<86>Apr 29 06:20:47 userdel[3789427]: delete user 'rooter' <86>Apr 29 06:20:47 userdel[3789427]: removed group 'rooter' owned by 'rooter' <86>Apr 29 06:20:47 userdel[3789427]: removed shadow group 'rooter' owned by 'rooter' <86>Apr 29 06:20:47 groupadd[3789447]: group added to /etc/group: name=rooter, GID=1347 <86>Apr 29 06:20:47 groupadd[3789447]: group added to /etc/gshadow: name=rooter <86>Apr 29 06:20:47 groupadd[3789447]: new group: name=rooter, GID=1347 <86>Apr 29 06:20:47 useradd[3789456]: new user: name=rooter, UID=1347, GID=1347, home=/root, shell=/bin/bash, from=none <86>Apr 29 06:20:47 userdel[3789475]: delete user 'builder' <86>Apr 29 06:20:47 userdel[3789475]: removed group 'builder' owned by 'builder' <86>Apr 29 06:20:47 userdel[3789475]: removed shadow group 'builder' owned by 'builder' <86>Apr 29 06:20:47 groupadd[3789491]: group added to /etc/group: name=builder, GID=1348 <86>Apr 29 06:20:47 groupadd[3789491]: group added to /etc/gshadow: name=builder <86>Apr 29 06:20:47 groupadd[3789491]: new group: name=builder, GID=1348 <86>Apr 29 06:20:47 useradd[3789505]: new user: name=builder, UID=1348, GID=1348, home=/usr/src, shell=/bin/bash, from=none Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found Package bash-completion was not found in the pkg-config search path. Perhaps you should add the directory containing `bash-completion.pc' to the PKG_CONFIG_PATH environment variable No package 'bash-completion' found <13>Apr 29 06:20:48 rpmi: libidn2-2.3.4-alt1 sisyphus+309023.100.1.1 1666791089 installed <13>Apr 29 06:20:48 rpmi: libnettle8-3.8.1-alt2 sisyphus+308213.100.1.1 1665439443 installed <13>Apr 29 06:20:48 rpmi: libp11-kit-0.24.1-alt1 sisyphus+293720.100.1.1 1642535281 installed <13>Apr 29 06:20:48 rpmi: libtasn1-4.19.0-alt1 sisyphus+305700.100.1.1 1661359628 installed <13>Apr 29 06:20:48 rpmi: libhogweed6-3.8.1-alt2 sisyphus+308213.100.1.1 1665439443 installed <13>Apr 29 06:20:48 rpmi: libgnutls30-3.7.9-alt1 sisyphus+315353.100.1.1 1676639387 installed <13>Apr 29 06:20:48 rpmi: libngtcp2-0.13.1-alt1 sisyphus+317411.100.1.1 1679680599 installed <13>Apr 29 06:20:48 rpmi: libexpat-2.5.0-alt1 sisyphus+309227.100.1.1 1667075766 installed <13>Apr 29 06:20:48 rpmi: publicsuffix-list-dafsa-20230404-alt1 sisyphus+318117.100.1.1 1680769734 installed <13>Apr 29 06:20:48 rpmi: libpsl-0.21.2-alt1 sisyphus+312536.100.1.1 1672131180 installed <13>Apr 29 06:20:48 rpmi: libnghttp3-0.9.0-alt1 sisyphus+317166.100.1.1 1679409333 installed <13>Apr 29 06:20:48 rpmi: libnghttp2-1.52.0-alt1 sisyphus+315262.100.1.1 1676446375 installed <13>Apr 29 06:20:48 rpmi: openldap-common-2.6.4-alt1 sisyphus+317419.100.1.1 1679684487 installed <13>Apr 29 06:20:48 rpmi: libntlm-1.5-alt1 sisyphus+278100.3300.1.1 1626059663 installed <13>Apr 29 06:20:48 rpmi: libidn-1.37-alt2 sisyphus+300849.100.1.1 1653769693 installed <13>Apr 29 06:20:48 rpmi: libbrotlicommon-1.0.9-alt2 sisyphus+278430.100.1.2 1626213212 installed <13>Apr 29 06:20:48 rpmi: libbrotlidec-1.0.9-alt2 sisyphus+278430.100.1.2 1626213212 installed <13>Apr 29 06:20:48 rpmi: libxxhash-0.8.0-alt2 sisyphus+277476.100.2.1 1625621318 installed <13>Apr 29 06:20:48 rpmi: liblz4-1:1.9.4-alt1 sisyphus+309416.100.1.1 1667413000 installed <13>Apr 29 06:20:48 rpmi: libverto-0.3.2-alt1_1 sisyphus+279289.100.1.3 1626493872 installed <13>Apr 29 06:20:48 rpmi: liblmdb-0.9.29-alt1.1 sisyphus+306630.100.1.1 1663072361 installed <13>Apr 29 06:20:48 rpmi: libkeyutils-1.6.3-alt1 sisyphus+266061.100.1.1 1612919567 installed <13>Apr 29 06:20:48 rpmi: libcom_err-1.46.4.0.5.4cda-alt1 sisyphus+283826.100.1.1 1629975361 installed <13>Apr 29 06:20:48 rpmi: libedit3-3.1.20191231-alt1 sisyphus+278505.100.1.1 1626106372 installed <13>Apr 29 06:20:48 rpmi: less-608-alt1 sisyphus+306395.100.1.1 1662550257 installed <13>Apr 29 06:20:48 rpmi: diffstat-1.64-alt1 sisyphus+278100.700.1.1 1626056686 installed <13>Apr 29 06:20:48 rpmi: bash-completion-1:2.11-alt3.git.157.g59d2322e sisyphus+314768.100.1.1 1675690562 installed <13>Apr 29 06:20:48 rpmi: rpm-macros-alternatives-0.5.2-alt2 sisyphus+315270.200.2.1 1676457367 installed <13>Apr 29 06:20:48 rpmi: alternatives-0.5.2-alt2 sisyphus+315270.200.2.1 1676457367 installed <13>Apr 29 06:20:48 rpmi: ca-certificates-2022.12.14-alt1 sisyphus+311754.200.1.1 1671046143 installed <13>Apr 29 06:20:48 rpmi: ca-trust-0.1.4-alt1 sisyphus+308690.100.1.1 1666182992 installed <13>Apr 29 06:20:48 rpmi: p11-kit-trust-0.24.1-alt1 sisyphus+293720.100.1.1 1642535281 installed <13>Apr 29 06:20:48 rpmi: libcrypto1.1-1.1.1t-alt1 sisyphus+314824.100.2.2 1675799073 installed <13>Apr 29 06:20:48 rpmi: libssl1.1-1.1.1t-alt1 sisyphus+314824.100.2.2 1675799073 installed <86>Apr 29 06:20:48 groupadd[3792029]: group added to /etc/group: name=_keytab, GID=999 <86>Apr 29 06:20:48 groupadd[3792029]: group added to /etc/gshadow: name=_keytab <86>Apr 29 06:20:48 groupadd[3792029]: new group: name=_keytab, GID=999 <13>Apr 29 06:20:48 rpmi: libkrb5-1.20.1-alt1 sisyphus+306946.1000.5.2 1677793939 installed <13>Apr 29 06:20:48 rpmi: libgsasl-1.8.0-alt3 sisyphus+275307.100.1.2 1624478553 installed <86>Apr 29 06:20:48 groupadd[3792062]: group added to /etc/group: name=sasl, GID=998 <86>Apr 29 06:20:48 groupadd[3792062]: group added to /etc/gshadow: name=sasl <86>Apr 29 06:20:48 groupadd[3792062]: new group: name=sasl, GID=998 <13>Apr 29 06:20:48 rpmi: libsasl2-3-2.1.27-alt2.2 sisyphus+306372.1000.8.1 1663097332 installed <13>Apr 29 06:20:48 rpmi: libldap2-2.6.4-alt1 sisyphus+317419.100.1.1 1679684507 installed <13>Apr 29 06:20:48 rpmi: openssh-common-8.6p1-alt3 sisyphus+294457.100.2.1 1643759043 installed <86>Apr 29 06:20:48 groupadd[3792074]: group added to /etc/group: name=sshagent, GID=997 <86>Apr 29 06:20:48 groupadd[3792074]: group added to /etc/gshadow: name=sshagent <86>Apr 29 06:20:48 groupadd[3792074]: new group: name=sshagent, GID=997 <13>Apr 29 06:20:48 rpmi: openssh-clients-8.6p1-alt3 sisyphus+294457.100.2.1 1643759043 installed <13>Apr 29 06:20:48 rpmi: rsync-3.2.7-alt1 sisyphus+308790.100.1.1 1666394150 installed <13>Apr 29 06:20:48 rpmi: libssh2-1.10.0-alt1 sisyphus+289470.100.1.1 1636752294 installed <13>Apr 29 06:20:48 rpmi: libcurl-8.0.1-alt2 sisyphus+317180.500.4.1 1679494063 installed <13>Apr 29 06:20:48 rpmi: git-core-2.33.8-alt1 sisyphus+319318.100.2.1 1682504269 installed <13>Apr 29 06:20:48 rpmi: bash-completion-util-linux-2.38.1-alt1 sisyphus+308470.100.1.1 1665845329 installed Building target platforms: i586 Building for target i586 Wrote: /usr/src/in/nosrpm/lynis-3.0.0-alt2.nosrc.rpm (w1.gzdio) Installing lynis-3.0.0-alt2.src.rpm Building target platforms: i586 Building for target i586 Executing(%prep): /bin/sh -e /usr/src/tmp/rpm-tmp.87078 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + rm -rf lynis + echo 'Source #0 (lynis-3.0.0.tar.gz):' Source #0 (lynis-3.0.0.tar.gz): + /bin/gzip -dc /usr/src/RPM/SOURCES/lynis-3.0.0.tar.gz + /bin/tar -xf - + cd lynis + /bin/chmod -c -Rf u+rwX,go-w . + exit 0 Executing(%build): /bin/sh -e /usr/src/tmp/rpm-tmp.87078 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd lynis + exit 0 Executing(%install): /bin/sh -e /usr/src/tmp/rpm-tmp.87078 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + /bin/chmod -Rf u+rwX -- /usr/src/tmp/lynis-buildroot + : + /bin/rm -rf -- /usr/src/tmp/lynis-buildroot + PATH=/usr/libexec/rpm-build:/usr/src/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/games + cd lynis + mkdir -p /usr/src/tmp/lynis-buildroot/etc/lynis + install -p default.prf /usr/src/tmp/lynis-buildroot/etc/lynis + mkdir -p /usr/src/tmp/lynis-buildroot/usr/bin + install -p lynis /usr/src/tmp/lynis-buildroot/usr/bin + mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/man/man8 + install -p lynis.8 /usr/src/tmp/lynis-buildroot/usr/share/man/man8 + mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/ + install -p include/binaries include/consts include/data_upload include/functions include/helper_audit_dockerfile include/helper_configure include/helper_generate include/helper_show include/helper_system_remote_scan include/helper_update include/osdetection include/parameters include/profiles include/report include/tests_accounting include/tests_authentication include/tests_banners include/tests_boot_services include/tests_containers include/tests_crypto include/tests_custom.template include/tests_databases include/tests_dns include/tests_file_integrity include/tests_file_permissions include/tests_filesystems include/tests_firewalls include/tests_hardening include/tests_homedirs include/tests_insecure_services include/tests_kernel include/tests_kernel_hardening include/tests_ldap include/tests_logging include/tests_mac_frameworks include/tests_mail_messaging include/tests_malware include/tests_memory_processes include/tests_nameservices include/tests_networking include/tests_php include/tests_ports_packages include/tests_printers_spoolers include/tests_scheduling include/tests_shells include/tests_snmp include/tests_squid include/tests_ssh include/tests_storage include/tests_storage_nfs include/tests_system_integrity include/tests_time include/tests_tooling include/tests_usb include/tests_virtualization include/tests_webservers include/tool_tips /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/ + chmod 644 /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/binaries /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/consts /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/data_upload /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_audit_dockerfile /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_configure /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_generate /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_show /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_system_remote_scan /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_update /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/osdetection /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/parameters /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/profiles /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/report /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_accounting /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_authentication /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_banners /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_boot_services /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_containers /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_crypto /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_custom.template /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_databases /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_dns /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_file_integrity /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_file_permissions /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_filesystems /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_firewalls /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_hardening /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_homedirs /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_insecure_services /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel_hardening /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ldap /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_logging /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_mac_frameworks /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_mail_messaging /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_malware /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_memory_processes /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_nameservices /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_networking /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_php /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ports_packages /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_printers_spoolers /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_scheduling /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_shells /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_snmp /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_squid /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ssh /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_storage /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_storage_nfs /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_system_integrity /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_time /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_tooling /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_usb /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_virtualization /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_webservers /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tool_tips + mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/lynis/plugins/ + install -p plugins/README plugins/custom_plugin.template /usr/src/tmp/lynis-buildroot/usr/share/lynis/plugins/ + cp -pR db/ /usr/src/tmp/lynis-buildroot/usr/share/lynis/ + mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/bash-completion/completions + install -p extras/bash_completion.d/lynis /usr/src/tmp/lynis-buildroot/usr/share/bash-completion/completions/ + mkdir -p /usr/src/tmp/lynis-buildroot/var/log/ + touch /usr/src/tmp/lynis-buildroot/var/log/lynis.log + touch /usr/src/tmp/lynis-buildroot/var/log/lynis-report.dat + for rpm404_ghost in /var/log/lynis.log /var/log/lynis-report.dat ++ dirname /var/log/lynis.log + mkdir -p /usr/src/tmp/lynis-buildroot/var/log + touch /usr/src/tmp/lynis-buildroot/var/log/lynis.log + for rpm404_ghost in /var/log/lynis.log /var/log/lynis-report.dat ++ dirname /var/log/lynis-report.dat + mkdir -p /usr/src/tmp/lynis-buildroot/var/log + touch /usr/src/tmp/lynis-buildroot/var/log/lynis-report.dat + /usr/lib/rpm/brp-alt Cleaning files in /usr/src/tmp/lynis-buildroot (auto) Verifying and fixing files in /usr/src/tmp/lynis-buildroot (binconfig,pkgconfig,libtool,desktop,gnuconfig) Checking contents of files in /usr/src/tmp/lynis-buildroot/ (default) Compressing files in /usr/src/tmp/lynis-buildroot (auto) mode of '/usr/src/tmp/lynis-buildroot/usr/share/man/man8/lynis.8' changed from 0755 (rwxr-xr-x) to 0644 (rw-r--r--) Verifying ELF objects in /usr/src/tmp/lynis-buildroot (arch=normal,fhs=normal,lfs=relaxed,lint=relaxed,rpath=normal,stack=normal,textrel=normal,unresolved=normal) Executing(%check): /bin/sh -e /usr/src/tmp/rpm-tmp.87078 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd lynis + ./lynis audit system --quick egrep: warning: egrep is obsolescent; using grep -E egrep: warning: egrep is obsolescent; using grep -E egrep: warning: egrep is obsolescent; using grep -E [ Lynis 3.0.0 ] ################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software. 2007-2020, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ################################################################################ [+] Initializing program ------------------------------------  ################################################################### # # # NON-PRIVILEGED SCAN MODE # # # ###################################################################  NOTES: -------------- * Some tests will be skipped (as they require root permissions) * Some tests might fail silently or give different results ================================================================= Exception found! Function/test: [OS Detection] Message: Unknown OS found in /etc/os-release Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= - Detecting OS...  [ DONE ] - Checking profiles... [ DONE ] --------------------------------------------------- Program version: 3.0.0 Operating system: Linux Operating system name: Linux Operating system version: 5.15.102-std-def-alt1 Kernel version: 5.15.102 Hardware platform: i686 Hostname: localhost --------------------------------------------------- Profiles: /usr/src/RPM/BUILD/lynis/default.prf Log file: /usr/src/lynis.log Report file: /usr/src/lynis-report.dat Report version: 1.0 Plugin directory: ./plugins --------------------------------------------------- Auditor: [Not Specified] Language: en Test category: all Test group: all --------------------------------------------------- - Program update status...  [ SKIPPED ] [+] System Tools ------------------------------------ - Scanning available tools... - Checking system binaries... lscpu: failed to determine number of CPUs: /sys/devices/system/cpu/possible: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory [+] Plugins (phase 1) ------------------------------------ Note: plugins have more extensive tests and may take several minutes to complete   - Plugins enabled [ NONE ] ================================================================= Exception found! Function/test: [GetHostID] Message: Both ip and ifconfig tools are missing Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [GetHostID] Message: Can't create HOSTID, command ip not found Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [GetHostID] Message: No unique host identifier could be created. Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= [+] Boot and services ------------------------------------ [WARNING]: Test CORE-1000 had a long execution: 15.253460 seconds - Service Manager [ UNKNOWN ] - Boot loader [ NONE FOUND ] - Check startup files (permissions) [ OK ] - Checking uptime [ SKIPPED ] ================================================================= Exception found! Function/test: [BOOT-5202:1] Message: No uptime test available for this operating system (/proc/uptime missing) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= [+] Kernel ------------------------------------ - Checking kernel version and release [ DONE ] - Checking Linux kernel configuration file [ NOT FOUND ] - Checking core dumps configuration - configuration in etc/profile [ DEFAULT ] - 'hard' configuration in security/limits.conf [ DEFAULT ] - 'soft' configuration in security/limits.conf [ DISABLED ] - Checking setuid core dumps configuration [ DISABLED ] - Check if reboot is needed [ UNKNOWN ] [+] Memory and Processes ------------------------------------ /proc/self/stat: No such file or directory - Searching for dead/zombie processes [ NOT FOUND ] /proc/self/stat: No such file or directory - Searching for IO waiting processes [ NOT FOUND ] - Search prelink tooling [ NOT FOUND ] [+] Users, Groups and Authentication ------------------------------------ egrep: warning: egrep is obsolescent; using grep -E - Administrator accounts [ OK ] - Unique UIDs [ OK ] - Unique group IDs [ OK ] - Unique group names [ OK ] /bin/grep: /etc/login.defs: Permission denied - Checking minimum group password hashing rounds [ DISABLED ] /bin/grep: /etc/login.defs: Permission denied - Checking maximum group password hashing rounds [ DISABLED ] /bin/grep: /etc/login.defs: Permission denied - Query system users (non daemons) [ DONE ] egrep: warning: egrep is obsolescent; using grep -E egrep: warning: egrep is obsolescent; using grep -E - NIS+ authentication support [ NOT ENABLED ] egrep: warning: egrep is obsolescent; using grep -E egrep: warning: egrep is obsolescent; using grep -E - NIS authentication support [ NOT ENABLED ] - Sudoers file [ NOT FOUND ] - PAM password strength tools [ OK ] - PAM configuration file (pam.conf) [ NOT FOUND ] - PAM configuration files (pam.d) [ FOUND ] - PAM modules [ FOUND ] - LDAP module in PAM [ NOT FOUND ] /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 865: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found /usr/src/RPM/BUILD/lynis/include/tests_authentication: line 866: passwd: command not found - Accounts without expire date [ OK ] - Accounts without password [ OK ] /bin/grep: /etc/login.defs: Permission denied - Checking user password aging (minimum) [ DISABLED ] /bin/grep: /etc/login.defs: Permission denied - User password aging (maximum) [ DISABLED ] - Determining default umask - umask (/etc/profile and /etc/profile.d) [ SUGGESTION ] /bin/grep: /etc/login.defs: Permission denied - umask (/etc/login.defs) [ SUGGESTION ] - umask (/etc/init.d/functions) [ NONE ] egrep: warning: egrep is obsolescent; using grep -E - LDAP authentication support [ NOT ENABLED ] /bin/grep: /etc/login.defs: Permission denied - Logging failed login attempts [ DISABLED ] [+] Shells ------------------------------------ - Checking shells from /etc/shells Result: found 8 shells (valid shells: 2). /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Session timeout settings/tools [ NONE ] - Checking default umask values - Checking default umask in /etc/bashrc [ NONE ] - Checking default umask in /etc/profile [ WEAK ] [+] File systems ------------------------------------ - Checking mount points - Checking /home mount point [ SUGGESTION ] - Checking /tmp mount point [ SUGGESTION ] - Checking /var mount point [ SUGGESTION ] /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 155: -t: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 176: -t: command not found - Query swap partitions (fstab) [ NONE ] - Testing swap partitions [ OK ] egrep: warning: egrep is obsolescent; using grep -E egrep: warning: egrep is obsolescent; using grep -E - Testing /proc mount (hidepid) [ SUGGESTION ] - Checking for old files in /tmp [ OK ] - Checking /tmp sticky bit [ OK ] - Checking /var/tmp sticky bit [ OK ] /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 585: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 586: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 585: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 586: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 585: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 586: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 585: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 586: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 585: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 586: mount: command not found - Mount options of /tmp [ PARTIALLY HARDENED ] /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 585: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 586: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 