<86>Dec 19 05:27:09 userdel[4078010]: delete user 'rooter' <86>Dec 19 05:27:09 userdel[4078010]: removed group 'rooter' owned by 'rooter' <86>Dec 19 05:27:09 userdel[4078010]: removed shadow group 'rooter' owned by 'rooter' <86>Dec 19 05:27:09 groupadd[4078063]: group added to /etc/group: name=rooter, GID=1841 <86>Dec 19 05:27:09 groupadd[4078063]: group added to /etc/gshadow: name=rooter <86>Dec 19 05:27:09 groupadd[4078063]: new group: name=rooter, GID=1841 <86>Dec 19 05:27:09 useradd[4078112]: new user: name=rooter, UID=1841, GID=1841, home=/root, shell=/bin/bash, from=none <86>Dec 19 05:27:09 userdel[4078156]: delete user 'builder' <86>Dec 19 05:27:09 userdel[4078156]: removed group 'builder' owned by 'builder' <86>Dec 19 05:27:09 groupadd[4078207]: group added to /etc/group: name=builder, GID=1842 <86>Dec 19 05:27:09 groupadd[4078207]: group added to /etc/gshadow: name=builder <86>Dec 19 05:27:09 groupadd[4078207]: new group: name=builder, GID=1842 <86>Dec 19 05:27:09 useradd[4078250]: new user: name=builder, UID=1842, GID=1842, home=/usr/src, shell=/bin/bash, from=none Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found <13>Dec 19 05:27:16 rpmi: libidn2-2.3.7-alt1 sisyphus+339505.100.1.2 1706718968 installed <13>Dec 19 05:27:16 rpmi: libnettle8-3.9.1-alt1 sisyphus+322548.100.1.2 1686176879 installed <13>Dec 19 05:27:16 rpmi: libp11-kit-1:0.25.5-alt1 sisyphus+352553.100.1.1 1720622573 installed <13>Dec 19 05:27:16 rpmi: libtasn1-4.19.0-alt3 sisyphus+327816.100.1.1 1692802615 installed <13>Dec 19 05:27:16 rpmi: libhogweed6-3.9.1-alt1 sisyphus+322548.100.1.2 1686176879 installed <13>Dec 19 05:27:16 rpmi: libgnutls30-3.8.8-alt2 sisyphus+364832.100.1.1 1734007749 installed <13>Dec 19 05:27:16 rpmi: libngtcp2.16-1.9.1-alt1 sisyphus+363819.100.1.1 1733129254 installed <13>Dec 19 05:27:16 rpmi: libngtcp2_crypto_gnutls8-1.9.1-alt1 sisyphus+363819.100.1.1 1733129254 installed <13>Dec 19 05:27:16 rpmi: libexpat-2.5.0-alt1 sisyphus+346180.200.2.1 1716349835 installed <13>Dec 19 05:27:16 rpmi: publicsuffix-list-dafsa-20240911-alt1 sisyphus+357399.100.1.1 1726160479 installed <13>Dec 19 05:27:16 rpmi: libpsl-0.21.5-alt1 sisyphus+338474.100.1.1 1705684769 installed <13>Dec 19 05:27:16 rpmi: libnghttp3.9-1.6.0-alt1 sisyphus+363819.40.1.1 1733129194 installed <13>Dec 19 05:27:16 rpmi: libnghttp2-1.64.0-alt1 sisyphus+363795.200.2.1 1733118555 installed <13>Dec 19 05:27:16 rpmi: openldap-common-2.6.9-alt1 sisyphus+364781.100.1.1 1733971238 installed <13>Dec 19 05:27:16 rpmi: libntlm-1.5-alt1 sisyphus+278100.3300.1.1 1626058899 installed <13>Dec 19 05:27:16 rpmi: libidn-1.37-alt2 sisyphus+300849.100.1.1 1653769687 installed <13>Dec 19 05:27:16 rpmi: libbrotlicommon-1.1.0-alt1 sisyphus+328501.100.1.1 1693598419 installed <13>Dec 19 05:27:16 rpmi: libbrotlidec-1.1.0-alt1 sisyphus+328501.100.1.1 1693598419 installed <13>Dec 19 05:27:16 rpmi: libxxhash-0.8.2-alt1 sisyphus+336514.200.7.1 1702672118 installed <13>Dec 19 05:27:16 rpmi: liblz4-1:1.9.4-alt1 sisyphus+309416.100.1.1 1667412981 installed <13>Dec 19 05:27:16 rpmi: libverto-0.3.2-alt1_1 sisyphus+321176.2200.10.2 1684803947 installed <13>Dec 19 05:27:16 rpmi: liblmdb-0.9.33-alt1 sisyphus+360625.100.1.1 1729819640 installed <13>Dec 19 05:27:16 rpmi: libkeyutils-1.6.3-alt1 sisyphus+346336.200.2.2 1716472658 installed <13>Dec 19 05:27:16 rpmi: libcom_err-1.47.1.0.10.ad56-alt2 sisyphus+363497.200.3.1 1732729908 installed <13>Dec 19 05:27:16 rpmi: libedit3-3.1.20230828-alt1 sisyphus+330914.200.3.1 1696922743 installed <13>Dec 19 05:27:16 rpmi: less-633-alt1 sisyphus+328181.300.2.1 1693321749 installed <13>Dec 19 05:27:16 rpmi: diffstat-1.64-alt1 sisyphus+346132.200.3.2 1716466240 installed <13>Dec 19 05:27:16 rpmi: bash-completion-1:2.15.0-alt1 sisyphus+364981.100.1.1 1734116051 installed <13>Dec 19 05:27:16 rpmi: rpm-macros-alternatives-0.5.2-alt2 sisyphus+315270.200.2.1 1676457367 installed <13>Dec 19 05:27:16 rpmi: alternatives-0.5.2-alt2 sisyphus+315270.200.2.1 1676457367 installed <13>Dec 19 05:27:16 rpmi: ca-certificates-2024.12.10-alt1 sisyphus+364633.200.3.1 1733918603 installed <13>Dec 19 05:27:16 rpmi: ca-trust-0.2.0-alt1 sisyphus+344843.100.1.1 1712743326 installed <13>Dec 19 05:27:16 rpmi: p11-kit-trust-1:0.25.5-alt1 sisyphus+352553.100.1.1 1720622573 installed <13>Dec 19 05:27:16 rpmi: libcrypto3-3.1.7-alt2 sisyphus+359910.100.1.1 1729080439 installed <13>Dec 19 05:27:16 rpmi: libssl3-3.1.7-alt2 sisyphus+359910.100.1.1 1729080439 installed <86>Dec 19 05:27:16 groupadd[4097826]: group added to /etc/group: name=_keytab, GID=999 <86>Dec 19 05:27:16 groupadd[4097826]: group added to /etc/gshadow: name=_keytab <13>Dec 19 05:27:16 rpmi: libkrb5-1.21.3-alt2 sisyphus+351857.100.1.1 1719735141 installed <13>Dec 19 05:27:16 rpmi: libgsasl18-2.2.1-alt2 sisyphus+359713.200.2.1 1728905430 installed <86>Dec 19 05:27:16 groupadd[4098503]: group added to /etc/group: name=sasl, GID=998 <86>Dec 19 05:27:16 groupadd[4098503]: group added to /etc/gshadow: name=sasl <86>Dec 19 05:27:16 groupadd[4098503]: new group: name=sasl, GID=998 <13>Dec 19 05:27:16 rpmi: libsasl2-3-2.1.28-alt2 sisyphus+343335.100.1.1 1711112544 installed <13>Dec 19 05:27:16 rpmi: libldap2-2.6.9-alt1 sisyphus+364781.100.1.1 1733971238 installed <13>Dec 19 05:27:16 rpmi: openssh-common-9.6p1-alt2 sisyphus+351911.100.1.1 1719838544 installed <86>Dec 19 05:27:16 groupadd[4099011]: group added to /etc/group: name=sshagent, GID=997 <86>Dec 19 05:27:16 groupadd[4099011]: group added to /etc/gshadow: name=sshagent <86>Dec 19 05:27:17 groupadd[4099011]: new group: name=sshagent, GID=997 <13>Dec 19 05:27:17 rpmi: openssh-clients-9.6p1-alt2 sisyphus+351911.100.1.1 1719838544 installed <13>Dec 19 05:27:17 rpmi: rsync-3.2.7-alt1 sisyphus+325006.2000.1.1 