2020-11-22 01:49:24 Starting Lynis 3.0.1 with PID 4394, build date 2020-06-26 2020-11-22 01:49:24 ==== 2020-11-22 01:49:24 ### 2007-2020, CISOfy - https://cisofy.com/lynis/ ### 2020-11-22 01:49:24 Checking permissions of /root/lynis/include/profiles 2020-11-22 01:49:24 File permissions are OK 2020-11-22 01:49:24 Reading profile/configuration /root/lynis/default.prf 2020-11-22 01:49:24 Action: created temporary file /tmp/lynis.NQWECgIAL7 2020-11-22 01:49:24 Language set via profile to '' 2020-11-22 01:49:24 Plugin 'authentication' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'compliance' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'configuration' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'control-panels' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'crypto' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'dns' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'docker' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'file-integrity' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'file-systems' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'firewalls' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'forensics' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'hardware' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'intrusion-detection' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'intrusion-prevention' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'kernel' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'malware' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'memory' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'nginx' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'pam' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'processes' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'security-modules' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'software' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'system-integrity' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:24 Plugin 'systemd' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:25 Plugin 'users' enabled according profile (/root/lynis/default.prf) 2020-11-22 01:49:26 Set option to default value: NTPD_ROLE --> client 2020-11-22 01:49:26 ==== 2020-11-22 01:49:26 EOL check: 0 2020-11-22 01:49:26 Program version: 3.0.1 2020-11-22 01:49:26 Operating system: Linux 2020-11-22 01:49:26 Operating system name: CentOS Linux 2020-11-22 01:49:26 Operating system version: 7 2020-11-22 01:49:26 Kernel version: 3.10.0 2020-11-22 01:49:26 Kernel version (full): 3.10.0-1127.18.2.el7.x86_64 2020-11-22 01:49:26 Hardware platform: x86_64 2020-11-22 01:49:26 ----------------------------------------------------- 2020-11-22 01:49:26 Hostname: intel1-intel2 2020-11-22 01:49:26 Auditor: [Not Specified] 2020-11-22 01:49:26 Profiles: /root/lynis/default.prf 2020-11-22 01:49:26 Work directory: /root/lynis 2020-11-22 01:49:26 Include directory: /root/lynis/include 2020-11-22 01:49:26 Plugin directory: ./plugins 2020-11-22 01:49:26 ----------------------------------------------------- 2020-11-22 01:49:26 Log file: /var/log/lynis.log 2020-11-22 01:49:26 Report file: /var/log/lynis-report.dat 2020-11-22 01:49:26 Report version: 1.0 2020-11-22 01:49:26 ----------------------------------------------------- 2020-11-22 01:49:26 Test category: all 2020-11-22 01:49:26 Test group: all 2020-11-22 01:49:26 BusyBox used: 0 2020-11-22 01:49:26 ==== 2020-11-22 01:49:26 Test: Checking for program update... 2020-11-22 01:49:26 Result: dig, drill or host not installed, update check skipped 2020-11-22 01:49:26 Current installed version : 301 2020-11-22 01:49:26 Latest stable version : 0000000000 2020-11-22 01:49:26 Update check skipped due to constraints (e.g. missing dig binary) 2020-11-22 01:49:26 Suggestion: This release is more than 4 months old. Check the website or GitHub to see if there is an update available. [test:LYNIS] [details:-] [solution:-] 2020-11-22 01:49:26 ==== 2020-11-22 01:49:26 Checking permissions of /root/lynis/include/binaries 2020-11-22 01:49:26 File permissions are OK 2020-11-22 01:49:26 ==== 2020-11-22 01:49:26 Action: Performing tests from category: System Tools 2020-11-22 01:49:26 Start scanning for available audit binaries and tools... 2020-11-22 01:49:26 ==== 2020-11-22 01:49:26 Performing test ID CORE-1000 (Check all system binaries) 2020-11-22 01:49:26 Status: Starting binary scan... 2020-11-22 01:49:26 Test: Checking binaries in directory /usr/bin 2020-11-22 01:49:26 Directory /usr/bin exists. Starting directory scanning... 2020-11-22 01:49:26 Found known binary: as (compiler) - /usr/bin/as 2020-11-22 01:49:26 Found known binary: awk (string tool) - /usr/bin/awk 2020-11-22 01:49:26 Found known binary: base64 (encoding tool) - /usr/bin/base64 2020-11-22 01:49:26 Found known binary: bootctl (systemd-boot manager utility) - /usr/bin/bootctl 2020-11-22 01:49:26 Found known binary: cat (generic file handling) - /usr/bin/cat 2020-11-22 01:49:26 Found known binary: cc (compiler) - /usr/bin/cc 2020-11-22 01:49:26 Found known binary: comm (file compare) - /usr/bin/comm 2020-11-22 01:49:26 Found known binary: curl (browser, download utility) - /usr/bin/curl 2020-11-22 01:49:26 Found known binary: cut (text stream editor) - /usr/bin/cut 2020-11-22 01:49:27 Found known binary: dnsdomainname (DNS domain) - /usr/bin/dnsdomainname 2020-11-22 01:49:27 Found known binary: docker (container technology) - /usr/bin/docker 2020-11-22 01:49:27 Found known binary: domainname (NIS domain) - /usr/bin/domainname 2020-11-22 01:49:27 Found known binary: egrep (text search) - /usr/bin/egrep 2020-11-22 01:49:27 Found known binary: file (file type detection) - /usr/bin/file 2020-11-22 01:49:27 Found known binary: find (search tool) - /usr/bin/find 2020-11-22 01:49:27 Found known binary: gcc (compiler) - /usr/bin/gcc 2020-11-22 01:49:27 Found known binary: getent (query tool for name service switch libraries) - /usr/bin/getent 2020-11-22 01:49:27 Found known binary: grep (text search) - /usr/bin/grep 2020-11-22 01:49:27 Found known binary: gzip (compressing utility) - /usr/bin/gzip 2020-11-22 01:49:27 Found known binary: head (text filter) - /usr/bin/head 2020-11-22 01:49:27 Found known binary: journalctl (systemd journal) - /usr/bin/journalctl 2020-11-22 01:49:27 Found known binary: ls (file listing) - /usr/bin/ls 2020-11-22 01:49:27 Found known binary: lsattr (file attributes) - /usr/bin/lsattr 2020-11-22 01:49:27 Found known binary: lsblk (block devices) - /usr/bin/lsblk 2020-11-22 01:49:27 Found known binary: md5sum (hash tool) - /usr/bin/md5sum 2020-11-22 01:49:27 Found known binary: mount (disk utility) - /usr/bin/mount 2020-11-22 01:49:27 Found /usr/bin/openssl (version 1.0.2k-fips) 2020-11-22 01:49:27 Found /usr/bin/perl (version 5.16.3) 2020-11-22 01:49:27 Found known binary: pgrep (search in process list) - /usr/bin/pgrep 2020-11-22 01:49:27 Found known binary: ps (process listing) - /usr/bin/ps 2020-11-22 01:49:27 Found known binary: python (programming language interpreter) - /usr/bin/python (version 2.7.5) 2020-11-22 01:49:27 Found known binary: python2 (programming language interpreter) - /usr/bin/python2 (version 2.7.5) 2020-11-22 01:49:27 Found known binary: readlink (follows symlinks) - /usr/bin/readlink 2020-11-22 01:49:27 Found known binary: rpm (package manager) - /usr/bin/rpm 2020-11-22 01:49:27 Found known binary: sed (text stream editor) - /usr/bin/sed 2020-11-22 01:49:27 Found known binary: sha1/sha1sum/shasum (crypto hashing) - /usr/bin/sha1sum 2020-11-22 01:49:27 Found known binary: sha256/sha256sum (crypto hashing) - /usr/bin/sha256sum 2020-11-22 01:49:27 Found known binary: sort (sort data streams) - /usr/bin/sort 2020-11-22 01:49:27 Found known binary: ssh-keyscan (scanner for SSH keys) - /usr/bin/ssh-keyscan 2020-11-22 01:49:27 Found known binary: stat (file information) - /usr/bin/stat 2020-11-22 01:49:27 Found known binary: strings (text strings search) - /usr/bin/strings 2020-11-22 01:49:27 Found known binary: systemctl (client to systemd) - /usr/bin/systemctl 2020-11-22 01:49:27 Found known binary: systemd-analyze (systemd service analysis tool) - /usr/bin/systemd-analyze 2020-11-22 01:49:27 Found known binary: tail (text filter) - /usr/bin/tail 2020-11-22 01:49:27 Found known binary: timedatectl (timedate client) - /usr/bin/timedatectl 2020-11-22 01:49:27 Found known binary: tr (text transformation) - /usr/bin/tr 2020-11-22 01:49:27 Found known binary: uname (operating system details) - /usr/bin/uname 2020-11-22 01:49:27 Found known binary: uniq (text manipulation utility) - /usr/bin/uniq 2020-11-22 01:49:27 Found known binary: wc (word count) - /usr/bin/wc 2020-11-22 01:49:27 Found /usr/bin/wget (version 1.14) 2020-11-22 01:49:27 Found known binary: xargs (command output redirection) - /usr/bin/xargs 2020-11-22 01:49:27 Found known binary: yum (package manager) - /usr/bin/yum 2020-11-22 01:49:27 Found known binary: zgrep (text search for compressed files) - /usr/bin/zgrep 2020-11-22 01:49:27 Test: Checking binaries in directory /usr/sbin 2020-11-22 01:49:27 Directory /usr/sbin exists. Starting directory scanning... 2020-11-22 01:49:27 Found known binary: auditctl (control utility for audit daemon) - /usr/sbin/auditctl 2020-11-22 01:49:27 Found known binary: auditd (audit framework) - /usr/sbin/auditd 2020-11-22 01:49:27 Found known binary: blkid (information about block devices) - /usr/sbin/blkid 2020-11-22 01:49:27 Found known binary: chkconfig (administration tool) - /usr/sbin/chkconfig 2020-11-22 01:49:27 Found known binary: dmidecode (hardware collector tool) - /usr/sbin/dmidecode 2020-11-22 01:49:27 Found known binary: getcap (kernel capabilities) - /usr/sbin/getcap 2020-11-22 01:49:27 Found known binary: grpck (consistency checker) - /usr/sbin/grpck 2020-11-22 01:49:27 Found known binary: grub2-install (installer for boot loader) - /usr/sbin/grub2-install 2020-11-22 01:49:27 Found known binary: ip (IP configuration) - /usr/sbin/ip 2020-11-22 01:49:27 Found known binary: iptables (firewall) - /usr/sbin/iptables 2020-11-22 01:49:27 Found known binary: iptables-save (firewall) - /usr/sbin/iptables-save 2020-11-22 01:49:27 Found known binary: logrotate (log rotation tool) - /usr/sbin/logrotate 2020-11-22 01:49:27 Found known binary: lsmod (kernel modules) - /usr/sbin/lsmod 2020-11-22 01:49:27 Found known binary: lvdisplay (LVM tool) - /usr/sbin/lvdisplay 2020-11-22 01:49:27 Found known binary: modprobe (kernel modules) - /usr/sbin/modprobe 2020-11-22 01:49:27 Found known binary: postconf (postfix configuration) - /usr/sbin/postconf 2020-11-22 01:49:27 Found known binary: postfix (postfix binary) - /usr/sbin/postfix 2020-11-22 01:49:27 Found known binary: runlevel (system utility) - /usr/sbin/runlevel 2020-11-22 01:49:27 Found known binary: semanage (SELinux policy management tool) - /usr/sbin/semanage 2020-11-22 01:49:27 Found known binary: service (system services) - /usr/sbin/service 2020-11-22 01:49:27 Found known binary: sestatus (SELinux status tool) - /usr/sbin/sestatus 2020-11-22 01:49:28 Found known binary: ss (show sockets) - /usr/sbin/ss 2020-11-22 01:49:28 Found /usr/sbin/sshd (version 7.4) 2020-11-22 01:49:28 Found known binary: swapon (swap device tool) - /usr/sbin/swapon 2020-11-22 01:49:28 Found known binary: sysctl (kernel parameters) - /usr/sbin/sysctl 2020-11-22 01:49:28 Found known binary: tune2fs (file system tool) - /usr/sbin/tune2fs 2020-11-22 01:49:28 Found known binary: vgdisplay (LVM tool) - /usr/sbin/vgdisplay 2020-11-22 01:49:28 Test: Checking binaries in directory /bin 2020-11-22 01:49:28 Result: directory exists, but is actually a symlink 2020-11-22 01:49:28 Action: checking symlink for file /bin 2020-11-22 01:49:28 Note: Using real readlink binary to determine symlink on /bin 2020-11-22 01:49:28 Result: readlink shows /usr/bin as output 2020-11-22 01:49:28 Result: symlink found, pointing to directory /usr/bin 2020-11-22 01:49:28 Result: found the path behind this symlink (/bin --> /usr/bin) 2020-11-22 01:49:28 Result: Skipping this directory as it was already scanned 2020-11-22 01:49:28 Result: Directory /usr/bin skipped 2020-11-22 01:49:28 Test: Checking binaries in directory /sbin 2020-11-22 01:49:28 Result: directory exists, but is actually a symlink 2020-11-22 01:49:28 Action: checking symlink for file /sbin 2020-11-22 01:49:28 Note: Using real readlink binary to determine symlink on /sbin 2020-11-22 01:49:28 Result: readlink shows /usr/sbin as output 2020-11-22 01:49:28 Result: symlink found, pointing to directory /usr/sbin 2020-11-22 01:49:28 Result: found the path behind this symlink (/sbin --> /usr/sbin) 2020-11-22 01:49:28 Result: Skipping this directory as it was already scanned 2020-11-22 01:49:28 Result: Directory /usr/sbin skipped 2020-11-22 01:49:28 Discovered directories: /usr/bin,/usr/sbin 2020-11-22 01:49:28 Result: found 1302 binaries including 17 set-uid and 6 set-gid 2020-11-22 01:49:28 Result: set-uid binaries: /usr/bin/chage /usr/bin/chfn /usr/bin/chsh /usr/bin/crontab /usr/bin/gpasswd /usr/bin/mount /usr/bin/newgrp /usr/bin/passwd /usr/bin/pkexec /usr/bin/sg /usr/bin/su /usr/bin/sudo /usr/bin/sudoedit /usr/bin/umount /usr/sbin/pam_timestamp_check /usr/sbin/unix_chkpwd /usr/sbin/usernetctl 2020-11-22 01:49:28 Result: set-gid binaries: /usr/bin/ssh-agent /usr/bin/wall /usr/bin/write /usr/sbin/netreport /usr/sbin/postdrop /usr/sbin/postqueue 2020-11-22 01:49:28 ==== 2020-11-22 01:49:28 Informational: package manager is used 2020-11-22 01:49:28 Test: Determine if this system is a virtual machine 2020-11-22 01:49:28 Result: facter utility not found 2020-11-22 01:49:28 Test: trying to guess virtualization technology with systemd-detect-virt 2020-11-22 01:49:28 Result: found none 2020-11-22 01:49:28 Result: skipped lscpu test, as we already found machine type 2020-11-22 01:49:28 Result: skipped dmidecode test, as we already found machine type 2020-11-22 01:49:28 Result: skipped processes test, as we already found platform 2020-11-22 01:49:28 Result: skipped Amazon EC2 test, as we already found platform 2020-11-22 01:49:28 Result: skipped sysctl test, as we already found platform 2020-11-22 01:49:28 Result: skipped lshw test, as we already found machine type 2020-11-22 01:49:28 Result: Unknown virtualization type, so most likely system is physical 2020-11-22 01:49:28 Result: unknown if this system is a virtual machine 2020-11-22 01:49:28 Result: Lynis is not running in container 2020-11-22 01:49:28 Result: system is using systemd 2020-11-22 01:49:28 ==== 2020-11-22 01:49:28 Action: Performing plugin tests 2020-11-22 01:49:28 Searching plugins... 2020-11-22 01:49:28 Found plugin file: ./plugins/plugin_pam_phase1 2020-11-22 01:49:28 Action: checking plugin status in profile: /root/lynis/default.prf 2020-11-22 01:49:28 Result: plugin enabled in profile (/root/lynis/default.prf) 2020-11-22 01:49:28 Result: plugin pam is enabled 2020-11-22 01:49:28 Checking permissions of ./plugins/plugin_pam_phase1 2020-11-22 01:49:28 File permissions are OK 2020-11-22 01:49:28 Including plugin file: ./plugins/plugin_pam_phase1 (version: 1.0.5) 2020-11-22 01:49:28 ==== 2020-11-22 01:49:28 Performing test ID PLGN-0008 (Check PAM configuration (pwquality.conf)) 2020-11-22 01:49:28 ==== 2020-11-22 01:49:28 Performing test ID PLGN-0010 (Check PAM configuration) 2020-11-22 01:49:28 Result: /etc/pam.d exists 2020-11-22 01:49:28 Now checking PAM file /etc/pam.d/config-util 2020-11-22 01:49:28 Result: using module pam_rootok.so (sufficient) without options configured 2020-11-22 01:49:28 Result: using module pam_timestamp.so (sufficient) without options configured 2020-11-22 01:49:28 Result: using module pam_permit.so (required) without options configured 2020-11-22 01:49:28 Result: using module pam_permit.so (required) without options configured 2020-11-22 01:49:28 Result: using module pam_xauth.so (optional) without options configured 2020-11-22 01:49:28 Result: using module pam_timestamp.so (optional) without options configured 2020-11-22 01:49:28 Now checking PAM file /etc/pam.d/other 2020-11-22 01:49:28 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:29 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:29 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:29 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:29 Now checking PAM file /etc/pam.d/chfn 2020-11-22 01:49:29 Result: using module pam_rootok.so (sufficient) without options configured 2020-11-22 01:49:29 Now checking PAM file /etc/pam.d/chsh 2020-11-22 01:49:29 Result: using module pam_rootok.so (sufficient) without options configured 2020-11-22 01:49:29 Now checking PAM file /etc/pam.d/login 2020-11-22 01:49:29 Result: Found brackets in line, indicating multiple options for control flags: user_unknown=ignore success=ok ignore=ignore default=bad 2020-11-22 01:49:29 Result: brackets used, ignoring control flags 2020-11-22 01:49:29 Result: using module pam_securetty.so (other) without options configured 2020-11-22 01:49:29 Unknown control flag found (substack) 2020-11-22 01:49:29 Result: using module system-auth (substack) without options configured 2020-11-22 01:49:29 Result: found pluggable authentication module system-auth, which is unknown 2020-11-22 01:49:29 Result: using module pam_nologin.so (required) without options configured 2020-11-22 01:49:29 Result: using module pam_selinux.so (required) with options close 2020-11-22 01:49:30 Result: using module pam_loginuid.so (required) without options configured 2020-11-22 01:49:30 Result: using module pam_console.so (optional) without options configured 2020-11-22 01:49:30 Result: found pluggable authentication module pam_console.so, which is unknown 2020-11-22 01:49:30 Result: using module pam_selinux.so (required) with options open 2020-11-22 01:49:30 Result: using module pam_namespace.so (required) without options configured 2020-11-22 01:49:30 Result: using module pam_keyinit.so (optional) with options force revoke 2020-11-22 01:49:30 Result: using module pam_ck_connector.so (optional) without options configured 2020-11-22 01:49:30 Result: found pluggable authentication module pam_ck_connector.so, which is unknown 2020-11-22 01:49:30 Now checking PAM file /etc/pam.d/remote 2020-11-22 01:49:30 Result: using module pam_securetty.so (required) without options configured 2020-11-22 01:49:30 Unknown control flag found (substack) 2020-11-22 01:49:30 Result: using module password-auth (substack) without options configured 2020-11-22 01:49:30 Result: found pluggable authentication module password-auth, which is unknown 2020-11-22 01:49:30 Result: using module pam_nologin.so (required) without options configured 2020-11-22 01:49:30 Result: using module pam_selinux.so (required) with options close 2020-11-22 01:49:30 Result: using module pam_loginuid.so (required) without options configured 2020-11-22 01:49:30 Result: using module pam_selinux.so (required) with options open 2020-11-22 01:49:30 Result: using module pam_namespace.so (required) without options configured 2020-11-22 01:49:30 Result: using module pam_keyinit.so (optional) with options force revoke 2020-11-22 01:49:31 Now checking PAM file /etc/pam.d/runuser 2020-11-22 01:49:31 Result: using module pam_rootok.so (sufficient) without options configured 2020-11-22 01:49:31 Result: using module pam_keyinit.so (optional) with options revoke 2020-11-22 01:49:31 Result: using module pam_limits.so (required) without options configured 2020-11-22 01:49:31 Result: using module pam_unix.so (required) without options configured 2020-11-22 01:49:31 Result: found pam_unix.so module (generic) 2020-11-22 01:49:31 Now checking PAM file /etc/pam.d/runuser-l 2020-11-22 01:49:31 Result: using module pam_keyinit.so (optional) with options force revoke 2020-11-22 01:49:31 Result: using module pam_systemd.so (optional) without options configured 2020-11-22 01:49:31 Now checking PAM file /etc/pam.d/su 2020-11-22 01:49:31 Result: using module pam_rootok.so (sufficient) without options configured 2020-11-22 01:49:31 Unknown control flag found (substack) 2020-11-22 01:49:31 Result: using module system-auth (substack) without options configured 2020-11-22 01:49:31 Result: found pluggable authentication module system-auth, which is unknown 2020-11-22 01:49:31 Result: using module pam_succeed_if.so (sufficient) with options uid = 0 use_uid quiet 2020-11-22 01:49:31 Result: using module pam_xauth.so (optional) without options configured 2020-11-22 01:49:31 Now checking PAM file /etc/pam.d/su-l 2020-11-22 01:49:32 Result: using module pam_keyinit.so (optional) with options force revoke 2020-11-22 01:49:32 Now checking PAM file /etc/pam.d/systemd-user 2020-11-22 01:49:32 Now checking PAM file /etc/pam.d/polkit-1 2020-11-22 01:49:32 Now checking PAM file /etc/pam.d/crond 2020-11-22 01:49:32 Result: using module pam_access.so (required) without options configured 2020-11-22 01:49:32 Result: using module pam_loginuid.so (required) without options configured 2020-11-22 01:49:32 Now checking PAM file /etc/pam.d/sshd 2020-11-22 01:49:32 Result: using module pam_sepermit.so (required) without options configured 2020-11-22 01:49:32 Result: found pluggable authentication module pam_sepermit.so, which is unknown 2020-11-22 01:49:32 Unknown control flag found (substack) 2020-11-22 01:49:32 Result: using module password-auth (substack) without options configured 2020-11-22 01:49:32 Result: found pluggable authentication module password-auth, which is unknown 2020-11-22 01:49:32 Result: using module pam_reauthorize.so (optional) with options prepare 2020-11-22 01:49:32 Result: found pluggable authentication module pam_reauthorize.so, which is unknown 2020-11-22 01:49:32 Result: using module pam_nologin.so (required) without options configured 2020-11-22 01:49:33 Result: using module pam_selinux.so (required) with options close 2020-11-22 01:49:33 Result: using module pam_loginuid.so (required) without options configured 2020-11-22 01:49:33 Result: using module pam_selinux.so (required) with options open env_params 2020-11-22 01:49:33 Result: using module pam_namespace.so (required) without options configured 2020-11-22 01:49:33 Result: using module pam_keyinit.so (optional) with options force revoke 2020-11-22 01:49:33 Result: using module pam_reauthorize.so (optional) with options prepare 2020-11-22 01:49:33 Result: found pluggable authentication module pam_reauthorize.so, which is unknown 2020-11-22 01:49:33 Now checking PAM file /etc/pam.d/smtp.postfix 2020-11-22 01:49:33 Now checking PAM file /etc/pam.d/vlock 2020-11-22 01:49:33 Result: using module pam_permit.so (required) without options configured 2020-11-22 01:49:33 Now checking PAM file /etc/pam.d/passwd 2020-11-22 01:49:33 Unknown control flag found (substack) 2020-11-22 01:49:33 Result: using module system-auth (substack) without options configured 2020-11-22 01:49:33 Result: found pluggable authentication module system-auth, which is unknown 2020-11-22 01:49:33 Result: using module pam_gnome_keyring.so (optional) with options use_authtok 2020-11-22 01:49:33 Result: found pluggable authentication module pam_gnome_keyring.so, which is unknown 2020-11-22 01:49:33 Unknown control flag found (substack) 2020-11-22 01:49:33 Result: using module postlogin (substack) without options configured 2020-11-22 01:49:33 Result: found pluggable authentication module postlogin, which is unknown 2020-11-22 01:49:33 Now checking PAM file /etc/pam.d/sudo 2020-11-22 01:49:34 Result: using module pam_keyinit.so (optional) with options revoke 2020-11-22 01:49:34 Now checking PAM file /etc/pam.d/sudo-i 2020-11-22 01:49:34 Result: using module pam_keyinit.so (optional) with options force revoke 2020-11-22 01:49:34 Now checking PAM file /etc/pam.d/system-auth-ac 2020-11-22 01:49:34 Result: using module pam_env.so (required) without options configured 2020-11-22 01:49:34 Result: using module pam_faildelay.so (required) with options delay=2000000 2020-11-22 01:49:34 Result: using module pam_unix.so (sufficient) with options nullok try_first_pass 2020-11-22 01:49:34 Result: found pam_unix.so module (generic) 2020-11-22 01:49:34 Result: using module pam_succeed_if.so (requisite) with options uid >= 1000 quiet_success 2020-11-22 01:49:34 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:34 Result: using module pam_unix.so (required) without options configured 2020-11-22 01:49:34 Result: found pam_unix.so module (generic) 2020-11-22 01:49:34 Result: using module pam_localuser.so (sufficient) without options configured 2020-11-22 01:49:34 Result: using module pam_succeed_if.so (sufficient) with options uid < 1000 quiet 2020-11-22 01:49:34 Result: using module pam_permit.so (required) without options configured 2020-11-22 01:49:34 Result: using module pam_pwquality.so (requisite) with options try_first_pass local_users_only retry=3 authtok_type= 2020-11-22 01:49:34 Result: found module pam_pwquality.so for password strength testing 2020-11-22 01:49:34 Result: unknown option found: try_first_pass with value 2020-11-22 01:49:34 Result: unknown option found: local_users_only with value 2020-11-22 01:49:35 Result: Max password Retry configured 2020-11-22 01:49:35 Value is now: 3 2020-11-22 01:49:35 Returning value: 3 2020-11-22 01:49:35 Result: unknown option found: authtok_type with value 2020-11-22 01:49:35 Result: using module pam_unix.so (sufficient) with options sha512 shadow nullok try_first_pass use_authtok 2020-11-22 01:49:35 Result: found pam_unix.so module (generic) 2020-11-22 01:49:35 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:35 Result: using module pam_keyinit.so (optional) with options revoke 2020-11-22 01:49:35 Result: using module pam_limits.so (required) without options configured 2020-11-22 01:49:35 Result: using module pam_systemd.so (optional) without options configured 2020-11-22 01:49:35 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-11-22 01:49:35 Result: brackets used, ignoring control flags 2020-11-22 01:49:35 Result: using module pam_succeed_if.so (other) with options service in crond quiet use_uid 2020-11-22 01:49:35 Result: using module pam_unix.so (required) without options configured 2020-11-22 01:49:35 Result: found pam_unix.so module (generic) 2020-11-22 01:49:35 Now checking PAM file /etc/pam.d/postlogin-ac 2020-11-22 01:49:35 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-11-22 01:49:35 Result: brackets used, ignoring control flags 2020-11-22 01:49:35 Result: using module pam_succeed_if.so (other) with options service !~ gdm* service !~ su* quiet 2020-11-22 01:49:35 Result: Found brackets in line, indicating multiple options for control flags: default=1 2020-11-22 01:49:35 Result: brackets used, ignoring control flags 2020-11-22 01:49:35 Result: using module pam_lastlog.so (other) with options nowtmp showfailed 2020-11-22 01:49:35 Result: using module pam_lastlog.so (optional) with options silent noupdate showfailed 2020-11-22 01:49:35 Now checking PAM file /etc/pam.d/password-auth-ac 2020-11-22 01:49:35 Result: using module pam_env.so (required) without options configured 2020-11-22 01:49:35 Result: using module pam_faildelay.so (required) with options delay=2000000 2020-11-22 01:49:35 Result: using module pam_unix.so (sufficient) with options nullok try_first_pass 2020-11-22 01:49:35 Result: found pam_unix.so module (generic) 2020-11-22 01:49:35 Result: using module pam_succeed_if.so (requisite) with options uid >= 1000 quiet_success 2020-11-22 01:49:35 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:36 Result: using module pam_unix.so (required) without options configured 2020-11-22 01:49:36 Result: found pam_unix.so module (generic) 2020-11-22 01:49:36 Result: using module pam_localuser.so (sufficient) without options configured 2020-11-22 01:49:36 Result: using module pam_succeed_if.so (sufficient) with options uid < 1000 quiet 2020-11-22 01:49:36 Result: using module pam_permit.so (required) without options configured 2020-11-22 01:49:36 Result: using module pam_pwquality.so (requisite) with options try_first_pass local_users_only retry=3 authtok_type= 2020-11-22 01:49:36 Result: found module pam_pwquality.so for password strength testing 2020-11-22 01:49:36 Result: unknown option found: try_first_pass with value 2020-11-22 01:49:36 Result: unknown option found: local_users_only with value 2020-11-22 01:49:36 Result: Max password Retry configured 2020-11-22 01:49:36 Value is now: 3 2020-11-22 01:49:36 Returning value: 3 2020-11-22 01:49:36 Result: unknown option found: authtok_type with value 2020-11-22 01:49:36 Result: using module pam_unix.so (sufficient) with options sha512 shadow nullok try_first_pass use_authtok 2020-11-22 01:49:36 Result: found pam_unix.so module (generic) 2020-11-22 01:49:36 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:36 Result: using module pam_keyinit.so (optional) with options revoke 2020-11-22 01:49:36 Result: using module pam_limits.so (required) without options configured 2020-11-22 01:49:36 Result: using module pam_systemd.so (optional) without options configured 2020-11-22 01:49:36 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-11-22 01:49:36 Result: brackets used, ignoring control flags 2020-11-22 01:49:36 Result: using module pam_succeed_if.so (other) with options service in crond quiet use_uid 2020-11-22 01:49:36 Result: using module pam_unix.so (required) without options configured 2020-11-22 01:49:36 Result: found pam_unix.so module (generic) 2020-11-22 01:49:36 Now checking PAM file /etc/pam.d/fingerprint-auth-ac 2020-11-22 01:49:36 Result: using module pam_env.so (required) without options configured 2020-11-22 01:49:36 Result: using module pam_fprintd.so (sufficient) without options configured 2020-11-22 01:49:36 Result: found pluggable authentication module pam_fprintd.so, which is unknown 2020-11-22 01:49:36 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:37 Result: using module pam_unix.so (required) without options configured 2020-11-22 01:49:37 Result: found pam_unix.so module (generic) 2020-11-22 01:49:37 Result: using module pam_localuser.so (sufficient) without options configured 2020-11-22 01:49:37 Result: using module pam_succeed_if.so (sufficient) with options uid < 1000 quiet 2020-11-22 01:49:37 Result: using module pam_permit.so (required) without options configured 2020-11-22 01:49:37 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:37 Result: using module pam_keyinit.so (optional) with options revoke 2020-11-22 01:49:37 Result: using module pam_limits.so (required) without options configured 2020-11-22 01:49:37 Result: using module pam_systemd.so (optional) without options configured 2020-11-22 01:49:37 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-11-22 01:49:37 Result: brackets used, ignoring control flags 2020-11-22 01:49:37 Result: using module pam_succeed_if.so (other) with options service in crond quiet use_uid 2020-11-22 01:49:37 Result: using module pam_unix.so (required) without options configured 2020-11-22 01:49:37 Result: found pam_unix.so module (generic) 2020-11-22 01:49:37 Now checking PAM file /etc/pam.d/smartcard-auth-ac 2020-11-22 01:49:37 Result: using module pam_env.so (required) without options configured 2020-11-22 01:49:37 Result: Found brackets in line, indicating multiple options for control flags: success=done ignore=ignore default=die 2020-11-22 01:49:37 Result: brackets used, ignoring control flags 2020-11-22 01:49:37 Result: using module pam_pkcs11.so (other) with options nodebug wait_for_card 2020-11-22 01:49:37 Result: found pluggable authentication module pam_pkcs11.so, which is unknown 2020-11-22 01:49:37 Result: using module pam_deny.so (required) without options configured 2020-11-22 01:49:37 Result: using module pam_unix.so (required) without options configured 2020-11-22 01:49:37 Result: found pam_unix.so module (generic) 2020-11-22 01:49:37 Result: using module pam_localuser.so (sufficient) without options configured 2020-11-22 01:49:37 Result: using module pam_succeed_if.so (sufficient) with options uid < 1000 quiet 2020-11-22 01:49:37 Result: using module pam_permit.so (required) without options configured 2020-11-22 01:49:37 Result: using module pam_pkcs11.so (required) without options configured 2020-11-22 01:49:38 Result: found pluggable authentication module pam_pkcs11.so, which is unknown 2020-11-22 01:49:38 Result: using module pam_keyinit.so (optional) with options revoke 2020-11-22 01:49:38 Result: using module pam_limits.so (required) without options configured 2020-11-22 01:49:38 Result: using module pam_systemd.so (optional) without options configured 2020-11-22 01:49:38 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-11-22 01:49:38 Result: brackets used, ignoring control flags 2020-11-22 01:49:38 Result: using module pam_succeed_if.so (other) with options service in crond quiet use_uid 2020-11-22 