585: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 586: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 585: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 586: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 585: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 586: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 632: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 633: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 634: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 635: mount: command not found /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 636: mount: command not found egrep: warning: egrep is obsolescent; using grep -E - Total without nodev:0 noexec:0 nosuid:0 ro or noexec (W^X): 0 of total 0 /bin/cat: /proc/sys/vm/swappiness: No such file or directory /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 698: [: -gt: unary operator expected /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 707: [: -eq: unary operator expected /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 710: [: -eq: unary operator expected /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 712: [: -eq: unary operator expected /usr/src/RPM/BUILD/lynis/include/tests_filesystems: line 714: [: -lt: unary operator expected [+] USB Devices ------------------------------------ - Checking usb-storage driver (modprobe config) [ NOT DISABLED ] - Checking USBGuard [ NOT FOUND ] [+] Storage ------------------------------------ - Checking firewire ohci driver (modprobe config) [ NOT DISABLED ] [+] NFS ------------------------------------ /proc/self/stat: No such file or directory - Check running NFS daemon [ NOT FOUND ] [+] Name services ------------------------------------ - Searching DNS domain name [ FOUND ] Domain name: localdomain /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking /etc/hosts egrep: warning: egrep is obsolescent; using grep -E egrep: warning: egrep is obsolescent; using grep -E - Duplicate entries in hosts file [ NONE ] egrep: warning: egrep is obsolescent; using grep -E - Presence of configured hostname in /etc/hosts [ FOUND ] egrep: warning: egrep is obsolescent; using grep -E egrep: warning: egrep is obsolescent; using grep -E - Hostname mapped to localhost [ NOT FOUND ] - Localhost mapping to IP address [ OK ] [+] Ports and packages ------------------------------------ - Searching package managers - Searching RPM package manager [ FOUND ] - Querying RPM package manager - Checking package audit tool [ NONE ] ================================================================= Exception found! Function/test: [KRNL-5840:1] Message: Could not find any kernel packages via package manager Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= [+] Networking ------------------------------------ - Checking IPv6 configuration [ DISABLED ] - Checking configured nameservers - Minimal of 2 responsive nameservers [ SKIPPED ] ================================================================= Exception found! Function/test: [NETW-3004:1] Message: No interfaces found on this system (OS=Linux) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [NETW-3006:2] Message: Missing ifconfig or ip command to collect hardware address (MAC) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [NETW-3008:2] Message: Missing ifconfig or ip command to collect hardware address (MAC) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [NETW-3012:1] Message: netstat and ss binary missing to gather listening ports Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= - Getting listening ports (TCP/UDP) [ SKIPPED ] - Checking promiscuous interfaces [ UNKNOWN ] /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking status DHCP client [ NOT ACTIVE ] /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking for ARP monitoring software [ NOT FOUND ] - Uncommon network protocols [ 0 ] [+] Printers and Spools ------------------------------------ /proc/self/stat: No such file or directory - Checking cups daemon [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking lp daemon [ NOT RUNNING ] [+] Software: e-mail and messaging ------------------------------------ /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory [+] Software: firewalls ------------------------------------ - Checking iptables kernel module [ NOT FOUND ] - Checking host based firewall [ NOT ACTIVE ] [+] Software: webserver ------------------------------------ - Checking Apache [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking nginx [ NOT FOUND ] [+] SSH Support ------------------------------------ /proc/self/stat: No such file or directory - Checking running SSH daemon [ NOT FOUND ] [+] SNMP Support ------------------------------------ /proc/self/stat: No such file or directory - Checking running SNMP daemon [ NOT FOUND ] [+] Databases ------------------------------------ /proc/self/stat: No such file or directory egrep: warning: egrep is obsolescent; using grep -E /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory egrep: warning: egrep is obsolescent; using grep -E /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory No database engines found [+] LDAP Services ------------------------------------ /proc/self/stat: No such file or directory - Checking OpenLDAP instance [ NOT FOUND ] [+] PHP ------------------------------------ - Checking PHP [ NOT FOUND ] [+] Squid Support ------------------------------------ /proc/self/stat: No such file or directory egrep: warning: egrep is obsolescent; using grep -E - Checking running Squid daemon [ NOT FOUND ] [+] Logging and files ------------------------------------ /proc/self/stat: No such file or directory egrep: warning: egrep is obsolescent; using grep -E - Checking for a running log daemon [ WARNING ] /proc/self/stat: No such file or directory - Checking Syslog-NG status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking systemd journal status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking Metalog status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking RSyslog status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking RFC 3195 daemon status [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking klogd [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking minilogd instances [ NOT FOUND ] - Checking logrotate presence [ WARNING ] - Checking log directories (static list) [ DONE ] - Checking open log files [ SKIPPED ] [+] Insecure services ------------------------------------ - Installed inetd package [ NOT FOUND ] - Installed xinetd package [ OK ] /proc/self/stat: No such file or directory - xinetd status [ NOT ACTIVE ] - Installed rsh client package [ OK ] - Installed rsh server package [ OK ] - Installed telnet client package [ OK ] - Installed telnet server package [ NOT FOUND ] - Checking NIS client installation [ OK ] - Checking NIS server installation [ OK ] - Checking TFTP client installation [ OK ] - Checking TFTP server installation [ OK ] [+] Banners and identification ------------------------------------ - /etc/issue [ NOT FOUND ] - /etc/issue.net [ NOT FOUND ] [+] Scheduled tasks ------------------------------------ /proc/self/stat: No such file or directory egrep: warning: egrep is obsolescent; using grep -E - Checking crontab and cronjob files [ DONE ] /proc/self/stat: No such file or directory [+] Accounting ------------------------------------ - Checking accounting information [ NOT FOUND ] - Checking sysstat accounting data [ NOT FOUND ] /proc/self/stat: No such file or directory - Checking auditd [ NOT FOUND ] [+] Time and Synchronization ------------------------------------ /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking for a running NTP daemon or client [ WARNING ] [+] Cryptography ------------------------------------ - HW RNG & rngd [ NO ] /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - SW prng [ NO ] [+] Virtualization ------------------------------------ [+] Containers ------------------------------------ /proc/self/stat: No such file or directory [+] Security frameworks ------------------------------------ - Checking presence AppArmor [ NOT FOUND ] - Checking presence SELinux [ NOT FOUND ] - Checking presence TOMOYO Linux [ NOT FOUND ] - Checking presence grsecurity [ NOT FOUND ] - Checking for implemented MAC framework [ NONE ] [+] Software: file integrity ------------------------------------ - Checking file integrity tools /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking presence integrity tool [ NOT FOUND ] [+] Software: System tooling ------------------------------------ - Checking automation tooling /proc/self/stat: No such file or directory - Automation tooling [ NOT FOUND ] /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory - Checking for IDS/IPS tooling [ NONE ] [+] Software: Malware ------------------------------------ /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory /proc/self/stat: No such file or directory [+] File Permissions ------------------------------------ - Starting file permissions check egrep: warning: egrep is obsolescent; using grep -E egrep: warning: egrep is obsolescent; using grep -E File: /etc/group [ OK ] egrep: warning: egrep is obsolescent; using grep -E File: /etc/group- [ OK ] egrep: warning: egrep is obsolescent; using grep -E File: /etc/hosts.allow [ OK ] egrep: warning: egrep is obsolescent; using grep -E File: /etc/hosts.deny [ OK ] egrep: warning: egrep is obsolescent; using grep -E File: /etc/motd [ OK ] egrep: warning: egrep is obsolescent; using grep -E File: /etc/passwd [ OK ] egrep: warning: egrep is obsolescent; using grep -E File: /etc/passwd- [ OK ] [+] Home directories ------------------------------------ egrep: warning: egrep is obsolescent; using grep -E - Permissions of home directories [ WARNING ] egrep: warning: egrep is obsolescent; using grep -E - Ownership of home directories [ WARNING ] - Checking shell history files [ OK ] [+] Kernel Hardening ------------------------------------ - Comparing sysctl key pairs with scan profile [+] Hardening ------------------------------------ - Installed compiler(s) [ FOUND ] - Installed malware scanner [ NOT FOUND ] [+] Custom tests ------------------------------------ - Running custom tests...  [ NONE ] [+] Plugins (phase 2) ------------------------------------ ================================================================================ -[ Lynis 3.0.0 Results ]- Warnings (1): ---------------------------- ! klogd is not running, which could lead to missing kernel messages in log files [LOGG-2138] https://cisofy.com/lynis/controls/LOGG-2138/ Suggestions (31): ---------------------------- * This release is more than 4 months old. Consider upgrading [LYNIS] https://cisofy.com/lynis/controls/LYNIS/ * Configure minimum encryption algorithm rounds in /etc/login.defs [AUTH-9230] https://cisofy.com/lynis/controls/AUTH-9230/ * Configure maximum encryption algorithm rounds in /etc/login.defs [AUTH-9230] https://cisofy.com/lynis/controls/AUTH-9230/ * Configure minimum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Configure