1689497333 installed <13>Dec 19 05:27:17 rpmi: libssh2-1.11.0-alt2 sisyphus+339356.100.1.1 1706593137 installed <13>Dec 19 05:27:17 rpmi: libcurl-8.11.1-alt1 sisyphus+364692.100.1.1 1733905204 installed <13>Dec 19 05:27:17 rpmi: git-core-2.42.2-alt1 sisyphus+348068.100.1.1 1715721632 installed <13>Dec 19 05:27:17 rpmi: bash-completion-util-linux-2.39.2-alt1 sisyphus+327286.4500.14.1 1711486324 installed Building target platforms: x86_64 Building for target x86_64 Wrote: /usr/src/in/nosrpm/lynis-3.0.9-alt1.nosrc.rpm (w1.gzdio) Installing lynis-3.0.9-alt1.src.rpm Building target platforms: x86_64 Building for target x86_64 Executing(%prep): /bin/sh -e /usr/src/tmp/rpm-tmp.25137 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + rm -rf lynis + echo 'Source #0 (lynis-3.0.9.tar.gz):' Source #0 (lynis-3.0.9.tar.gz): + /usr/bin/gzip -dc /usr/src/RPM/SOURCES/lynis-3.0.9.tar.gz + /bin/tar -xf - + cd lynis + /bin/chmod -c -Rf u+rwX,go-w . + sed -i -E 's/(\(python)/\13/' include/functions + exit 0 Executing(%build): /bin/sh -e /usr/src/tmp/rpm-tmp.25137 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd lynis + exit 0 Executing(%install): /bin/sh -e /usr/src/tmp/rpm-tmp.25137 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + /bin/chmod -Rf u+rwX -- /usr/src/tmp/lynis-buildroot + : + /bin/rm -rf -- /usr/src/tmp/lynis-buildroot + PATH=/usr/libexec/rpm-build:/usr/src/bin:/usr/bin:/bin:/usr/local/bin:/usr/games + cd lynis + mkdir -p /usr/src/tmp/lynis-buildroot/etc/lynis + install -p default.prf /usr/src/tmp/lynis-buildroot/etc/lynis + mkdir -p /usr/src/tmp/lynis-buildroot/usr/bin + install -p lynis /usr/src/tmp/lynis-buildroot/usr/bin + mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/man/man8 + install -p lynis.8 /usr/src/tmp/lynis-buildroot/usr/share/man/man8 + mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/ + install -p include/binaries include/consts include/data_upload include/functions include/helper_audit_dockerfile include/helper_configure include/helper_generate include/helper_show include/helper_system_remote_scan include/helper_update include/osdetection include/parameters include/profiles include/report include/tests_accounting include/tests_authentication include/tests_banners include/tests_boot_services include/tests_containers include/tests_crypto include/tests_custom.template include/tests_databases include/tests_dns include/tests_file_integrity include/tests_file_permissions include/tests_filesystems include/tests_firewalls include/tests_hardening include/tests_homedirs include/tests_insecure_services include/tests_kernel include/tests_kernel_hardening include/tests_ldap include/tests_logging include/tests_mac_frameworks include/tests_mail_messaging include/tests_malware include/tests_memory_processes include/tests_nameservices include/tests_networking include/tests_php include/tests_ports_packages include/tests_printers_spoolers include/tests_scheduling include/tests_shells include/tests_snmp include/tests_squid include/tests_ssh include/tests_storage include/tests_storage_nfs include/tests_system_integrity include/tests_time include/tests_tooling include/tests_usb include/tests_virtualization include/tests_webservers include/tool_tips /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/ + chmod 644 /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/binaries /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/consts /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/data_upload /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_audit_dockerfile /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_configure /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_generate /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_show /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_system_remote_scan /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_update /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/osdetection /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/parameters /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/profiles /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/report /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_accounting /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_authentication /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_banners /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_boot_services /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_containers /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_crypto /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_custom.template /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_databases /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_dns /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_file_integrity /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_file_permissions /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_filesystems /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_firewalls /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_hardening /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_homedirs /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_insecure_services /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel_hardening /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ldap /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_logging /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_mac_frameworks /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_mail_messaging /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_malware /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_memory_processes /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_nameservices /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_networking /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_php /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ports_packages /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_printers_spoolers /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_scheduling /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_shells /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_snmp /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_squid /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ssh /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_storage /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_storage_nfs /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_system_integrity /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_time /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_tooling /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_usb /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_virtualization /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_webservers /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tool_tips + mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/lynis/plugins/ + install -p plugins/README plugins/custom_plugin.template /usr/src/tmp/lynis-buildroot/usr/share/lynis/plugins/ + cp -pR db/ /usr/src/tmp/lynis-buildroot/usr/share/lynis/ + mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/bash-completion/completions + install -p extras/bash_completion.d/lynis /usr/src/tmp/lynis-buildroot/usr/share/bash-completion/completions/ + mkdir -p /usr/src/tmp/lynis-buildroot/var/log/ + touch /usr/src/tmp/lynis-buildroot/var/log/lynis.log + touch /usr/src/tmp/lynis-buildroot/var/log/lynis-report.dat + for rpm404_ghost in /var/log/lynis.log /var/log/lynis-report.dat ++ dirname /var/log/lynis.log + mkdir -p /usr/src/tmp/lynis-buildroot/var/log + touch /usr/src/tmp/lynis-buildroot/var/log/lynis.log + for rpm404_ghost in /var/log/lynis.log /var/log/lynis-report.dat ++ dirname /var/log/lynis-report.dat + mkdir -p /usr/src/tmp/lynis-buildroot/var/log + touch /usr/src/tmp/lynis-buildroot/var/log/lynis-report.dat + /usr/lib/rpm/brp-alt Cleaning files in /usr/src/tmp/lynis-buildroot (auto) mode of 'usr/share/man/man8/lynis.8' changed from 0755 (rwxr-xr-x) to 0644 (rw-r--r--) Verifying and fixing files in /usr/src/tmp/lynis-buildroot (binconfig,pkgconfig,libtool,desktop,gnuconfig) Checking contents of files in /usr/src/tmp/lynis-buildroot/ (default) Compressing files in /usr/src/tmp/lynis-buildroot (auto) Verifying ELF objects in /usr/src/tmp/lynis-buildroot (arch=normal,fhs=normal,lfs=relaxed,lint=relaxed,rpath=normal,stack=normal,textrel=normal,unresolved=normal) Splitting links to aliased files under /{,s}bin in /usr/src/tmp/lynis-buildroot Executing(%check): /bin/sh -e /usr/src/tmp/rpm-tmp.1041 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd lynis + ./lynis audit system --quick [ Lynis 3.0.9 ] ################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software. 2007-2021, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ################################################################################ [+] Initializing program ------------------------------------  ################################################################### # # # NON-PRIVILEGED SCAN MODE # # # ###################################################################  NOTES: -------------- * Some tests will be skipped (as they require root permissions) * Some tests might fail silently or give different results ================================================================= Exception found! Function/test: [OS Detection] Message: Unknown OS found in /etc/os-release - Please create an issue on GitHub and share the the contents (cat /etc/os-release): https://github.com/CISOfy/lynis Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= - Detecting OS...  [ DONE ] - Checking profiles... [ DONE ] --------------------------------------------------- Program version: 3.0.9 Operating system: Linux Operating system name: Linux Operating system version: 6.6.60-6.6-alt1 Kernel version: 6.6.60 Hardware platform: x86_64 Hostname: localhost --------------------------------------------------- Profiles: /usr/src/RPM/BUILD/lynis/default.prf Log file: /usr/src/lynis.log Report file: /usr/src/lynis-report.dat Report version: 1.0 Plugin directory: ./plugins --------------------------------------------------- Auditor: [Not Specified] Language: en Test category: all Test group: all --------------------------------------------------- - Program update status...  [ SKIPPED ] [+] System tools ------------------------------------ - Scanning available tools... - Checking system binaries... lscpu: failed to determine number of CPUs: /sys/devices/system/cpu/possible: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory [+] Plugins (phase 1) ------------------------------------ Note: plugins have more extensive tests and may take several minutes to complete   - Plugins enabled [ NONE ] ================================================================= Exception found! Function/test: [GetHostID] Message: HostID could not be generated Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [GetHostID] Message: No unique host identifier could be created. Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= [+] Boot and services ------------------------------------ [WARNING]: Test CORE-1000 had a long execution: 10.441147 seconds - Service Manager [ UNKNOWN ] - Boot loader [ NONE FOUND ] - Check startup files (permissions) [ OK ] - Checking uptime [ SKIPPED ] ================================================================= Exception found! Function/test: [BOOT-5202:1] Message: No uptime test available for this operating system (/proc/uptime missing) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= [+] Kernel ------------------------------------ - Checking CPU support (NX/PAE) CPU support: PAE and/or NoeXecute supported [ FOUND ] - Checking kernel version and release [ DONE ] - Checking Linux kernel configuration file [ NOT FOUND ] - Checking core dumps configuration - configuration in /etc/profile [ DEFAULT ] - 'hard' configuration in /etc/security/limits.conf [ DEFAULT ] - 'soft' configuration in /etc/security/limits.conf [ DISABLED ] - Checking setuid core dumps configuration [ DISABLED ] - Check if reboot is needed [ UNKNOWN ] [+] Memory and Processes ------------------------------------ /proc/self/stat: No such file or directory - Searching for dead/zombie processes [ NOT FOUND ] /proc/self/stat: No such file or directory - Searching for IO waiting processes [ NOT FOUND ] - Search prelink tooling [ NOT FOUND ] [+] Users, Groups and Authentication ------------------------------------ - Administrator accounts [ OK ] - Unique UIDs [ OK ] - Unique group IDs [ OK ] - Unique group names [ OK ] /usr/bin/grep: /etc/login.defs: Permission denied /usr/bin/grep: /etc/login.defs: Permission denied - Checking password hashing rounds [ DISABLED ] /usr/bin/grep: /etc/login.defs: Permission denied - Query system users (non daemons) [ DONE ] - NIS+ authentication support [ NOT ENABLED ] - NIS authentication support [ NOT ENABLED ] - Sudoers file [ NOT FOUND ] - PAM password strength tools [ OK ] - PAM configuration file (pam.conf) [ NOT FOUND ] - PAM configuration files (pam.d) [ FOUND ] - PAM modules [ FOUND ] - LDAP module in PAM [ NOT FOUND ] /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 875: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 876: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 877: passwd: command not found - Accounts without expire date [ OK ] - Accounts without password [ OK ] - Locked accounts [ OK ] /usr/bin/grep: /etc/login.defs: Permission denied - Checking user password aging (minimum) [ DISABLED ] /usr/bin/grep: /etc/login.defs: Permission denied - User password aging (maximum) [ DISABLED ] - Determining default umask - umask (/etc/profile and /etc/profile.d) [ SUGGESTION ] /usr/bin/grep: /etc/login.defs: Permission denied - umask (/etc/login.defs) [ SUGGESTION ] - umask (/etc/init.d/functions) [ NONE ] - LDAP authentication support [ NOT ENABLED ] /usr/bin/grep: /etc/login.defs: Permission denied - Logging failed login attempts [ DISABLED ] [+] Shells ------------------------------------ - Checking shells from /etc/shells Result: found 16 shells (valid shells: 4). /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Session timeout settings/tools [ NONE ] - Checking default umask values - Checking default umask in /etc/bashrc [ NONE ] - Checking default umask in /etc/profile [ WEAK ] [+] File systems ------------------------------------ - Checking mount points - Checking /home mount point [ SUGGESTION ] - Checking /tmp mount point [ SUGGESTION ] - Checking /var mount point [ SUGGESTION ] /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 155: -t: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 176: -t: command not found - Query swap partitions (fstab) [ NONE ] - Testing swap partitions [ OK ] - Testing /proc mount (hidepid) [ SUGGESTION ] - Checking for old files in /tmp [ OK ] - Checking /tmp sticky bit [ OK ] - Checking /var/tmp sticky bit [ OK ] /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 591: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 592: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 591: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 592: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 591: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 592: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 591: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 592: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 591: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 592: mount: command not found - Mount options of /tmp [ PARTIALLY HARDENED ] /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 591: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 592: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 591: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 592: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 591: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 592: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 591: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 592: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 637: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 638: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 639: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 640: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 641: mount: command not found - Total without nodev:0 noexec:0 nosuid:0 ro or noexec (W^X): 0 of total 0 /usr/bin/cat: /proc/sys/vm/swappiness: No such file or directory /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 703: [: -gt: unary operator expected /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 712: [: -eq: unary operator expected /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 715: [: -eq: unary operator expected /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 717: [: -eq: unary operator expected /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 719: [: -lt: unary operator expected [+] USB Devices ------------------------------------ - Checking usb-storage driver (modprobe config) [ NOT DISABLED ] - Checking USBGuard [ NOT FOUND ] [+] Storage ------------------------------------ - Checking firewire ohci