01:49:38 Result: using module pam_unix.so (required) without options configured 2020-11-22 01:49:38 Result: found pam_unix.so module (generic) 2020-11-22 01:49:38 [PAM] PAM 2F authentication enabled: 0 2020-11-22 01:49:38 [PAM] PAM 2F authentication required: 0 2020-11-22 01:49:38 [PAM] Authentication unlock time: not configured 2020-11-22 01:49:38 [PAM] Password brute force protection: 0 2020-11-22 01:49:38 [PAM] Minimum password length: not configured 2020-11-22 01:49:38 [PAM] Password strength testing enabled: 1 2020-11-22 01:49:38 [PAM] Minimum password class out of 4: 0 2020-11-22 01:49:38 [PAM] Maximum credit for Digital characters: 1 2020-11-22 01:49:38 [PAM] Maximum credit for Lowercase characters: 1 2020-11-22 01:49:38 [PAM] Maximum credit for Other characters: 1 2020-11-22 01:49:38 [PAM] Maximum credit for Uppercase characters: 1 2020-11-22 01:49:38 [PAM] Password maximum retry: 3 2020-11-22 01:49:38 [PAM] Password history with pam_pwhistory IS NOT enabled 2020-11-22 01:49:38 [PAM] Password history with pam_unix IS NOT enabled 2020-11-22 01:49:38 ==== 2020-11-22 01:49:38 Result: pam plugin (phase 1) finished 2020-11-22 01:49:38 -- 2020-11-22 01:49:38 Found plugin file: ./plugins/plugin_systemd_phase1 2020-11-22 01:49:38 Action: checking plugin status in profile: /root/lynis/default.prf 2020-11-22 01:49:38 Result: plugin enabled in profile (/root/lynis/default.prf) 2020-11-22 01:49:38 Result: plugin systemd is enabled 2020-11-22 01:49:38 Checking permissions of ./plugins/plugin_systemd_phase1 2020-11-22 01:49:38 File permissions are OK 2020-11-22 01:49:38 Including plugin file: ./plugins/plugin_systemd_phase1 (version: 1.0.4) 2020-11-22 01:49:38 ==== 2020-11-22 01:49:38 Performing test ID PLGN-3800 (Gather systemctl exit code) 2020-11-22 01:49:38 ==== 2020-11-22 01:49:38 Performing test ID PLGN-3802 (Query systemd version and options) 2020-11-22 01:49:38 Result: found systemd version 219 2020-11-22 01:49:38 Result: found builtin components list 2020-11-22 01:49:38 ==== 2020-11-22 01:49:38 Performing test ID PLGN-3804 (Gather systemd unit files and their status) 2020-11-22 01:49:38 Result: found systemd unit files via systemctl list-unit-files 2020-11-22 01:49:38 Output: proc-sys-fs-binfmt_misc.automount|static| 2020-11-22 01:49:38 Output: dev-hugepages.mount|static| 2020-11-22 01:49:38 Output: dev-mqueue.mount|static| 2020-11-22 01:49:38 Output: proc-sys-fs-binfmt_misc.mount|static| 2020-11-22 01:49:38 Output: sys-fs-fuse-connections.mount|static| 2020-11-22 01:49:38 Output: sys-kernel-config.mount|static| 2020-11-22 01:49:38 Output: sys-kernel-debug.mount|static| 2020-11-22 01:49:38 Output: tmp.mount|disabled| 2020-11-22 01:49:38 Output: brandbot.path|disabled| 2020-11-22 01:49:38 Output: systemd-ask-password-console.path|static| 2020-11-22 01:49:38 Output: systemd-ask-password-plymouth.path|static| 2020-11-22 01:49:38 Output: systemd-ask-password-wall.path|static| 2020-11-22 01:49:38 Output: session-38.scope|static| 2020-11-22 01:49:38 Output: session-39.scope|static| 2020-11-22 01:49:38 Output: auditd.service|enabled| 2020-11-22 01:49:38 Output: autovt@.service|enabled| 2020-11-22 01:49:38 Output: blk-availability.service|disabled| 2020-11-22 01:49:38 Output: brandbot.service|static| 2020-11-22 01:49:38 Output: chrony-dnssrv@.service|static| 2020-11-22 01:49:38 Output: chrony-wait.service|disabled| 2020-11-22 01:49:38 Output: chronyd.service|enabled| 2020-11-22 01:49:38 Output: console-getty.service|disabled| 2020-11-22 01:49:38 Output: console-shell.service|disabled| 2020-11-22 01:49:38 Output: container-getty@.service|static| 2020-11-22 01:49:38 Output: containerd.service|disabled| 2020-11-22 01:49:38 Output: cpupower.service|disabled| 2020-11-22 01:49:38 Output: crond.service|enabled| 2020-11-22 01:49:38 Output: dbus-org.fedoraproject.FirewallD1.service|enabled| 2020-11-22 01:49:38 Output: dbus-org.freedesktop.hostname1.service|static| 2020-11-22 01:49:38 Output: dbus-org.freedesktop.import1.service|static| 2020-11-22 01:49:38 Output: dbus-org.freedesktop.locale1.service|static| 2020-11-22 01:49:38 Output: dbus-org.freedesktop.login1.service|static| 2020-11-22 01:49:38 Output: dbus-org.freedesktop.machine1.service|static| 2020-11-22 01:49:38 Output: dbus-org.freedesktop.nm-dispatcher.service|enabled| 2020-11-22 01:49:38 Output: dbus-org.freedesktop.timedate1.service|static| 2020-11-22 01:49:38 Output: dbus.service|static| 2020-11-22 01:49:38 Output: debug-shell.service|disabled| 2020-11-22 01:49:38 Output: dm-event.service|static| 2020-11-22 01:49:38 Output: docker.service|disabled| 2020-11-22 01:49:38 Output: dracut-cmdline.service|static| 2020-11-22 01:49:38 Output: dracut-initqueue.service|static| 2020-11-22 01:49:38 Output: dracut-mount.service|static| 2020-11-22 01:49:38 Output: dracut-pre-mount.service|static| 2020-11-22 01:49:38 Output: dracut-pre-pivot.service|static| 2020-11-22 01:49:38 Output: dracut-pre-trigger.service|static| 2020-11-22 01:49:38 Output: dracut-pre-udev.service|static| 2020-11-22 01:49:38 Output: dracut-shutdown.service|static| 2020-11-22 01:49:38 Output: ebtables.service|disabled| 2020-11-22 01:49:38 Output: emergency.service|static| 2020-11-22 01:49:38 Output: firewalld.service|enabled| 2020-11-22 01:49:38 Output: fstrim.service|static| 2020-11-22 01:49:38 Output: getty@.service|enabled| 2020-11-22 01:49:38 Output: halt-local.service|static| 2020-11-22 01:49:38 Output: initrd-cleanup.service|static| 2020-11-22 01:49:38 Output: initrd-parse-etc.service|static| 2020-11-22 01:49:38 Output: initrd-switch-root.service|static| 2020-11-22 01:49:38 Output: initrd-udevadm-cleanup-db.service|static| 2020-11-22 01:49:38 Output: iprdump.service|disabled| 2020-11-22 01:49:38 Output: iprinit.service|disabled| 2020-11-22 01:49:38 Output: iprupdate.service|disabled| 2020-11-22 01:49:38 Output: irqbalance.service|enabled| 2020-11-22 01:49:38 Output: kdump.service|enabled| 2020-11-22 01:49:38 Output: kmod-static-nodes.service|static| 2020-11-22 01:49:38 Output: lvm2-lvmetad.service|static| 2020-11-22 01:49:38 Output: lvm2-lvmpolld.service|static| 2020-11-22 01:49:38 Output: lvm2-monitor.service|enabled| 2020-11-22 01:49:38 Output: lvm2-pvscan@.service|static| 2020-11-22 01:49:38 Output: messagebus.service|static| 2020-11-22 01:49:38 Output: microcode.service|enabled| 2020-11-22 01:49:38 Output: NetworkManager-dispatcher.service|enabled| 2020-11-22 01:49:38 Output: NetworkManager-wait-online.service|enabled| 2020-11-22 01:49:38 Output: NetworkManager.service|enabled| 2020-11-22 01:49:38 Output: plymouth-halt.service|disabled| 2020-11-22 01:49:38 Output: plymouth-kexec.service|disabled| 2020-11-22 01:49:38 Output: plymouth-poweroff.service|disabled| 2020-11-22 01:49:38 Output: plymouth-quit-wait.service|disabled| 2020-11-22 01:49:38 Output: plymouth-quit.service|disabled| 2020-11-22 01:49:39 Output: plymouth-read-write.service|disabled| 2020-11-22 01:49:39 Output: plymouth-reboot.service|disabled| 2020-11-22 01:49:39 Output: plymouth-start.service|disabled| 2020-11-22 01:49:39 Output: plymouth-switch-root.service|static| 2020-11-22 01:49:39 Output: polkit.service|static| 2020-11-22 01:49:39 Output: postfix.service|enabled| 2020-11-22 01:49:39 Output: quotaon.service|static| 2020-11-22 01:49:39 Output: rc-local.service|static| 2020-11-22 01:49:39 Output: rdisc.service|disabled| 2020-11-22 01:49:39 Output: rescue.service|static| 2020-11-22 01:49:39 Output: rhel-autorelabel-mark.service|enabled| 2020-11-22 01:49:39 Output: rhel-autorelabel.service|enabled| 2020-11-22 01:49:39 Output: rhel-configure.service|enabled| 2020-11-22 01:49:39 Output: rhel-dmesg.service|enabled| 2020-11-22 01:49:39 Output: rhel-domainname.service|enabled| 2020-11-22 01:49:39 Output: rhel-import-state.service|enabled| 2020-11-22 01:49:39 Output: rhel-loadmodules.service|enabled| 2020-11-22 01:49:39 Output: rhel-readonly.service|enabled| 2020-11-22 01:49:39 Output: rsyncd.service|disabled| 2020-11-22 01:49:39 Output: rsyncd@.service|static| 2020-11-22 01:49:39 Output: rsyslog.service|enabled| 2020-11-22 01:49:39 Output: selinux-policy-migrate-local-changes@.service|static| 2020-11-22 01:49:39 Output: serial-getty@.service|disabled| 2020-11-22 01:49:39 Output: sshd-keygen.service|static| 2020-11-22 01:49:39 Output: sshd.service|enabled| 2020-11-22 01:49:39 Output: sshd@.service|static| 2020-11-22 01:49:39 Output: systemd-ask-password-console.service|static| 2020-11-22 01:49:39 Output: systemd-ask-password-plymouth.service|static| 2020-11-22 01:49:39 Output: systemd-ask-password-wall.service|static| 2020-11-22 01:49:39 Output: systemd-backlight@.service|static| 2020-11-22 01:49:39 Output: systemd-binfmt.service|static| 2020-11-22 01:49:39 Output: systemd-bootchart.service|disabled| 2020-11-22 01:49:39 Output: systemd-firstboot.service|static| 2020-11-22 01:49:39 Output: systemd-fsck-root.service|static| 2020-11-22 01:49:39 Output: systemd-fsck@.service|static| 2020-11-22 01:49:39 Output: systemd-halt.service|static| 2020-11-22 01:49:39 Output: systemd-hibernate-resume@.service|static| 2020-11-22 01:49:39 Output: systemd-hibernate.service|static| 2020-11-22 01:49:39 Output: systemd-hostnamed.service|static| 2020-11-22 01:49:39 Output: systemd-hwdb-update.service|static| 2020-11-22 01:49:39 Output: systemd-hybrid-sleep.service|static| 2020-11-22 01:49:39 Output: systemd-importd.service|static| 2020-11-22 01:49:39 Output: systemd-initctl.service|static| 2020-11-22 01:49:39 Output: systemd-journal-catalog-update.service|static| 2020-11-22 01:49:39 Output: systemd-journal-flush.service|static| 2020-11-22 01:49:39 Output: systemd-journald.service|static| 2020-11-22 01:49:39 Output: systemd-kexec.service|static| 2020-11-22 01:49:39 Output: systemd-localed.service|static| 2020-11-22 01:49:39 Output: systemd-logind.service|static| 2020-11-22 01:49:39 Output: systemd-machine-id-commit.service|static| 2020-11-22 01:49:39 Output: systemd-machined.service|static| 2020-11-22 01:49:39 Output: systemd-modules-load.service|static| 2020-11-22 01:49:39 Output: systemd-nspawn@.service|disabled| 2020-11-22 01:49:39 Output: systemd-poweroff.service|static| 2020-11-22 01:49:39 Output: systemd-quotacheck.service|static| 2020-11-22 01:49:39 Output: systemd-random-seed.service|static| 2020-11-22 01:49:39 Output: systemd-readahead-collect.service|enabled| 2020-11-22 01:49:39 Output: systemd-readahead-done.service|indirect| 2020-11-22 01:49:39 Output: systemd-readahead-drop.service|enabled| 2020-11-22 01:49:39 Output: systemd-readahead-replay.service|enabled| 2020-11-22 01:49:39 Output: systemd-reboot.service|static| 2020-11-22 01:49:39 Output: systemd-remount-fs.service|static| 2020-11-22 01:49:39 Output: systemd-rfkill@.service|static| 2020-11-22 01:49:39 Output: systemd-shutdownd.service|static| 2020-11-22 01:49:39 Output: systemd-suspend.service|static| 2020-11-22 01:49:39 Output: systemd-sysctl.service|static| 2020-11-22 01:49:39 Output: systemd-timedated.service|static| 2020-11-22 01:49:39 Output: systemd-tmpfiles-clean.service|static| 2020-11-22 01:49:39 Output: systemd-tmpfiles-setup-dev.service|static| 2020-11-22 01:49:39 Output: systemd-tmpfiles-setup.service|static| 2020-11-22 01:49:39 Output: systemd-udev-settle.service|static| 2020-11-22 01:49:39 Output: systemd-udev-trigger.service|static| 2020-11-22 01:49:39 Output: systemd-udevd.service|static| 2020-11-22 01:49:39 Output: systemd-update-done.service|static| 2020-11-22 01:49:39 Output: systemd-update-utmp-runlevel.service|static| 2020-11-22 01:49:39 Output: systemd-update-utmp.service|static| 2020-11-22 01:49:39 Output: systemd-user-sessions.service|static| 2020-11-22 01:49:39 Output: systemd-vconsole-setup.service|static| 2020-11-22 01:49:39 Output: teamd@.service|static| 2020-11-22 01:49:39 Output: tuned.service|enabled| 2020-11-22 01:49:39 Output: wpa_supplicant.service|disabled| 2020-11-22 01:49:39 Output: -.slice|static| 2020-11-22 01:49:39 Output: machine.slice|static| 2020-11-22 01:49:39 Output: system.slice|static| 2020-11-22 01:49:39 Output: user-0.slice|static| 2020-11-22 01:49:39 Output: user.slice|static| 2020-11-22 01:49:39 Output: dbus.socket|static| 2020-11-22 01:49:39 Output: dm-event.socket|enabled| 2020-11-22 01:49:39 Output: docker.socket|disabled| 2020-11-22 01:49:39 Output: lvm2-lvmetad.socket|enabled| 2020-11-22 01:49:39 Output: lvm2-lvmpolld.socket|enabled| 2020-11-22 01:49:39 Output: rsyncd.socket|disabled| 2020-11-22 01:49:39 Output: sshd.socket|disabled| 2020-11-22 01:49:39 Output: syslog.socket|static| 2020-11-22 01:49:39 Output: systemd-initctl.socket|static| 2020-11-22 01:49:39 Output: systemd-journald.socket|static| 2020-11-22 01:49:39 Output: systemd-shutdownd.socket|static| 2020-11-22 01:49:39 Output: systemd-udevd-control.socket|static| 2020-11-22 01:49:39 Output: systemd-udevd-kernel.socket|static| 2020-11-22 01:49:39 Output: basic.target|static| 2020-11-22 01:49:39 Output: bluetooth.target|static| 2020-11-22 01:49:39 Output: cryptsetup-pre.target|static| 2020-11-22 01:49:39 Output: cryptsetup.target|static| 2020-11-22 01:49:39 Output: ctrl-alt-del.target|disabled| 2020-11-22 01:49:39 Output: default.target|enabled| 2020-11-22 01:49:39 Output: emergency.target|static| 2020-11-22 01:49:39 Output: final.target|static| 2020-11-22 01:49:39 Output: getty-pre.target|static| 2020-11-22 01:49:39 Output: getty.target|static| 2020-11-22 01:49:39 Output: graphical.target|static| 2020-11-22 01:49:39 Output: halt.target|disabled| 2020-11-22 01:49:39 Output: hibernate.target|static| 2020-11-22 01:49:39 Output: hybrid-sleep.target|static| 2020-11-22 01:49:39 Output: initrd-fs.target|static| 2020-11-22 01:49:39 Output: initrd-root-fs.target|static| 2020-11-22 01:49:39 Output: initrd-switch-root.target|static| 2020-11-22 01:49:39 Output: initrd.target|static| 2020-11-22 01:49:39 Output: iprutils.target|disabled| 2020-11-22 01:49:39 Output: kexec.target|disabled| 2020-11-22 01:49:39 Output: local-fs-pre.target|static| 2020-11-22 01:49:39 Output: local-fs.target|static| 2020-11-22 01:49:39 Output: machines.target|disabled| 2020-11-22 01:49:39 Output: multi-user.target|enabled| 2020-11-22 01:49:39 Output: network-online.target|static| 2020-11-22 01:49:39 Output: network-pre.target|static| 2020-11-22 01:49:39 Output: network.target|static| 2020-11-22 01:49:39 Output: nss-lookup.target|static| 2020-11-22 01:49:39 Output: nss-user-lookup.target|static| 2020-11-22 01:49:39 Output: paths.target|static| 2020-11-22 01:49:39 Output: poweroff.target|disabled| 2020-11-22 01:49:39 Output: printer.target|static| 2020-11-22 01:49:39 Output: reboot.target|disabled| 2020-11-22 01:49:39 Output: remote-cryptsetup.target|disabled| 2020-11-22 01:49:39 Output: remote-fs-pre.target|static| 2020-11-22 01:49:39 Output: remote-fs.target|enabled| 2020-11-22 01:49:39 Output: rescue.target|disabled| 2020-11-22 01:49:39 Output: rpcbind.target|static| 2020-11-22 01:49:39 Output: runlevel0.target|disabled| 2020-11-22 01:49:39 Output: runlevel1.target|disabled| 2020-11-22 01:49:39 Output: runlevel2.target|enabled| 2020-11-22 01:49:39 Output: runlevel3.target|enabled| 2020-11-22 01:49:39 Output: runlevel4.target|enabled| 2020-11-22 01:49:39 Output: runlevel5.target|static| 2020-11-22 01:49:39 Output: runlevel6.target|disabled| 2020-11-22 01:49:39 Output: shutdown.target|static| 2020-11-22 01:49:39 Output: sigpwr.target|static| 2020-11-22 01:49:39 Output: sleep.target|static| 2020-11-22 01:49:39 Output: slices.target|static| 2020-11-22 01:49:39 Output: smartcard.target|static| 2020-11-22 01:49:39 Output: sockets.target|static| 2020-11-22 01:49:39 Output: sound.target|static| 2020-11-22 01:49:39 Output: suspend.target|static| 2020-11-22 01:49:39 Output: swap.target|static| 2020-11-22 01:49:39 Output: sysinit.target|static| 2020-11-22 01:49:39 Output: system-update.target|static| 2020-11-22 01:49:39 Output: time-sync.target|static| 2020-11-22 01:49:39 Output: timers.target|static| 2020-11-22 01:49:39 Output: umount.target|static| 2020-11-22 01:49:39 Output: chrony-dnssrv@.timer|disabled| 2020-11-22 01:49:39 Output: fstrim.timer|disabled| 2020-11-22 01:49:39 Output: systemd-readahead-done.timer|indirect| 2020-11-22 01:49:39 Output: systemd-tmpfiles-clean.timer|static| 2020-11-22 01:49:39 ==== 2020-11-22 01:49:39 Performing test ID PLGN-3806 (Gather failed systemd units) 2020-11-22 01:49:39 ==== 2020-11-22 01:49:39 Performing test ID PLGN-3808 (Gather systemd machine ID) 2020-11-22 01:49:39 Result: found machine ID: e0dec21e76ec495f89c25207d4e751ee 2020-11-22 01:49:39 ==== 2020-11-22 01:49:39 Performing test ID PLGN-3810 (Query main systemd binaries) 2020-11-22 01:49:39 Result: found systemd binaries in /usr/lib/systemd 2020-11-22 01:49:39 ==== 2020-11-22 01:49:39 Performing test ID PLGN-3812 (Query journal for boot related information) 2020-11-22 01:49:39 Output: number of boots listed in journal is 1 2020-11-22 01:49:39 Output: oldest boot date in journal is 2020-11-20 2020-11-22 01:49:39 ==== 2020-11-22 01:49:39 Performing test ID PLGN-3814 (Verify journal integrity) 2020-11-22 01:49:39 Result: systemd journal has no errors 2020-11-22 01:49:39 ==== 2020-11-22 01:49:40 Performing test ID PLGN-3816 (Query journal for boot related information) 2020-11-22 01:49:40 Result: journals are 8.0M in size 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID PLGN-3818 (Query journal meta data) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID PLGN-3820 (Check for journal FSS configuration) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID PLGN-3830 (Query systemd status) 2020-11-22 01:49:40 Result: found systemd status = running 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID PLGN-3832 (Query systemd status for processes which can not be found) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID PLGN-3834 (Collect service units which can not be found in systemd) 2020-11-22 01:49:40 Result: found one or more services with faulty state 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) display-manager.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) exim.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) ip6tables.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) ipset.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) iptables.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) lvm2-activation.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) ntpd.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) ntpdate.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) sendmail.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) sntp.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) syslog.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) systemd-sysusers.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) systemd-timesyncd.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) ypbind.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) yppasswdd.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) ypserv.service 2020-11-22 01:49:40 Result: service seems to be faulty (not-found) ypxfrd.service 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID PLGN-3856 (Check if systemd-coredump is used) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID PLGN-3860 (Query coredumps from journals since Yesterday) 2020-11-22 01:49:40 Result: found no coredumps 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Result: systemd plugin (phase 1) finished 2020-11-22 01:49:40 -- 2020-11-22 01:49:40 Result: Found 2 plugins of which 2 are enabled 2020-11-22 01:49:40 Result: Plugins phase 1 finished 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Info: using hardware address 3c:fd:fe:dd:a2:8c to create ID 2020-11-22 01:49:40 Result: Found HostID: cb8d4bbf615de8fead673de62007932d4f648fff 2020-11-22 01:49:40 Info: creating a HostID (version 2) 2020-11-22 01:49:40 Result: found file ssh_host_ed25519_key.pub in /etc/ssh, using that to create host identifier 2020-11-22 01:49:40 Using SSH public key to create the second host identifier 2020-11-22 01:49:40 Hash (hostname): 079aa4b3827b4a9ac7942a0a526f50b4e3dfd059714f826a7a2e1266fa612ab0 2020-11-22 01:49:40 Hash (ssh or machineid): f2ffdb96d36ce325305d2739ae86d74bb8bf060aaa4acde22ec0f9cbeddcfe0c 2020-11-22 01:49:40 Info: found valid HostID cb8d4bbf615de8fead673de62007932d4f648fff 2020-11-22 01:49:40 Info: no machine ID found 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Info: perform tests from all categories 2020-11-22 01:49:40 Security check: file is normal 2020-11-22 01:49:40 Checking permissions of /root/lynis/include/tests_boot_services 2020-11-22 01:49:40 File permissions are OK 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Action: Performing tests from category: Boot and services 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Skipped test BOOT-5102 (Check for AIX boot device) 2020-11-22 01:49:40 Reason to skip: Incorrect guest OS (AIX only) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID BOOT-5104 (Determine service manager) 2020-11-22 01:49:40 Result: cmdline found = /usr/lib/systemd/systemd --switched-root --system --deserialize 22 2020-11-22 01:49:40 Result: file on disk = /usr/lib/systemd/systemd 2020-11-22 01:49:40 Found: systemd 2020-11-22 01:49:40 Result: service manager found = systemd 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Skipped test BOOT-5106 (Check EFI boot file on Mac OS X/macOS) 2020-11-22 01:49:40 Reason to skip: Incorrect guest OS (macOS only) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID BOOT-5108 (Check Syslinux as bootloader) 2020-11-22 01:49:40 Test: checking if file /boot/syslinux/syslinux.cfg exists 2020-11-22 01:49:40 Result: file /boot/syslinux/syslinux.cfg NOT found 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID BOOT-5109 (Check rEFInd as bootloader) 2020-11-22 01:49:40 Test: checking if file /boot/refind_linux.conf exists 2020-11-22 01:49:40 Result: file /boot/refind_linux.conf NOT found 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID BOOT-5116 (Check if system is booted in UEFI mode) 2020-11-22 01:49:40 Test: checking if UEFI is used 2020-11-22 01:49:40 Result: system booted in UEFI mode 2020-11-22 01:49:40 Test: determine if Secure Boot is used 2020-11-22 01:49:40 Test: checking file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c 2020-11-22 01:49:40 Result: system not booted with Secure Boot (status 0 in file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID BOOT-5117 (Check for systemd-boot bootloader presence) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Performing test ID BOOT-5121 (Check for GRUB boot loader presence) 2020-11-22 01:49:40 Test: Checking for presence GRUB conf file (/boot/grub/grub.conf or /boot/grub/menu.lst) 2020-11-22 01:49:40 Result: no GRUB configuration file found. 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Skipped test BOOT-5122 (Check for GRUB boot password) 2020-11-22 01:49:40 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:40 Skipped test BOOT-5124 (Check for FreeBSD boot loader presence) 2020-11-22 01:49:40 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:49:40 ==== 2020-11-22 01:49:41 Skipped test BOOT-5261 (Check for DragonFly boot loader presence) 2020-11-22 01:49:41 Reason to skip: Incorrect guest OS (DragonFly only) 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Skipped test BOOT-5126 (Check for NetBSD boot loader presence) 2020-11-22 01:49:41 Reason to skip: Incorrect guest OS (NetBSD only) 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Performing test ID BOOT-5139 (Check for LILO boot loader presence) 2020-11-22 01:49:41 Test: checking for presence LILO configuration file 2020-11-22 01:49:41 Result: LILO configuration file not found 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Performing test ID BOOT-5142 (Check SPARC Improved boot loader (SILO)) 2020-11-22 01:49:41 Result: no SILO configuration file found. 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Performing test ID BOOT-5155 (Check for YABOOT boot loader configuration file) 2020-11-22 01:49:41 Test: Check for /etc/yaboot.conf 2020-11-22 01:49:41 Result: no YABOOT configuration file found. 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Skipped test BOOT-5159 (Check for OpenBSD boot loader presence) 2020-11-22 01:49:41 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Skipped test BOOT-5165 (Check for FreeBSD boot services) 2020-11-22 01:49:41 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Performing test ID BOOT-5177 (Check for Linux boot and running services) 2020-11-22 01:49:41 Test: checking presence systemctl binary 2020-11-22 01:49:41 Result: systemctl binary found, trying that to discover information 2020-11-22 01:49:41 Searching for running services (systemctl services only) 2020-11-22 01:49:41 Found running service: auditd 2020-11-22 01:49:41 Found running service: chronyd 2020-11-22 01:49:41 Found running service: containerd 2020-11-22 01:49:41 Found running service: crond 2020-11-22 01:49:41 Found running service: dbus 2020-11-22 01:49:41 Found running service: docker 2020-11-22 01:49:41 Found running service: firewalld 2020-11-22 01:49:41 Found running service: getty@tty1 2020-11-22 01:49:41 Found running service: irqbalance 2020-11-22 01:49:41 Found running service: lvm2-lvmetad 2020-11-22 01:49:41 Found running service: NetworkManager 2020-11-22 01:49:41 Found running service: polkit 2020-11-22 01:49:41 Found running service: postfix 2020-11-22 01:49:41 Found running service: rsyslog 2020-11-22 01:49:41 Found running service: sshd 2020-11-22 01:49:41 Found running service: systemd-journald 2020-11-22 01:49:41 Found running service: systemd-logind 2020-11-22 01:49:41 Found running service: systemd-udevd 2020-11-22 01:49:41 Found running service: tuned 2020-11-22 01:49:41 Hint: Run systemctl --full --type=service to see all services 2020-11-22 01:49:41 Result: Found 19 running services 2020-11-22 01:49:41 Searching for enabled services (systemctl services only) 2020-11-22 01:49:41 Found enabled service at boot: NetworkManager-dispatcher 2020-11-22 01:49:41 Found enabled service at boot: NetworkManager-wait-online 2020-11-22 01:49:41 Found enabled service at boot: NetworkManager 2020-11-22 01:49:41 Found enabled service at boot: auditd 2020-11-22 01:49:41 Found enabled service at boot: autovt@ 2020-11-22 01:49:41 Found enabled service at boot: chronyd 2020-11-22 01:49:41 Found enabled service at boot: crond 2020-11-22 01:49:41 Found enabled service at boot: dbus-org.fedoraproject.FirewallD1 2020-11-22 01:49:41 Found enabled service at boot: dbus-org.freedesktop.nm-dispatcher 2020-11-22 01:49:41 Found enabled service at boot: firewalld 2020-11-22 01:49:41 Found enabled service at boot: getty@ 2020-11-22 01:49:41 Found enabled service at boot: irqbalance 2020-11-22 01:49:41 Found enabled service at boot: kdump 2020-11-22 01:49:41 Found enabled service at boot: lvm2-monitor 2020-11-22 01:49:41 Found enabled service at boot: microcode 2020-11-22 01:49:41 Found enabled service at boot: postfix 2020-11-22 01:49:41 Found enabled service at boot: rhel-autorelabel-mark 2020-11-22 01:49:41 Found enabled service at boot: rhel-autorelabel 2020-11-22 01:49:41 Found enabled service at boot: rhel-configure 2020-11-22 01:49:41 Found enabled service at boot: rhel-dmesg 2020-11-22 01:49:41 Found enabled service at boot: rhel-domainname 2020-11-22 01:49:41 Found enabled service at boot: rhel-import-state 2020-11-22 01:49:41 Found enabled service at boot: rhel-loadmodules 2020-11-22 01:49:41 Found enabled service at boot: rhel-readonly 2020-11-22 01:49:41 Found enabled service at boot: rsyslog 2020-11-22 01:49:41 Found enabled service at boot: sshd 2020-11-22 01:49:41 Found enabled service at boot: systemd-readahead-collect 2020-11-22 01:49:41 Found enabled service at boot: systemd-readahead-drop 2020-11-22 01:49:41 Found enabled service at boot: systemd-readahead-replay 2020-11-22 01:49:41 Found enabled service at boot: tuned 2020-11-22 01:49:41 Hint: Run systemctl list-unit-files --type=service to see all services 2020-11-22 01:49:41 Result: Found 30 enabled services 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Skipped test BOOT-5180 (Check for Linux boot services (Debian style)) 2020-11-22 01:49:41 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Performing test ID BOOT-5184 (Check permissions for boot files/scripts) 2020-11-22 01:49:41 Result: checking /etc/init.d scripts for writable bit 2020-11-22 01:49:41 Test: checking if directory /etc/init.d exists 2020-11-22 01:49:41 Result: directory /etc/init.d found 2020-11-22 01:49:41 Test: checking for available files in directory 2020-11-22 01:49:41 Result: found no files in directory. 2020-11-22 01:49:41 Test: checking if directory /etc/rc.d exists 2020-11-22 01:49:41 Result: directory /etc/rc.d found 2020-11-22 01:49:41 Test: checking for available files in directory 2020-11-22 01:49:41 Result: found files in directory, checking permissions now 2020-11-22 01:49:41 Test: checking permissions of file /etc/rc.d/init.d/README 2020-11-22 01:49:41 Result: good, file /etc/rc.d/init.d/README not world writable 2020-11-22 01:49:41 Test: checking permissions of file /etc/rc.d/init.d/functions 2020-11-22 01:49:41 Result: good, file /etc/rc.d/init.d/functions not world writable 2020-11-22 01:49:41 Test: checking permissions of file /etc/rc.d/init.d/netconsole 2020-11-22 01:49:41 Result: good, file /etc/rc.d/init.d/netconsole not world writable 2020-11-22 01:49:41 Test: checking permissions of file /etc/rc.d/init.d/network 2020-11-22 01:49:41 Result: good, file /etc/rc.d/init.d/network not world writable 2020-11-22 01:49:41 Test: checking permissions of file /etc/rc.d/rc.local 2020-11-22 01:49:41 Result: good, file /etc/rc.d/rc.local not world writable 2020-11-22 01:49:41 Test: checking if directory /etc/rcS.d exists 2020-11-22 01:49:41 Result: directory /etc/rcS.d not found. Skipping.. 