maximum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Default umask in /etc/profile or /etc/profile.d/custom.sh could be more strict (e.g. 027) [AUTH-9328] https://cisofy.com/lynis/controls/AUTH-9328/ * Default umask in /etc/login.defs could not be found and defaults usually to 022, which could be more strict like 027 [AUTH-9328] https://cisofy.com/lynis/controls/AUTH-9328/ * To decrease the impact of a full /home file system, place /home on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [USB-1000] https://cisofy.com/lynis/controls/USB-1000/ * Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [STRG-1846] https://cisofy.com/lynis/controls/STRG-1846/ * Install a package audit tool to determine vulnerable packages [PKGS-7398] https://cisofy.com/lynis/controls/PKGS-7398/ * Determine if protocol 'dccp' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Determine if protocol 'sctp' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Determine if protocol 'rds' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Determine if protocol 'tipc' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Configure a firewall/packet filter to filter incoming and outgoing traffic [FIRE-4590] https://cisofy.com/lynis/controls/FIRE-4590/ * Check if any syslog daemon is running and correctly configured. [LOGG-2130] https://cisofy.com/lynis/controls/LOGG-2130/ * Check if log files are properly rotated [LOGG-2146] https://cisofy.com/lynis/controls/LOGG-2146/ * Enable process accounting [ACCT-9622] https://cisofy.com/lynis/controls/ACCT-9622/ * Enable sysstat to collect accounting (no results) [ACCT-9626] https://cisofy.com/lynis/controls/ACCT-9626/ * Enable auditd to collect audit information [ACCT-9628] https://cisofy.com/lynis/controls/ACCT-9628/ * Use NTP daemon or NTP client to prevent time issues. [TIME-3104] https://cisofy.com/lynis/controls/TIME-3104/ * Utilize software pseudo random number generators [CRYP-8005] https://cisofy.com/lynis/controls/CRYP-8005/ * Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350] https://cisofy.com/lynis/controls/FINT-4350/ * Determine if automation tools are present for system management [TOOL-5002] https://cisofy.com/lynis/controls/TOOL-5002/ * Double check the permissions of home directories as some might be not strict enough. [HOME-9304] https://cisofy.com/lynis/controls/HOME-9304/ * Double check the ownership of home directories as some might be incorrect. [HOME-9306] https://cisofy.com/lynis/controls/HOME-9306/ * Harden compilers like restricting access to root user only [HRDN-7222] https://cisofy.com/lynis/controls/HRDN-7222/ * Harden the system by installing at least one malware scanner, to perform periodic file system scans [HRDN-7230] - Solution : Install a tool like rkhunter, chkrootkit, OSSEC https://cisofy.com/lynis/controls/HRDN-7230/ Follow-up: ---------------------------- - Show details of a test (lynis show details TEST-ID) - Check the logfile for all details (less /usr/src/lynis.log) - Read security controls texts (https://cisofy.com) - Use --upload to upload data to central system (Lynis Enterprise users) ================================================================================ Lynis security scan details: Hardening index : 53 [########## ] Tests performed : 194 Plugins enabled : 0 Components: - Firewall [X] - Malware scanner [X] Scan mode: Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running non-privileged) Lynis modules: - Compliance status [?] - Security audit [V] - Vulnerability scan [V] Files: - Test and debug information : /usr/src/lynis.log - Report data : /usr/src/lynis-report.dat ================================================================================ Exceptions found Some exceptional events or information was found! What to do: You can help by providing your log file (/usr/src/lynis.log). Go to https://cisofy.com/contact/ and send your file to the e-mail address listed ================================================================================ Skipped tests due to non-privileged mode BOOT-5108 - Check Syslinux as bootloader BOOT-5109 - Check rEFInd as bootloader BOOT-5116 - Check if system is booted in UEFI mode AUTH-9229 - Check password hashing methods AUTH-9288 - Checking for expired passwords FILE-6368 - Checking ACL support on root file system CRYP-7930 - Determine if system uses LUKS block device encryption ================================================================================ Lynis 3.0.0 Auditing, system hardening, and compliance for UNIX-based systems (Linux, macOS, BSD, and others) 2007-2020, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ================================================================================ [TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /usr/src/RPM/BUILD/lynis/default.prf for all settings) + exit 0 Processing files: lynis-3.0.0-alt2 Executing(%doc): /bin/sh -e /usr/src/tmp/rpm-tmp.18659 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd lynis + DOCDIR=/usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + export DOCDIR + rm -rf /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + /bin/mkdir -p /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + cp -prL CHANGELOG.md CONTRIBUTORS.md FAQ README /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + chmod -R go-w /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + chmod -R a+rX /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + cp -prL extras/systemd/ /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + chmod -R go-w /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + chmod -R a+rX /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + cp -prL --no-dereference LICENSE /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + chmod -R go-w /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + chmod -R a+rX /usr/src/tmp/lynis-buildroot/usr/share/doc/lynis-3.0.0 + exit 0 Finding Provides (using /usr/lib/rpm/find-provides) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.8dSlV4 find-provides: running scripts (alternatives,debuginfo,lib,pam,perl,pkgconfig,python,python3,shell) Finding Requires (using /usr/lib/rpm/find-requires) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.rih1DI find-requires: running scripts (cpp,debuginfo,files,lib,pam,perl,pkgconfig,pkgconfiglib,python,python3,rpmlib,shebang,shell,static,symlinks,systemd-services) shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/binaries is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/consts is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/data_upload is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_audit_dockerfile is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_configure is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_generate is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_show is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_system_remote_scan is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/helper_update is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/osdetection is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/parameters is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/profiles is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/report is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_accounting is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_authentication is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_banners is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_boot_services is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_containers is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_crypto is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_custom.template is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_databases is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_dns is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_file_integrity is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_file_permissions is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_filesystems is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_firewalls is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_hardening is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_homedirs is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_insecure_services is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_kernel_hardening is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ldap is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_logging is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_mac_frameworks is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_mail_messaging is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_malware is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_memory_processes is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_nameservices is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_networking is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_php is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ports_packages is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_printers_spoolers is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_scheduling is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_shells is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_snmp is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_squid is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_ssh is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_storage is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_storage_nfs is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_system_integrity is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_time is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_tooling is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_usb is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_virtualization is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tests_webservers is not executable shebang.req.files: executable script /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/tool_tips is not executable shell.req: /usr/src/tmp/lynis-buildroot/usr/bin/lynis: /usr/xpg4/bin/sh -> /usr/xpg4/bin/sh (raw, not installed) shell.req: /usr/src/tmp/lynis-buildroot/usr/share/lynis/include/functions: laptop-detect not found (skip) ++ /bin/sed -e /.usr.xpg4.bin.sh/d -e /.usr.xpg4.bin.sh/d --- find-requires-deps 2023-04-29 06:22:15.008244914 +0000 +++ filter-requires-deps 2023-04-29 06:22:15.009244926 +0000 @@ -1,3 +1,2 @@ /bin/sh -/usr/xpg4/bin/sh coreutils find-requires: FINDPACKAGE-COMMANDS: Fatal ShowError awk cat chmod find grep laptop-detect nroff rm sed sleep touch Requires: audit, e2fsprogs, module-init-tools, /bin/sh, coreutils, findutils, gawk, grep, groff-base, sed Wrote: /usr/src/RPM/RPMS/noarch/lynis-3.0.0-alt2.noarch.rpm (w2.lzdio) 11.72user 10.42system 1:25.57elapsed 25%CPU (0avgtext+0avgdata 18144maxresident)k 0inputs+0outputs (0major+5053571minor)pagefaults 0swaps 1.69user 0.89system 1:30.74elapsed 2%CPU (0avgtext+0avgdata 109428maxresident)k 680inputs+0outputs (32418major+175877minor)pagefaults 0swaps