driver (modprobe config) [ NOT DISABLED ] [+] NFS ------------------------------------ /proc/self/stat: No such file or directory - Check running NFS daemon [ NOT FOUND ] [+] Name services ------------------------------------ - Searching DNS domain name [ FOUND ] Domain name: localdomain /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking /etc/hosts - Duplicate entries in hosts file [ NONE ] - Presence of configured hostname in /etc/hosts [ FOUND ] - Hostname mapped to localhost [ NOT FOUND ] - Localhost mapping to IP address [ OK ] [+] Ports and packages ------------------------------------ - Searching package managers - Searching RPM package manager [ FOUND ] - Querying RPM package manager - Checking package audit tool [ NONE ] /usr/bin/find: '/boot': Permission denied ================================================================= Exception found! Function/test: [PKGS-7410] Message: Could not find any kernel packages via package manager Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= [+] Networking ------------------------------------ - Checking IPv6 configuration [ DISABLED ] - Checking configured nameservers - Minimal of 2 responsive nameservers [ SKIPPED ] ================================================================= Exception found! Function/test: [NETW-3004:1] Message: No interfaces found on this system (OS=Linux) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [NETW-3006:2] Message: Missing ifconfig or ip command to collect hardware address (MAC) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [NETW-3008:2] Message: Missing ifconfig or ip command to collect hardware address (MAC) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [NETW-3012:1] Message: netstat and ss binary missing to gather listening ports Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= - Getting listening ports (TCP/UDP) [ SKIPPED ] - Checking promiscuous interfaces [ UNKNOWN ] /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking status DHCP client [ NOT ACTIVE ] /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking for ARP monitoring software [ NOT FOUND ] - Uncommon network protocols [ 0 ] [+] Printers and Spools ------------------------------------ /proc/self/stat: No such file or directory - Checking cups daemon [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking lp daemon [ NOT RUNNING ] [+] Software: e-mail and messaging ------------------------------------ /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory [+] Software: firewalls ------------------------------------ - Checking iptables kernel module [ NOT FOUND ] - Checking host based firewall [ NOT ACTIVE ] [+] Software: webserver ------------------------------------ - Checking Apache [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking nginx [ NOT FOUND ] [+] SSH Support ------------------------------------ /proc/self/stat: No such file or directory - Checking running SSH daemon [ NOT FOUND ] [+] SNMP Support ------------------------------------ /proc/self/stat: No such file or directory - Checking running SNMP daemon [ NOT FOUND ] [+] Databases ------------------------------------ /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory No database engines found [+] LDAP Services ------------------------------------ /proc/self/stat: No such file or directory - Checking OpenLDAP instance [ NOT FOUND ] [+] PHP ------------------------------------ - Checking PHP [ NOT FOUND ] [+] Squid Support ------------------------------------ /proc/self/stat: No such file or directory - Checking running Squid daemon [ NOT FOUND ] [+] Logging and files ------------------------------------ /proc/self/stat: No such file or directory - Checking for a running log daemon [ WARNING ] /proc/self/stat: No such file or directory - Checking Syslog-NG status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking systemd journal status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking Metalog status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking RSyslog status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking RFC 3195 daemon status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking klogd [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking minilogd instances [ NOT FOUND ] - Checking logrotate presence [ WARNING ] - Checking log directories (static list) [ DONE ] - Checking open log files [ SKIPPED ] [+] Insecure services ------------------------------------ - Installed inetd package [ NOT FOUND ] - Installed xinetd package [ OK ] /proc/self/stat: No such file or directory - xinetd status [ NOT ACTIVE ] - Installed rsh client package [ OK ] - Installed rsh server package [ OK ] - Installed telnet client package [ OK ] - Installed telnet server package [ NOT FOUND ] - Checking NIS client installation [ OK ] - Checking NIS server installation [ OK ] - Checking TFTP client installation [ OK ] - Checking TFTP server installation [ OK ] [+] Banners and identification ------------------------------------ - /etc/issue [ NOT FOUND ] - /etc/issue.net [ NOT FOUND ] [+] Scheduled tasks ------------------------------------ /proc/self/stat: No such file or directory - Checking crontab and cronjob files [ DONE ] /proc/self/stat: No such file or directory [+] Accounting ------------------------------------ - Checking accounting information [ NOT FOUND ] - Checking sysstat accounting data [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking auditd [ NOT FOUND ] [+] Time and Synchronization ------------------------------------ /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking for a running NTP daemon or client [ WARNING ] [+] Cryptography ------------------------------------ - HW RNG & rngd [ NO ] /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - SW prng [ NO ] - MOR variable not found [ WEAK ] [+] Virtualization ------------------------------------ [+] Containers ------------------------------------ /proc/self/stat: No such file or directory [+] Security frameworks ------------------------------------ - Checking presence AppArmor [ NOT FOUND ] - Checking presence SELinux [ NOT FOUND ] - Checking presence TOMOYO Linux [ NOT FOUND ] - Checking presence grsecurity [ NOT FOUND ] - Checking for implemented MAC framework [ NONE ] [+] Software: file integrity ------------------------------------ - Checking file integrity tools /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking presence integrity tool [ NOT FOUND ] [+] Software: System tooling ------------------------------------ - Checking automation tooling /proc/self/stat: No such file or directory - Automation tooling [ NOT FOUND ] /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking for IDS/IPS tooling [ NONE ] [+] Software: Malware ------------------------------------ /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Malware software components [ NOT FOUND ] [+] File Permissions ------------------------------------ - Starting file permissions check File: /etc/group [ OK ] File: /etc/group- [ OK ] File: /etc/hosts.allow [ OK ] File: /etc/hosts.deny [ OK ] File: /etc/motd [ OK ] File: /etc/passwd [ OK ] File: /etc/passwd- [ OK ] [+] Home directories ------------------------------------ - Permissions of home directories [ WARNING ] - Ownership of home directories [ WARNING ] - Checking shell history files [ OK ] [+] Kernel Hardening ------------------------------------ - Comparing sysctl key pairs with scan profile [+] Hardening ------------------------------------ - Installed compiler(s) [ FOUND ] - Installed malware scanner [ NOT FOUND ] - Non-native binary formats [ NOT FOUND ] [+] Custom tests ------------------------------------ - Running custom tests...  [ NONE ] [+] Plugins (phase 2) ------------------------------------ ================================================================================ -[ Lynis 3.0.9 Results ]- Warnings (1): ---------------------------- ! klogd is not running, which could lead to missing kernel messages in log files [LOGG-2138] https://cisofy.com/lynis/controls/LOGG-2138/ Suggestions (29): ---------------------------- * This release is more than 4 months old. Check the website or GitHub to see if there is an update available. [LYNIS] https://cisofy.com/lynis/controls/LYNIS/ * Configure password hashing rounds in /etc/login.defs [AUTH-9230] https://cisofy.com/lynis/controls/AUTH-9230/ * Configure minimum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Configure maximum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Default umask in /etc/profile or /etc/profile.d/custom.sh could be more strict (e.g. 027) [AUTH-9328] https://cisofy.com/lynis/controls/AUTH-9328/ * Default umask in /etc/login.defs could not be found and defaults usually to 022, which could be more strict like 027 [AUTH-9328] https://cisofy.com/lynis/controls/AUTH-9328/ * To decrease the impact of a full /home file system, place /home on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [USB-1000] https://cisofy.com/lynis/controls/USB-1000/ * Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [STRG-1846] https://cisofy.com/lynis/controls/STRG-1846/ * Install a package audit tool to determine vulnerable packages [PKGS-7398] https://cisofy.com/lynis/controls/PKGS-7398/ * Determine if protocol 'dccp' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Determine if protocol 'sctp' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Determine if protocol 'rds' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Determine if protocol 'tipc' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Configure a firewall/packet filter to filter incoming and outgoing traffic [FIRE-4590] https://cisofy.com/lynis/controls/FIRE-4590/ * Check if any syslog daemon is running and correctly configured. [LOGG-2130] https://cisofy.com/lynis/controls/LOGG-2130/ * Check if log files are properly rotated [LOGG-2146] https://cisofy.com/lynis/controls/LOGG-2146/ * Enable process accounting [ACCT-9622] https://cisofy.com/lynis/controls/ACCT-9622/ * Enable sysstat to collect accounting (no results) [ACCT-9626] https://cisofy.com/lynis/controls/ACCT-9626/ * Enable auditd to collect audit information [ACCT-9628] https://cisofy.com/lynis/controls/ACCT-9628/ * Use NTP daemon or NTP client to prevent time issues. [TIME-3104] https://cisofy.com/lynis/controls/TIME-3104/ * Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350] https://cisofy.com/lynis/controls/FINT-4350/ * Determine if automation tools are present for system management [TOOL-5002] https://cisofy.com/lynis/controls/TOOL-5002/ * Double check the permissions of home directories as some might be not strict enough. [HOME-9304] https://cisofy.com/lynis/controls/HOME-9304/ * Double check the ownership of home directories as some might be incorrect. [HOME-9306] https://cisofy.com/lynis/controls/HOME-9306/ * Harden compilers like restricting access to root user only [HRDN-7222] https://cisofy.com/lynis/controls/HRDN-7222/ * Harden the system by installing at least one malware scanner, to perform periodic file system scans [HRDN-7230] - Solution : Install a tool like rkhunter, chkrootkit, OSSEC, Wazuh https://cisofy.com/lynis/controls/HRDN-7230/ Follow-up: ---------------------------- - Show details of a test (lynis show details TEST-ID) - Check the logfile for all details (less /usr/src/lynis.log) - Read security controls texts (https://cisofy.com) - Use --upload to upload data to central system (Lynis Enterprise users) ================================================================================ Lynis security scan details: Hardening index : 55 [########### ] Tests performed : 203 Plugins enabled : 0 Components: - Firewall [X] - Malware scanner [X] Scan mode: Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running non-privileged) Lynis modules: - Compliance status [?] - Security audit [V] - Vulnerability scan [V] Files: - Test and debug information : /usr/src/lynis.log - Report data : /usr/src/lynis-report.dat ================================================================================ Exceptions found Some exceptional events or information was found! What to do: You can help by providing your log file (/usr/src/lynis.log). Go to https://cisofy.com/contact/ and send your file to the e-mail address listed ================================================================================ Skipped tests due to non-privileged mode BOOT-5108 - Check Syslinux as bootloader BOOT-5109 - Check rEFInd as bootloader BOOT-5116 - Check if system is booted in UEFI mode BOOT-5140 - Check for ELILO boot loader presence AUTH-9229 - Check password hashing methods AUTH-9288 - Checking for expired passwords FILE-6368 - Checking ACL support on root file system CRYP-7930 - Determine if system uses LUKS block device encryption ================================================================================ Lynis 3.0.9 Auditing, system hardening, and compliance for UNIX-based systems (Linux, macOS, BSD, and others) 2007-2021, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ================================================================================ [TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /usr/src/RPM/BUILD/lynis/default.prf for all settings) + exit 0 Processing files: lynis-3.0.9-alt1 Executing(%doc): /bin/sh -e /usr/src/tmp/rpm-tmp.901 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd lynis + DOCDIR=/usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + export DOCDIR + rm -rf /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + /bin/mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + cp -prL CHANGELOG.md CONTRIBUTORS.md FAQ README /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + chmod -R go-w /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + chmod -R a+rX /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + cp -prL extras/systemd/ /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + chmod -R go-w /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + chmod -R a+rX /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + cp -prL --no-dereference LICENSE /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + chmod -R go-w /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + chmod -R a+rX /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.9 + exit 0 Finding Provides (using /usr/lib/rpm/find-provides) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.Uj2pR1 find-provides: running scripts (alternatives,debuginfo,lib,pam,perl,pkgconfig,python,python3,shell) Finding Requires (using /usr/lib/rpm/find-requires) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.TGI2R2 find-requires: running scripts (cpp,debuginfo,files,lib,pam,perl,pkgconfig,pkgconfiglib,python,python3,rpmlib,shebang,shell,static,symlinks,systemd-services) shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/binaries is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/consts is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/data_upload is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_audit_dockerfile is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_configure is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_generate is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_show is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_system_remote_scan is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_update is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/osdetection is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/parameters is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/profiles is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/report is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_accounting is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_authentication is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_banners is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_boot_services is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_containers is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_crypto is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_custom.template is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_databases is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_dns is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_file_integrity is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_file_permissions is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_filesystems is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_firewalls is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_hardening is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_homedirs is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_insecure_services is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel_hardening is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ldap is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_logging is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_mac_frameworks is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_mail_messaging is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_malware is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_memory_processes is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_nameservices