept_source_route contains equal expected and current value (0)
2020-06-26 15:02:36 Hardening: assigned maximum number of hardening points for this item (1). Currently having 259 points (out of 350)
2020-06-26 15:02:36 Result: key security.bsd.hardlink_check_gid does not exist on this machine
2020-06-26 15:02:36 Result: key security.bsd.hardlink_check_uid does not exist on this machine
2020-06-26 15:02:36 Result: key security.bsd.see_other_gids does not exist on this machine
2020-06-26 15:02:36 Result: key security.bsd.see_other_uids does not exist on this machine
2020-06-26 15:02:36 Result: key security.bsd.stack_guard_page does not exist on this machine
2020-06-26 15:02:36 Result: key security.bsd.unprivileged_proc_debug does not exist on this machine
2020-06-26 15:02:36 Result: key security.bsd.unprivileged_read_msgbuf does not exist on this machine
2020-06-26 15:02:36 Result: found 8 keys that can use tuning, according scan profile
2020-06-26 15:02:36 Suggestion: One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000] [details:] [solution:Change sysctl value or disable test (skip-test=KRNL-6000:<sysctl-key>)]
2020-06-26 15:02:36 Security check: file is normal
2020-06-26 15:02:36 Checking permissions of /usr/share/lynis/include/tests_hardening
2020-06-26 15:02:36 File permissions are OK
2020-06-26 15:02:36 ====
2020-06-26 15:02:36 Action: Performing tests from category: Hardening
2020-06-26 15:02:36 ====
2020-06-26 15:02:36 Performing test ID HRDN-7220 (Check if one or more compilers are installed)
2020-06-26 15:02:36 Test: Check if one or more compilers can be found on the system
2020-06-26 15:02:36 Result: found installed compiler. See top of logfile which compilers have been found or use /usr/bin/grep to filter on 'compiler'
2020-06-26 15:02:36 Hardening: assigned partial number of hardening points (1 of 3). Currently having 260 points (out of 353)
2020-06-26 15:02:36 ====
2020-06-26 15:02:36 Performing test ID HRDN-7222 (Check compiler permissions)
2020-06-26 15:02:36 Test: Check if one or more compilers can be found on the system
2020-06-26 15:02:36 Test: Check file permissions for /usr/bin/as
2020-06-26 15:02:36 Action: checking symlink for file /usr/bin/as
2020-06-26 15:02:36 Result: file /usr/bin/as is not a symlink
2020-06-26 15:02:36 Binary: found /usr/bin/as (world executable)
2020-06-26 15:02:36 Hardening: assigned partial number of hardening points (2 of 3). Currently having 262 points (out of 356)
2020-06-26 15:02:36 Result: at least one compiler could be better hardened by restricting executable access to root or group only
2020-06-26 15:02:36 Suggestion: Harden compilers like restricting access to root user only [test:HRDN-7222] [details:-] [solution:-]
2020-06-26 15:02:36 ====
2020-06-26 15:02:36 Performing test ID HRDN-7230 (Check for malware scanner)
2020-06-26 15:02:36 Test: Check if a malware scanner is installed
2020-06-26 15:02:36 Result: no malware scanner found
2020-06-26 15:02:36 Suggestion: Harden the system by installing at least one malware scanner, to perform periodic file system scans [test:HRDN-7230] [details:-] [solution:Install a tool like rkhunter, chkrootkit, OSSEC]
2020-06-26 15:02:36 Hardening: assigned partial number of hardening points (1 of 3). Currently having 263 points (out of 359)
2020-06-26 15:02:36 Result: no malware scanner found
2020-06-26 15:02:36 ====
2020-06-26 15:02:36 Action: Performing tests from category: Custom tests
2020-06-26 15:02:36 Test: Checking for tests_custom file
2020-06-26 15:02:36 ====
2020-06-26 15:02:36 Action: Performing plugin tests
2020-06-26 15:02:36 Result: Found 0 plugins of which 0 are enabled
2020-06-26 15:02:36 Result: Plugins phase 2 finished
2020-06-26 15:02:36 Checking permissions of /usr/share/lynis/include/report
2020-06-26 15:02:36 File permissions are OK
2020-06-26 15:02:36 Hardening index : [73] [############## ]
2020-06-26 15:02:36 Hardening strength: System has been hardened, but could use additional hardening
2020-06-26 15:02:36 ====
2020-06-26 15:02:37 Checking permissions of /usr/share/lynis/include/tool_tips
2020-06-26 15:02:37 File permissions are OK
2020-06-26 15:02:37 Tool tips: enabled
2020-06-26 15:02:37 ================================================================================
2020-06-26 15:02:37 Tests performed: 241
2020-06-26 15:02:37 Total tests: 431
2020-06-26 15:02:37 Active plugins: 0
2020-06-26 15:02:37 Total plugins: 0
2020-06-26 15:02:37 ================================================================================
2020-06-26 15:02:37 Lynis 3.0.0
2020-06-26 15:02:37 2007-2020, CISOfy - https://cisofy.com/lynis/
2020-06-26 15:02:37 Enterprise support available (compliance, plugins, interface and tools)
2020-06-26 15:02:37 Program ended successfully
2020-06-26 15:02:37 ================================================================================
2020-06-26 15:02:37 PID file removed (/var/run/lynis.pid)
2020-06-26 15:02:37 Temporary files: /tmp/lynis.PsCgQxJx67 /tmp/lynis.CeyvUgDmAf /tmp/lynis.jUHgD069VQ /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:37 Action: removing temporary file /tmp/lynis.PsCgQxJx67
2020-06-26 15:02:37 Info: temporary file /tmp/lynis.CeyvUgDmAf was already removed
2020-06-26 15:02:37 Info: temporary file /tmp/lynis.jUHgD069VQ was already removed
2020-06-26 15:02:37 Action: removing temporary file /tmp/lynis.FDDu2h6qAM
2020-06-26 15:02:37 Lynis ended successfully.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment