Lynis - Resultado da Análise

Iniciado por anabiel48, 06 de Fevereiro de 2014, 16:13

tópico anterior - próximo tópico
Imprimir
Ir para Fim Páginas1
Ações

anabiel48

06 de Fevereiro de 2014, 16:13
Caros companheiros de fórum,

Estou iniciando mesmo no linux e uso o Ubuntu 13.10. Achei ele meio estranho após uma tentativa frustrada de configurar um adaptador usb wireless, que já desisti (TDA 150U). Bom, ai eu resolvi pesquisar e achei o Lynis e fiz um teste geral e o resultado me assustou um pouco e estou perdidinha...  :o

Alguém pode me ajudar ???

Obrigada!
:)

-----------------------

================================================================================

  -[ Lynis 1.3.0 Results ]-

  Tests performed: 153
  Warnings:
  ----------------------------
   - [12:28:11] Warning: Found BIND version in banner [test:NAME-4210] [impact:M]
   - [12:28:54] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L]
   - [12:29:13] Warning: Found possible unused iptables rules (1 2 3 4 1 2 3 4 5) [test:FIRE-4513] [impact:L]
   - [12:29:16] Warning: Root can directly login via SSH [test:SSH-7412] [impact:M]
   - [12:29:31] Warning: No syslog daemon found [test:LOGG-2130] [impact:H]
   - [12:29:32] Warning: klogd is not running, which could lead to missing kernel messages in log files [test:LOGG-2138] [impact:L]
   - [12:30:21] Warning: No running NTP daemon or available client found [test:TIME-3104] [impact:M]

  Suggestions:
  ----------------------------
   - [12:25:09] Suggestion: update to the latest stable release.
   - [12:27:05] Suggestion: Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [test:AUTH-9262]
   - [12:27:05] Suggestion: When possible set expire dates for all password protected accounts [test:AUTH-9282]
   - [12:27:05] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
   - [12:27:05] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
   - [12:27:05] Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328]
   - [12:27:05] Suggestion: Default umask in /etc/init.d/rc could be more strict like 027 [test:AUTH-9328]
   - [12:27:54] Suggestion: To decrease the impact of a full /home file system, place /home on a separated partition [test:FILE-6310]
   - [12:27:54] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
   - [12:28:01] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
   - [12:28:01] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
   - [12:28:33] Suggestion: Purge removed packages (5 found) with aptitude purge command, to cleanup old configuration files, cron jobs and startup scripts. [test:PKGS-7346]
   - [12:28:45] Suggestion: Install package apt-show-versions for patch management purposes [test:PKGS-7394]
   - [12:28:54] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705]
   - [12:29:13] Suggestion: Check iptables rules to see which rules are currently not used (iptables --list --numeric --verbose) [test:FIRE-4513]
   - [12:29:31] Suggestion: Check if any syslog daemon is running and correctly configured. [test:LOGG-2130]
   - [12:29:32] Suggestion: Check why klogd is not running [test:LOGG-2138]
   - [12:30:06] Suggestion: Add legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126]
   - [12:30:06] Suggestion: Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130]
   - [12:30:15] Suggestion: Enable auditd to collect audit information [test:ACCT-9628]
   - [12:30:21] Suggestion: Check if any NTP daemon is running or a NTP client gets executed daily, to prevent big time differences and avoid problems with services like kerberos, authentication or logging differences. [test:TIME-3104]
   - [12:30:38] Suggestion: Install a file integrity tool [test:FINT-4350]
   - [12:30:52] Suggestion: One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000]
   - [12:31:01] Suggestion: Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed [test:HRDN-7220]
   - [12:31:01] Suggestion: Harden compilers and restrict access to world [test:HRDN-7222]
   - [12:31:01] Suggestion: Harden the system by installing one or malware scanners to perform periodic file system scans [test:HRDN-7230]
================================================================================
  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat
================================================================================
  Notice: Lynis update available
  Current version : 130    Latest version : 140
================================================================================
  Hardening index : [47]     [#########           ]
================================================================================
  Tip: Disable all tests which are not relevant or are too strict for the
       purpose of the particular machine. This will remove unwanted suggestions
       and also boost the hardening index. Each test should be properly analyzed
       to see if the related risks can be accepted, before disabling the test.
================================================================================
  Lynis 1.3.0
  Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
================================================================================

Renan Rischiotto

#1
18 de Abril de 2014, 16:22
Olá,

Algo não está funcionando no seu sistema?

Abraços!
Imprimir
Ir para Topo Páginas1
Ações