2020-11-22 01:49:41 Test: Checking /etc/rc0.d scripts for writable bit 2020-11-22 01:49:41 Test: Checking /etc/rc1.d scripts for writable bit 2020-11-22 01:49:41 Test: Checking /etc/rc2.d scripts for writable bit 2020-11-22 01:49:41 Test: Checking /etc/rc3.d scripts for writable bit 2020-11-22 01:49:41 Test: Checking /etc/rc4.d scripts for writable bit 2020-11-22 01:49:41 Test: Checking /etc/rc5.d scripts for writable bit 2020-11-22 01:49:41 Test: Checking /etc/rc6.d scripts for writable bit 2020-11-22 01:49:41 Action: checking symlink for file /etc/rc.local 2020-11-22 01:49:41 Note: Using real readlink binary to determine symlink on /etc/rc.local 2020-11-22 01:49:41 Result: readlink shows /etc/rc.d/rc.local as output 2020-11-22 01:49:41 Result: symlink found, pointing to file /etc/rc.d/rc.local 2020-11-22 01:49:41 Result: found the path behind this symlink (/etc/rc.d/rc.local --> /etc/rc.local) 2020-11-22 01:49:41 Test: Checking /etc/rc.d/rc.local file for writable bit 2020-11-22 01:49:41 Result: good, file /etc/rc.d/rc.local not world writable 2020-11-22 01:49:41 Hardening: assigned maximum number of hardening points for this item (3). Currently having 3 points (out of 3) 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Performing test ID BOOT-5202 (Check uptime of system) 2020-11-22 01:49:41 Uptime (in seconds): 129301 2020-11-22 01:49:41 Uptime (in days): 1 2020-11-22 01:49:41 ==== 2020-11-22 01:49:41 Performing test ID BOOT-5260 (Check single user mode for systemd) 2020-11-22 01:49:41 Test: Searching /usr/lib/systemd/system/rescue.service 2020-11-22 01:49:41 Result: file /usr/lib/systemd/system/rescue.service 2020-11-22 01:49:42 Test: checking presence sulogin for single user mode 2020-11-22 01:49:42 Result: found sulogin, so single user is protected 2020-11-22 01:49:42 Hardening: assigned maximum number of hardening points for this item (3). Currently having 6 points (out of 6) 2020-11-22 01:49:42 ==== 2020-11-22 01:49:42 Skipped test BOOT-5262 (Check for OpenBSD boot daemons) 2020-11-22 01:49:42 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-11-22 01:49:42 ==== 2020-11-22 01:49:42 Skipped test BOOT-5263 (Check permissions for boot files/scripts) 2020-11-22 01:49:42 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-11-22 01:49:42 ==== 2020-11-22 01:49:42 Skipped test BOOT-5264 (Run systemd-analyze security) 2020-11-22 01:49:42 Reason to skip: systemd-analyze too old (v219), need at least v240 2020-11-22 01:49:42 Security check: file is normal 2020-11-22 01:49:42 Checking permissions of /root/lynis/include/tests_kernel 2020-11-22 01:49:42 File permissions are OK 2020-11-22 01:49:42 ==== 2020-11-22 01:49:42 Action: Performing tests from category: Kernel 2020-11-22 01:49:42 ==== 2020-11-22 01:49:42 Performing test ID KRNL-5622 (Determine Linux default run level) 2020-11-22 01:49:42 Test: Checking for systemd default.target 2020-11-22 01:49:42 Result: symlink found 2020-11-22 01:49:42 Result: No match found on runlevel, defaulting to runlevel 3 2020-11-22 01:49:42 ==== 2020-11-22 01:49:42 Performing test ID KRNL-5677 (Check CPU options and support) 2020-11-22 01:49:42 Test: Checking /proc/cpuinfo 2020-11-22 01:49:42 Result: found /proc/cpuinfo 2020-11-22 01:49:42 Test: Checking CPU options (XD/NX/PAE) 2020-11-22 01:49:42 PAE: Yes 2020-11-22 01:49:42 NX: Yes 2020-11-22 01:49:42 Result: PAE or No eXecute option(s) both found 2020-11-22 01:49:42 ==== 2020-11-22 01:49:42 Performing test ID KRNL-5695 (Determine Linux kernel version and release number) 2020-11-22 01:49:42 Result: found kernel release 3.10.0-1127.18.2.el7.x86_64 2020-11-22 01:49:42 Result: found kernel version #1 SMP Sun Jul 26 15:27:06 UTC 2020 2020-11-22 01:49:42 ==== 2020-11-22 01:49:42 Performing test ID KRNL-5723 (Determining if Linux kernel is monolithic) 2020-11-22 01:49:42 Test: checking if kernel is monolithic or modular 2020-11-22 01:49:42 Result: Found modular kernel 2020-11-22 01:49:42 ==== 2020-11-22 01:49:42 Performing test ID KRNL-5726 (Checking Linux loaded kernel modules) 2020-11-22 01:49:42 Loaded modules according lsmod: 2020-11-22 01:49:42 Loaded module: ablk_helper 2020-11-22 01:49:42 Loaded module: acpi_pad 2020-11-22 01:49:42 Loaded module: acpi_power_meter 2020-11-22 01:49:42 Loaded module: aesni_intel 2020-11-22 01:49:42 Loaded module: ahci 2020-11-22 01:49:42 Loaded module: ansi_cprng 2020-11-22 01:49:42 Loaded module: ast 2020-11-22 01:49:42 Loaded module: authenc 2020-11-22 01:49:42 Loaded module: br_netfilter 2020-11-22 01:49:42 Loaded module: bridge 2020-11-22 01:49:42 Loaded module: coretemp 2020-11-22 01:49:42 Loaded module: crc32_pclmul 2020-11-22 01:49:42 Loaded module: crc32c_intel 2020-11-22 01:49:42 Loaded module: crc_t10dif 2020-11-22 01:49:42 Loaded module: crct10dif_common 2020-11-22 01:49:42 Loaded module: crct10dif_generic 2020-11-22 01:49:42 Loaded module: crct10dif_pclmul 2020-11-22 01:49:42 Loaded module: cryptd 2020-11-22 01:49:42 Loaded module: dh_generic 2020-11-22 01:49:42 Loaded module: dm_log 2020-11-22 01:49:42 Loaded module: dm_mirror 2020-11-22 01:49:42 Loaded module: dm_mod 2020-11-22 01:49:42 Loaded module: dm_region_hash 2020-11-22 01:49:42 Loaded module: drbg 2020-11-22 01:49:42 Loaded module: drm 2020-11-22 01:49:42 Loaded module: drm_kms_helper 2020-11-22 01:49:42 Loaded module: drm_panel_orientation_quirks 2020-11-22 01:49:42 Loaded module: ebtable_broute 2020-11-22 01:49:42 Loaded module: ebtable_filter 2020-11-22 01:49:42 Loaded module: ebtable_nat 2020-11-22 01:49:42 Loaded module: ebtables 2020-11-22 01:49:42 Loaded module: fat 2020-11-22 01:49:42 Loaded module: fb_sys_fops 2020-11-22 01:49:42 Loaded module: gf128mul 2020-11-22 01:49:42 Loaded module: ghash_clmulni_intel 2020-11-22 01:49:42 Loaded module: glue_helper 2020-11-22 01:49:42 Loaded module: i2c_algo_bit 2020-11-22 01:49:42 Loaded module: i2c_i801 2020-11-22 01:49:42 Loaded module: i40e 2020-11-22 01:49:42 Loaded module: iTCO_vendor_support 2020-11-22 01:49:42 Loaded module: iTCO_wdt 2020-11-22 01:49:42 Loaded module: intel_powerclamp 2020-11-22 01:49:42 Loaded module: intel_qat 2020-11-22 01:49:42 Loaded module: intel_rapl 2020-11-22 01:49:42 Loaded module: iosf_mbi 2020-11-22 01:49:42 Loaded module: ip6_tables 2020-11-22 01:49:42 Loaded module: ip6t_REJECT 2020-11-22 01:49:42 Loaded module: ip6t_rpfilter 2020-11-22 01:49:42 Loaded module: ip6table_filter 2020-11-22 01:49:42 Loaded module: ip6table_mangle 2020-11-22 01:49:42 Loaded module: ip6table_nat 2020-11-22 01:49:42 Loaded module: ip6table_raw 2020-11-22 01:49:42 Loaded module: ip6table_security 2020-11-22 01:49:42 Loaded module: ip_set 2020-11-22 01:49:42 Loaded module: ip_tables 2020-11-22 01:49:42 Loaded module: ipmi_devintf 2020-11-22 01:49:42 Loaded module: ipmi_msghandler 2020-11-22 01:49:42 Loaded module: ipmi_si 2020-11-22 01:49:42 Loaded module: ipmi_ssif 2020-11-22 01:49:42 Loaded module: ipt_MASQUERADE 2020-11-22 01:49:42 Loaded module: ipt_REJECT 2020-11-22 01:49:42 Loaded module: iptable_filter 2020-11-22 01:49:42 Loaded module: iptable_mangle 2020-11-22 01:49:42 Loaded module: iptable_nat 2020-11-22 01:49:42 Loaded module: iptable_raw 2020-11-22 01:49:42 Loaded module: iptable_security 2020-11-22 01:49:42 Loaded module: irqbypass 2020-11-22 01:49:42 Loaded module: joydev 2020-11-22 01:49:42 Loaded module: kvm 2020-11-22 01:49:42 Loaded module: libahci 2020-11-22 01:49:42 Loaded module: libata 2020-11-22 01:49:42 Loaded module: libcrc32c 2020-11-22 01:49:42 Loaded module: libnvdimm 2020-11-22 01:49:42 Loaded module: llc 2020-11-22 01:49:42 Loaded module: lpc_ich 2020-11-22 01:49:42 Loaded module: lrw 2020-11-22 01:49:42 Loaded module: mei 2020-11-22 01:49:42 Loaded module: mei_me 2020-11-22 01:49:42 Loaded module: nf_conntrack 2020-11-22 01:49:42 Loaded module: nf_conntrack_ipv4 2020-11-22 01:49:42 Loaded module: nf_conntrack_ipv6 2020-11-22 01:49:42 Loaded module: nf_conntrack_netlink 2020-11-22 01:49:42 Loaded module: nf_defrag_ipv4 2020-11-22 01:49:42 Loaded module: nf_defrag_ipv6 2020-11-22 01:49:42 Loaded module: nf_nat 2020-11-22 01:49:42 Loaded module: nf_nat_ipv4 2020-11-22 01:49:42 Loaded module: nf_nat_ipv6 2020-11-22 01:49:42 Loaded module: nf_nat_masquerade_ipv4 2020-11-22 01:49:42 Loaded module: nf_reject_ipv4 2020-11-22 01:49:42 Loaded module: nf_reject_ipv6 2020-11-22 01:49:42 Loaded module: nfit 2020-11-22 01:49:42 Loaded module: nfnetlink 2020-11-22 01:49:42 Loaded module: nvme 2020-11-22 01:49:42 Loaded module: nvme_core 2020-11-22 01:49:42 Loaded module: overlay 2020-11-22 01:49:42 Loaded module: pcspkr 2020-11-22 01:49:42 Loaded module: pps_core 2020-11-22 01:49:42 Loaded module: ptp 2020-11-22 01:49:42 Loaded module: qat_c62x 2020-11-22 01:49:42 Loaded module: rsa_generic 2020-11-22 01:49:42 Loaded module: sd_mod 2020-11-22 01:49:42 Loaded module: sg 2020-11-22 01:49:42 Loaded module: sha512_generic 2020-11-22 01:49:42 Loaded module: sha512_ssse3 2020-11-22 01:49:42 Loaded module: skx_edac 2020-11-22 01:49:42 Loaded module: stp 2020-11-22 01:49:42 Loaded module: syscopyarea 2020-11-22 01:49:43 Loaded module: sysfillrect 2020-11-22 01:49:43 Loaded module: sysimgblt 2020-11-22 01:49:43 Loaded module: tpm_crb 2020-11-22 01:49:43 Loaded module: ttm 2020-11-22 01:49:43 Loaded module: veth 2020-11-22 01:49:43 Loaded module: vfat 2020-11-22 01:49:43 Loaded module: wmi 2020-11-22 01:49:43 Loaded module: xfs 2020-11-22 01:49:43 Loaded module: xt_addrtype 2020-11-22 01:49:43 Loaded module: xt_conntrack 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Performing test ID KRNL-5728 (Checking Linux kernel config) 2020-11-22 01:49:43 Result: found config (/boot/config-3.10.0-1127.18.2.el7.x86_64) 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Performing test ID KRNL-5730 (Checking disk I/O kernel scheduler) 2020-11-22 01:49:43 Test: Checking the default I/O kernel scheduler 2020-11-22 01:49:43 Result: found IO scheduler 'deadline' 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Skipped test KRNL-5745 (Checking FreeBSD loaded kernel modules) 2020-11-22 01:49:43 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Skipped test KRNL-5831 (Checking DragonFly loaded kernel modules) 2020-11-22 01:49:43 Reason to skip: Incorrect guest OS (DragonFly only) 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Skipped test KRNL-5770 (Checking active kernel modules) 2020-11-22 01:49:43 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Skipped test KRNL-5788 (Checking availability new Linux kernel) 2020-11-22 01:49:43 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Performing test ID KRNL-5820 (Checking core dumps configuration) 2020-11-22 01:49:43 Test: Checking presence of systemd 2020-11-22 01:49:43 Result: systemd is present on this system 2020-11-22 01:49:43 Test: Checking if core dumps are disabled in /etc/systemd/coredump.conf and /etc/systemd/coredump.conf.d/*.conf 2020-11-22 01:49:43 Result: core dumps are not disabled in systemd configuration. Didn't find settings 'ProcessSizeMax=0' and 'Storage=none' 2020-11-22 01:49:43 Hardening: assigned partial number of hardening points (0 of 1). Currently having 6 points (out of 7) 2020-11-22 01:49:43 Test: Checking presence /etc/profile 2020-11-22 01:49:43 Test: Checking if 'ulimit -c 0' exists in /etc/profile or /etc/profile.d/*.sh 2020-11-22 01:49:43 Result: core dumps are not disabled in /etc/profile or /etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0' 2020-11-22 01:49:43 Hardening: assigned partial number of hardening points (0 of 1). Currently having 6 points (out of 8) 2020-11-22 01:49:43 Test: Checking presence /etc/security/limits.conf 2020-11-22 01:49:43 Result: file /etc/security/limits.conf exists 2020-11-22 01:49:43 Test: Checking if core dumps are disabled in /etc/security/limits.conf and /etc/security/limits.d/* 2020-11-22 01:49:43 Result: core dumps are not explicitly disabled 2020-11-22 01:49:43 Suggestion: If not required, consider explicit disabling of core dump in /etc/security/limits.conf file [test:KRNL-5820] [details:-] [solution:-] 2020-11-22 01:49:43 Hardening: assigned partial number of hardening points (1 of 3). Currently having 7 points (out of 11) 2020-11-22 01:49:43 Test: Checking sysctl value of fs.suid_dumpable 2020-11-22 01:49:43 Result: value 0 found 2020-11-22 01:49:43 Result: found default option (0), no execute only program or program with changed privilege levels can dump 2020-11-22 01:49:43 Hardening: assigned maximum number of hardening points for this item (1). Currently having 8 points (out of 12) 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Performing test ID KRNL-5830 (Checking if system is running on the latest installed kernel) 2020-11-22 01:49:43 Test: Checking presence /var/run/reboot-required.pkgs 2020-11-22 01:49:43 Result: file /var/run/reboot-required.pkgs not found 2020-11-22 01:49:43 Result: /boot exists, performing more tests from here 2020-11-22 01:49:43 Result: found /boot/vmlinuz-3.10.0-1127.18.2.el7.x86_64 2020-11-22 01:49:43 Result: version derived from file name is '3.10.0-1127.18.2.el7.x86_64' 2020-11-22 01:49:43 Result: found version 3.10.0-1127.18.2.el7.x86_64 2020-11-22 01:49:43 Result: active kernel version 3.10.0-1127.18.2.el7.x86_64 2020-11-22 01:49:43 Result: no reboot needed, active kernel is the same version as the one on disk 2020-11-22 01:49:43 Result: /var/cache/apt/archives/ does not exist 2020-11-22 01:49:43 Hardening: assigned maximum number of hardening points for this item (5). Currently having 13 points (out of 17) 2020-11-22 01:49:43 Security check: file is normal 2020-11-22 01:49:43 Checking permissions of /root/lynis/include/tests_memory_processes 2020-11-22 01:49:43 File permissions are OK 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Action: Performing tests from category: Memory and Processes 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Performing test ID PROC-3602 (Checking /proc/meminfo for memory details) 2020-11-22 01:49:43 Result: found /proc/meminfo 2020-11-22 01:49:43 Result: Found 394703276 kB memory 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Skipped test PROC-3604 (Query prtconf for memory details) 2020-11-22 01:49:43 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Performing test ID PROC-3612 (Check dead or zombie processes) 2020-11-22 01:49:43 Result: no zombie processes found 2020-11-22 01:49:43 ==== 2020-11-22 01:49:43 Performing test ID PROC-3614 (Check heavy IO waiting based processes) 2020-11-22 01:49:44 Result: No processes were waiting for IO requests to be handled first 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID PROC-3802 (Check presence of prelink tooling) 2020-11-22 01:49:44 Result: prelink package is NOT installed 2020-11-22 01:49:44 Hardening: assigned maximum number of hardening points for this item (3). Currently having 16 points (out of 20) 2020-11-22 01:49:44 Security check: file is normal 2020-11-22 01:49:44 Checking permissions of /root/lynis/include/tests_authentication 2020-11-22 01:49:44 File permissions are OK 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Action: Performing tests from category: Users, Groups and Authentication 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9204 (Check users with an UID of zero) 2020-11-22 01:49:44 Test: Searching accounts with UID 0 2020-11-22 01:49:44 Result: No accounts found with UID 0 other than root. 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9208 (Check non-unique accounts in passwd file) 2020-11-22 01:49:44 Test: Checking for non-unique accounts 2020-11-22 01:49:44 Result: all accounts found in /etc/passwd are unique 2020-11-22 01:49:44 Remarks: Non unique UIDs can be a risk for the system or part of a configuration mistake 2020-11-22 01:49:44 Prerequisite test: /usr/sbin/chkgrp 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Skipped test AUTH-9212 (Test group file) 2020-11-22 01:49:44 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9216 (Check group and shadow group files) 2020-11-22 01:49:44 Test: Checking for grpck binary output 2020-11-22 01:49:44 Result: grpck binary didn't find any errors in the group files 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Skipped test AUTH-9218 (Check login shells for passwordless accounts) 2020-11-22 01:49:44 Reason to skip: Incorrect guest OS (DragonFly FreeBSD NetBSD OpenBSD only) 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9222 (Check unique groups (IDs)) 2020-11-22 01:49:44 Test: Checking for non unique group ID's in /etc/group 2020-11-22 01:49:44 Result: All group ID's are unique 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9226 (Check unique group names) 2020-11-22 01:49:44 Test: Checking for non unique group names in /etc/group 2020-11-22 01:49:44 Result: All group names are unique 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9228 (Check password file consistency with pwck) 2020-11-22 01:49:44 Test: Checking password file consistency (pwck) 2020-11-22 01:49:44 Result: pwck check didn't find any problems 2020-11-22 01:49:44 Hardening: assigned maximum number of hardening points for this item (2). Currently having 18 points (out of 22) 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9229 (Check password hashing methods) 2020-11-22 01:49:44 Test: Checking password hashing methods 2020-11-22 01:49:44 Result: poor password hashing methods found: sha256crypt/sha512crypt(default<=5000rounds) 2020-11-22 01:49:44 Suggestion: Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values [test:AUTH-9229] [details:-] [solution:-] 2020-11-22 01:49:44 Hardening: assigned partial number of hardening points (0 of 2). Currently having 18 points (out of 24) 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9230 (Check group password hashing rounds) 2020-11-22 01:49:44 Test: Checking SHA_CRYPT_MIN_ROUNDS option in /etc/login.defs 2020-11-22 01:49:44 Result: number of minimum rounds used by the encryption algorithm is not configured 2020-11-22 01:49:44 Suggestion: Configure minimum encryption algorithm rounds in /etc/login.defs [test:AUTH-9230] [details:-] [solution:-] 2020-11-22 01:49:44 Hardening: assigned partial number of hardening points (0 of 2). Currently having 18 points (out of 26) 2020-11-22 01:49:44 Test: Checking SHA_CRYPT_MAX_ROUNDS option in /etc/login.defs 2020-11-22 01:49:44 Result: number of maximum rounds used by the encryption algorithm is not configured 2020-11-22 01:49:44 Suggestion: Configure maximum encryption algorithm rounds in /etc/login.defs [test:AUTH-9230] [details:-] [solution:-] 2020-11-22 01:49:44 Hardening: assigned partial number of hardening points (0 of 2). Currently having 18 points (out of 28) 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9234 (Query user accounts) 2020-11-22 01:49:44 Test: Read system users (including root user) from password database (e.g. /etc/passwd) 2020-11-22 01:49:44 Result: found minimal user id specified: 1000 2020-11-22 01:49:44 Linux real users output (ID = 0, or 1000+, but not 65534): 2020-11-22 01:49:44 Real user: root,0 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9240 (Query NIS+ authentication support) 2020-11-22 01:49:44 Result: NIS+ authentication not enabled 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9242 (Query NIS authentication support) 2020-11-22 01:49:44 Result: NIS authentication not enabled 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9250 (Checking sudoers file) 2020-11-22 01:49:44 Test: checking presence /etc/sudoers 2020-11-22 01:49:44 Result: found file (/etc/sudoers) 2020-11-22 01:49:44 Test: checking presence /usr/local/etc/sudoers 2020-11-22 01:49:44 Result: file /usr/local/etc/sudoers not found 2020-11-22 01:49:44 Test: checking presence /usr/pkg/etc/sudoers 2020-11-22 01:49:44 Result: file /usr/pkg/etc/sudoers not found 2020-11-22 01:49:44 Result: sudoers file found (/etc/sudoers) 2020-11-22 01:49:44 ==== 2020-11-22 01:49:44 Performing test ID AUTH-9252 (Check ownership and permissions for sudo configuration files) 2020-11-22 01:49:44 Test: checking drop-in directory (/etc/sudoers.d) 2020-11-22 01:49:44 Result: Found directory permissions: rwxr-x--- and owner UID GID: 00 2020-11-22 01:49:44 Result: directory /etc/sudoers.d permissions OK 2020-11-22 01:49:44 Result: directory /etc/sudoers.d ownership OK 2020-11-22 01:49:45 Test: checking file (/etc/sudoers) 2020-11-22 01:49:45 Result: Found file permissions: r--r----- and owner UID GID: 00 2020-11-22 01:49:45 Result: file /etc/sudoers permissions OK 2020-11-22 01:49:45 Result: file /etc/sudoers ownership OK 2020-11-22 01:49:45 ==== 2020-11-22 01:49:45 Skipped test AUTH-9254 (Solaris passwordless accounts) 2020-11-22 01:49:45 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:49:45 ==== 2020-11-22 01:49:45 Performing test ID AUTH-9262 (Checking presence password strength testing tools (PAM)) 2020-11-22 01:49:45 Searching PAM password testing modules (cracklib, passwdqc, pwquality) 2020-11-22 01:49:45 Result: found pam_cracklib.so (crack library PAM) in /lib64/security 2020-11-22 01:49:45 Result: found pam_pwquality.so (password quality control PAM) in /lib64/security 2020-11-22 01:49:45 Result: pam_cracklib.so found 2020-11-22 01:49:45 Result: pam_passwdqc.so NOT found (passwd quality control PAM) 2020-11-22 01:49:45 Result: pam_pwquality.so found 2020-11-22 01:49:45 Result: found at least one PAM module for password strength testing 2020-11-22 01:49:45 Hardening: assigned maximum number of hardening points for this item (3). Currently having 21 points (out of 31) 2020-11-22 01:49:45 ==== 2020-11-22 01:49:45 Performing test ID AUTH-9264 (Checking presence pam.conf) 2020-11-22 01:49:45 Test: Checking file /etc/pam.conf 2020-11-22 01:49:45 Result: file /etc/pam.conf could not be found 2020-11-22 01:49:45 ==== 2020-11-22 01:49:45 Performing test ID AUTH-9266 (Checking presence pam.d files) 2020-11-22 01:49:45 Test: Checking directory /etc/pam.d 2020-11-22 01:49:45 Result: directory /etc/pam.d exists 2020-11-22 01:49:45 Test: searching PAM configuration files 2020-11-22 01:49:45 Found file: /etc/pam.d/chfn 2020-11-22 01:49:45 Found file: /etc/pam.d/chsh 2020-11-22 01:49:45 Found file: /etc/pam.d/config-util 2020-11-22 01:49:45 Found file: /etc/pam.d/crond 2020-11-22 01:49:45 Found file: /etc/pam.d/fingerprint-auth-ac 2020-11-22 01:49:45 Found file: /etc/pam.d/login 2020-11-22 01:49:45 Found file: /etc/pam.d/other 2020-11-22 01:49:45 Found file: /etc/pam.d/passwd 2020-11-22 01:49:45 Found file: /etc/pam.d/password-auth-ac 2020-11-22 01:49:45 Found file: /etc/pam.d/polkit-1 2020-11-22 01:49:45 Found file: /etc/pam.d/postlogin-ac 2020-11-22 01:49:45 Found file: /etc/pam.d/remote 2020-11-22 01:49:45 Found file: /etc/pam.d/runuser 2020-11-22 01:49:45 Found file: /etc/pam.d/runuser-l 2020-11-22 01:49:45 Found file: /etc/pam.d/smartcard-auth-ac 2020-11-22 01:49:45 Found file: /etc/pam.d/smtp.postfix 2020-11-22 01:49:45 Found file: /etc/pam.d/sshd 2020-11-22 01:49:45 Found file: /etc/pam.d/su 2020-11-22 01:49:45 Found file: /etc/pam.d/su-l 2020-11-22 01:49:45 Found file: /etc/pam.d/sudo 2020-11-22 01:49:45 Found file: /etc/pam.d/sudo-i 2020-11-22 01:49:45 Found file: /etc/pam.d/system-auth-ac 2020-11-22 01:49:45 Found file: /etc/pam.d/systemd-user 2020-11-22 01:49:45 Found file: /etc/pam.d/vlock 2020-11-22 01:49:45 ==== 2020-11-22 01:49:45 Performing test ID AUTH-9268 (Checking presence pam.d files) 2020-11-22 01:49:45 Test: Searching pam modules 2020-11-22 01:49:45 Test: Checking /lib/arm-linux-gnueabihf/security 2020-11-22 01:49:45 Result: directory /lib/arm-linux-gnueabihf/security could not be found or is a symlink to another directory 2020-11-22 01:49:45 Test: Checking /lib/i386-linux-gnu/security 2020-11-22 01:49:45 Result: directory /lib/i386-linux-gnu/security could not be found or is a symlink to another directory 2020-11-22 01:49:45 Test: Checking /lib/security 2020-11-22 01:49:45 Result: directory /lib/security could not be found or is a symlink to another directory 2020-11-22 01:49:45 Test: Checking /lib/x86_64-linux-gnu/security 2020-11-22 01:49:45 Result: directory /lib/x86_64-linux-gnu/security could not be found or is a symlink to another directory 2020-11-22 01:49:45 Test: Checking /lib64/security 2020-11-22 01:49:45 Result: directory /lib64/security exists 2020-11-22 01:49:45 Found file: /lib64/security/pam_access.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_cap.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_chroot.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_console.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_cracklib.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_debug.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_deny.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_echo.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_env.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_exec.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_faildelay.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_faillock.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_filter.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_ftp.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_group.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_issue.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_keyinit.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_lastlog.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_limits.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_listfile.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_localuser.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_loginuid.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_mail.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_mkhomedir.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_motd.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_namespace.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_nologin.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_permit.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_postgresok.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_pwhistory.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_pwquality.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_rhosts.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_rootok.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_securetty.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_selinux.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_sepermit.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_shells.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_stress.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_succeed_if.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_systemd.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_tally2.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_time.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_timestamp.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_tty_audit.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_umask.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_unix.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_userdb.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_warn.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_wheel.so 2020-11-22 01:49:45 Found file: /lib64/security/pam_xauth.so 2020-11-22 01:49:45 Test: Checking /usr/lib 2020-11-22 01:49:45 Result: directory /usr/lib exists 2020-11-22 01:49:45 Test: Checking /usr/lib/security 2020-11-22 01:49:45 Result: directory /usr/lib/security could not be found or is a symlink to another directory 2020-11-22 01:49:45 ==== 2020-11-22 01:49:45 Performing test ID AUTH-9278 (Determine LDAP support in PAM files) 2020-11-22 01:49:45 Test: checking presence /etc/pam.d/common-auth 2020-11-22 01:49:45 Result: file /etc/pam.d/common-auth not found, skipping test 2020-11-22 01:49:45 Test: checking presence /etc/pam.d/system-auth 2020-11-22 01:49:45 Result: file /etc/pam.d/system-auth exists 2020-11-22 01:49:45 Test: checking presence LDAP module 2020-11-22 01:49:45 Result: LDAP module not found 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Performing test ID AUTH-9282 (Checking password protected account without expire date) 2020-11-22 01:49:46 Test: Checking Linux version and password expire date status 2020-11-22 01:49:46 Result: found one or more accounts without expire date set 2020-11-22 01:49:46 Account without expire date: root 2020-11-22 01:49:46 Suggestion: When possible set expire dates for all password protected accounts [test:AUTH-9282] [details:-] [solution:-] 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Performing test ID AUTH-9283 (Checking accounts without password) 2020-11-22 01:49:46 Test: Checking passwordless accounts 2020-11-22 01:49:46 Result: all accounts seem to have a password 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Performing test ID AUTH-9286 (Checking user password aging) 2020-11-22 01:49:46 Test: Checking PASS_MIN_DAYS option in /etc/login.defs 2020-11-22 01:49:46 Result: password minimum age is not configured 2020-11-22 01:49:46 Suggestion: Configure minimum password age in /etc/login.defs [test:AUTH-9286] [details:-] [solution:-] 2020-11-22 01:49:46 Hardening: assigned partial number of hardening points (0 of 1). Currently having 21 points (out of 32) 2020-11-22 01:49:46 Test: Checking PASS_MAX_DAYS option in /etc/login.defs 2020-11-22 01:49:46 Result: password aging limits are not configured 2020-11-22 01:49:46 Suggestion: Configure maximum password age in /etc/login.defs [test:AUTH-9286] [details:-] [solution:-] 2020-11-22 01:49:46 Hardening: assigned partial number of hardening points (0 of 1). Currently having 21 points (out of 33) 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Performing test ID AUTH-9288 (Checking for expired passwords) 2020-11-22 01:49:46 Test: check if we can access /etc/shadow (escaped: /etc/shadow) 2020-11-22 01:49:46 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:49:46 Result: file /etc/shadow is readable (or directory accessible). 2020-11-22 01:49:46 Data: Days since epoch is 18588 2020-11-22 01:49:46 Test: collecting accounts which have an expired password (last day changed + maximum change time) 2020-11-22 01:49:46 Result: good, no passwords have been expired 2020-11-22 01:49:46 Hardening: assigned maximum number of hardening points for this item (10). Currently having 31 points (out of 43) 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Skipped test AUTH-9304 (Check single user login configuration) 2020-11-22 01:49:46 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Skipped test AUTH-9306 (Check single boot authentication) 2020-11-22 01:49:46 Reason to skip: Incorrect guest OS (HP-UX only) 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Performing test ID AUTH-9308 (Check single user login configuration) 2020-11-22 01:49:46 Test: going to check several systemd targets now 2020-11-22 01:49:46 Test: checking if target console-shell.service is available (/lib/systemd/system/console-shell.service) 2020-11-22 01:49:46 Result: found target console-shell.service 2020-11-22 01:49:46 Result: sulogin was found, which is a good measure to protect single user mode 2020-11-22 01:49:46 Test: checking if target emergency.service is available (/lib/systemd/system/emergency.service) 2020-11-22 01:49:46 Result: found target emergency.service 2020-11-22 01:49:46 Result: sulogin was found, which is a good measure to protect single user mode 2020-11-22 01:49:46 Test: checking if target rescue.service is available (/lib/systemd/system/rescue.service) 2020-11-22 01:49:46 Result: found target rescue.service 2020-11-22 01:49:46 Result: sulogin was found, which is a good measure to protect single user mode 2020-11-22 01:49:46 Result: option set, password is needed at single user mode boot 2020-11-22 01:49:46 Hardening: assigned maximum number of hardening points for this item (2). Currently having 33 points (out of 45) 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Performing test ID AUTH-9328 (Default umask values) 2020-11-22 01:49:46 Test: Checking /etc/profile.d directory 2020-11-22 01:49:46 Result: found /etc/profile.d, with one or more files in it 2020-11-22 01:49:46 Test: Checking /etc/profile 2020-11-22 01:49:46 Result: file /etc/profile exists 2020-11-22 01:49:46 Test: Checking umask value in /etc/profile 2020-11-22 01:49:46 Result: found multiple umask values configured in /etc/profile 2020-11-22 01:49:46 Result: umask 002 could be more strict 2020-11-22 01:49:46 Hardening: assigned partial number of hardening points (1 of 2). Currently having 34 points (out of 47) 2020-11-22 01:49:46 Result: umask 022 could be more strict 2020-11-22 01:49:46 Hardening: assigned partial number of hardening points (1 of 2). Currently having 35 points (out of 49) 2020-11-22 01:49:46 Suggestion: Default umask in /etc/profile or /etc/profile.d/custom.sh could be more strict (e.g. 027) [test:AUTH-9328] [details:-] [solution:-] 2020-11-22 01:49:46 Hardening: assigned partial number of hardening points (0 of 2). Currently having 35 points (out of 51) 2020-11-22 01:49:46 Test: Checking umask entries in /etc/passwd (pam_umask) 2020-11-22 01:49:46 Result: file /etc/passwd exists 2020-11-22 01:49:46 Test: Checking umask value in /etc/passwd 2020-11-22 01:49:46 Manual: one or more manual actions are required for further testing of this control/plugin 2020-11-22 01:49:46 Test: Checking /etc/login.defs 2020-11-22 01:49:46 Result: file /etc/login.defs exists 2020-11-22 01:49:46 Test: Checking umask value in /etc/login.defs 2020-11-22 01:49:46 Result: umask is 077, which is fine 2020-11-22 01:49:46 Hardening: assigned maximum number of hardening points for this item (2). Currently having 37 points (out of 53) 2020-11-22 01:49:46 Test: Checking /etc/init.d/functions 2020-11-22 01:49:46 Result: file /etc/init.d/functions exists 2020-11-22 01:49:46 Test: Checking umask value in /etc/init.d/functions 2020-11-22 01:49:46 Result: found umask 022, which could be improved 2020-11-22 01:49:46 Hardening: assigned partial number of hardening points (0 of 2). Currently having 37 points (out of 55) 2020-11-22 01:49:46 Test: Checking /etc/init.d/rc 2020-11-22 01:49:46 Result: file /etc/init.d/rc does not exist 2020-11-22 01:49:46 Test: Checking /etc/init.d/rcS 2020-11-22 01:49:46 Result: file /etc/init.d/rcS does not exist 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Skipped test AUTH-9340 (Solaris account locking) 2020-11-22 01:49:46 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Performing test ID AUTH-9402 (Query LDAP authentication support) 2020-11-22 01:49:46 Result: LDAP authentication not enabled 2020-11-22 01:49:46 ==== 2020-11-22 01:49:46 Skipped test AUTH-9406 (Query LDAP servers in client configuration) 2020-11-22 01:49:47 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Performing test ID AUTH-9408 (Logging of failed login attempts) 2020-11-22 01:49:47 Test: Checking FAILLOG_ENAB option in /etc/login.defs 2020-11-22 01:49:47 Result: failed login attempts may not logged 2020-11-22 01:49:47 Hardening: assigned partial number of hardening points (0 of 1). Currently having 37 points (out of 56) 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Skipped test AUTH-9409 (Checking /etc/doas.conf file) 2020-11-22 01:49:47 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Skipped test AUTH-9410 (Check /etc/doas.conf file permissions) 2020-11-22 01:49:47 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-11-22 01:49:47 Security check: file is normal 2020-11-22 01:49:47 Checking permissions of /root/lynis/include/tests_shells 2020-11-22 01:49:47 File permissions are OK 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Action: Performing tests from category: Shells 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Skipped test SHLL-6202 (Check console TTYs) 2020-11-22 01:49:47 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Performing test ID SHLL-6211 (Available and valid shells) 2020-11-22 01:49:47 Test: Searching for /etc/shells 2020-11-22 01:49:47 Result: Found /etc/shells file 2020-11-22 01:49:47 Test: Reading available shells from /etc/shells 2020-11-22 01:49:47 Found installed shell: /bin/sh 2020-11-22 01:49:47 Found installed shell: /bin/bash 2020-11-22 01:49:47 Found installed shell: /usr/bin/sh 2020-11-22 01:49:47 Found installed shell: /usr/bin/bash 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Performing test ID SHLL-6220 (Idle session killing tools or settings) 2020-11-22 01:49:47 Test: Search for session timeout tools or settings in shell 2020-11-22 01:49:47 Performing pgrep scan without uid 2020-11-22 01:49:47 IsRunning: process 'timeoutd' not found 2020-11-22 01:49:47 Performing pgrep scan without uid 2020-11-22 01:49:47 IsRunning: process 'autolog' not found 2020-11-22 01:49:47 Result: could not find TMOUT setting in /etc/profile 2020-11-22 01:49:47 Result: could not find export, readonly or typeset -r in /etc/profile 2020-11-22 01:49:47 Result: could not find TMOUT setting in /etc/profile.d/*.sh 2020-11-22 01:49:47 Result: could not find export, readonly or typeset -r in /etc/profile 2020-11-22 01:49:47 Hardening: assigned partial number of hardening points (1 of 3). Currently having 38 points (out of 59) 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Performing test ID SHLL-6230 (Perform umask check for shell configurations) 2020-11-22 01:49:47 Result: file /etc/bashrc exists 2020-11-22 01:49:47 Result: found umask 002 in /etc/bashrc 2020-11-22 01:49:47 Result: umask 002 can be hardened 2020-11-22 01:49:47 Result: found umask 022 in /etc/bashrc 2020-11-22 01:49:47 Result: umask 022 can be hardened 2020-11-22 01:49:47 Hardening: assigned partial number of hardening points (1 of 3). Currently having 39 points (out of 62) 2020-11-22 01:49:47 Result: file /etc/bash.bashrc not found 2020-11-22 01:49:47 Result: file /etc/bash.bashrc.local not found 2020-11-22 01:49:47 Result: file /etc/csh.cshrc exists 2020-11-22 01:49:47 Result: found umask 002 in /etc/csh.cshrc 2020-11-22 01:49:47 Result: umask 002 can be hardened 2020-11-22 01:49:47 Result: found umask 022 in /etc/csh.cshrc 2020-11-22 01:49:47 Result: umask 022 can be hardened 2020-11-22 01:49:47 Hardening: assigned partial number of hardening points (1 of 3). Currently having 40 points (out of 65) 2020-11-22 01:49:47 Result: file /etc/profile exists 2020-11-22 01:49:47 Result: found umask 002 in /etc/profile 2020-11-22 01:49:47 Result: umask 002 can be hardened 2020-11-22 01:49:47 Result: found umask 022 in /etc/profile 2020-11-22 01:49:47 Result: umask 022 can be hardened 2020-11-22 01:49:47 Hardening: assigned partial number of hardening points (1 of 3). Currently having 41 points (out of 68) 2020-11-22 01:49:47 Security check: file is normal 2020-11-22 01:49:47 Checking permissions of /root/lynis/include/tests_filesystems 2020-11-22 01:49:47 File permissions are OK 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Action: Performing tests from category: File systems 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Performing test ID FILE-6310 (Checking /tmp, /home and /var directory) 2020-11-22 01:49:47 Test: Checking if /home is mounted separately or mounted on / file system 2020-11-22 01:49:47 Result: directory /home exists 2020-11-22 01:49:47 Result: found /home as a separated mount point 2020-11-22 01:49:47 Hardening: assigned maximum number of hardening points for this item (10). Currently having 51 points (out of 78) 2020-11-22 01:49:47 Test: Checking if /tmp is mounted separately or mounted on / file system 2020-11-22 01:49:47 Result: directory /tmp exists 2020-11-22 01:49:47 Result: /tmp not found in mount list. Directory most likely stored on / file system 2020-11-22 01:49:47 Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separate partition [test:FILE-6310] [details:-] [solution:-] 2020-11-22 01:49:47 Hardening: assigned partial number of hardening points (9 of 10). Currently having 60 points (out of 88) 2020-11-22 01:49:47 Test: Checking if /var is mounted separately or mounted on / file system 2020-11-22 01:49:47 Result: directory /var exists 2020-11-22 01:49:47 Result: /var not found in mount list. Directory most likely stored on / file system 2020-11-22 01:49:47 Suggestion: To decrease the impact of a full /var file system, place /var on a separate partition [test:FILE-6310] [details:-] [solution:-] 2020-11-22 01:49:47 Hardening: assigned partial number of hardening points (9 of 10). Currently having 69 points (out of 98) 2020-11-22 01:49:47 ==== 2020-11-22 01:49:47 Performing test ID FILE-6311 (Checking LVM volume groups) 2020-11-22 01:49:47 Test: Checking for LVM volume groups 2020-11-22 01:49:47 Result: found one or more volume groups 2020-11-22 01:49:47 Found LVM volume group: centos 2020-11-22 01:49:47 ==== 2020-11-22 01:49:48 Performing test ID FILE-6312 (Checking LVM volumes) 2020-11-22 01:49:48 Test: Checking for LVM volumes 2020-11-22 01:49:48 Result: found one or more volumes 2020-11-22 01:49:48 Found LVM volume: home 2020-11-22 01:49:48 Found LVM volume: root 2020-11-22 01:49:48 Found LVM volume: swap 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6323 (Checking EXT file systems) 2020-11-22 01:49:48 Test: Checking for Linux EXT file systems 2020-11-22 01:49:48 Result: no EXT file systems found 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6324 (Checking XFS file systems) 2020-11-22 01:49:48 Test: Checking for Linux XFS file systems 2020-11-22 01:49:48 Result: found one or more XFS file systems 2020-11-22 01:49:48 File system: / (type: xfs) 2020-11-22 01:49:48 File system: /boot (type: xfs) 2020-11-22 01:49:48 File system: /home (type: xfs) 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6329 (Checking FFS/UFS file systems) 2020-11-22 01:49:48 Test: Query /etc/fstab for available FFS/UFS mount points 2020-11-22 01:49:48 Result: unable to find any single mount point (FFS/UFS) 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Skipped test FILE-6330 (Checking ZFS file systems) 2020-11-22 01:49:48 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Skipped test FILE-6439 (Checking HAMMER PFS mounts) 2020-11-22 01:49:48 Reason to skip: Incorrect guest OS (DragonFly only) 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6332 (Checking swap partitions) 2020-11-22 01:49:48 Test: query swap partitions from /etc/fstab file 2020-11-22 01:49:48 Swap partition found: /dev/mapper/centos-swap 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6336 (Checking swap mount options) 2020-11-22 01:49:48 Test: check swap partitions with incorrect mount options 2020-11-22 01:49:48 Result: all swap partitions have correct options (sw or swap) 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6344 (Checking proc mount options) 2020-11-22 01:49:48 Test: check proc mount with incorrect mount options 2020-11-22 01:49:48 Hardening: assigned partial number of hardening points (0 of 3). Currently having 69 points (out of 101) 2020-11-22 01:49:48 Result: /proc filesystem is not mounted with option hidepid=1 or hidepid=2 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6354 (Searching for old files in /tmp) 2020-11-22 01:49:48 Test: Searching for old files in /tmp 2020-11-22 01:49:48 Result: no files found in /tmp which are older than 3 months 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6362 (Checking /tmp sticky bit) 2020-11-22 01:49:48 Result: sticky bit found on /tmp directory 2020-11-22 01:49:48 Hardening: assigned maximum number of hardening points for this item (3). Currently having 72 points (out of 104) 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6363 (Checking /var/tmp sticky bit) 2020-11-22 01:49:48 Result: sticky bit found on /var/tmp directory 2020-11-22 01:49:48 Hardening: assigned maximum number of hardening points for this item (3). Currently having 75 points (out of 107) 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6368 (Checking ACL support on root file system) 2020-11-22 01:49:48 Test: Checking acl option on ext[2-4] root file system 2020-11-22 01:49:48 Result: mount point probably mounted with defaults 2020-11-22 01:49:48 Test: Checking device which holds root file system 2020-11-22 01:49:48 Result: No file system found with root file system 2020-11-22 01:49:48 Test: Checking acl option on xfs root file system 2020-11-22 01:49:48 Result: ACL option enabled on root file system 2020-11-22 01:49:48 Hardening: assigned maximum number of hardening points for this item (3). Currently having 78 points (out of 110) 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6372 (Checking / mount options) 2020-11-22 01:49:48 Result: mount system / is configured with options: defaults 2020-11-22 01:49:48 ==== 2020-11-22 01:49:48 Performing test ID FILE-6374 (Linux mount options) 2020-11-22 01:49:48 File system: /boot 2020-11-22 01:49:48 Expected flags: nodev noexec nosuid 2020-11-22 01:49:48 Found flags: defaults 2020-11-22 01:49:48 Result: Could not find mount option nodev on file system /boot 2020-11-22 01:49:48 Result: Could not find mount option noexec on file system /boot 2020-11-22 01:49:48 Result: Could not find mount option nosuid on file system /boot 2020-11-22 01:49:48 Result: marked /boot options as default (not hardened) 2020-11-22 01:49:48 Hardening: assigned partial number of hardening points (3 of 5). Currently having 81 points (out of 115) 2020-11-22 01:49:48 File system: /dev 2020-11-22 01:49:48 Expected flags: noexec nosuid 2020-11-22 01:49:48 Found flags: (rw nosuid seclabel size=197339772k nr_inodes=49334943 mode=755) 2020-11-22 01:49:48 Result: Could not find mount option noexec on file system /dev 2020-11-22 01:49:48 Result: GOOD, found mount option nosuid on file system /dev 2020-11-22 01:49:48 Result: marked /dev as partially hardened 2020-11-22 01:49:49 Hardening: assigned partial number of hardening points (4 of 5). Currently having 85 points (out of 120) 2020-11-22 01:49:49 File system: /dev/shm 2020-11-22 01:49:49 Expected flags: nosuid nodev noexec 2020-11-22 01:49:49 Found flags: (rw nosuid nodev seclabel) 2020-11-22 01:49:49 Result: GOOD, found mount option nosuid on file system /dev/shm 2020-11-22 01:49:49 Result: GOOD, found mount option nodev on file system /dev/shm 2020-11-22 01:49:49 Result: Could not find mount option noexec on file system /dev/shm 2020-11-22 01:49:49 Result: marked /dev/shm as partially hardened 2020-11-22 01:49:49 Hardening: assigned partial number of hardening points (4 of 5). Currently having 89 points (out of 125) 2020-11-22 01:49:49 File system: /home 2020-11-22 01:49:49 Expected flags: nodev nosuid 2020-11-22 01:49:49 Found flags: defaults 2020-11-22 01:49:49 Result: Could not find mount option nodev on file system /home 2020-11-22 01:49:49 Result: Could not find mount option nosuid on file system /home 2020-11-22 01:49:49 Result: marked /home options as default (not hardened) 2020-11-22 01:49:49 Hardening: assigned partial number of hardening points (3 of 5). Currently having 92 points (out of 130) 2020-11-22 01:49:49 File system: /run 2020-11-22 01:49:49 Expected flags: nodev nosuid 2020-11-22 01:49:49 Found flags: (rw nosuid nodev seclabel mode=755) 2020-11-22 01:49:49 Result: GOOD, found mount option nodev on file system /run 2020-11-22 01:49:49 Result: GOOD, found mount option nosuid on file system /run 2020-11-22 01:49:49 Result: marked /run as fully hardened 2020-11-22 01:49:49 Hardening: assigned maximum number of hardening points for this item (5). Currently having 97 points (out of 135) 2020-11-22 01:49:49 Result: file system /tmp not found in /etc/fstab 2020-11-22 01:49:49 Result: file system /var not found in /etc/fstab 2020-11-22 01:49:49 Result: file system /var/log not found in /etc/fstab 2020-11-22 01:49:49 Result: file system /var/log/audit not found in /etc/fstab 2020-11-22 01:49:49 Result: file system /var/tmp not found in /etc/fstab 2020-11-22 01:49:49 Result: Total without nodev:13 noexec:15 nosuid:11 ro or noexec (W^X): 15, of total 35 2020-11-22 01:49:49 ==== 2020-11-22 01:49:49 Performing test ID FILE-6376 (Determine if /var/tmp is bound to /tmp) 2020-11-22 01:49:49 Result: no mount point /var/tmp or expected options found 2020-11-22 01:49:49 ==== 2020-11-22 01:49:49 Performing test ID FILE-6394 (Determine level of swappiness.) 2020-11-22 01:49:49 Test: checking level of vm.swappiness: 60 2020-11-22 01:49:49 Result: vm.swappiness=60 which is the standard level of swappiness and works well for desktop systems. 2020-11-22 01:49:49 ==== 2020-11-22 01:49:49 Skipped test FILE-6410 (Checking Locate database) 2020-11-22 01:49:49 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:49 ==== 2020-11-22 01:49:49 Performing test ID FILE-6430 (Disable mounting of some filesystems) 2020-11-22 01:49:49 Result: found cramfs support in the kernel (output = insmod /lib/modules/3.10.0-1127.18.2.el7.x86_64/kernel/fs/cramfs/cramfs.ko.xz ) 2020-11-22 01:49:49 Test: Checking if cramfs is active 2020-11-22 01:49:49 Result: module cramfs is currently not loaded in the kernel. 2020-11-22 01:49:49 Hardening: assigned partial number of hardening points (2 of 3). Currently having 99 points (out of 138) 2020-11-22 01:49:49 Hardening: assigned maximum number of hardening points for this item (3). Currently having 102 points (out of 141) 2020-11-22 01:49:49 Hardening: assigned maximum number of hardening points for this item (3). Currently having 105 points (out of 144) 2020-11-22 01:49:49 Hardening: assigned maximum number of hardening points for this item (3). Currently having 108 points (out of 147) 2020-11-22 01:49:49 Hardening: assigned maximum number of hardening points for this item (3). Currently having 111 points (out of 150) 2020-11-22 01:49:49 Result: found squashfs support in the kernel (output = insmod /lib/modules/3.10.0-1127.18.2.el7.x86_64/kernel/fs/squashfs/squashfs.ko.xz ) 2020-11-22 01:49:49 Test: Checking if squashfs is active 2020-11-22 01:49:49 Result: module squashfs is currently not loaded in the kernel. 2020-11-22 01:49:49 Hardening: assigned partial number of hardening points (2 of 3). Currently having 113 points (out of 153) 2020-11-22 01:49:49 Result: found udf support in the kernel (output = insmod /lib/modules/3.10.0-1127.18.2.el7.x86_64/kernel/fs/udf/udf.ko.xz ) 2020-11-22 01:49:49 Test: Checking if udf is active 2020-11-22 01:49:49 Result: module udf is currently not loaded in the kernel. 2020-11-22 01:49:49 Hardening: assigned partial number of hardening points (2 of 3). Currently having 115 points (out of 156) 2020-11-22 01:49:49 Suggestion: Consider disabling unused kernel modules [test:FILE-6430] [details:/etc/modprobe.d/blacklist.conf] [solution:Add 'install MODULENAME /bin/true' (without quotes)] 2020-11-22 01:49:49 Security check: file is normal 2020-11-22 01:49:49 Checking permissions of /root/lynis/include/tests_usb 2020-11-22 01:49:50 File permissions are OK 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Action: Performing tests from category: USB Devices 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Performing test ID USB-1000 (Check if USB storage is disabled) 2020-11-22 01:49:50 Test: Checking USB storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf 2020-11-22 01:49:50 Result: usb-storage driver is not explicitly disabled 2020-11-22 01:49:50 Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:USB-1000] [details:-] [solution:-] 2020-11-22 01:49:50 Hardening: assigned partial number of hardening points (2 of 3). Currently having 117 points (out of 159) 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Performing test ID USB-2000 (Check USB authorizations) 2020-11-22 01:49:50 Test: checking presence of USB devices path (/sys/bus/usb/devices) 2020-11-22 01:49:50 Test: Checking USB devices authorization to connect to the system 2020-11-22 01:49:50 Test: /sys/bus/usb/devices/usb1 is authorized by default (authorized_default=1) 2020-11-22 01:49:50 Test: /sys/bus/usb/devices/usb1 is authorized currently (authorized=1) 2020-11-22 01:49:50 Test: /sys/bus/usb/devices/usb2 is authorized by default (authorized_default=1) 2020-11-22 01:49:50 Test: /sys/bus/usb/devices/usb2 is authorized currently (authorized=1) 2020-11-22 01:49:50 Result: Some USB devices are authorized by default (or temporary) to connect to the system 2020-11-22 01:49:50 Hardening: assigned partial number of hardening points (0 of 3). Currently having 117 points (out of 162) 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Performing test ID USB-3000 (Check for presence of USBGuard) 2020-11-22 01:49:50 Result: USBGuard not found 2020-11-22 01:49:50 Hardening: assigned partial number of hardening points (0 of 8). Currently having 117 points (out of 170) 2020-11-22 01:49:50 Security check: file is normal 2020-11-22 01:49:50 Checking permissions of /root/lynis/include/tests_storage 2020-11-22 01:49:50 File permissions are OK 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Action: Performing tests from category: Storage 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Performing test ID STRG-1846 (Check if firewire storage is disabled) 2020-11-22 01:49:50 Test: Checking firewire storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf 2020-11-22 01:49:50 Result: firewire ohci driver is not explicitly disabled 2020-11-22 01:49:50 Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846] [details:-] [solution:-] 2020-11-22 01:49:50 Hardening: assigned partial number of hardening points (2 of 3). Currently having 119 points (out of 173) 2020-11-22 01:49:50 Security check: file is normal 2020-11-22 01:49:50 Checking permissions of /root/lynis/include/tests_storage_nfs 2020-11-22 01:49:50 File permissions are OK 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Action: Performing tests from category: NFS 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Skipped test STRG-1902 (Check rpcinfo registered programs) 2020-11-22 01:49:50 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Skipped test STRG-1904 (Check nfs rpc) 2020-11-22 01:49:50 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Skipped test STRG-1906 (Check nfs rpc) 2020-11-22 01:49:50 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Performing test ID STRG-1920 (Checking NFS daemon) 2020-11-22 01:49:50 Test: Checking running NFS daemon 2020-11-22 01:49:50 Output: NFS daemon is not running 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Skipped test STRG-1926 (Checking NFS exports) 2020-11-22 01:49:50 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Skipped test STRG-1928 (Checking empty /etc/exports) 2020-11-22 01:49:50 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Skipped test STRG-1930 (Check client access to nfs share) 2020-11-22 01:49:50 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:50 Security check: file is normal 2020-11-22 01:49:50 Checking permissions of /root/lynis/include/tests_nameservices 2020-11-22 01:49:50 File permissions are OK 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Action: Performing tests from category: Name services 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Performing test ID NAME-4016 (Check /etc/resolv.conf default domain) 2020-11-22 01:49:50 Test: check /etc/resolv.conf for default domain 2020-11-22 01:49:50 Result: /etc/resolv.conf found 2020-11-22 01:49:50 Result: no default domain found 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Performing test ID NAME-4018 (Check /etc/resolv.conf search domains) 2020-11-22 01:49:50 Test: check /etc/resolv.conf for search domains 2020-11-22 01:49:50 Result: /etc/resolv.conf found 2020-11-22 01:49:50 Found search domain: akr.iol.unh.edu 2020-11-22 01:49:50 Result: Found 1 search domains 2020-11-22 01:49:50 Result: found 1 line(s) with a search statement (expecting less than 2 lines) 2020-11-22 01:49:50 ==== 2020-11-22 01:49:50 Performing test ID NAME-4020 (Check non default options) 2020-11-22 01:49:50 Test: check /etc/resolv.conf for non default options 2020-11-22 01:49:50 Result: /etc/resolv.conf found 2020-11-22 01:49:50 Result: no specific other options configured in /etc/resolv.conf 2020-11-22 01:49:50 ==== 2020-11-22 01:49:51 Skipped test NAME-4024 (Solaris uname -n output) 2020-11-22 01:49:51 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Skipped test NAME-4026 (Check /etc/nodename) 2020-11-22 01:49:51 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4028 (Check domain name) 2020-11-22 01:49:51 Test: Checking if dnsdomainname command is available 2020-11-22 01:49:51 Result: dnsdomainname command returned a value 2020-11-22 01:49:51 Found domain name: akr.iol.unh.edu 2020-11-22 01:49:51 Result: found domain name 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4032 (Check nscd status) 2020-11-22 01:49:51 Test: checking nscd status 2020-11-22 01:49:51 Performing pgrep scan without uid 2020-11-22 01:49:51 IsRunning: process 'nscd' not found 2020-11-22 01:49:51 Result: nscd is not running 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4034 (Check Unbound status) 2020-11-22 01:49:51 Test: checking Unbound (unbound) status 2020-11-22 01:49:51 Performing pgrep scan without uid 2020-11-22 01:49:51 IsRunning: process 'unbound' not found 2020-11-22 01:49:51 Result: Unbound daemon is not running 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Skipped test NAME-4036 (Check Unbound configuration file) 2020-11-22 01:49:51 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4202 (Check BIND status) 2020-11-22 01:49:51 Test: Checking for running BIND instance 2020-11-22 01:49:51 Performing pgrep scan without uid 2020-11-22 01:49:51 IsRunning: process 'named' not found 2020-11-22 01:49:51 Result: BIND not running 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Skipped test NAME-4204 (Search BIND configuration file) 2020-11-22 01:49:51 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Skipped test NAME-4206 (Check BIND configuration consistency) 2020-11-22 01:49:51 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Skipped test NAME-4210 (Check DNS banner) 2020-11-22 01:49:51 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4230 (Check PowerDNS status) 2020-11-22 01:49:51 Test: Checking for running PowerDNS instance 2020-11-22 01:49:51 Performing pgrep scan without uid 2020-11-22 01:49:51 IsRunning: process 'pdns_server' not found 2020-11-22 01:49:51 Result: PowerDNS not running 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Skipped test NAME-4232 (Search PowerDNS configuration file) 2020-11-22 01:49:51 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Skipped test NAME-4236 (Check PowerDNS backends) 2020-11-22 01:49:51 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Skipped test NAME-4238 (Check PowerDNS authoritative status) 2020-11-22 01:49:51 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4304 (Check NIS ypbind status) 2020-11-22 01:49:51 Test: Checking status of ypbind daemon 2020-11-22 01:49:51 Performing pgrep scan without uid 2020-11-22 01:49:51 IsRunning: process 'ypbind' not found 2020-11-22 01:49:51 Result: ypbind is not active 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Skipped test NAME-4306 (Check NIS domain) 2020-11-22 01:49:51 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4402 (Check duplicate line in /etc/hosts) 2020-11-22 01:49:51 Test: check duplicate line in /etc/hosts 2020-11-22 01:49:51 Result: OK, no duplicate lines found 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4404 (Check /etc/hosts contains an entry for this server name) 2020-11-22 01:49:51 Test: Check /etc/hosts contains an entry for this server name 2020-11-22 01:49:51 Result: No entry found for intel1-intel2 in /etc/hosts 2020-11-22 01:49:51 Suggestion: Add the IP name and FQDN to /etc/hosts for proper name resolving [test:NAME-4404] [details:-] [solution:-] 2020-11-22 01:49:51 Risk: No entry for the server name [hostname] in /etc/hosts may cause unexpected performance problems for local connections 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4406 (Check server hostname mapping) 2020-11-22 01:49:51 Test: Check server hostname not locally mapped in /etc/hosts 2020-11-22 01:49:51 Result: this server hostname is not mapped to a local address 2020-11-22 01:49:51 ==== 2020-11-22 01:49:51 Performing test ID NAME-4408 (Check localhost entry) 2020-11-22 01:49:51 Test: Check server hostname not locally mapped in /etc/hosts 2020-11-22 01:49:52 Result: localhost mapped to ::1 2020-11-22 01:49:52 Security check: file is normal 2020-11-22 01:49:52 Checking permissions of /root/lynis/include/tests_dns 2020-11-22 01:49:52 File permissions are OK 2020-11-22 01:49:52 Security check: file is normal 2020-11-22 01:49:52 Checking permissions of /root/lynis/include/tests_ports_packages 2020-11-22 01:49:52 File permissions are OK 2020-11-22 01:49:52 ==== 2020-11-22 01:49:52 Action: Performing tests from category: Ports and packages 2020-11-22 01:49:52 ==== 2020-11-22 01:49:52 Skipped test PKGS-7301 (Query FreeBSD pkg) 2020-11-22 01:49:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:52 ==== 2020-11-22 01:49:52 Skipped test PKGS-7302 (Query FreeBSD/NetBSD pkg_info) 2020-11-22 01:49:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:52 ==== 2020-11-22 01:49:52 Skipped test PKGS-7303 (Query brew package manager) 2020-11-22 01:49:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:52 Result: brew can NOT be found on this system 2020-11-22 01:49:52 ==== 2020-11-22 01:49:52 Skipped test PKGS-7304 (Querying Gentoo packages) 2020-11-22 01:49:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:49:52 Result: emerge can NOT be found on this system 2020-11-22 01:49:52 ==== 2020-11-22 01:49:52 Skipped test PKGS-7306 (Querying Solaris packages) 2020-11-22 01:49:52 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:49:52 Result: pkginfo can NOT be found on this system 2020-11-22 01:49:52 ==== 2020-11-22 01:49:52 Performing test ID PKGS-7308 (Checking package list with RPM) 2020-11-22 01:49:52 Result: Found rpm binary (/usr/bin/rpm) 2020-11-22 01:49:52 Test: Querying 'rpm -qa' to get package list 2020-11-22 01:49:52 Output: 2020-11-22 01:49:52 -------- 2020-11-22 01:49:52 Found package: NetworkManager,1.18.4-3.el7.x86_64 2020-11-22 01:49:52 Found package: NetworkManager-libnm,1.18.4-3.el7.x86_64 2020-11-22 01:49:52 Found package: NetworkManager-team,1.18.4-3.el7.x86_64 2020-11-22 01:49:53 Found package: NetworkManager-tui,1.18.4-3.el7.x86_64 2020-11-22 01:49:53 Found package: NetworkManager-wifi,1.18.4-3.el7.x86_64 2020-11-22 01:49:53 Found package: acl,2.2.51-15.el7.x86_64 2020-11-22 01:49:53 Found package: aic94xx-firmware,30-6.el7.noarch 2020-11-22 01:49:53 Found package: alsa-firmware,1.0.28-2.el7.noarch 2020-11-22 01:49:53 Found package: alsa-lib,1.1.8-1.el7.x86_64 2020-11-22 01:49:53 Found package: alsa-tools-firmware,1.1.0-1.el7.x86_64 2020-11-22 01:49:53 Found package: atk,2.28.1-2.el7.x86_64 2020-11-22 01:49:53 Found package: audit,2.8.5-4.el7.x86_64 2020-11-22 01:49:53 Found package: audit-libs,2.8.5-4.el7.x86_64 2020-11-22 01:49:53 Found package: audit-libs-python,2.8.5-4.el7.x86_64 2020-11-22 01:49:53 Found package: authconfig,6.2.8-30.el7.x86_64 2020-11-22 01:49:53 Found package: avahi-libs,0.6.31-20.el7.x86_64 2020-11-22 01:49:53 Found package: basesystem,10.0-7.el7.centos.noarch 2020-11-22 01:49:53 Found package: bash,4.2.46-34.el7.x86_64 2020-11-22 01:49:53 Found package: bind-export-libs,9.11.4-16.P2.el7_8.6.x86_64 2020-11-22 01:49:53 Found package: binutils,2.27-43.base.el7_8.1.x86_64 2020-11-22 01:49:53 Found package: biosdevname,0.7.3-2.el7.x86_64 2020-11-22 01:49:53 Found package: btrfs-progs,4.9.1-1.el7.x86_64 2020-11-22 01:49:53 Found package: bzip2-libs,1.0.6-13.el7.x86_64 2020-11-22 01:49:53 Found package: ca-certificates,2020.2.41-70.0.el7_8.noarch 2020-11-22 01:49:53 Found package: cairo,1.15.12-4.el7.x86_64 2020-11-22 01:49:53 Found package: centos-logos,70.0.6-3.el7.centos.noarch 2020-11-22 01:49:53 Found package: centos-release,7-8.2003.0.el7.centos.x86_64 2020-11-22 01:49:53 Found package: centos-release-scl,2-3.el7.centos.noarch 2020-11-22 01:49:53 Found package: centos-release-scl-rh,2-3.el7.centos.noarch 2020-11-22 01:49:53 Found package: checkpolicy,2.5-8.el7.x86_64 2020-11-22 01:49:53 Found package: chkconfig,1.7.4-1.el7.x86_64 2020-11-22 01:49:53 Found package: chrony,3.4-1.el7.x86_64 2020-11-22 01:49:53 Found package: container-selinux,2.119.2-1.911c772.el7_8.noarch 2020-11-22 01:49:53 Found package: containerd.io,1.2.13-3.2.el7.x86_64 2020-11-22 01:49:53 Found package: copy-jdk-configs,3.3-10.el7_5.noarch 2020-11-22 01:49:53 Found package: coreutils,8.22-24.el7.x86_64 2020-11-22 01:49:53 Found package: cpio,2.11-27.el7.x86_64 2020-11-22 01:49:53 Found package: cpp,4.8.5-39.el7.x86_64 2020-11-22 01:49:53 Found package: cracklib,2.9.0-11.el7.x86_64 2020-11-22 01:49:53 Found package: cracklib-dicts,2.9.0-11.el7.x86_64 2020-11-22 01:49:53 Found package: cronie,1.4.11-23.el7.x86_64 2020-11-22 01:49:53 Found package: cronie-anacron,1.4.11-23.el7.x86_64 2020-11-22 01:49:53 Found package: crontabs,1.11-6.20121102git.el7.noarch 2020-11-22 01:49:53 Found package: cryptsetup-libs,2.0.3-6.el7.x86_64 2020-11-22 01:49:53 Found package: cups-libs,1.6.3-43.el7.x86_64 2020-11-22 01:49:53 Found package: curl,7.29.0-57.el7_8.1.x86_64 2020-11-22 01:49:53 Found package: cyrus-sasl-lib,2.1.26-23.el7.x86_64 2020-11-22 01:49:53 Found package: dbus,1.10.24-14.el7_8.x86_64 2020-11-22 01:49:53 Found package: dbus-glib,0.100-7.el7.x86_64 2020-11-22 01:49:53 Found package: dbus-libs,1.10.24-14.el7_8.x86_64 2020-11-22 01:49:53 Found package: dbus-python,1.1.1-9.el7.x86_64 2020-11-22 01:49:53 Found package: dejavu-fonts-common,2.33-6.el7.noarch 2020-11-22 01:49:53 Found package: dejavu-sans-fonts,2.33-6.el7.noarch 2020-11-22 01:49:53 Found package: device-mapper,1.02.164-7.el7_8.2.x86_64 2020-11-22 01:49:53 Found package: device-mapper-event,1.02.164-7.el7_8.2.x86_64 2020-11-22 01:49:53 Found package: device-mapper-event-libs,1.02.164-7.el7_8.2.x86_64 2020-11-22 01:49:53 Found package: device-mapper-libs,1.02.164-7.el7_8.2.x86_64 2020-11-22 01:49:53 Found package: device-mapper-persistent-data,0.8.5-2.el7.x86_64 2020-11-22 01:49:53 Found package: dhclient,4.2.5-79.el7.centos.x86_64 2020-11-22 01:49:53 Found package: dhcp-common,4.2.5-79.el7.centos.x86_64 2020-11-22 01:49:53 Found package: dhcp-libs,4.2.5-79.el7.centos.x86_64 2020-11-22 01:49:53 Found package: diffutils,3.3-5.el7.x86_64 2020-11-22 01:49:53 Found package: dmidecode,3.2-3.el7.x86_64 2020-11-22 01:49:53 Found package: docker-ce,19.03.12-3.el7.x86_64 2020-11-22 01:49:53 Found package: docker-ce-cli,19.03.12-3.el7.x86_64 2020-11-22 01:49:53 Found package: dosfstools,3.0.20-10.el7.x86_64 2020-11-22 01:49:53 Found package: dracut,033-568.el7.x86_64 2020-11-22 01:49:53 Found package: dracut-config-rescue,033-568.el7.x86_64 2020-11-22 01:49:53 Found package: dracut-network,033-568.el7.x86_64 2020-11-22 01:49:53 Found package: dwz,0.11-3.el7.x86_64 2020-11-22 01:49:54 Found package: e2fsprogs,1.42.9-17.el7.x86_64 2020-11-22 01:49:54 Found package: e2fsprogs-libs,1.42.9-17.el7.x86_64 2020-11-22 01:49:54 Found package: ebtables,2.0.10-16.el7.x86_64 2020-11-22 01:49:54 Found package: efibootmgr,17-2.el7.x86_64 2020-11-22 01:49:54 Found package: efivar-libs,36-12.el7.x86_64 2020-11-22 01:49:54 Found package: elfutils-default-yama-scope,0.176-4.el7.noarch 2020-11-22 01:49:54 Found package: elfutils-libelf,0.176-4.el7.x86_64 2020-11-22 01:49:54 Found package: elfutils-libs,0.176-4.el7.x86_64 2020-11-22 01:49:54 Found package: epel-release,7-11.noarch 2020-11-22 01:49:54 Found package: ethtool,4.8-10.el7.x86_64 2020-11-22 01:49:54 Found package: expat,2.1.0-11.el7.x86_64 2020-11-22 01:49:54 Found package: file,5.11-36.el7.x86_64 2020-11-22 01:49:54 Found package: file-libs,5.11-36.el7.x86_64 2020-11-22 01:49:54 Found package: filesystem,3.2-25.el7.x86_64 2020-11-22 01:49:54 Found package: findutils,4.5.11-6.el7.x86_64 2020-11-22 01:49:54 Found package: fipscheck,1.4.1-6.el7.x86_64 2020-11-22 01:49:54 Found package: fipscheck-lib,1.4.1-6.el7.x86_64 2020-11-22 01:49:54 Found package: firewalld,0.6.3-8.el7_8.1.noarch 2020-11-22 01:49:54 Found package: firewalld-filesystem,0.6.3-8.el7_8.1.noarch 2020-11-22 01:49:54 Found package: fontconfig,2.13.0-4.3.el7.x86_64 2020-11-22 01:49:54 Found package: fontpackages-filesystem,1.44-8.el7.noarch 2020-11-22 01:49:54 Found package: freetype,2.8-14.el7.x86_64 2020-11-22 01:49:54 Found package: fribidi,1.0.2-1.el7_7.1.x86_64 2020-11-22 01:49:54 Found package: fxload,2002_04_11-16.el7.x86_64 2020-11-22 01:49:54 Found package: gawk,4.0.2-4.el7_3.1.x86_64 2020-11-22 01:49:54 Found package: gcc,4.8.5-39.el7.x86_64 2020-11-22 01:49:54 Found package: gdbm,1.10-8.el7.x86_64 2020-11-22 01:49:54 Found package: gdk-pixbuf2,2.36.12-3.el7.x86_64 2020-11-22 01:49:54 Found package: gettext,0.19.8.1-3.el7.x86_64 2020-11-22 01:49:54 Found package: gettext-libs,0.19.8.1-3.el7.x86_64 2020-11-22 01:49:54 Found package: giflib,4.1.6-9.el7.x86_64 2020-11-22 01:49:54 Found package: git,1.8.3.1-23.el7_8.x86_64 2020-11-22 01:49:54 Found package: glib2,2.56.1-5.el7.x86_64 2020-11-22 01:49:54 Found package: glibc,2.17-307.el7.1.x86_64 2020-11-22 01:49:54 Found package: glibc-common,2.17-307.el7.1.x86_64 2020-11-22 01:49:54 Found package: glibc-devel,2.17-307.el7.1.x86_64 2020-11-22 01:49:54 Found package: glibc-headers,2.17-307.el7.1.x86_64 2020-11-22 01:49:54 Found package: gmp,6.0.0-15.el7.x86_64 2020-11-22 01:49:54 Found package: gnupg2,2.0.22-5.el7_5.x86_64 2020-11-22 01:49:54 Found package: gobject-introspection,1.56.1-1.el7.x86_64 2020-11-22 01:49:54 Found package: gpg-pubkey,352c64e5-52ae6884.(none) 2020-11-22 01:49:54 Found package: gpg-pubkey,621e9f35-58adea78.(none) 2020-11-22 01:49:54 Found package: gpg-pubkey,f2ee9d55-560cfc0a.(none) 2020-11-22 01:49:54 Found package: gpg-pubkey,f4a80eb5-53a7ff4b.(none) 2020-11-22 01:49:54 Found package: gpgme,1.3.2-5.el7.x86_64 2020-11-22 01:49:54 Found package: gpm-libs,1.20.7-6.el7.x86_64 2020-11-22 01:49:54 Found package: graphite2,1.3.10-1.el7_3.x86_64 2020-11-22 01:49:54 Found package: grep,2.20-3.el7.x86_64 2020-11-22 01:49:54 Found package: groff-base,1.22.2-8.el7.x86_64 2020-11-22 01:49:54 Found package: grub2,2.02-0.86.el7.centos.x86_64 2020-11-22 01:49:54 Found package: grub2-common,2.02-0.86.el7.centos.noarch 2020-11-22 01:49:54 Found package: grub2-efi-x64,2.02-0.86.el7.centos.x86_64 2020-11-22 01:49:54 Found package: grub2-pc,2.02-0.86.el7.centos.x86_64 2020-11-22 01:49:54 Found package: grub2-pc-modules,2.02-0.86.el7.centos.noarch 2020-11-22 01:49:54 Found package: grub2-tools,2.02-0.86.el7.centos.x86_64 2020-11-22 01:49:54 Found package: grub2-tools-extra,2.02-0.86.el7.centos.x86_64 2020-11-22 01:49:54 Found package: grub2-tools-minimal,2.02-0.86.el7.centos.x86_64 2020-11-22 01:49:54 Found package: grubby,8.28-26.el7.x86_64 2020-11-22 01:49:54 Found package: gtk-update-icon-cache,3.22.30-5.el7.x86_64 2020-11-22 01:49:54 Found package: gtk2,2.24.31-1.el7.x86_64 2020-11-22 01:49:54 Found package: gzip,1.5-10.el7.x86_64 2020-11-22 01:49:54 Found package: hardlink,1.0-19.el7.x86_64 2020-11-22 01:49:54 Found package: harfbuzz,1.7.5-2.el7.x86_64 2020-11-22 01:49:54 Found package: hicolor-icon-theme,0.12-7.el7.noarch 2020-11-22 01:49:54 Found package: hostname,3.13-3.el7_7.1.x86_64 2020-11-22 01:49:54 Found package: hwdata,0.252-9.5.el7.x86_64 2020-11-22 01:49:55 Found package: info,5.1-5.el7.x86_64 2020-11-22 01:49:55 Found package: initscripts,9.49.49-1.el7.x86_64 2020-11-22 01:49:55 Found package: iproute,4.11.0-25.el7_7.2.x86_64 2020-11-22 01:49:55 Found package: iprutils,2.4.17.1-3.el7_7.x86_64 2020-11-22 01:49:55 Found package: ipset,7.1-1.el7.x86_64 2020-11-22 01:49:55 Found package: ipset-libs,7.1-1.el7.x86_64 2020-11-22 01:49:55 Found package: iptables,1.4.21-34.el7.x86_64 2020-11-22 01:49:55 Found package: iputils,20160308-10.el7.x86_64 2020-11-22 01:49:55 Found package: irqbalance,1.0.7-12.el7.x86_64 2020-11-22 01:49:55 Found package: iso-codes,3.46-2.el7.noarch 2020-11-22 01:49:55 Found package: ivtv-firmware,20080701-26.el7.noarch 2020-11-22 01:49:55 Found package: iwl100-firmware,39.31.5.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl1000-firmware,39.31.5.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl105-firmware,18.168.6.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl135-firmware,18.168.6.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl2000-firmware,18.168.6.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl2030-firmware,18.168.6.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl3160-firmware,25.30.13.0-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl3945-firmware,15.32.2.9-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl4965-firmware,228.61.2.24-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl5000-firmware,8.83.5.1_1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl5150-firmware,8.24.2.2-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl6000-firmware,9.221.4.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl6000g2a-firmware,18.168.6.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl6000g2b-firmware,18.168.6.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl6050-firmware,41.28.5.1-76.el7.noarch 2020-11-22 01:49:55 Found package: iwl7260-firmware,25.30.13.0-76.el7.noarch 2020-11-22 01:49:55 Found package: jansson,2.10-1.el7.x86_64 2020-11-22 01:49:55 Found package: jasper-libs,1.900.1-33.el7.x86_64 2020-11-22 01:49:55 Found package: java-1.8.0-openjdk,1.8.0.262.b10-0.el7_8.x86_64 2020-11-22 01:49:55 Found package: java-1.8.0-openjdk-devel,1.8.0.262.b10-0.el7_8.x86_64 2020-11-22 01:49:55 Found package: java-1.8.0-openjdk-headless,1.8.0.262.b10-0.el7_8.x86_64 2020-11-22 01:49:55 Found package: javapackages-tools,3.4.1-11.el7.noarch 2020-11-22 01:49:55 Found package: jbigkit-libs,2.0-11.el7.x86_64 2020-11-22 01:49:55 Found package: json-c,0.11-4.el7_0.x86_64 2020-11-22 01:49:55 Found package: kbd,1.15.5-15.el7.x86_64 2020-11-22 01:49:55 Found package: kbd-legacy,1.15.5-15.el7.noarch 2020-11-22 01:49:55 Found package: kbd-misc,1.15.5-15.el7.noarch 2020-11-22 01:49:55 Found package: kernel,3.10.0-1127.18.2.el7.x86_64 2020-11-22 01:49:55 Found package: kernel,3.10.0-1127.el7.x86_64 2020-11-22 01:49:55 Found package: kernel-headers,3.10.0-1127.19.1.el7.x86_64 2020-11-22 01:49:55 Found package: kernel-tools,3.10.0-1127.18.2.el7.x86_64 2020-11-22 01:49:55 Found package: kernel-tools-libs,3.10.0-1127.18.2.el7.x86_64 2020-11-22 01:49:55 Found package: kexec-tools,2.0.15-43.el7.x86_64 2020-11-22 01:49:55 Found package: keyutils-libs,1.5.8-3.el7.x86_64 2020-11-22 01:49:55 Found package: kmod,20-28.el7.x86_64 2020-11-22 01:49:55 Found package: kmod-libs,20-28.el7.x86_64 2020-11-22 01:49:55 Found package: kpartx,0.4.9-131.el7.x86_64 2020-11-22 01:49:55 Found package: krb5-libs,1.15.1-46.el7.x86_64 2020-11-22 01:49:55 Found package: less,458-9.el7.x86_64 2020-11-22 01:49:55 Found package: libICE,1.0.9-9.el7.x86_64 2020-11-22 01:49:55 Found package: libSM,1.2.2-2.el7.x86_64 2020-11-22 01:49:55 Found package: libX11,1.6.7-2.el7.x86_64 2020-11-22 01:49:55 Found package: libX11-common,1.6.7-2.el7.noarch 2020-11-22 01:49:55 Found package: libXau,1.0.8-2.1.el7.x86_64 2020-11-22 01:49:55 Found package: libXcomposite,0.4.4-4.1.el7.x86_64 2020-11-22 01:49:55 Found package: libXcursor,1.1.15-1.el7.x86_64 2020-11-22 01:49:55 Found package: libXdamage,1.1.4-4.1.el7.x86_64 2020-11-22 01:49:55 Found package: libXext,1.3.3-3.el7.x86_64 2020-11-22 01:49:55 Found package: libXfixes,5.0.3-1.el7.x86_64 2020-11-22 01:49:55 Found package: libXft,2.3.2-2.el7.x86_64 2020-11-22 01:49:55 Found package: libXi,1.7.9-1.el7.x86_64 2020-11-22 01:49:55 Found package: libXinerama,1.1.3-2.1.el7.x86_64 2020-11-22 01:49:55 Found package: libXrandr,1.5.1-2.el7.x86_64 2020-11-22 01:49:55 Found package: libXrender,0.9.10-1.el7.x86_64 2020-11-22 01:49:55 Found package: libXtst,1.2.3-1.el7.x86_64 2020-11-22 01:49:56 Found package: libXxf86vm,1.1.4-1.el7.x86_64 2020-11-22 01:49:56 Found package: libacl,2.2.51-15.el7.x86_64 2020-11-22 01:49:56 Found package: libaio,0.3.109-13.el7.x86_64 2020-11-22 01:49:56 Found package: libassuan,2.1.0-3.el7.x86_64 2020-11-22 01:49:56 Found package: libattr,2.4.46-13.el7.x86_64 2020-11-22 01:49:56 Found package: libblkid,2.23.2-63.el7.x86_64 2020-11-22 01:49:56 Found package: libcap,2.22-11.el7.x86_64 2020-11-22 01:49:56 Found package: libcap-ng,0.7.5-4.el7.x86_64 2020-11-22 01:49:56 Found package: libcgroup,0.41-21.el7.x86_64 2020-11-22 01:49:56 Found package: libcom_err,1.42.9-17.el7.x86_64 2020-11-22 01:49:56 Found package: libcroco,0.6.12-4.el7.x86_64 2020-11-22 01:49:56 Found package: libcurl,7.29.0-57.el7_8.1.x86_64 2020-11-22 01:49:56 Found package: libdaemon,0.14-7.el7.x86_64 2020-11-22 01:49:56 Found package: libdb,5.3.21-25.el7.x86_64 2020-11-22 01:49:56 Found package: libdb-utils,5.3.21-25.el7.x86_64 2020-11-22 01:49:56 Found package: libdrm,2.4.97-2.el7.x86_64 2020-11-22 01:49:56 Found package: libedit,3.0-12.20121213cvs.el7.x86_64 2020-11-22 01:49:56 Found package: libestr,0.1.9-2.el7.x86_64 2020-11-22 01:49:56 Found package: libfastjson,0.99.4-3.el7.x86_64 2020-11-22 01:49:56 Found package: libffi,3.0.13-19.el7.x86_64 2020-11-22 01:49:56 Found package: libfontenc,1.1.3-3.el7.x86_64 2020-11-22 01:49:56 Found package: libgcc,4.8.5-39.el7.x86_64 2020-11-22 01:49:56 Found package: libgcrypt,1.5.3-14.el7.x86_64 2020-11-22 01:49:56 Found package: libglvnd,1.0.1-0.8.git5baa1e5.el7.x86_64 2020-11-22 01:49:56 Found package: libglvnd-egl,1.0.1-0.8.git5baa1e5.el7.x86_64 2020-11-22 01:49:56 Found package: libglvnd-glx,1.0.1-0.8.git5baa1e5.el7.x86_64 2020-11-22 01:49:56 Found package: libgomp,4.8.5-39.el7.x86_64 2020-11-22 01:49:56 Found package: libgpg-error,1.12-3.el7.x86_64 2020-11-22 01:49:56 Found package: libidn,1.28-4.el7.x86_64 2020-11-22 01:49:56 Found package: libjpeg-turbo,1.2.90-8.el7.x86_64 2020-11-22 01:49:56 Found package: libmnl,1.0.3-7.el7.x86_64 2020-11-22 01:49:56 Found package: libmount,2.23.2-63.el7.x86_64 2020-11-22 01:49:56 Found package: libmpc,1.0.1-3.el7.x86_64 2020-11-22 01:49:56 Found package: libndp,1.2-9.el7.x86_64 2020-11-22 01:49:56 Found package: libnetfilter_conntrack,1.0.6-1.el7_3.x86_64 2020-11-22 01:49:56 Found package: libnfnetlink,1.0.1-4.el7.x86_64 2020-11-22 01:49:56 Found package: libnl3,3.2.28-4.el7.x86_64 2020-11-22 01:49:56 Found package: libnl3-cli,3.2.28-4.el7.x86_64 2020-11-22 01:49:56 Found package: libpciaccess,0.14-1.el7.x86_64 2020-11-22 01:49:56 Found package: libpipeline,1.2.3-3.el7.x86_64 2020-11-22 01:49:56 Found package: libpng,1.5.13-7.el7_2.x86_64 2020-11-22 01:49:56 Found package: libpwquality,1.2.3-5.el7.x86_64 2020-11-22 01:49:56 Found package: libseccomp,2.3.1-4.el7.x86_64 2020-11-22 01:49:56 Found package: libselinux,2.5-15.el7.x86_64 2020-11-22 01:49:56 Found package: libselinux-python,2.5-15.el7.x86_64 2020-11-22 01:49:56 Found package: libselinux-utils,2.5-15.el7.x86_64 2020-11-22 01:49:56 Found package: libsemanage,2.5-14.el7.x86_64 2020-11-22 01:49:56 Found package: libsemanage-python,2.5-14.el7.x86_64 2020-11-22 01:49:56 Found package: libsepol,2.5-10.el7.x86_64 2020-11-22 01:49:56 Found package: libsmartcols,2.23.2-63.el7.x86_64 2020-11-22 01:49:56 Found package: libss,1.42.9-17.el7.x86_64 2020-11-22 01:49:56 Found package: libssh2,1.8.0-3.el7.x86_64 2020-11-22 01:49:56 Found package: libstdc++,4.8.5-39.el7.x86_64 2020-11-22 01:49:56 Found package: libsysfs,2.1.0-16.el7.x86_64 2020-11-22 01:49:56 Found package: libtasn1,4.10-1.el7.x86_64 2020-11-22 01:49:56 Found package: libteam,1.29-1.el7.x86_64 2020-11-22 01:49:56 Found package: libthai,0.1.14-9.el7.x86_64 2020-11-22 01:49:56 Found package: libtiff,4.0.3-32.el7.x86_64 2020-11-22 01:49:56 Found package: libunistring,0.9.3-9.el7.x86_64 2020-11-22 01:49:56 Found package: libuser,0.60-9.el7.x86_64 2020-11-22 01:49:56 Found package: libutempter,1.1.6-4.el7.x86_64 2020-11-22 01:49:56 Found package: libuuid,2.23.2-63.el7.x86_64 2020-11-22 01:49:56 Found package: libverto,0.2.5-4.el7.x86_64 2020-11-22 01:49:56 Found package: libwayland-client,1.15.0-1.el7.x86_64 2020-11-22 01:49:56 Found package: libwayland-server,1.15.0-1.el7.x86_64 2020-11-22 01:49:57 Found package: libxcb,1.13-1.el7.x86_64 2020-11-22 01:49:57 Found package: libxml2,2.9.1-6.el7.4.x86_64 2020-11-22 01:49:57 Found package: libxml2-python,2.9.1-6.el7.4.x86_64 2020-11-22 01:49:57 Found package: libxshmfence,1.2-1.el7.x86_64 2020-11-22 01:49:57 Found package: libxslt,1.1.28-5.el7.x86_64 2020-11-22 01:49:57 Found package: linux-firmware,20191203-76.gite8a0f4c.el7.noarch 2020-11-22 01:49:57 Found package: lksctp-tools,1.0.17-2.el7.x86_64 2020-11-22 01:49:57 Found package: logrotate,3.8.6-19.el7.x86_64 2020-11-22 01:49:57 Found package: lsscsi,0.27-6.el7.x86_64 2020-11-22 01:49:57 Found package: lua,5.1.4-15.el7.x86_64 2020-11-22 01:49:57 Found package: lvm2,2.02.186-7.el7_8.2.x86_64 2020-11-22 01:49:57 Found package: lvm2-libs,2.02.186-7.el7_8.2.x86_64 2020-11-22 01:49:57 Found package: lz4,1.7.5-3.el7.x86_64 2020-11-22 01:49:57 Found package: lzo,2.06-8.el7.x86_64 2020-11-22 01:49:57 Found package: make,3.82-24.el7.x86_64 2020-11-22 01:49:57 Found package: man-db,2.6.3-11.el7.x86_64 2020-11-22 01:49:57 Found package: mariadb-libs,5.5.65-1.el7.x86_64 2020-11-22 01:49:57 Found package: mesa-libEGL,18.3.4-7.el7_8.1.x86_64 2020-11-22 01:49:57 Found package: mesa-libGL,18.3.4-7.el7_8.1.x86_64 2020-11-22 01:49:57 Found package: mesa-libgbm,18.3.4-7.el7_8.1.x86_64 2020-11-22 01:49:57 Found package: mesa-libglapi,18.3.4-7.el7_8.1.x86_64 2020-11-22 01:49:57 Found package: microcode_ctl,2.1-61.10.el7_8.x86_64 2020-11-22 01:49:57 Found package: mokutil,15-8.el7.x86_64 2020-11-22 01:49:57 Found package: mozjs17,17.0.0-20.el7.x86_64 2020-11-22 01:49:57 Found package: mpfr,3.1.1-4.el7.x86_64 2020-11-22 01:49:57 Found package: ncurses,5.9-14.20130511.el7_4.x86_64 2020-11-22 01:49:57 Found package: ncurses-base,5.9-14.20130511.el7_4.noarch 2020-11-22 01:49:57 Found package: ncurses-libs,5.9-14.20130511.el7_4.x86_64 2020-11-22 01:49:57 Found package: newt,0.52.15-4.el7.x86_64 2020-11-22 01:49:57 Found package: newt-python,0.52.15-4.el7.x86_64 2020-11-22 01:49:57 Found package: nspr,4.21.0-1.el7.x86_64 2020-11-22 01:49:57 Found package: nss,3.44.0-7.el7_7.x86_64 2020-11-22 01:49:57 Found package: nss-pem,1.0.3-7.el7.x86_64 2020-11-22 01:49:57 Found package: nss-softokn,3.44.0-8.el7_7.x86_64 2020-11-22 01:49:57 Found package: nss-softokn-freebl,3.44.0-8.el7_7.x86_64 2020-11-22 01:49:57 Found package: nss-sysinit,3.44.0-7.el7_7.x86_64 2020-11-22 01:49:57 Found package: nss-tools,3.44.0-7.el7_7.x86_64 2020-11-22 01:49:57 Found package: nss-util,3.44.0-4.el7_7.x86_64 2020-11-22 01:49:57 Found package: numactl-libs,2.0.12-5.el7.x86_64 2020-11-22 01:49:57 Found package: openldap,2.4.44-21.el7_6.x86_64 2020-11-22 01:49:57 Found package: openssh,7.4p1-21.el7.x86_64 2020-11-22 01:49:57 Found package: openssh-clients,7.4p1-21.el7.x86_64 2020-11-22 01:49:57 Found package: openssh-server,7.4p1-21.el7.x86_64 2020-11-22 01:49:57 Found package: openssl,1.0.2k-19.el7.x86_64 2020-11-22 01:49:57 Found package: openssl-libs,1.0.2k-19.el7.x86_64 2020-11-22 01:49:57 Found package: os-prober,1.58-9.el7.x86_64 2020-11-22 01:49:57 Found package: p11-kit,0.23.5-3.el7.x86_64 2020-11-22 01:49:57 Found package: p11-kit-trust,0.23.5-3.el7.x86_64 2020-11-22 01:49:57 Found package: pam,1.1.8-23.el7.x86_64 2020-11-22 01:49:57 Found package: pango,1.42.4-4.el7_7.x86_64 2020-11-22 01:49:57 Found package: parted,3.1-32.el7.x86_64 2020-11-22 01:49:57 Found package: passwd,0.79-6.el7.x86_64 2020-11-22 01:49:57 Found package: pciutils-libs,3.5.1-3.el7.x86_64 2020-11-22 01:49:57 Found package: pcre,8.32-17.el7.x86_64 2020-11-22 01:49:57 Found package: pcsc-lite-libs,1.8.8-8.el7.x86_64 2020-11-22 01:49:57 Found package: perl,5.16.3-295.el7.x86_64 2020-11-22 01:49:57 Found package: perl-Carp,1.26-244.el7.noarch 2020-11-22 01:49:57 Found package: perl-Encode,2.51-7.el7.x86_64 2020-11-22 01:49:57 Found package: perl-Error,0.17020-2.el7.noarch 2020-11-22 01:49:57 Found package: perl-Exporter,5.68-3.el7.noarch 2020-11-22 01:49:57 Found package: perl-File-Path,2.09-2.el7.noarch 2020-11-22 01:49:57 Found package: perl-File-Temp,0.23.01-3.el7.noarch 2020-11-22 01:49:57 Found package: perl-Filter,1.49-3.el7.x86_64 2020-11-22 01:49:57 Found package: perl-Getopt-Long,2.40-3.el7.noarch 2020-11-22 01:49:57 Found package: perl-Git,1.8.3.1-23.el7_8.noarch 2020-11-22 01:49:58 Found package: perl-HTTP-Tiny,0.033-3.el7.noarch 2020-11-22 01:49:58 Found package: perl-PathTools,3.40-5.el7.x86_64 2020-11-22 01:49:58 Found package: perl-Pod-Escapes,1.04-295.el7.noarch 2020-11-22 01:49:58 Found package: perl-Pod-Perldoc,3.20-4.el7.noarch 2020-11-22 01:49:58 Found package: perl-Pod-Simple,3.28-4.el7.noarch 2020-11-22 01:49:58 Found package: perl-Pod-Usage,1.63-3.el7.noarch 2020-11-22 01:49:58 Found package: perl-Scalar-List-Utils,1.27-248.el7.x86_64 2020-11-22 01:49:58 Found package: perl-Socket,2.010-5.el7.x86_64 2020-11-22 01:49:58 Found package: perl-Storable,2.45-3.el7.x86_64 2020-11-22 01:49:58 Found package: perl-TermReadKey,2.30-20.el7.x86_64 2020-11-22 01:49:58 Found package: perl-Text-ParseWords,3.29-4.el7.noarch 2020-11-22 01:49:58 Found package: perl-Time-HiRes,1.9725-3.el7.x86_64 2020-11-22 01:49:58 Found package: perl-Time-Local,1.2300-2.el7.noarch 2020-11-22 01:49:58 Found package: perl-constant,1.27-2.el7.noarch 2020-11-22 01:49:58 Found package: perl-libs,5.16.3-295.el7.x86_64 2020-11-22 01:49:58 Found package: perl-macros,5.16.3-295.el7.x86_64 2020-11-22 01:49:58 Found package: perl-parent,0.225-244.el7.noarch 2020-11-22 01:49:58 Found package: perl-podlators,2.5.1-3.el7.noarch 2020-11-22 01:49:58 Found package: perl-srpm-macros,1-8.el7.noarch 2020-11-22 01:49:58 Found package: perl-threads,1.87-4.el7.x86_64 2020-11-22 01:49:58 Found package: perl-threads-shared,1.43-6.el7.x86_64 2020-11-22 01:49:58 Found package: pinentry,0.8.1-17.el7.x86_64 2020-11-22 01:49:58 Found package: pixman,0.34.0-1.el7.x86_64 2020-11-22 01:49:58 Found package: pkgconfig,0.27.1-4.el7.x86_64 2020-11-22 01:49:58 Found package: plymouth,0.8.9-0.33.20140113.el7.centos.x86_64 2020-11-22 01:49:58 Found package: plymouth-core-libs,0.8.9-0.33.20140113.el7.centos.x86_64 2020-11-22 01:49:58 Found package: plymouth-scripts,0.8.9-0.33.20140113.el7.centos.x86_64 2020-11-22 01:49:58 Found package: policycoreutils,2.5-34.el7.x86_64 2020-11-22 01:49:58 Found package: policycoreutils-python,2.5-34.el7.x86_64 2020-11-22 01:49:58 Found package: polkit,0.112-26.el7.x86_64 2020-11-22 01:49:58 Found package: polkit-pkla-compat,0.1-4.el7.x86_64 2020-11-22 01:49:58 Found package: popt,1.13-16.el7.x86_64 2020-11-22 01:49:58 Found package: postfix,2.10.1-9.el7.x86_64 2020-11-22 01:49:58 Found package: procps-ng,3.3.10-27.el7.x86_64 2020-11-22 01:49:58 Found package: pth,2.0.7-23.el7.x86_64 2020-11-22 01:49:58 Found package: pygpgme,0.3-9.el7.x86_64 2020-11-22 01:49:58 Found package: pyliblzma,0.5.3-11.el7.x86_64 2020-11-22 01:49:58 Found package: python,2.7.5-88.el7.x86_64 2020-11-22 01:49:58 Found package: python-IPy,0.75-6.el7.noarch 2020-11-22 01:49:58 Found package: python-chardet,2.2.1-3.el7.noarch 2020-11-22 01:49:58 Found package: python-configobj,4.7.2-7.el7.noarch 2020-11-22 01:49:58 Found package: python-decorator,3.4.0-3.el7.noarch 2020-11-22 01:49:58 Found package: python-firewall,0.6.3-8.el7_8.1.noarch 2020-11-22 01:49:58 Found package: python-gobject-base,3.22.0-1.el7_4.1.x86_64 2020-11-22 01:49:58 Found package: python-iniparse,0.4-9.el7.noarch 2020-11-22 01:49:58 Found package: python-javapackages,3.4.1-11.el7.noarch 2020-11-22 01:49:58 Found package: python-kitchen,1.1.1-5.el7.noarch 2020-11-22 01:49:58 Found package: python-libs,2.7.5-88.el7.x86_64 2020-11-22 01:49:58 Found package: python-linux-procfs,0.4.11-4.el7.noarch 2020-11-22 01:49:58 Found package: python-lxml,3.2.1-4.el7.x86_64 2020-11-22 01:49:58 Found package: python-perf,3.10.0-1127.18.2.el7.x86_64 2020-11-22 01:49:58 Found package: python-pycurl,7.19.0-19.el7.x86_64 2020-11-22 01:49:58 Found package: python-pyudev,0.15-9.el7.noarch 2020-11-22 01:49:58 Found package: python-schedutils,0.4-6.el7.x86_64 2020-11-22 01:49:58 Found package: python-slip,0.4.0-4.el7.noarch 2020-11-22 01:49:58 Found package: python-slip-dbus,0.4.0-4.el7.noarch 2020-11-22 01:49:58 Found package: python-srpm-macros,3-32.el7.noarch 2020-11-22 01:49:58 Found package: python-urlgrabber,3.10-10.el7.noarch 2020-11-22 01:49:58 Found package: python34,3.4.10-6.el7.x86_64 2020-11-22 01:49:58 Found package: python34-libs,3.4.10-6.el7.x86_64 2020-11-22 01:49:58 Found package: pyxattr,0.5.1-5.el7.x86_64 2020-11-22 01:49:58 Found package: qrencode-libs,3.4.1-3.el7.x86_64 2020-11-22 01:49:58 Found package: readline,6.2-11.el7.x86_64 2020-11-22 01:49:58 Found package: redhat-rpm-config,9.1.0-88.el7.centos.noarch 2020-11-22 01:49:59 Found package: rh-python35,2.0-2.el7.x86_64 2020-11-22 01:49:59 Found package: rh-python35-python,3.5.1-13.el7.x86_64 2020-11-22 01:49:59 Found package: rh-python35-python-devel,3.5.1-13.el7.x86_64 2020-11-22 01:49:59 Found package: rh-python35-python-libs,3.5.1-13.el7.x86_64 2020-11-22 01:49:59 Found package: rh-python35-python-pip,7.1.0-2.el7.noarch 2020-11-22 01:49:59 Found package: rh-python35-python-setuptools,18.0.1-2.el7.noarch 2020-11-22 01:49:59 Found package: rh-python35-python-virtualenv,13.1.2-2.el7.noarch 2020-11-22 01:49:59 Found package: rh-python35-runtime,2.0-2.el7.x86_64 2020-11-22 01:49:59 Found package: rootfiles,8.1-11.el7.noarch 2020-11-22 01:49:59 Found package: rpm,4.11.3-43.el7.x86_64 2020-11-22 01:49:59 Found package: rpm-build-libs,4.11.3-43.el7.x86_64 2020-11-22 01:49:59 Found package: rpm-libs,4.11.3-43.el7.x86_64 2020-11-22 01:49:59 Found package: rpm-python,4.11.3-43.el7.x86_64 2020-11-22 01:49:59 Found package: rsync,3.1.2-10.el7.x86_64 2020-11-22 01:49:59 Found package: rsyslog,8.24.0-52.el7_8.2.x86_64 2020-11-22 01:49:59 Found package: scl-utils,20130529-19.el7.x86_64 2020-11-22 01:49:59 Found package: scl-utils-build,20130529-19.el7.x86_64 2020-11-22 01:49:59 Found package: sed,4.2.2-6.el7.x86_64 2020-11-22 01:49:59 Found package: selinux-policy,3.13.1-266.el7_8.1.noarch 2020-11-22 01:49:59 Found package: selinux-policy-targeted,3.13.1-266.el7_8.1.noarch 2020-11-22 01:49:59 Found package: setools-libs,3.3.8-4.el7.x86_64 2020-11-22 01:49:59 Found package: setup,2.8.71-11.el7.noarch 2020-11-22 01:49:59 Found package: shadow-utils,4.6-5.el7.x86_64 2020-11-22 01:49:59 Found package: shared-mime-info,1.8-5.el7.x86_64 2020-11-22 01:49:59 Found package: shim-x64,15-8.el7.x86_64 2020-11-22 01:49:59 Found package: slang,2.2.4-11.el7.x86_64 2020-11-22 01:49:59 Found package: snappy,1.1.0-3.el7.x86_64 2020-11-22 01:49:59 Found package: sqlite,3.7.17-8.el7_7.1.x86_64 2020-11-22 01:49:59 Found package: sudo,1.8.23-9.el7.x86_64 2020-11-22 01:49:59 Found package: systemd,219-73.el7_8.9.x86_64 2020-11-22 01:49:59 Found package: systemd-libs,219-73.el7_8.9.x86_64 2020-11-22 01:49:59 Found package: systemd-sysv,219-73.el7_8.9.x86_64 2020-11-22 01:49:59 Found package: sysvinit-tools,2.88-14.dsf.el7.x86_64 2020-11-22 01:49:59 Found package: tar,1.26-35.el7.x86_64 2020-11-22 01:49:59 Found package: tcp_wrappers-libs,7.6-77.el7.x86_64 2020-11-22 01:49:59 Found package: teamd,1.29-1.el7.x86_64 2020-11-22 01:49:59 Found package: telnet,0.17-65.el7_8.x86_64 2020-11-22 01:49:59 Found package: ttmkfdir,3.0.9-42.el7.x86_64 2020-11-22 01:49:59 Found package: tuned,2.11.0-8.el7.noarch 2020-11-22 01:49:59 Found package: tzdata,2020a-1.el7.noarch 2020-11-22 01:49:59 Found package: tzdata-java,2020a-1.el7.noarch 2020-11-22 01:49:59 Found package: ustr,1.0.4-16.el7.x86_64 2020-11-22 01:49:59 Found package: util-linux,2.23.2-63.el7.x86_64 2020-11-22 01:49:59 Found package: vim-common,7.4.629-6.el7.x86_64 2020-11-22 01:49:59 Found package: vim-enhanced,7.4.629-6.el7.x86_64 2020-11-22 01:49:59 Found package: vim-filesystem,7.4.629-6.el7.x86_64 2020-11-22 01:49:59 Found package: vim-minimal,7.4.629-6.el7.x86_64 2020-11-22 01:49:59 Found package: virt-what,1.18-4.el7.x86_64 2020-11-22 01:49:59 Found package: wget,1.14-18.el7_6.1.x86_64 2020-11-22 01:49:59 Found package: which,2.20-7.el7.x86_64 2020-11-22 01:49:59 Found package: wpa_supplicant,2.6-12.el7.x86_64 2020-11-22 01:49:59 Found package: xfsprogs,4.5.0-20.el7.x86_64 2020-11-22 01:49:59 Found package: xml-common,0.6.3-39.el7.noarch 2020-11-22 01:49:59 Found package: xorg-x11-font-utils,7.5-21.el7.x86_64 2020-11-22 01:49:59 Found package: xorg-x11-fonts-Type1,7.5-9.el7.noarch 2020-11-22 01:49:59 Found package: xz,5.2.2-1.el7.x86_64 2020-11-22 01:49:59 Found package: xz-libs,5.2.2-1.el7.x86_64 2020-11-22 01:49:59 Found package: yum,3.4.3-167.el7.centos.noarch 2020-11-22 01:49:59 Found package: yum-metadata-parser,1.1.4-10.el7.x86_64 2020-11-22 01:49:59 Found package: yum-plugin-fastestmirror,1.1.31-54.el7_8.noarch 2020-11-22 01:49:59 Found package: yum-utils,1.1.31-54.el7_8.noarch 2020-11-22 01:49:59 Found package: zip,3.0-11.el7.x86_64 2020-11-22 01:49:59 Found package: zlib,1.2.7-18.el7.x86_64 2020-11-22 01:49:59 ==== 2020-11-22 01:50:00 Skipped test PKGS-7310 (Checking package list with pacman) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7312 (Checking available updates for pacman based system) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 Result: pacman binary NOT found on this system, test skipped 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7314 (Checking pacman configuration options) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7320 (Checking for arch-audit tooling) 2020-11-22 01:50:00 Reason to skip: Test only applies to Arch Linux 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7322 (Discover vulnerable packages with arch-audit) 2020-11-22 01:50:00 Reason to skip: arch-audit not found 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7328 (Querying Zypper for installed packages) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7330 (Querying Zypper for vulnerable packages) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7332 (Query macOS ports) 2020-11-22 01:50:00 Reason to skip: Incorrect guest OS (macOS only) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7334 (Query port for port upgrades) 2020-11-22 01:50:00 Reason to skip: Incorrect guest OS (macOS only) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7345 (Querying dpkg) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 Result: dpkg can NOT be found on this system, test skipped 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7346 (Search unpurged packages on system) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 Result: dpkg can NOT be found on this system, test skipped 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7348 (Check for old distfiles) 2020-11-22 01:50:00 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7350 (Checking for installed packages with DNF utility) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7352 (Checking for security updates with DNF utility) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7354 (Checking package database integrity) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7366 (Checking for debsecan utility) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7370 (Checking for debsums utility) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7378 (Query portmaster for port upgrades) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7380 (Check for vulnerable NetBSD packages) 2020-11-22 01:50:00 Reason to skip: Incorrect guest OS (NetBSD only) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7381 (Check for vulnerable FreeBSD packages with pkg) 2020-11-22 01:50:00 Reason to skip: pkg tool not available 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Skipped test PKGS-7382 (Check for vulnerable FreeBSD packages with portaudit) 2020-11-22 01:50:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:00 ==== 2020-11-22 01:50:00 Performing test ID PKGS-7383 (Check for YUM package update management) 2020-11-22 01:50:00 Test: YUM package update management 2020-11-22 01:50:02 Result: YUM repository available (32880) 2020-11-22 01:50:02 ==== 2020-11-22 01:50:02 Performing test ID PKGS-7384 (Check for YUM utils package) 2020-11-22 01:50:02 Result: found YUM utils package (package-cleanup) 2020-11-22 01:50:02 Test: Checking for duplicate packages 2020-11-22 01:50:03 Result: No duplicate packages found 2020-11-22 01:50:03 Test: Checking for database problems 2020-11-22 01:50:04 Result: No package database problems found 2020-11-22 01:50:04 ==== 2020-11-22 01:50:04 Performing test ID PKGS-7386 (Check for YUM security package) 2020-11-22 01:50:04 Test: Determining if yum-security package installed 2020-11-22 01:50:04 Test: checking if file /usr/share/yum-cli/cli.py exists 2020-11-22 01:50:04 Result: file /usr/share/yum-cli/cli.py exists 2020-11-22 01:50:04 Test: search string \-\-security in file /usr/share/yum-cli/cli.py 2020-11-22 01:50:04 Result: found search string '\-\-security' 2020-11-22 01:50:04 Full string returned: group.add_option("--security", action="store_true", 2020-11-22 01:50:04 Result: found built-in security in yum 2020-11-22 01:50:04 Test: Checking for vulnerable packages 2020-11-22 01:50:13 Result: found vulnerable package(s) 2020-11-22 01:50:13 Vulnerable package: python34-3.4.10-7.el7.x86_64, 2020-11-22 01:50:13 Hardening: assigned partial number of hardening points (1 of 2). Currently having 120 points (out of 175) 2020-11-22 01:50:13 Vulnerable package: python34-libs-3.4.10-7.el7.x86_64, 2020-11-22 01:50:13 Hardening: assigned partial number of hardening points (1 of 2). Currently having 121 points (out of 177) 2020-11-22 01:50:13 Warning: Found one or more vulnerable packages. [test:PKGS-7386] [details:-] [solution:-] 2020-11-22 01:50:13 ==== 2020-11-22 01:50:13 Performing test ID PKGS-7387 (Check for GPG signing in YUM security package) 2020-11-22 01:50:13 Test: checking enabled repositories 2020-11-22 01:50:13 Result: software repository 'base' is signed 2020-11-22 01:50:13 Hardening: assigned maximum number of hardening points for this item (4). Currently having 125 points (out of 181) 2020-11-22 01:50:13 Result: software repository 'centos-sclo-rh' is signed 2020-11-22 01:50:13 Hardening: assigned maximum number of hardening points for this item (4). Currently having 129 points (out of 185) 2020-11-22 01:50:13 Result: software repository 'centos-sclo-sclo' is signed 2020-11-22 01:50:13 Hardening: assigned maximum number of hardening points for this item (4). Currently having 133 points (out of 189) 2020-11-22 01:50:13 Result: software repository 'docker-ce-stable' is signed 2020-11-22 01:50:13 Hardening: assigned maximum number of hardening points for this item (4). Currently having 137 points (out of 193) 2020-11-22 01:50:13 Result: software repository 'epel' is signed 2020-11-22 01:50:13 Hardening: assigned maximum number of hardening points for this item (4). Currently having 141 points (out of 197) 2020-11-22 01:50:13 Result: software repository 'extras' is signed 2020-11-22 01:50:13 Hardening: assigned maximum number of hardening points for this item (4). Currently having 145 points (out of 201) 2020-11-22 01:50:13 Result: software repository 'updates' is signed 2020-11-22 01:50:13 Hardening: assigned maximum number of hardening points for this item (4). Currently having 149 points (out of 205) 2020-11-22 01:50:13 Test: checking if file /etc/yum.conf exists 2020-11-22 01:50:13 Result: file /etc/yum.conf exists 2020-11-22 01:50:13 Test: search string ^gpgenabled\s*=\s*1$ in file /etc/yum.conf 2020-11-22 01:50:13 Result: search search string '^gpgenabled\s*=\s*1$' NOT found 2020-11-22 01:50:13 Test: search string ^gpgcheck\s*=\s*1$ in file /etc/yum.conf 2020-11-22 01:50:13 Result: found search string '^gpgcheck\s*=\s*1$' 2020-11-22 01:50:13 Full string returned: gpgcheck=1 2020-11-22 01:50:13 Result: GPG check is enabled 2020-11-22 01:50:13 Hardening: assigned maximum number of hardening points for this item (3). Currently having 152 points (out of 208) 2020-11-22 01:50:13 ==== 2020-11-22 01:50:13 Skipped test PKGS-7388 (Check security repository in apt sources.list file) 2020-11-22 01:50:13 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:13 ==== 2020-11-22 01:50:13 Skipped test PKGS-7390 (Check Ubuntu database consistency) 2020-11-22 01:50:13 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:13 ==== 2020-11-22 01:50:13 Skipped test PKGS-7392 (Check for Debian/Ubuntu security updates) 2020-11-22 01:50:13 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:13 ==== 2020-11-22 01:50:14 Skipped test PKGS-7393 (Check for Gentoo vulnerable packages) 2020-11-22 01:50:14 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:14 ==== 2020-11-22 01:50:14 Skipped test PKGS-7394 (Check for Ubuntu updates) 2020-11-22 01:50:14 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:14 ==== 2020-11-22 01:50:14 Performing test ID PKGS-7398 (Check for package audit tool) 2020-11-22 01:50:14 Test: checking for package audit tool 2020-11-22 01:50:14 Result: found package audit tool: yum-security 2020-11-22 01:50:14 ==== 2020-11-22 01:50:14 Performing test ID PKGS-7410 (Count installed kernel packages) 2020-11-22 01:50:14 Test: Checking how many kernel packages are installed 2020-11-22 01:50:14 Result: found 2 kernel packages on the system, which is fine 2020-11-22 01:50:14 ==== 2020-11-22 01:50:14 Performing test ID PKGS-7420 (Detect toolkit to automatically download and apply