is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_networking is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_php is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ports_packages is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_printers_spoolers is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_scheduling is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_shells is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_snmp is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_squid is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ssh is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_storage is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_storage_nfs is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_system_integrity is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_time is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_tooling is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_usb is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_virtualization is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_webservers is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tool_tips is not executable shell.req: /usr/src/tmp/lynis-buildroot/usr/bin/lynis: invalid command: -v shell.req: /usr/src/tmp/lynis-buildroot/usr/bin/lynis: /usr/xpg4/bin/id -> /usr/xpg4/bin/id (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/bin/lynis: /usr/xpg4/bin/sh -> /usr/xpg4/bin/sh (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions: invalid command: -v shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions: /usr/bin/systemd-detect-virt -> /usr/bin/systemd-detect-virt (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions: entstat not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions: laptop-detect not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions: nwmgr not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions: sha1 not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/osdetection: /usr/bin/isainfo -> /usr/bin/isainfo (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/osdetection: /usr/bin/sw_vers -> /usr/bin/sw_vers (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/osdetection: nawk not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/osdetection: oslevel not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/osdetection: vmware not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_authentication: dscacheutil not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_authentication: logins not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_authentication: nawk not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_boot_services: /usr/sbin/bootinfo -> /usr/sbin/bootinfo (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_firewalls: /usr/libexec/ApplicationFirewall/socketfilterfw -> /usr/libexec/ApplicationFirewall/socketfilterfw (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel: /sbin/kldstat -> /sbin/kldstat (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel: /usr/sbin/modinfo -> /usr/sbin/modinfo (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel: kldstat not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_memory_processes: /usr/sbin/prtconf -> /usr/sbin/prtconf (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_networking: invalid command: -v shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_networking: lscfg not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ports_packages: apk not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ports_packages: brew not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ports_packages: checkupdates not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ports_packages: equery not found (skip) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ports_packages: package-cleanup not found (skip) ++ /bin/sed -e /.usr.xpg4.bin.sh/d -e /.usr.xpg4.bin.sh/d -e /sbin.kldstat/d -e /usr.bin.isainfo/d -e /usr.bin.sw_vers/d -e /usr.libexec.ApplicationFirewall.socketfilterfw/d -e /usr.sbin.bootinfo/d -e /usr.sbin.modinfo/d -e /usr.sbin.prtconf/d -e /usr.xpg4.bin.id/d --- find-requires-deps 2024-12-19 05:28:56.252209007 +0000 +++ filter-requires-deps 2024-12-19 05:28:56.254209032 +0000 @@ -1,13 +1,4 @@ /bin/sh -/sbin/kldstat /sbin/sysctl -/usr/bin/isainfo -/usr/bin/sw_vers /usr/bin/systemd-detect-virt -/usr/libexec/ApplicationFirewall/socketfilterfw -/usr/sbin/bootinfo -/usr/sbin/modinfo -/usr/sbin/prtconf -/usr/xpg4/bin/id -/usr/xpg4/bin/sh apt find-requires: FINDPACKAGE-COMMANDS: Fatal ShowError apk apt-cache atq awk brew cat checkupdates chmod cut date dig domainname dpkg drill dscacheutil entstat equery facter file find getent grep head hexdump host hostname id kldstat laptop-detect locale logins ls lsb_release lscfg lscpu lshw mktemp mount nawk nroff nwmgr od openssl oslevel package-cleanup passwd pkg postconf python3 readlink rm rpm sed service sha1 shasum sleep sort sysctl tail touch tr uname unbound-checkconf uniq vmware wc which who xargs xxd Requires: audit, e2fsprogs, module-init-tools, /bin/sh, /sbin/sysctl, /usr/bin/systemd-detect-virt, apt, bind-utils, coreutils, dpkg, drill, facter, file, findutils, gawk, glibc-core, glibc-utils, grep, groff-base, lsb-release, lshw, mount, openssl, passwd, perl-Digest-SHA, perl-Package, postfix, procps, python3, rpm, sed, service, unbound, util-linux, vixie-cron, which, xxd Wrote: /usr/src/RPM/RPMS/noarch/lynis-3.0.9-alt1.noarch.rpm (w2.lzdio) 12.68user 35.29system 1:36.26elapsed 49%CPU (0avgtext+0avgdata 17408maxresident)k 0inputs+0outputs (0major+6930357minor)pagefaults 0swaps 6.00user 4.80system 1:57.30elapsed 9%CPU (0avgtext+0avgdata 136148maxresident)k 160inputs+0outputs (0major+232085minor)pagefaults 0swaps