upgrades) 2020-11-22 01:50:14 Hardening: assigned partial number of hardening points (1 of 5). Currently having 153 points (out of 213) 2020-11-22 01:50:14 Result: no toolkit for automatic updates discovered 2020-11-22 01:50:14 Suggestion: Consider using a tool to automatically apply upgrades [test:PKGS-7420] [details:-] [solution:-] 2020-11-22 01:50:14 Security check: file is normal 2020-11-22 01:50:14 Checking permissions of /root/lynis/include/tests_networking 2020-11-22 01:50:14 File permissions are OK 2020-11-22 01:50:14 ==== 2020-11-22 01:50:14 Action: Performing tests from category: Networking 2020-11-22 01:50:14 ==== 2020-11-22 01:50:14 Performing test ID NETW-2400 (Hostname length and value check) 2020-11-22 01:50:14 Result: FQDN is defined and not longer than 253 characters (29 characters) 2020-11-22 01:50:14 Result: hostnamed is defined and not longer than 63 characters 2020-11-22 01:50:14 Result: good, no unexpected characters discovered in hostname 2020-11-22 01:50:14 ==== 2020-11-22 01:50:14 Performing test ID NETW-2600 (Checking IPv6 configuration) 2020-11-22 01:50:18 Result: IPV6 mode is auto 2020-11-22 01:50:18 Result: IPv6 only configuration: NO 2020-11-22 01:50:18 ==== 2020-11-22 01:50:18 Performing test ID NETW-2704 (Basic nameserver configuration tests) 2020-11-22 01:50:18 Test: Checking /etc/resolv.conf file 2020-11-22 01:50:18 Result: Found /etc/resolv.conf file 2020-11-22 01:50:18 Test: Querying nameservers 2020-11-22 01:50:18 Found nameserver: 10.11.8.1 2020-11-22 01:50:18 Result: Nameserver test for 10.11.8.1 skipped, 'dig' not installed 2020-11-22 01:50:18 ==== 2020-11-22 01:50:18 Performing test ID NETW-2705 (Check availability two nameservers) 2020-11-22 01:50:18 Result: dig not installed, test can't be fully performed 2020-11-22 01:50:18 ==== 2020-11-22 01:50:18 Skipped test NETW-2706 (Check systemd-resolved and upstream DNSSEC status) 2020-11-22 01:50:18 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:18 Result: Test most likely skipped due to not having resolvectl 2020-11-22 01:50:18 ==== 2020-11-22 01:50:18 Skipped test NETW-3001 (Find default gateway (route)) 2020-11-22 01:50:18 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:18 ==== 2020-11-22 01:50:18 Performing test ID NETW-3004 (Search for available network interfaces) 2020-11-22 01:50:18 Found network interface: lo 2020-11-22 01:50:18 Found network interface: enp134s0f0 2020-11-22 01:50:18 Found network interface: enp134s0f1 2020-11-22 01:50:18 Found network interface: enp136s0f0 2020-11-22 01:50:18 Found network interface: enp136s0f1 2020-11-22 01:50:18 Found network interface: docker0 2020-11-22 01:50:18 ==== 2020-11-22 01:50:18 Performing test ID NETW-3006 (Get network MAC addresses) 2020-11-22 01:50:18 Test: Using ip binary to gather hardware addresses 2020-11-22 01:50:19 Found MAC address: 3c:fd:fe:dd:a2:8c 2020-11-22 01:50:19 Found MAC address: 3c:fd:fe:dd:a2:8d 2020-11-22 01:50:19 Found MAC address: 3c:fd:fe:cd:98:c8 2020-11-22 01:50:19 Found MAC address: 3c:fd:fe:cd:98:c9 2020-11-22 01:50:19 Found MAC address: 02:42:e8:95:67:e2 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Performing test ID NETW-3008 (Get network IP addresses) 2020-11-22 01:50:19 Test: Using ip binary to gather IP addresses 2020-11-22 01:50:19 Found IPv4 address: 127.0.0.1 2020-11-22 01:50:19 Found IPv4 address: 10.11.8.12 2020-11-22 01:50:19 Found IPv4 address: 172.17.0.1 2020-11-22 01:50:19 Found IPv6 address: ::1 2020-11-22 01:50:19 Found IPv6 address: fe80::2fdb:1973:9fa6:7a80 2020-11-22 01:50:19 Found IPv6 address: fe80::42:e8ff:fe95:67e2 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Performing test ID NETW-3012 (Check listening ports) 2020-11-22 01:50:19 Test: Retrieving ss information to find listening ports 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Skipped test NETW-3014 (Checking promiscuous interfaces (BSD)) 2020-11-22 01:50:19 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Performing test ID NETW-3015 (Checking promiscuous interfaces (Linux)) 2020-11-22 01:50:19 Test: Using ip binary to retrieve network interfaces 2020-11-22 01:50:19 Test: Checking all interfaces to discover any with promiscuous mode enabled 2020-11-22 01:50:19 Result: No promiscuous interfaces found 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Skipped test NETW-3028 (Checking connections in WAIT state) 2020-11-22 01:50:19 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Performing test ID NETW-3030 (Checking DHCP client status) 2020-11-22 01:50:19 Performing pgrep scan without uid 2020-11-22 01:50:19 IsRunning: process 'dhclient' found (2768 ) 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Performing test ID NETW-3032 (Checking for ARP monitoring software) 2020-11-22 01:50:19 Performing pgrep scan without uid 2020-11-22 01:50:19 IsRunning: process 'addrwatch' not found 2020-11-22 01:50:19 Performing pgrep scan without uid 2020-11-22 01:50:19 IsRunning: process 'arpwatch' not found 2020-11-22 01:50:19 Performing pgrep scan without uid 2020-11-22 01:50:19 IsRunning: process 'arpon' not found 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Performing test ID NETW-3200 (Determine available network protocols) 2020-11-22 01:50:19 Test: checking the status of some network protocols that typically are not used 2020-11-22 01:50:19 Test: now checking module 'dccp' 2020-11-22 01:50:19 Suggestion: Determine if protocol 'dccp' is really needed on this system [test:NETW-3200] [details:-] [solution:-] 2020-11-22 01:50:19 Test: now checking module 'sctp' 2020-11-22 01:50:19 Suggestion: Determine if protocol 'sctp' is really needed on this system [test:NETW-3200] [details:-] [solution:-] 2020-11-22 01:50:19 Test: now checking module 'rds' 2020-11-22 01:50:19 Suggestion: Determine if protocol 'rds' is really needed on this system [test:NETW-3200] [details:-] [solution:-] 2020-11-22 01:50:19 Test: now checking module 'tipc' 2020-11-22 01:50:19 Suggestion: Determine if protocol 'tipc' is really needed on this system [test:NETW-3200] [details:-] [solution:-] 2020-11-22 01:50:19 Security check: file is normal 2020-11-22 01:50:19 Checking permissions of /root/lynis/include/tests_printers_spoolers 2020-11-22 01:50:19 File permissions are OK 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Action: Performing tests from category: Printers and Spools 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Skipped test PRNT-2302 (Check for printcap consistency) 2020-11-22 01:50:19 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Performing test ID PRNT-2304 (Check cupsd status) 2020-11-22 01:50:19 Test: Checking cupsd status 2020-11-22 01:50:19 Performing pgrep scan without uid 2020-11-22 01:50:19 IsRunning: process 'cupsd' not found 2020-11-22 01:50:19 Result: cups daemon not running, cups daemon tests skipped 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Skipped test PRNT-2306 (Check CUPSd configuration file) 2020-11-22 01:50:19 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Skipped test PRNT-2307 (Check CUPSd configuration file permissions) 2020-11-22 01:50:19 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:19 ==== 2020-11-22 01:50:19 Skipped test PRNT-2308 (Check CUPSd network configuration) 2020-11-22 01:50:20 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID PRNT-2314 (Check lpd status) 2020-11-22 01:50:20 Test: Checking lpd status 2020-11-22 01:50:20 Performing pgrep scan without uid 2020-11-22 01:50:20 IsRunning: process 'lpd' not found 2020-11-22 01:50:20 Result: lp daemon not running 2020-11-22 01:50:20 Hardening: assigned maximum number of hardening points for this item (4). Currently having 157 points (out of 217) 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Skipped test PRNT-2316 (Checking /etc/qconfig file) 2020-11-22 01:50:20 Reason to skip: Incorrect guest OS (AIX only) 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Skipped test PRNT-2418 (Checking qdaemon printer spooler status) 2020-11-22 01:50:20 Reason to skip: Incorrect guest OS (AIX only) 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Skipped test PRNT-2420 (Checking old print jobs) 2020-11-22 01:50:20 Reason to skip: Incorrect guest OS (AIX only) 2020-11-22 01:50:20 Security check: file is normal 2020-11-22 01:50:20 Checking permissions of /root/lynis/include/tests_mail_messaging 2020-11-22 01:50:20 File permissions are OK 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Action: Performing tests from category: Software: e-mail and messaging 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID MAIL-8802 (Check Exim status) 2020-11-22 01:50:20 Test: check Exim status 2020-11-22 01:50:20 Performing pgrep scan without uid 2020-11-22 01:50:20 IsRunning: process 'exim4' not found 2020-11-22 01:50:20 Performing pgrep scan without uid 2020-11-22 01:50:20 IsRunning: process 'exim' not found 2020-11-22 01:50:20 Result: no running Exim processes found 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Skipped test MAIL-8804 (Exim configuration options) 2020-11-22 01:50:20 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID MAIL-8814 (Check postfix process status) 2020-11-22 01:50:20 Test: check Postfix status 2020-11-22 01:50:20 Result: found running Postfix process 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID MAIL-8816 (Check Postfix configuration) 2020-11-22 01:50:20 Postfix configuration directory: /etc/postfix 2020-11-22 01:50:20 Postfix configuration file: /etc/postfix/main.cf 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID MAIL-8817 (Check Postfix configuration errors) 2020-11-22 01:50:20 Test: using postconf to see if Postfix configuration has errors 2020-11-22 01:50:20 Result: all looks to be fine with Postfix configuration 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID MAIL-8818 (Check Postfix configuration: banner) 2020-11-22 01:50:20 Test: Checking Postfix banner 2020-11-22 01:50:20 Result: found OS, or mail_name in SMTP banner, and/or mail_name contains 'Postfix'. 2020-11-22 01:50:20 Warning: Found some information disclosure in SMTP banner (OS or software name) [test:MAIL-8818] [details:-] [solution:-] 2020-11-22 01:50:20 Suggestion: You are advised to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (/etc/postfix/main.cf) [test:MAIL-8818] [details:-] [solution:-] 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID MAIL-8820 (Postfix configuration scan) 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID MAIL-8838 (Check dovecot process) 2020-11-22 01:50:20 Test: check dovecot status 2020-11-22 01:50:20 Performing pgrep scan without uid 2020-11-22 01:50:20 IsRunning: process 'dovecot' not found 2020-11-22 01:50:20 Result: dovecot not found 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID MAIL-8860 (Check Qmail status) 2020-11-22 01:50:20 Test: check Qmail status 2020-11-22 01:50:20 Performing pgrep scan without uid 2020-11-22 01:50:20 IsRunning: process 'qmail-smtpd' not found 2020-11-22 01:50:20 Result: no running Qmail processes found 2020-11-22 01:50:20 ==== 2020-11-22 01:50:20 Performing test ID MAIL-8880 (Check Sendmail status) 2020-11-22 01:50:21 Test: check sendmail status 2020-11-22 01:50:21 Performing pgrep scan without uid 2020-11-22 01:50:21 IsRunning: process 'sendmail' not found 2020-11-22 01:50:21 Result: no running Sendmail processes found 2020-11-22 01:50:21 ==== 2020-11-22 01:50:21 Skipped test MAIL-8920 (Check OpenSMTPD status) 2020-11-22 01:50:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:21 Security check: file is normal 2020-11-22 01:50:21 Checking permissions of /root/lynis/include/tests_firewalls 2020-11-22 01:50:21 File permissions are OK 2020-11-22 01:50:21 ==== 2020-11-22 01:50:21 Action: Performing tests from category: Software: firewalls 2020-11-22 01:50:21 ==== 2020-11-22 01:50:21 Performing test ID FIRE-4502 (Check iptables kernel module) 2020-11-22 01:50:21 Result: Found iptables in loaded kernel modules 2020-11-22 01:50:21 Found module: ip_tables 2020-11-22 01:50:21 ==== 2020-11-22 01:50:21 Performing test ID FIRE-4508 (Check used policies of iptables chains) 2020-11-22 01:50:21 Test: gathering information from table filter 2020-11-22 01:50:21 Result: iptables \nfilter -- INPUT policy is ACCEPT. 2020-11-22 01:50:21 Result: ACCEPT 2020-11-22 01:50:21 Result: Found ACCEPT for INPUT (table: \nfilter) 2020-11-22 01:50:21 Hardening: assigned partial number of hardening points (1 of 3). Currently having 158 points (out of 220) 2020-11-22 01:50:21 Result: iptables filter -- ACCEPT policy is RELATED. 2020-11-22 01:50:21 Result: RELATED 2020-11-22 01:50:21 Result: iptables filter -- ESTABLISHED policy is ACCEPT. 2020-11-22 01:50:21 Result: ACCEPT 2020-11-22 01:50:21 Result: iptables filter -- DROP policy is INVALID. 2020-11-22 01:50:21 Result: INVALID 2020-11-22 01:50:21 Result: iptables filter -- REJECT policy is FORWARD. 2020-11-22 01:50:21 Result: FORWARD 2020-11-22 01:50:21 Result: iptables filter -- DROP policy is DOCKER. 2020-11-22 01:50:21 Result: DOCKER 2020-11-22 01:50:21 Result: iptables filter -- USER policy is DOCKER. 2020-11-22 01:50:21 Result: DOCKER 2020-11-22 01:50:21 Result: iptables filter -- ISOLATION policy is STAGE. 2020-11-22 01:50:21 Result: STAGE 2020-11-22 01:50:21 Result: iptables filter -- ACCEPT policy is RELATED. 2020-11-22 01:50:21 Result: RELATED 2020-11-22 01:50:21 Result: iptables filter -- ESTABLISHED policy is DOCKER. 2020-11-22 01:50:21 Result: DOCKER 2020-11-22 01:50:21 Result: iptables filter -- ACCEPT policy is ACCEPT. 2020-11-22 01:50:21 Result: ACCEPT 2020-11-22 01:50:21 Result: iptables filter -- ACCEPT policy is RELATED. 2020-11-22 01:50:21 Result: RELATED 2020-11-22 01:50:21 Result: iptables filter -- ESTABLISHED policy is ACCEPT. 2020-11-22 01:50:21 Result: ACCEPT 2020-11-22 01:50:21 Result: iptables filter -- DROP policy is INVALID. 2020-11-22 01:50:21 Result: INVALID 2020-11-22 01:50:21 Result: iptables filter -- REJECT policy is OUTPUT. 2020-11-22 01:50:21 Result: OUTPUT 2020-11-22 01:50:21 Result: iptables filter -- ACCEPT policy is ACCEPT. 2020-11-22 01:50:21 Result: ACCEPT 2020-11-22 01:50:21 Result: iptables filter -- DOCKER policy is DOCKER. 2020-11-22 01:50:21 Result: DOCKER 2020-11-22 01:50:21 Result: iptables filter -- ISOLATION policy is STAGE. 2020-11-22 01:50:21 Result: STAGE 2020-11-22 01:50:21 Result: iptables filter -- DOCKER policy is ISOLATION. 2020-11-22 01:50:21 Result: ISOLATION 2020-11-22 01:50:21 Result: iptables filter -- STAGE policy is RETURN. 2020-11-22 01:50:21 Result: RETURN 2020-11-22 01:50:21 Result: iptables filter -- DOCKER policy is ISOLATION. 2020-11-22 01:50:21 Result: ISOLATION 2020-11-22 01:50:21 Result: iptables filter -- STAGE policy is DROP. 2020-11-22 01:50:21 Result: DROP 2020-11-22 01:50:21 Result: iptables filter -- RETURN policy is DOCKER. 2020-11-22 01:50:21 Result: DOCKER 2020-11-22 01:50:21 Result: iptables filter -- USER policy is RETURN. 2020-11-22 01:50:21 Result: RETURN 2020-11-22 01:50:21 Result: iptables filter -- ACCEPT policy is ACCEPT. 2020-11-22 01:50:21 Result: ACCEPT 2020-11-22 01:50:21 Result: iptables filter -- ACCEPT policy is NEW. 2020-11-22 01:50:21 Result: NEW 2020-11-22 01:50:21 Result: iptables filter -- UNTRACKED policy is . 2020-11-22 01:50:21 Result: 2020-11-22 01:50:21 ==== 2020-11-22 01:50:21 Performing test ID FIRE-4512 (Check iptables for empty ruleset) 2020-11-22 01:50:22 Result: one or more rules are available (47 rules) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Performing test ID FIRE-4513 (Check iptables for unused rules) 2020-11-22 01:50:22 Result: Found one or more possible unused rules 2020-11-22 01:50:22 Description: Unused rules can be a sign that the firewall rules aren't optimized or up-to-date 2020-11-22 01:50:22 Note: Sometimes rules aren't triggered but still in use. Keep this in mind before cleaning up rules. 2020-11-22 01:50:22 Output: iptables rule numbers: 6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1 2 1 2 1 1 2 1 2 1 2 3 4 1 2 3 4 2020-11-22 01:50:22 Suggestion: Check iptables rules to see which rules are currently not used [test:FIRE-4513] [details:-] [solution:-] 2020-11-22 01:50:22 Tip: iptables --list --numeric --line-numbers --verbose 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test FIRE-4518 (Check pf firewall components) 2020-11-22 01:50:22 Reason to skip: No /dev/pf device 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test FIRE-4520 (Check pf configuration consistency) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Performing test ID FIRE-4524 (Check for CSF presence) 2020-11-22 01:50:22 Test: check /etc/csf/csf.conf 2020-11-22 01:50:22 Result: /etc/csf/csf.conf does NOT exist 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test FIRE-4526 (Check ipf status) 2020-11-22 01:50:22 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test FIRE-4530 (Check IPFW status) 2020-11-22 01:50:22 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test FIRE-4532 (Check macOS application firewall) 2020-11-22 01:50:22 Reason to skip: Incorrect guest OS (macOS only) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test FIRE-4534 (Check for presence of outbound firewalls on macOS) 2020-11-22 01:50:22 Reason to skip: Incorrect guest OS (macOS only) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test FIRE-4536 (Check nftables status) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test FIRE-4538 (Check nftables basic configuration) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test FIRE-4540 (Check for empty nftables configuration) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Performing test ID FIRE-4586 (Check firewall logging) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Performing test ID FIRE-4590 (Check firewall status) 2020-11-22 01:50:22 Result: host based firewall or packet filter is active 2020-11-22 01:50:22 Hardening: assigned maximum number of hardening points for this item (5). Currently having 162 points (out of 222) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Performing test ID FIRE-4594 (Check for APF presence) 2020-11-22 01:50:22 Test: check /etc/apf/conf.apf 2020-11-22 01:50:22 Result: /etc/apf/conf.apf does NOT exist 2020-11-22 01:50:22 Security check: file is normal 2020-11-22 01:50:22 Checking permissions of /root/lynis/include/tests_webservers 2020-11-22 01:50:22 File permissions are OK 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Action: Performing tests from category: Software: webserver 2020-11-22 01:50:22 Action: created temporary file /tmp/lynis.SU7G6PVjM5 2020-11-22 01:50:22 Action: created temporary file /tmp/lynis.56XKWgDbcg 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Performing test ID HTTP-6622 (Checking Apache presence) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test HTTP-6624 (Testing main Apache configuration file) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test HTTP-6626 (Testing other Apache configuration file) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test HTTP-6632 (Determining all available Apache modules) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test HTTP-6640 (Determining existence of specific Apache modules) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test HTTP-6641 (Determining existence of specific Apache modules) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test HTTP-6643 (Determining existence of specific Apache modules) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Performing test ID HTTP-6702 (Check nginx process) 2020-11-22 01:50:22 Test: searching running nginx process 2020-11-22 01:50:22 Performing pgrep scan without uid 2020-11-22 01:50:22 IsRunning: process 'nginx' not found 2020-11-22 01:50:22 Result: no running nginx process found 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test HTTP-6704 (Check nginx configuration file) 2020-11-22 01:50:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:22 ==== 2020-11-22 01:50:22 Skipped test HTTP-6706 (Check for additional nginx configuration files) 2020-11-22 01:50:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Skipped test HTTP-6708 (Check discovered nginx configuration settings) 2020-11-22 01:50:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Skipped test HTTP-6710 (Check nginx SSL configuration settings) 2020-11-22 01:50:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Skipped test HTTP-6712 (Check nginx access logging) 2020-11-22 01:50:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Skipped test HTTP-6714 (Check for missing error logs in nginx) 2020-11-22 01:50:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Skipped test HTTP-6716 (Check for debug mode on error log in nginx) 2020-11-22 01:50:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Skipped test HTTP-6720 (Check Nginx log files) 2020-11-22 01:50:23 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:23 Security check: file is normal 2020-11-22 01:50:23 Checking permissions of /root/lynis/include/tests_ssh 2020-11-22 01:50:23 File permissions are OK 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Action: Performing tests from category: SSH Support 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Performing test ID SSH-7402 (Check for running SSH daemon) 2020-11-22 01:50:23 Test: Searching for a SSH daemon 2020-11-22 01:50:23 Performing pgrep scan without uid 2020-11-22 01:50:23 IsRunning: process 'sshd' found (2044 3694 4345 ) 2020-11-22 01:50:23 Action: created temporary file /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Performing test ID SSH-7404 (Check SSH daemon file location) 2020-11-22 01:50:23 Test: searching for sshd_config file 2020-11-22 01:50:23 Result: /etc/ssh/sshd_config exists 2020-11-22 01:50:23 Test: check if we can access /etc/ssh/sshd_config (escaped: /etc/ssh/sshd_config) 2020-11-22 01:50:23 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:23 Result: file /etc/ssh/sshd_config is readable (or directory accessible). 2020-11-22 01:50:23 Result: using last found configuration file: /etc/ssh/sshd_config 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Performing test ID SSH-7406 (Determine OpenSSH version) 2020-11-22 01:50:23 Result: discovered OpenSSH version is 7.4 2020-11-22 01:50:23 Result: OpenSSH major version: 7 2020-11-22 01:50:23 Result: OpenSSH minor version: 4 2020-11-22 01:50:23 ==== 2020-11-22 01:50:23 Performing test ID SSH-7408 (Check SSH specific defined options) 2020-11-22 01:50:23 Test: Checking specific defined options in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:23 Result: added additional options for OpenSSH < 7.5 2020-11-22 01:50:23 Test: Checking AllowTcpForwarding in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:23 Result: Option AllowTcpForwarding found 2020-11-22 01:50:23 Result: Option AllowTcpForwarding value is YES 2020-11-22 01:50:23 Result: OpenSSH option AllowTcpForwarding is in a weak configuration state and should be fixed 2020-11-22 01:50:23 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:AllowTcpForwarding (set YES to NO)] [solution:-] 2020-11-22 01:50:23 Hardening: assigned partial number of hardening points (0 of 3). Currently having 162 points (out of 225) 2020-11-22 01:50:23 Test: Checking ClientAliveCountMax in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:23 Result: Option ClientAliveCountMax found 2020-11-22 01:50:23 Result: Option ClientAliveCountMax value is 3 2020-11-22 01:50:23 Result: OpenSSH option ClientAliveCountMax is configured reasonably 2020-11-22 01:50:23 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:ClientAliveCountMax (set 3 to 2)] [solution:-] 2020-11-22 01:50:23 Hardening: assigned partial number of hardening points (1 of 3). Currently having 163 points (out of 228) 2020-11-22 01:50:23 Test: Checking ClientAliveInterval in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:23 Result: Option ClientAliveInterval found 2020-11-22 01:50:23 Result: Option ClientAliveInterval value is 0 2020-11-22 01:50:23 Result: OpenSSH option ClientAliveInterval is configured very well 2020-11-22 01:50:23 Hardening: assigned maximum number of hardening points for this item (3). Currently having 166 points (out of 231) 2020-11-22 01:50:23 Test: Checking Compression in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:23 Result: Option Compression found 2020-11-22 01:50:23 Result: Option Compression value is YES 2020-11-22 01:50:23 Result: OpenSSH option Compression is in a weak configuration state and should be fixed 2020-11-22 01:50:23 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:Compression (set YES to NO)] [solution:-] 2020-11-22 01:50:23 Hardening: assigned partial number of hardening points (0 of 3). Currently having 166 points (out of 234) 2020-11-22 01:50:23 Test: Checking FingerprintHash in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:23 Result: Option FingerprintHash found 2020-11-22 01:50:23 Result: Option FingerprintHash value is SHA256 2020-11-22 01:50:23 Result: OpenSSH option FingerprintHash is configured very well 2020-11-22 01:50:23 Hardening: assigned maximum number of hardening points for this item (3). Currently having 169 points (out of 237) 2020-11-22 01:50:23 Test: Checking GatewayPorts in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:23 Result: Option GatewayPorts found 2020-11-22 01:50:23 Result: Option GatewayPorts value is NO 2020-11-22 01:50:23 Result: OpenSSH option GatewayPorts is configured very well 2020-11-22 01:50:23 Hardening: assigned maximum number of hardening points for this item (3). Currently having 172 points (out of 240) 2020-11-22 01:50:24 Test: Checking IgnoreRhosts in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option IgnoreRhosts found 2020-11-22 01:50:24 Result: Option IgnoreRhosts value is YES 2020-11-22 01:50:24 Result: OpenSSH option IgnoreRhosts is configured very well 2020-11-22 01:50:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 175 points (out of 243) 2020-11-22 01:50:24 Test: Checking LoginGraceTime in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option LoginGraceTime found 2020-11-22 01:50:24 Result: Option LoginGraceTime value is 120 2020-11-22 01:50:24 Result: OpenSSH option LoginGraceTime is configured very well 2020-11-22 01:50:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 178 points (out of 246) 2020-11-22 01:50:24 Test: Checking LogLevel in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option LogLevel found 2020-11-22 01:50:24 Result: Option LogLevel value is INFO 2020-11-22 01:50:24 Result: OpenSSH option LogLevel is configured reasonably 2020-11-22 01:50:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:LogLevel (set INFO to VERBOSE)] [solution:-] 2020-11-22 01:50:24 Hardening: assigned partial number of hardening points (1 of 3). Currently having 179 points (out of 249) 2020-11-22 01:50:24 Test: Checking MaxAuthTries in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option MaxAuthTries found 2020-11-22 01:50:24 Result: Option MaxAuthTries value is 6 2020-11-22 01:50:24 Result: OpenSSH option MaxAuthTries is configured reasonably 2020-11-22 01:50:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxAuthTries (set 6 to 3)] [solution:-] 2020-11-22 01:50:24 Hardening: assigned partial number of hardening points (1 of 3). Currently having 180 points (out of 252) 2020-11-22 01:50:24 Test: Checking MaxSessions in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option MaxSessions found 2020-11-22 01:50:24 Result: Option MaxSessions value is 10 2020-11-22 01:50:24 Result: OpenSSH option MaxSessions is in a weak configuration state and should be fixed 2020-11-22 01:50:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxSessions (set 10 to 2)] [solution:-] 2020-11-22 01:50:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 180 points (out of 255) 2020-11-22 01:50:24 Test: Checking PermitRootLogin in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option PermitRootLogin found 2020-11-22 01:50:24 Result: Option PermitRootLogin value is YES 2020-11-22 01:50:24 Result: OpenSSH option PermitRootLogin is in a weak configuration state and should be fixed 2020-11-22 01:50:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:PermitRootLogin (set YES to (FORCED-COMMANDS-ONLY|NO|PROHIBIT-PASSWORD|WITHOUT-PASSWORD))] [solution:-] 2020-11-22 01:50:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 180 points (out of 258) 2020-11-22 01:50:24 Test: Checking PermitUserEnvironment in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option PermitUserEnvironment found 2020-11-22 01:50:24 Result: Option PermitUserEnvironment value is NO 2020-11-22 01:50:24 Result: OpenSSH option PermitUserEnvironment is configured very well 2020-11-22 01:50:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 183 points (out of 261) 2020-11-22 01:50:24 Test: Checking PermitTunnel in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option PermitTunnel found 2020-11-22 01:50:24 Result: Option PermitTunnel value is NO 2020-11-22 01:50:24 Result: OpenSSH option PermitTunnel is configured very well 2020-11-22 01:50:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 186 points (out of 264) 2020-11-22 01:50:24 Test: Checking Port in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option Port found 2020-11-22 01:50:24 Result: Option Port value is 22 2020-11-22 01:50:24 Result: OpenSSH option Port is in a weak configuration state and should be fixed 2020-11-22 01:50:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:Port (set 22 to )] [solution:-] 2020-11-22 01:50:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 186 points (out of 267) 2020-11-22 01:50:24 Test: Checking PrintLastLog in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option PrintLastLog found 2020-11-22 01:50:24 Result: Option PrintLastLog value is YES 2020-11-22 01:50:24 Result: OpenSSH option PrintLastLog is configured very well 2020-11-22 01:50:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 189 points (out of 270) 2020-11-22 01:50:24 Test: Checking StrictModes in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option StrictModes found 2020-11-22 01:50:24 Result: Option StrictModes value is YES 2020-11-22 01:50:24 Result: OpenSSH option StrictModes is configured very well 2020-11-22 01:50:24 Hardening: assigned maximum number of hardening points for this item (3). Currently having 192 points (out of 273) 2020-11-22 01:50:24 Test: Checking TCPKeepAlive in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option TCPKeepAlive found 2020-11-22 01:50:24 Result: Option TCPKeepAlive value is YES 2020-11-22 01:50:24 Result: OpenSSH option TCPKeepAlive is in a weak configuration state and should be fixed 2020-11-22 01:50:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:TCPKeepAlive (set YES to NO)] [solution:-] 2020-11-22 01:50:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 192 points (out of 276) 2020-11-22 01:50:24 Test: Checking UseDNS in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option UseDNS found 2020-11-22 01:50:24 Result: Option UseDNS value is YES 2020-11-22 01:50:24 Result: OpenSSH option UseDNS is in a weak configuration state and should be fixed 2020-11-22 01:50:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:UseDNS (set YES to NO)] [solution:-] 2020-11-22 01:50:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 192 points (out of 279) 2020-11-22 01:50:24 Test: Checking X11Forwarding in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option X11Forwarding found 2020-11-22 01:50:24 Result: Option X11Forwarding value is YES 2020-11-22 01:50:24 Result: OpenSSH option X11Forwarding is in a weak configuration state and should be fixed 2020-11-22 01:50:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:X11Forwarding (set YES to NO)] [solution:-] 2020-11-22 01:50:24 Hardening: assigned partial number of hardening points (0 of 3). Currently having 192 points (out of 282) 2020-11-22 01:50:24 Test: Checking AllowAgentForwarding in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:24 Result: Option AllowAgentForwarding found 2020-11-22 01:50:24 Result: Option AllowAgentForwarding value is YES 2020-11-22 01:50:24 Result: OpenSSH option AllowAgentForwarding is in a weak configuration state and should be fixed 2020-11-22 01:50:24 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:AllowAgentForwarding (set YES to NO)] [solution:-] 2020-11-22 01:50:25 Hardening: assigned partial number of hardening points (0 of 3). Currently having 192 points (out of 285) 2020-11-22 01:50:25 Test: Checking UsePrivilegeSeparation in /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:25 Result: Option UsePrivilegeSeparation found 2020-11-22 01:50:25 Result: Option UsePrivilegeSeparation value is SANDBOX 2020-11-22 01:50:25 Result: OpenSSH option UsePrivilegeSeparation is configured very well 2020-11-22 01:50:25 Hardening: assigned maximum number of hardening points for this item (3). Currently having 195 points (out of 288) 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups) 2020-11-22 01:50:25 Result: AllowUsers is not set 2020-11-22 01:50:25 Result: AllowGroups is not set 2020-11-22 01:50:25 Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine. 2020-11-22 01:50:25 Hardening: assigned partial number of hardening points (0 of 1). Currently having 195 points (out of 289) 2020-11-22 01:50:25 Security check: file is normal 2020-11-22 01:50:25 Checking permissions of /root/lynis/include/tests_snmp 2020-11-22 01:50:25 File permissions are OK 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Action: Performing tests from category: SNMP Support 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Performing test ID SNMP-3302 (Check for running SNMP daemon) 2020-11-22 01:50:25 Test: Searching for a SNMP daemon 2020-11-22 01:50:25 Performing pgrep scan without uid 2020-11-22 01:50:25 IsRunning: process 'snmpd' not found 2020-11-22 01:50:25 Result: No running SNMP daemon found 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Skipped test SNMP-3304 (Check SNMP daemon file location) 2020-11-22 01:50:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Skipped test SNMP-3306 (Check SNMP communities) 2020-11-22 01:50:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:25 Security check: file is normal 2020-11-22 01:50:25 Checking permissions of /root/lynis/include/tests_databases 2020-11-22 01:50:25 File permissions are OK 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Action: Performing tests from category: Databases 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Performing test ID DBS-1804 (Checking active MySQL process) 2020-11-22 01:50:25 Result: MySQL process not active 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Skipped test DBS-1816 (Checking MySQL root password) 2020-11-22 01:50:25 Reason to skip: MySQL not installed, or not running 2020-11-22 01:50:25 Test skipped, MySQL daemon not running or no MySQL client available 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Performing test ID DBS-1818 (Check status of MongoDB server) 2020-11-22 01:50:25 Performing pgrep scan without uid 2020-11-22 01:50:25 IsRunning: process 'mongod' not found 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Performing test ID DBS-1820 (Check for authorization in MongoDB) 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Performing test ID DBS-1826 (Checking active PostgreSQL processes) 2020-11-22 01:50:25 Performing pgrep scan without uid 2020-11-22 01:50:25 IsRunning: process 'postgres:' not found 2020-11-22 01:50:25 Result: PostgreSQL process not active 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Skipped test DBS-1828 (Test PostgreSQL configuration) 2020-11-22 01:50:25 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Performing test ID DBS-1840 (Checking active Oracle processes) 2020-11-22 01:50:25 Result: Oracle process(es) not active 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Performing test ID DBS-1860 (Checking active DB2 instances) 2020-11-22 01:50:25 Performing pgrep scan without uid 2020-11-22 01:50:25 IsRunning: process 'db2sysc' not found 2020-11-22 01:50:25 Result: No DB2 instances are running 2020-11-22 01:50:25 ==== 2020-11-22 01:50:25 Performing test ID DBS-1880 (Check for active Redis server) 2020-11-22 01:50:25 Performing pgrep scan without uid 2020-11-22 01:50:25 IsRunning: process 'redis-server' not found 2020-11-22 01:50:25 Result: No Redis processes are running 2020-11-22 01:50:25 ==== 2020-11-22 01:50:26 Skipped test DBS-1882 (Redis configuration file) 2020-11-22 01:50:26 Reason to skip: Redis not running 2020-11-22 01:50:26 ==== 2020-11-22 01:50:26 Skipped test DBS-1884 (Redis: requirepass option configured) 2020-11-22 01:50:26 Reason to skip: Redis not running, or no configuration file found 2020-11-22 01:50:26 ==== 2020-11-22 01:50:26 Skipped test DBS-1886 (Redis: rename-command CONFIG used) 2020-11-22 01:50:26 Reason to skip: Redis not running, or no configuration found 2020-11-22 01:50:26 ==== 2020-11-22 01:50:26 Skipped test DBS-1888 (Redis: bind on localhost) 2020-11-22 01:50:26 Reason to skip: Redis not running, or no configuration found 2020-11-22 01:50:26 Security check: file is normal 2020-11-22 01:50:26 Checking permissions of /root/lynis/include/tests_ldap 2020-11-22 01:50:26 File permissions are OK 2020-11-22 01:50:26 ==== 2020-11-22 01:50:26 Action: Performing tests from category: LDAP Services 2020-11-22 01:50:26 ==== 2020-11-22 01:50:26 Performing test ID LDAP-2219 (Check running OpenLDAP instance) 2020-11-22 01:50:26 Performing pgrep scan without uid 2020-11-22 01:50:26 IsRunning: process 'slapd' not found 2020-11-22 01:50:26 Result: No running slapd process found. 2020-11-22 01:50:26 ==== 2020-11-22 01:50:26 Skipped test LDAP-2224 (Check presence slapd.conf) 2020-11-22 01:50:26 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:26 Security check: file is normal 2020-11-22 01:50:26 Checking permissions of /root/lynis/include/tests_php 2020-11-22 01:50:26 File permissions are OK 2020-11-22 01:50:26 ==== 2020-11-22 01:50:26 Action: Performing tests from category: PHP 2020-11-22 01:50:26 ==== 2020-11-22 01:50:26 Performing test ID PHP-2211 (Check php.ini presence) 2020-11-22 01:50:26 Test: Checking for presence php.ini 2020-11-22 01:50:26 Test: checking presence /etc/php.ini 2020-11-22 01:50:26 Result: file /etc/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php.ini.default 2020-11-22 01:50:26 Result: file /etc/php.ini.default not found 2020-11-22 01:50:26 Test: checking presence /etc/php/php.ini 2020-11-22 01:50:26 Result: file /etc/php/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php5.5/php.ini 2020-11-22 01:50:26 Result: file /etc/php5.5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php5.6/php.ini 2020-11-22 01:50:26 Result: file /etc/php5.6/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php7.0/php.ini 2020-11-22 01:50:26 Result: file /etc/php7.0/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php7.1/php.ini 2020-11-22 01:50:26 Result: file /etc/php7.1/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php7.2/php.ini 2020-11-22 01:50:26 Result: file /etc/php7.2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php7.3/php.ini 2020-11-22 01:50:26 Result: file /etc/php7.3/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php7.4/php.ini 2020-11-22 01:50:26 Result: file /etc/php7.4/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cgi-php5/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cgi-php5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cli-php5/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cli-php5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/apache2-php5/php.ini 2020-11-22 01:50:26 Result: file /etc/php/apache2-php5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/apache2-php5.5/php.ini 2020-11-22 01:50:26 Result: file /etc/php/apache2-php5.5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/apache2-php5.6/php.ini 2020-11-22 01:50:26 Result: file /etc/php/apache2-php5.6/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/apache2-php7.0/php.ini 2020-11-22 01:50:26 Result: file /etc/php/apache2-php7.0/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/apache2-php7.1/php.ini 2020-11-22 01:50:26 Result: file /etc/php/apache2-php7.1/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/apache2-php7.2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/apache2-php7.2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/apache2-php7.3/php.ini 2020-11-22 01:50:26 Result: file /etc/php/apache2-php7.3/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/apache2-php7.4/php.ini 2020-11-22 01:50:26 Result: file /etc/php/apache2-php7.4/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cgi-php5.5/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cgi-php5.5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cgi-php5.6/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cgi-php5.6/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cgi-php7.0/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cgi-php7.0/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cgi-php7.1/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cgi-php7.1/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cgi-php7.2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cgi-php7.2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cgi-php7.3/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cgi-php7.3/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cgi-php7.4/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cgi-php7.4/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cli-php5.5/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cli-php5.5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cli-php5.6/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cli-php5.6/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cli-php7.0/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cli-php7.0/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cli-php7.1/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cli-php7.1/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cli-php7.2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cli-php7.2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cli-php7.3/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cli-php7.3/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/cli-php7.4/php.ini 2020-11-22 01:50:26 Result: file /etc/php/cli-php7.4/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/embed-php5.5/php.ini 2020-11-22 01:50:26 Result: file /etc/php/embed-php5.5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/embed-php5.6/php.ini 2020-11-22 01:50:26 Result: file /etc/php/embed-php5.6/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/embed-php7.0/php.ini 2020-11-22 01:50:26 Result: file /etc/php/embed-php7.0/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/embed-php7.1/php.ini 2020-11-22 01:50:26 Result: file /etc/php/embed-php7.1/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/embed-php7.2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/embed-php7.2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/embed-php7.3/php.ini 2020-11-22 01:50:26 Result: file /etc/php/embed-php7.3/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/embed-php7.4/php.ini 2020-11-22 01:50:26 Result: file /etc/php/embed-php7.4/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/fpm-php7.4/php.ini 2020-11-22 01:50:26 Result: file /etc/php/fpm-php7.4/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/fpm-php7.3/php.ini 2020-11-22 01:50:26 Result: file /etc/php/fpm-php7.3/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/fpm-php7.2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/fpm-php7.2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/fpm-php7.1/php.ini 2020-11-22 01:50:26 Result: file /etc/php/fpm-php7.1/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/fpm-php7.0/php.ini 2020-11-22 01:50:26 Result: file /etc/php/fpm-php7.0/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/fpm-php5.5/php.ini 2020-11-22 01:50:26 Result: file /etc/php/fpm-php5.5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/fpm-php5.6/php.ini 2020-11-22 01:50:26 Result: file /etc/php/fpm-php5.6/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php5/cgi/php.ini 2020-11-22 01:50:26 Result: file /etc/php5/cgi/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php5/cli/php.ini 2020-11-22 01:50:26 Result: file /etc/php5/cli/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php5/cli-php5.4/php.ini 2020-11-22 01:50:26 Result: file /etc/php5/cli-php5.4/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php5/cli-php5.5/php.ini 2020-11-22 01:50:26 Result: file /etc/php5/cli-php5.5/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php5/cli-php5.6/php.ini 2020-11-22 01:50:26 Result: file /etc/php5/cli-php5.6/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php5/apache2/php.ini 2020-11-22 01:50:26 Result: file /etc/php5/apache2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php5/fpm/php.ini 2020-11-22 01:50:26 Result: file /etc/php5/fpm/php.ini not found 2020-11-22 01:50:26 Test: checking presence /private/etc/php.ini 2020-11-22 01:50:26 Result: file /private/etc/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.0/apache2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.0/apache2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.1/apache2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.1/apache2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.2/apache2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.2/apache2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.3/apache2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.3/apache2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.4/apache2/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.4/apache2/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.0/cli/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.0/cli/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.0/fpm/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.0/fpm/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.1/cli/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.1/cli/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.1/fpm/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.1/fpm/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.2/cli/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.2/cli/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.2/fpm/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.2/fpm/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.3/cli/php.ini 2020-11-22 01:50:26 Result: file /etc/php/7.3/cli/php.ini not found 2020-11-22 01:50:26 Test: checking presence /etc/php/7.3/fpm/php.ini 2020-11-22 01:50:27 Result: file /etc/php/7.3/fpm/php.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/php/7.4/cli/php.ini 2020-11-22 01:50:27 Result: file /etc/php/7.4/cli/php.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/php/7.4/fpm/php.ini 2020-11-22 01:50:27 Result: file /etc/php/7.4/fpm/php.ini not found 2020-11-22 01:50:27 Test: checking presence /var/www/conf/php.ini 2020-11-22 01:50:27 Result: file /var/www/conf/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/etc/php.ini 2020-11-22 01:50:27 Result: file /usr/local/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/lib/php.ini 2020-11-22 01:50:27 Result: file /usr/local/lib/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/etc/php5/cgi/php.ini 2020-11-22 01:50:27 Result: file /usr/local/etc/php5/cgi/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/php54/lib/php.ini 2020-11-22 01:50:27 Result: file /usr/local/php54/lib/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/php56/lib/php.ini 2020-11-22 01:50:27 Result: file /usr/local/php56/lib/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/php70/lib/php.ini 2020-11-22 01:50:27 Result: file /usr/local/php70/lib/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/php71/lib/php.ini 2020-11-22 01:50:27 Result: file /usr/local/php71/lib/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/php72/lib/php.ini 2020-11-22 01:50:27 Result: file /usr/local/php72/lib/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/php73/lib/php.ini 2020-11-22 01:50:27 Result: file /usr/local/php73/lib/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/php74/lib/php.ini 2020-11-22 01:50:27 Result: file /usr/local/php74/lib/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/local/zend/etc/php.ini 2020-11-22 01:50:27 Result: file /usr/local/zend/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /usr/pkg/etc/php.ini 2020-11-22 01:50:27 Result: file /usr/pkg/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/cpanel/ea-php54/root/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/cpanel/ea-php54/root/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/cpanel/ea-php55/root/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/cpanel/ea-php55/root/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/cpanel/ea-php56/root/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/cpanel/ea-php56/root/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/cpanel/ea-php70/root/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/cpanel/ea-php70/root/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/cpanel/ea-php71/root/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/cpanel/ea-php71/root/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/cpanel/ea-php72/root/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/cpanel/ea-php72/root/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/cpanel/ea-php73/root/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/cpanel/ea-php73/root/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/cpanel/ea-php74/root/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/cpanel/ea-php74/root/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php44/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php44/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php51/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php51/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php52/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php52/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php53/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php53/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php54/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php54/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php55/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php55/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php56/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php56/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php70/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php70/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php71/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php71/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php72/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php72/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php73/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php73/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /opt/alt/php74/etc/php.ini 2020-11-22 01:50:27 Result: file /opt/alt/php74/etc/php.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/opt/remi/php56/php.ini 2020-11-22 01:50:27 Result: file /etc/opt/remi/php56/php.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/opt/remi/php70/php.ini 2020-11-22 01:50:27 Result: file /etc/opt/remi/php70/php.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/opt/remi/php71/php.ini 2020-11-22 01:50:27 Result: file /etc/opt/remi/php71/php.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/opt/remi/php72/php.ini 2020-11-22 01:50:27 Result: file /etc/opt/remi/php72/php.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/opt/remi/php73/php.ini 2020-11-22 01:50:27 Result: file /etc/opt/remi/php73/php.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/opt/remi/php74/php.ini 2020-11-22 01:50:27 Result: file /etc/opt/remi/php74/php.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/php-5.6.ini 2020-11-22 01:50:27 Result: file /etc/php-5.6.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/php-7.0.ini 2020-11-22 01:50:27 Result: file /etc/php-7.0.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/php-7.1.ini 2020-11-22 01:50:27 Result: file /etc/php-7.1.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/php-7.2.ini 2020-11-22 01:50:27 Result: file /etc/php-7.2.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/php-7.3.ini 2020-11-22 01:50:27 Result: file /etc/php-7.3.ini not found 2020-11-22 01:50:27 Test: checking presence /etc/php-7.4.ini 2020-11-22 01:50:27 Result: file /etc/php-7.4.ini not found 2020-11-22 01:50:27 Result: no files found for /etc/php5/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.0/cli/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.1/cli/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.2/cli/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.3/cli/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.4/cli/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.0/fpm/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.1/fpm/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.2/fpm/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.3/fpm/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php/7.4/fpm/conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php.d 2020-11-22 01:50:27 Result: no files found for /opt/cpanel/ea-php54/root/etc/php.d 2020-11-22 01:50:27 Result: no files found for /opt/cpanel/ea-php55/root/etc/php.d 2020-11-22 01:50:27 Result: no files found for /opt/cpanel/ea-php56/root/etc/php.d 2020-11-22 01:50:27 Result: no files found for /opt/cpanel/ea-php70/root/etc/php.d 2020-11-22 01:50:27 Result: no files found for /opt/cpanel/ea-php71/root/etc/php.d 2020-11-22 01:50:27 Result: no files found for /opt/cpanel/ea-php72/root/etc/php.d 2020-11-22 01:50:27 Result: no files found for /opt/cpanel/ea-php73/root/etc/php.d 2020-11-22 01:50:27 Result: no files found for /opt/cpanel/ea-php74/root/etc/php.d 2020-11-22 01:50:27 Result: no files found for /opt/alt/php44/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php51/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php52/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php53/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php54/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php55/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php56/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php70/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php71/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php72/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php73/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /opt/alt/php74/etc/php.d.all 2020-11-22 01:50:27 Result: no files found for /usr/local/lib/php.conf.d 2020-11-22 01:50:27 Result: no files found for /usr/local/php70/lib/php.conf.d 2020-11-22 01:50:27 Result: no files found for /usr/local/php71/lib/php.conf.d 2020-11-22 01:50:27 Result: no files found for /usr/local/php72/lib/php.conf.d 2020-11-22 01:50:27 Result: no files found for /usr/local/php73/lib/php.conf.d 2020-11-22 01:50:27 Result: no files found for /usr/local/php74/lib/php.conf.d 2020-11-22 01:50:27 Result: no files found for /etc/php-5.6 2020-11-22 01:50:27 Result: no files found for /etc/php-7.0 2020-11-22 01:50:27 Result: no files found for /etc/php-7.1 2020-11-22 01:50:27 Result: no files found for /etc/php-7.2 2020-11-22 01:50:27 Result: no files found for /etc/php-7.3 2020-11-22 01:50:27 Result: no files found for /etc/php-7.4 2020-11-22 01:50:27 Result: no php.ini file found 2020-11-22 01:50:27 ==== 2020-11-22 01:50:27 Skipped test PHP-2320 (Check PHP disabled functions) 2020-11-22 01:50:27 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:27 ==== 2020-11-22 01:50:27 Skipped test PHP-2368 (Check PHP register_globals option) 2020-11-22 01:50:27 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:27 ==== 2020-11-22 01:50:27 Skipped test PHP-2372 (Check PHP expose_php option) 2020-11-22 01:50:27 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:27 ==== 2020-11-22 01:50:27 Skipped test PHP-2374 (Check PHP enable_dl option) 2020-11-22 01:50:27 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:27 ==== 2020-11-22 01:50:28 Skipped test PHP-2376 (Check PHP allow_url_fopen option) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test PHP-2378 (Check PHP allow_url_include option) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test PHP-2382 (Check PHP expose_php option) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 Security check: file is normal 2020-11-22 01:50:28 Checking permissions of /root/lynis/include/tests_squid 2020-11-22 01:50:28 File permissions are OK 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Action: Performing tests from category: Squid Support 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Performing test ID SQD-3602 (Check for running Squid daemon) 2020-11-22 01:50:28 Test: Searching for a Squid daemon 2020-11-22 01:50:28 Result: No running Squid daemon found 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3604 (Check Squid daemon file location) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3606 (Check Squid version) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3610 (Gather Squid settings) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3613 (Check Squid file permissions) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3614 (Check Squid authentication methods) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3616 (Check external Squid authentication) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3620 (Check Squid access control lists) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3624 (Check Squid safe ports) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3630 (Check Squid reply_body_max_size option) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test SQD-3680 (Check Squid version suppression) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 Security check: file is normal 2020-11-22 01:50:28 Checking permissions of /root/lynis/include/tests_logging 2020-11-22 01:50:28 File permissions are OK 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Action: Performing tests from category: Logging and files 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Performing test ID LOGG-2130 (Check for running syslog daemon) 2020-11-22 01:50:28 Test: Searching for a logging daemon 2020-11-22 01:50:28 Result: Found a logging daemon 2020-11-22 01:50:28 Hardening: assigned maximum number of hardening points for this item (3). Currently having 198 points (out of 292) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Performing test ID LOGG-2132 (Check for running syslog-ng daemon) 2020-11-22 01:50:28 Test: Searching for syslog-ng daemon in process list 2020-11-22 01:50:28 Performing pgrep scan without uid 2020-11-22 01:50:28 IsRunning: process 'syslog-ng' not found 2020-11-22 01:50:28 Result: Syslog-ng NOT found in process list 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Skipped test LOGG-2134 (Checking Syslog-NG configuration file consistency) 2020-11-22 01:50:28 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Performing test ID LOGG-2136 (Check for running systemd journal daemon) 2020-11-22 01:50:28 Test: Searching for systemd journal daemon in process list 2020-11-22 01:50:28 Performing pgrep scan without uid 2020-11-22 01:50:28 IsRunning: process 'systemd-journal' found (1083 ) 2020-11-22 01:50:28 ==== 2020-11-22 01:50:28 Performing test ID LOGG-2210 (Check for running metalog daemon) 2020-11-22 01:50:28 Test: Searching for metalog daemon in process list 2020-11-22 01:50:28 Performing pgrep scan without uid 2020-11-22 01:50:28 IsRunning: process 'metalog' not found 2020-11-22 01:50:28 Result: metalog NOT found in process list 2020-11-22 01:50:28 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2230 (Check for running RSyslog daemon) 2020-11-22 01:50:29 Test: Searching for RSyslog daemon in process list 2020-11-22 01:50:29 Performing pgrep scan without uid 2020-11-22 01:50:29 IsRunning: process 'rsyslogd' found (2043 ) 2020-11-22 01:50:29 Result: Found rsyslogd in process list 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2240 (Check for running RFC 3195 compliant daemon) 2020-11-22 01:50:29 Test: Searching for RFC 3195 daemon (alias syslog reliable) in process list 2020-11-22 01:50:29 Performing pgrep scan without uid 2020-11-22 01:50:29 IsRunning: process 'rfc3195d' not found 2020-11-22 01:50:29 Result: rfc3195d NOT found in process list 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2138 (Checking kernel logger daemon on Linux) 2020-11-22 01:50:29 Test: Searching kernel logger daemon (klogd) 2020-11-22 01:50:29 Result: test skipped, because other facility is being used to log kernel messages 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2142 (Checking minilog daemon) 2020-11-22 01:50:29 Result: Checking for unkilled minilogd instances 2020-11-22 01:50:29 Performing pgrep scan without uid 2020-11-22 01:50:29 IsRunning: process 'minilogd' not found 2020-11-22 01:50:29 Result: No minilogd is running 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2146 (Checking logrotate.conf and logrotate.d) 2020-11-22 01:50:29 Test: Checking for /etc/logrotate.conf 2020-11-22 01:50:29 Result: /etc/logrotate.conf found (file) 2020-11-22 01:50:29 Test: Checking for /etc/logrotate.d (directory) 2020-11-22 01:50:29 Result: /etc/logrotate.d found 2020-11-22 01:50:29 Result: logrotate configuration found 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2148 (Checking logrotated files) 2020-11-22 01:50:29 Test: Checking which files are rotated with logrotate and if they exist 2020-11-22 01:50:29 Result: found one or more files which are rotated via logrotate 2020-11-22 01:50:29 Output: File:/var/log/wpa_supplicant.log:does_not_exist 2020-11-22 01:50:29 Output: File:/var/log/boot.log:exists 2020-11-22 01:50:29 Output: File:/var/log/btmp:exists 2020-11-22 01:50:29 Output: File:/var/log/cron:exists 2020-11-22 01:50:29 Output: File:/var/log/maillog:exists 2020-11-22 01:50:29 Output: File:/var/log/messages:exists 2020-11-22 01:50:29 Output: File:/var/log/secure:exists 2020-11-22 01:50:29 Output: File:/var/log/spooler:exists 2020-11-22 01:50:29 Output: File:/var/log/wpa_supplicant.log:exists 2020-11-22 01:50:29 Output: File:/var/log/wtmp:exists 2020-11-22 01:50:29 Output: File:/var/log/yum.log:exists 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2150 (Checking directories in logrotate configuration) 2020-11-22 01:50:29 Test: Checking which directories can be found in logrotate configuration 2020-11-22 01:50:29 Result: found one or more directories (via logrotate configuration) 2020-11-22 01:50:29 Directory found: /var/log 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Skipped test LOGG-2152 (Checking loghost) 2020-11-22 01:50:29 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2154 (Checking syslog configuration file) 2020-11-22 01:50:29 Test: analyzing file /etc/rsyslog.conf for remote target 2020-11-22 01:50:29 Result: no remote target found 2020-11-22 01:50:29 Test: analyzing file /etc/rsyslog.d/listen.conf for remote target 2020-11-22 01:50:29 Result: no remote target found 2020-11-22 01:50:29 Result: no remote logging found 2020-11-22 01:50:29 Suggestion: Enable logging to an external logging host for archiving purposes and additional protection [test:LOGG-2154] [details:-] [solution:-] 2020-11-22 01:50:29 Hardening: assigned partial number of hardening points (1 of 3). Currently having 199 points (out of 295) 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Skipped test LOGG-2160 (Checking /etc/newsyslog.conf) 2020-11-22 01:50:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Skipped test LOGG-2162 (Checking directories in /etc/newsyslog.conf) 2020-11-22 01:50:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Skipped test LOGG-2164 (Checking files specified /etc/newsyslog.conf) 2020-11-22 01:50:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2170 (Checking log paths) 2020-11-22 01:50:29 Test: Searching log paths 2020-11-22 01:50:29 Result: directory /var/log exists 2020-11-22 01:50:29 Result: directory /var/adm exists 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID LOGG-2180 (Checking open log files) 2020-11-22 01:50:29 Test: checking open log files with lsof 2020-11-22 01:50:29 Result: lsof not installed, skipping test 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Skipped test LOGG-2190 (Checking for deleted files in use) 2020-11-22 01:50:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Skipped test LOGG-2192 (Checking for open log files that are empty) 2020-11-22 01:50:29 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:29 Security check: file is normal 2020-11-22 01:50:29 Checking permissions of /root/lynis/include/tests_insecure_services 2020-11-22 01:50:29 File permissions are OK 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Action: Performing tests from category: Insecure services 2020-11-22 01:50:29 ==== 2020-11-22 01:50:29 Performing test ID INSE-8000 (Installed inetd package) 2020-11-22 01:50:29 Test: Checking if inetd is installed 2020-11-22 01:50:30 Result: inetd is NOT installed 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Skipped test INSE-8002 (Check for enabled inet daemon) 2020-11-22 01:50:30 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Skipped test INSE-8004 (Presence of inetd configuration file) 2020-11-22 01:50:30 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Skipped test INSE-8006 (Check configuration of inetd when disabled) 2020-11-22 01:50:30 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Skipped test INSE-8016 (Check for telnet via inetd) 2020-11-22 01:50:30 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Performing test ID INSE-8100 (Check for installed xinetd daemon) 2020-11-22 01:50:30 Test: Checking for installed xinetd daemon 2020-11-22 01:50:30 Result: xinetd is NOT installed 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Performing test ID INSE-8102 (Check for active xinet daemon) 2020-11-22 01:50:30 Test: Searching for active extended internet services daemon (xinetd) 2020-11-22 01:50:30 Performing pgrep scan without uid 2020-11-22 01:50:30 IsRunning: process 'xinetd' not found 2020-11-22 01:50:30 Result: xinetd is NOT running 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Skipped test INSE-8104 (Check for enabled xinet daemon) 2020-11-22 01:50:30 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Skipped test INSE-8106 (Check configuration of xinetd when disabled) 2020-11-22 01:50:30 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Skipped test INSE-8116 (Insecure services enabled via xinetd) 2020-11-22 01:50:30 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Skipped test INSE-8200 (Check if tcp_wrappers is installed when inetd/xinetd is active) 2020-11-22 01:50:30 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Performing test ID INSE-8300 (Check if rsh client is installed) 2020-11-22 01:50:30 Test: Checking if rsh client is installed 2020-11-22 01:50:30 Result: rsh client is NOT installed 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Performing test ID INSE-8304 (Check if rsh server is installed) 2020-11-22 01:50:30 Test: Checking if rsh server is installed 2020-11-22 01:50:30 Result: rsh server is NOT installed 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Performing test ID INSE-8310 (Check if telnet client is installed) 2020-11-22 01:50:30 Test: Checking if telnet client is installed 2020-11-22 01:50:30 Result: telnet client is NOT installed 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Performing test ID INSE-8322 (Check if telnet server is installed) 2020-11-22 01:50:30 Test: Checking if telnet server is installed 2020-11-22 01:50:30 Result: telnet server is NOT installed 2020-11-22 01:50:30 ==== 2020-11-22 01:50:30 Performing test ID INSE-8314 (Check if NIS client is installed) 2020-11-22 01:50:30 Test: Checking if NIS client is installed 2020-11-22 01:50:31 Result: NIS client is NOT installed 2020-11-22 01:50:31 ==== 2020-11-22 01:50:31 Performing test ID INSE-8316 (Check if NIS server is installed) 2020-11-22 01:50:31 Test: Checking if NIS server is installed 2020-11-22 01:50:31 Result: NIS server is NOT installed 2020-11-22 01:50:31 ==== 2020-11-22 01:50:31 Performing test ID INSE-8318 (Check if TFTP client is installed) 2020-11-22 01:50:31 Test: Checking if TFTP client is installed 2020-11-22 01:50:31 Result: TFTP client is NOT installed 2020-11-22 01:50:31 ==== 2020-11-22 01:50:31 Performing test ID INSE-8320 (Check if TFTP server is installed) 2020-11-22 01:50:31 Test: Checking if TFTP server is installed 2020-11-22 01:50:31 Result: TFTP server is NOT installed 2020-11-22 01:50:31 ==== 2020-11-22 01:50:31 Skipped test INSE-8050 (Check for insecure services on macOS) 2020-11-22 01:50:31 Reason to skip: Incorrect guest OS (macOS only) 2020-11-22 01:50:31 Security check: file is normal 2020-11-22 01:50:31 Checking permissions of /root/lynis/include/tests_banners 2020-11-22 01:50:31 File permissions are OK 2020-11-22 01:50:31 ==== 2020-11-22 01:50:31 Action: Performing tests from category: Banners and identification 2020-11-22 01:50:31 ==== 2020-11-22 01:50:31 Skipped test BANN-7113 (Check COPYRIGHT banner file) 2020-11-22 01:50:31 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:50:31 ==== 2020-11-22 01:50:31 Performing test ID BANN-7124 (Check issue banner file) 2020-11-22 01:50:31 Test: Checking file /etc/issue 2020-11-22 01:50:31 ==== 2020-11-22 01:50:31 Performing test ID BANN-7126 (Check issue banner file contents) 2020-11-22 01:50:31 Test: Checking file /etc/issue contents for legal key words 2020-11-22 01:50:31 Result: Found only 0 key words (5 or more suggested), to warn unauthorized users and could be increased 2020-11-22 01:50:31 Suggestion: Add a legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126] [details:-] [solution:-] 2020-11-22 01:50:31 Hardening: assigned partial number of hardening points (0 of 1). Currently having 199 points (out of 296) 2020-11-22 01:50:31 ==== 2020-11-22 01:50:31 Performing test ID BANN-7128 (Check issue.net banner file) 2020-11-22 01:50:31 Test: Checking file /etc/issue.net 2020-11-22 01:50:31 Result: file /etc/issue.net exists 2020-11-22 01:50:31 ==== 2020-11-22 01:50:32 Performing test ID BANN-7130 (Check issue.net banner file contents) 2020-11-22 01:50:32 Test: Checking file /etc/issue.net contents for legal key words 2020-11-22 01:50:32 Result: Found only 0 key words, to warn unauthorized users and could be increased 2020-11-22 01:50:32 Suggestion: Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130] [details:-] [solution:-] 2020-11-22 01:50:32 Hardening: assigned partial number of hardening points (0 of 1). Currently having 199 points (out of 297) 2020-11-22 01:50:32 Security check: file is normal 2020-11-22 01:50:32 Checking permissions of /root/lynis/include/tests_scheduling 2020-11-22 01:50:32 File permissions are OK 2020-11-22 01:50:32 ==== 2020-11-22 01:50:32 Action: Performing tests from category: Scheduled tasks 2020-11-22 01:50:32 ==== 2020-11-22 01:50:32 Performing test ID SCHD-7702 (Check status of cron daemon) 2020-11-22 01:50:32 Result: cron daemon running 2020-11-22 01:50:32 ==== 2020-11-22 01:50:32 Performing test ID SCHD-7704 (Check crontab/cronjobs) 2020-11-22 01:50:32 Test: checking directory /etc/cron.d 2020-11-22 01:50:32 Test: check if we can access /etc/cron.d (escaped: /etc/cron.d) 2020-11-22 01:50:32 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:32 Result: file /etc/cron.d is readable (or directory accessible). 2020-11-22 01:50:32 Result: found directory /etc/cron.d 2020-11-22 01:50:32 Test: searching files in /etc/cron.d 2020-11-22 01:50:32 Result: found one or more files in /etc/cron.d. Analyzing files.. 2020-11-22 01:50:32 Result: Found cronjob (/etc/cron.d/0hourly): 01,*,*,*,*,root,run-parts,/etc/cron.hourly 2020-11-22 01:50:32 Result: done with analyzing files in /etc/cron.d 2020-11-22 01:50:32 Test: checking directory /etc/cron.hourly 2020-11-22 01:50:32 Result: found directory /etc/cron.hourly 2020-11-22 01:50:32 Test: check if we can access /etc/cron.hourly (escaped: /etc/cron.hourly) 2020-11-22 01:50:32 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:32 Result: file /etc/cron.hourly is readable (or directory accessible). 2020-11-22 01:50:32 Test: searching files in /etc/cron.hourly 2020-11-22 01:50:32 Result: found one or more files in /etc/cron.hourly. Analyzing files.. 2020-11-22 01:50:32 Result: Found cronjob (/etc/cron.hourly): /etc/cron.hourly/0anacron 2020-11-22 01:50:32 Result: done with analyzing files in /etc/cron.hourly 2020-11-22 01:50:32 Test: checking directory /etc/cron.daily 2020-11-22 01:50:32 Result: found directory /etc/cron.daily 2020-11-22 01:50:32 Test: check if we can access /etc/cron.daily (escaped: /etc/cron.daily) 2020-11-22 01:50:32 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:32 Result: file /etc/cron.daily is readable (or directory accessible). 2020-11-22 01:50:32 Test: searching files in /etc/cron.daily 2020-11-22 01:50:32 Result: found one or more files in /etc/cron.daily. Analyzing files.. 2020-11-22 01:50:32 Result: Found cronjob (/etc/cron.daily): /etc/cron.daily/logrotate 2020-11-22 01:50:32 Result: Found cronjob (/etc/cron.daily): /etc/cron.daily/man-db.cron 2020-11-22 01:50:32 Result: done with analyzing files in /etc/cron.daily 2020-11-22 01:50:32 Test: checking directory /etc/cron.weekly 2020-11-22 01:50:32 Result: found directory /etc/cron.weekly 2020-11-22 01:50:32 Test: check if we can access /etc/cron.weekly (escaped: /etc/cron.weekly) 2020-11-22 01:50:32 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:32 Result: file /etc/cron.weekly is readable (or directory accessible). 2020-11-22 01:50:32 Test: searching files in /etc/cron.weekly 2020-11-22 01:50:32 Result: no files found in /etc/cron.weekly 2020-11-22 01:50:32 Test: checking directory /etc/cron.monthly 2020-11-22 01:50:32 Result: found directory /etc/cron.monthly 2020-11-22 01:50:32 Test: check if we can access /etc/cron.monthly (escaped: /etc/cron.monthly) 2020-11-22 01:50:32 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:32 Result: file /etc/cron.monthly is readable (or directory accessible). 2020-11-22 01:50:32 Test: searching files in /etc/cron.monthly 2020-11-22 01:50:32 Result: no files found in /etc/cron.monthly 2020-11-22 01:50:32 Test: checking anacrontab 2020-11-22 01:50:32 Found anacron job (/etc/anacrontab): 1,5,cron.daily,nice,run-parts,/etc/cron.daily 2020-11-22 01:50:32 Found anacron job (/etc/anacrontab): 7,25,cron.weekly,nice,run-parts,/etc/cron.weekly 2020-11-22 01:50:32 Found anacron job (/etc/anacrontab): @monthly,45,cron.monthly,nice,run-parts,/etc/cron.monthly 2020-11-22 01:50:32 ==== 2020-11-22 01:50:32 Performing test ID SCHD-7718 (Check at users) 2020-11-22 01:50:32 Test: Checking atd status 2020-11-22 01:50:32 Result: at daemon not active 2020-11-22 01:50:32 ==== 2020-11-22 01:50:32 Skipped test SCHD-7720 (Check at users) 2020-11-22 01:50:32 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:32 ==== 2020-11-22 01:50:32 Skipped test SCHD-7724 (Check at jobs) 2020-11-22 01:50:32 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:32 Result: no scheduled Lynis execution found (e.g. crontab, cronjob) 2020-11-22 01:50:32 Security check: file is normal 2020-11-22 01:50:32 Checking permissions of /root/lynis/include/tests_accounting 2020-11-22 01:50:33 File permissions are OK 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Action: Performing tests from category: Accounting 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Skipped test ACCT-2754 (Check for available FreeBSD accounting information) 2020-11-22 01:50:33 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Skipped test ACCT-2760 (Check for available OpenBSD accounting information) 2020-11-22 01:50:33 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Performing test ID ACCT-9622 (Check for available Linux accounting information) 2020-11-22 01:50:33 Test: Check accounting information 2020-11-22 01:50:33 Result: No accounting information available (/var/account/pacct, /var/log/account/pact nor /var/log/pact exist) 2020-11-22 01:50:33 Remark: Possibly there is another location where the accounting data is stored 2020-11-22 01:50:33 Suggestion: Enable process accounting [test:ACCT-9622] [details:-] [solution:-] 2020-11-22 01:50:33 Hardening: assigned partial number of hardening points (2 of 3). Currently having 201 points (out of 300) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Performing test ID ACCT-9626 (Check for sysstat accounting data) 2020-11-22 01:50:33 Test: check /etc/default/sysstat presence 2020-11-22 01:50:33 Result: sysstat not found via /etc/default/sysstat or /etc/cron.d/sysstat 2020-11-22 01:50:33 Suggestion: Enable sysstat to collect accounting (no results) [test:ACCT-9626] [details:-] [solution:-] 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Performing test ID ACCT-9628 (Check for auditd) 2020-11-22 01:50:33 Test: Check auditd status 2020-11-22 01:50:33 Performing pgrep scan without uid 2020-11-22 01:50:33 IsRunning: process 'auditd' found (1509 ) 2020-11-22 01:50:33 Result: auditd running 2020-11-22 01:50:33 Hardening: assigned maximum number of hardening points for this item (4). Currently having 205 points (out of 304) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Performing test ID ACCT-9630 (Check for auditd rules) 2020-11-22 01:50:33 Test: Checking auditd rules 2020-11-22 01:50:33 Result: auditd rules empty 2020-11-22 01:50:33 Hardening: assigned partial number of hardening points (0 of 2). Currently having 205 points (out of 306) 2020-11-22 01:50:33 Suggestion: Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules [test:ACCT-9630] [details:-] [solution:-] 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Performing test ID ACCT-9632 (Check for auditd configuration file) 2020-11-22 01:50:33 Test: Checking auditd configuration file 2020-11-22 01:50:33 Result: /etc/auditd.conf not found 2020-11-22 01:50:33 Result: Found /etc/audit/auditd.conf 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Performing test ID ACCT-9634 (Check for auditd log file) 2020-11-22 01:50:33 Test: Checking auditd log file 2020-11-22 01:50:33 Result: log file is defined 2020-11-22 01:50:33 Defined value: /var/log/audit/audit.log 2020-11-22 01:50:33 Result: log file /var/log/audit/audit.log exists on disk 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Performing test ID ACCT-9636 (Check for Snoopy wrapper and logger) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Skipped test ACCT-9650 (Check Solaris audit daemon) 2020-11-22 01:50:33 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Skipped test ACCT-9652 (Check auditd SMF status) 2020-11-22 01:50:33 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Skipped test ACCT-9654 (Check BSM auditing in /etc/system) 2020-11-22 01:50:33 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Skipped test ACCT-9656 (Check BSM auditing in module list) 2020-11-22 01:50:33 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Skipped test ACCT-9660 (Check location of audit events) 2020-11-22 01:50:33 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Skipped test ACCT-9662 (Check Solaris auditing stats) 2020-11-22 01:50:33 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:50:33 Security check: file is normal 2020-11-22 01:50:33 Checking permissions of /root/lynis/include/tests_time 2020-11-22 01:50:33 File permissions are OK 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Action: Performing tests from category: Time and Synchronization 2020-11-22 01:50:33 ==== 2020-11-22 01:50:33 Performing test ID TIME-3104 (Check for running NTP daemon or client) 2020-11-22 01:50:33 Test: Searching for a running NTP daemon or available client 2020-11-22 01:50:33 result: found chrony configuration: /etc/chrony.conf 2020-11-22 01:50:33 Performing pgrep scan without uid 2020-11-22 01:50:33 IsRunning: process 'chronyd' found (1580 ) 2020-11-22 01:50:33 Performing pgrep scan without uid 2020-11-22 01:50:33 IsRunning: process 'dntpd' not found 2020-11-22 01:50:33 Performing pgrep scan without uid 2020-11-22 01:50:33 IsRunning: process 'timed' not found 2020-11-22 01:50:34 Test: checking for ntpdate, rdate, sntp or ntpdig in crontab file /etc/anacrontab 2020-11-22 01:50:34 Result: no ntpdate, rdate, sntp or ntpdig reference found in crontab file /etc/anacrontab 2020-11-22 01:50:34 Test: checking for ntpdate, rdate, sntp or ntpdig in crontab file /etc/crontab 2020-11-22 01:50:34 Result: no ntpdate, rdate, sntp or ntpdig reference found in crontab file /etc/crontab 2020-11-22 01:50:34 Test: checking for ntpdate, rdate, sntp or ntpdig in /etc/cron.d/0hourly 2020-11-22 01:50:34 Test: checking for ntpdate, rdate, sntp or ntpdig in /etc/cron.hourly/0anacron 2020-11-22 01:50:34 Test: checking for ntpdate, rdate, sntp or ntpdig in /etc/cron.daily/logrotate 2020-11-22 01:50:34 Test: checking for ntpdate, rdate, sntp or ntpdig in /etc/cron.daily/man-db.cron 2020-11-22 01:50:34 Result: no ntpdate or rdate found in cron directories 2020-11-22 01:50:34 Test: checking for file /etc/network/if-up.d/ntpdate 2020-11-22 01:50:34 Result: file /etc/network/if-up.d/ntpdate does not exist 2020-11-22 01:50:34 Result: Found a time syncing daemon/client. 2020-11-22 01:50:34 Hardening: assigned maximum number of hardening points for this item (3). Currently having 208 points (out of 309) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3106 (Check systemd NTP time synchronization status) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3112 (Check active NTP associations ID's) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3116 (Check peers with stratum value of 16) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3120 (Check unreliable NTP peers) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3124 (Check selected time source) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3128 (Check preferred time source) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3132 (Check NTP falsetickers) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3136 (Check NTP protocol version) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Performing test ID TIME-3148 (Check TZ variable) 2020-11-22 01:50:34 Test: testing for TZ variable 2020-11-22 01:50:34 Result: found TZ variable with value notset 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3160 (Check empty NTP step-tickers) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Performing test ID TIME-3170 (Check configuration files) 2020-11-22 01:50:34 Result: found /etc/chrony.conf 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3180 (Report if ntpctl cannot communicate with OpenNTPD) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3181 (Check status of OpenNTPD time synchronisation) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3182 (Check OpenNTPD has working peers) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Skipped test TIME-3185 (Check systemd-timesyncd synchronized time) 2020-11-22 01:50:34 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:34 Security check: file is normal 2020-11-22 01:50:34 Checking permissions of /root/lynis/include/tests_crypto 2020-11-22 01:50:34 File permissions are OK 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Action: Performing tests from category: Cryptography 2020-11-22 01:50:34 ==== 2020-11-22 01:50:34 Performing test ID CRYP-7902 (Check expire date of SSL certificates) 2020-11-22 01:50:34 Paths to scan: /etc/apache2 /etc/dovecot /etc/httpd /etc/letsencrypt /etc/pki /etc/postfix /etc/refind.d/keys /etc/ssl /opt/psa/var/certificates /usr/local/psa/var/certificates /usr/local/share/ca-certificates /usr/share/ca-certificates /usr/share/gnupg /var/www /srv/www 2020-11-22 01:50:34 Paths to ignore: /etc/letsencrypt/archive 2020-11-22 01:50:34 Result: SSL path /etc/apache2 does not exist 2020-11-22 01:50:34 Result: SSL path /etc/dovecot does not exist 2020-11-22 01:50:34 Result: SSL path /etc/httpd does not exist 2020-11-22 01:50:34 Result: SSL path /etc/letsencrypt does not exist 2020-11-22 01:50:34 Test: check if we can access /etc/pki (escaped: /etc/pki) 2020-11-22 01:50:34 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:34 Result: file /etc/pki is readable (or directory accessible). 2020-11-22 01:50:34 Result: found directory /etc/pki 2020-11-22 01:50:34 Test: check if we can access /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt (escaped: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt) 2020-11-22 01:50:34 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:34 Result: file /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt is readable (or directory accessible). 2020-11-22 01:50:34 Result: file '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt' belongs to package (ca) 2020-11-22 01:50:34 Test: check if we can access /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem (escaped: /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem) 2020-11-22 01:50:35 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:35 Result: file /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem is readable (or directory accessible). 2020-11-22 01:50:35 Result: file '/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem' belongs to package (ca) 2020-11-22 01:50:35 Test: check if we can access /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem (escaped: /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem) 2020-11-22 01:50:35 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:35 Result: file /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem is readable (or directory accessible). 2020-11-22 01:50:35 Result: file '/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem' belongs to package (ca) 2020-11-22 01:50:35 Test: check if we can access /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (escaped: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem) 2020-11-22 01:50:35 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:35 Result: file /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem is readable (or directory accessible). 2020-11-22 01:50:35 Result: file '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem' belongs to package (ca) 2020-11-22 01:50:35 Result: found 4 certificates in /etc/pki 2020-11-22 01:50:35 Test: check if we can access /etc/postfix (escaped: /etc/postfix) 2020-11-22 01:50:35 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:35 Result: file /etc/postfix is readable (or directory accessible). 2020-11-22 01:50:35 Result: found directory /etc/postfix 2020-11-22 01:50:35 Result: found 0 certificates in /etc/postfix 2020-11-22 01:50:35 Result: SSL path /etc/refind.d/keys does not exist 2020-11-22 01:50:35 Test: check if we can access /etc/ssl (escaped: /etc/ssl) 2020-11-22 01:50:35 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:35 Result: file /etc/ssl is readable (or directory accessible). 2020-11-22 01:50:35 Result: found directory /etc/ssl 2020-11-22 01:50:35 Result: found 0 certificates in /etc/ssl 2020-11-22 01:50:35 Result: SSL path /opt/psa/var/certificates does not exist 2020-11-22 01:50:35 Result: SSL path /usr/local/psa/var/certificates does not exist 2020-11-22 01:50:35 Result: SSL path /usr/local/share/ca-certificates does not exist 2020-11-22 01:50:35 Result: SSL path /usr/share/ca-certificates does not exist 2020-11-22 01:50:35 Test: check if we can access /usr/share/gnupg (escaped: /usr/share/gnupg) 2020-11-22 01:50:35 Result: file is owned by our current user ID (0), checking if it is readable 2020-11-22 01:50:35 Result: file /usr/share/gnupg is readable (or directory accessible). 2020-11-22 01:50:35 Result: found directory /usr/share/gnupg 2020-11-22 01:50:35 Result: found 0 certificates in /usr/share/gnupg 2020-11-22 01:50:35 Result: SSL path /var/www does not exist 2020-11-22 01:50:35 Result: SSL path /srv/www does not exist 2020-11-22 01:50:35 Result: found a total of 4 certificates 2020-11-22 01:50:35 ==== 2020-11-22 01:50:35 Performing test ID CRYP-7930 (Determine if system uses LUKS block device encryption) 2020-11-22 01:50:35 Result: crypttab (/etc/crypttab) exists 2020-11-22 01:50:35 ==== 2020-11-22 01:50:35 Skipped test CRYP-7931 (Determine if system uses encrypted swap) 2020-11-22 01:50:35 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:35 ==== 2020-11-22 01:50:35 Performing test ID CRYP-8002 (Gather available kernel entropy) 2020-11-22 01:50:35 Result: found kernel entropy value of 844 2020-11-22 01:50:35 ==== 2020-11-22 01:50:35 Performing test ID CRYP-8004 (Presence of hardware random number generators) 2020-11-22 01:50:35 Test: looking for /sys/class/misc/hw_random/rng_current 2020-11-22 01:50:35 Result: positive match, found RNG: tpm-rng-0 2020-11-22 01:50:35 Performing pgrep scan without uid 2020-11-22 01:50:35 IsRunning: process 'rngd' not found 2020-11-22 01:50:35 ==== 2020-11-22 01:50:35 Performing test ID CRYP-8005 (Presence of software pseudo random number generators) 2020-11-22 01:50:35 Test: looking for software pseudo random number generators 2020-11-22 01:50:35 Performing pgrep scan without uid 2020-11-22 01:50:35 IsRunning: process 'audio-entropyd' not found 2020-11-22 01:50:35 Performing pgrep scan without uid 2020-11-22 01:50:35 IsRunning: process 'haveged' not found 2020-11-22 01:50:35 Performing pgrep scan without uid 2020-11-22 01:50:35 IsRunning: process 'jitterentropy-rngd' not found 2020-11-22 01:50:35 Suggestion: Utilize software pseudo random number generators [test:CRYP-8005] [details:-] [solution:-] 2020-11-22 01:50:35 Security check: file is normal 2020-11-22 01:50:35 Checking permissions of /root/lynis/include/tests_virtualization 2020-11-22 01:50:35 File permissions are OK 2020-11-22 01:50:35 ==== 2020-11-22 01:50:35 Action: Performing tests from category: Virtualization 2020-11-22 01:50:35 Security check: file is normal 2020-11-22 01:50:35 Checking permissions of /root/lynis/include/tests_containers 2020-11-22 01:50:35 File permissions are OK 2020-11-22 01:50:36 ==== 2020-11-22 01:50:36 Action: Performing tests from category: Containers 2020-11-22 01:50:36 ==== 2020-11-22 01:50:36 Skipped test CONT-8004 (Query running Solaris zones) 2020-11-22 01:50:36 Reason to skip: Incorrect guest OS (Solaris only) 2020-11-22 01:50:36 ==== 2020-11-22 01:50:36 Performing test ID CONT-8102 (Checking Docker status and information) 2020-11-22 01:50:36 Performing pgrep scan without uid 2020-11-22 01:50:36 IsRunning: process 'dockerd' found (3915 ) 2020-11-22 01:50:36 Result: found Docker daemon running 2020-11-22 01:50:36 ==== 2020-11-22 01:50:36 Performing test ID CONT-8104 (Checking Docker info for any warnings) 2020-11-22 01:50:36 Test: Check for any warnings 2020-11-22 01:50:36 Result: no warnings found from 'docker info' output 2020-11-22 01:50:36 Hardening: assigned maximum number of hardening points for this item (1). Currently having 209 points (out of 310) 2020-11-22 01:50:36 ==== 2020-11-22 01:50:36 Performing test ID CONT-8106 (Gather basic stats from Docker) 2020-11-22 01:50:36 Test: checking total amount of Docker containers 2020-11-22 01:50:36 Result: docker info shows 1 containers 2020-11-22 01:50:36 Result: docker ps -a shows 1 containers 2020-11-22 01:50:36 Result: 1 containers are currently active 2020-11-22 01:50:36 ==== 2020-11-22 01:50:36 Performing test ID CONT-8107 (Check number of Docker containers) 2020-11-22 01:50:36 Result: found 0 unused containers 2020-11-22 01:50:36 Hardening: assigned maximum number of hardening points for this item (1). Currently having 210 points (out of 311) 2020-11-22 01:50:36 ==== 2020-11-22 01:50:36 Performing test ID CONT-8108 (Check file permissions for Docker files) 2020-11-22 01:50:36 Test: Check /var/run/docker.sock 2020-11-22 01:50:36 Hardening: assigned maximum number of hardening points for this item (5). Currently having 215 points (out of 316) 2020-11-22 01:50:36 Security check: file is normal 2020-11-22 01:50:36 Checking permissions of /root/lynis/include/tests_mac_frameworks 2020-11-22 01:50:37 File permissions are OK 2020-11-22 01:50:37 ==== 2020-11-22 01:50:37 Action: Performing tests from category: Security frameworks 2020-11-22 01:50:37 ==== 2020-11-22 01:50:37 Performing test ID MACF-6204 (Check AppArmor presence) 2020-11-22 01:50:37 Result: aa-status binary not found, AppArmor not installed 2020-11-22 01:50:37 ==== 2020-11-22 01:50:37 Skipped test MACF-6208 (Check if AppArmor is enabled) 2020-11-22 01:50:37 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:37 ==== 2020-11-22 01:50:37 Performing test ID MACF-6232 (Check SELINUX presence) 2020-11-22 01:50:37 Test: checking if we have sestatus binary 2020-11-22 01:50:37 Result: found sestatus binary (/usr/sbin/sestatus) 2020-11-22 01:50:37 ==== 2020-11-22 01:50:37 Performing test ID MACF-6234 (Check SELINUX status) 2020-11-22 01:50:37 Result: SELinux framework is enabled 2020-11-22 01:50:37 Result: current SELinux mode is enforcing 2020-11-22 01:50:37 Result: mode configured in config file is enforcing 2020-11-22 01:50:37 Result: Current SELinux mode is the same as in config file. 2020-11-22 01:50:38 Permissive SELinux object types: 2020-11-22 01:50:38 Unconfined processes: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 4345 sshd: root@pts/1 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 4349 -bash unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 4366 /usr/libexec/openssh/sftp-server unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 4385 bash -c cd lynis && sudo ./lynis audit system --quick unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 4392 sudo ./lynis audit system --quick unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 4394 /bin/sh ./lynis audit system --quick unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 34837 /bin/sh ./lynis audit system --quick unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 34838 /usr/bin/ps -eo label,pid,command unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 34839 /usr/bin/grep [u]nconfined_t unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 34840 /usr/bin/tr \n 2020-11-22 01:50:38 Processes with initrc_t type: 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Performing test ID MACF-6240 (Check TOMOYO Linux presence) 2020-11-22 01:50:38 Test: checking if we have tomoyo-init binary 2020-11-22 01:50:38 Result: tomoyo-init binary not found 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Skipped test MACF-6242 (Check TOMOYO Linux status) 2020-11-22 01:50:38 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Performing test ID RBAC-6272 (Check grsecurity presence) 2020-11-22 01:50:38 Result: no grsecurity found in kernel config 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Performing test ID MACF-6290 (Check for implemented MAC framework) 2020-11-22 01:50:38 Hardening: assigned maximum number of hardening points for this item (3). Currently having 218 points (out of 319) 2020-11-22 01:50:38 Result: found implemented MAC framework 2020-11-22 01:50:38 Security check: file is normal 2020-11-22 01:50:38 Checking permissions of /root/lynis/include/tests_file_integrity 2020-11-22 01:50:38 File permissions are OK 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Action: Performing tests from category: Software: file integrity 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Performing test ID FINT-4310 (AFICK availability) 2020-11-22 01:50:38 Test: Checking AFICK binary 2020-11-22 01:50:38 Result: AFICK is not installed 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Performing test ID FINT-4314 (AIDE availability) 2020-11-22 01:50:38 Test: Checking AIDE binary 2020-11-22 01:50:38 Result: AIDE is not installed 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Skipped test FINT-4315 (Check AIDE configuration file) 2020-11-22 01:50:38 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Skipped test FINT-4316 (Presence of AIDE database and size check) 2020-11-22 01:50:38 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Performing test ID FINT-4318 (Osiris availability) 2020-11-22 01:50:38 Test: Checking Osiris binary 2020-11-22 01:50:38 Result: Osiris is not installed 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Performing test ID FINT-4322 (Samhain availability) 2020-11-22 01:50:38 Test: Checking Samhain binary 2020-11-22 01:50:38 Result: Samhain is not installed 2020-11-22 01:50:38 ==== 2020-11-22 01:50:38 Performing test ID FINT-4326 (Tripwire availability) 2020-11-22 01:50:38 Test: Checking Tripwire binary 2020-11-22 01:50:38 Result: Tripwire is not installed 2020-11-22 01:50:38 ==== 2020-11-22 01:50:39 Performing test ID FINT-4328 (OSSEC syscheck daemon running) 2020-11-22 01:50:39 Test: Checking if OSSEC syscheck daemon is running 2020-11-22 01:50:39 Performing pgrep scan without uid 2020-11-22 01:50:39 IsRunning: process 'ossec-syscheckd' not found 2020-11-22 01:50:39 Result: syscheck (OSSEC) is not active 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Performing test ID FINT-4330 (mtree availability) 2020-11-22 01:50:39 Test: Checking mtree binary 2020-11-22 01:50:39 Result: mtree is not installed 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Skipped test FINT-4334 (Check lfd daemon status) 2020-11-22 01:50:39 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Skipped test FINT-4336 (Check lfd configuration status) 2020-11-22 01:50:39 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Performing test ID FINT-4338 (osqueryd syscheck daemon running) 2020-11-22 01:50:39 Test: Checking if osqueryd syscheck daemon is running 2020-11-22 01:50:39 Performing pgrep scan without uid 2020-11-22 01:50:39 IsRunning: process 'osqueryd' not found 2020-11-22 01:50:39 Result: syscheck (osquery) not installed 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Skipped test FINT-4339 (Check IMA/EVM status) 2020-11-22 01:50:39 Reason to skip: No evmctl binary found 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Skipped test FINT-4340 (Check dm-integrity status) 2020-11-22 01:50:39 Reason to skip: No integritysetup binary found 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Skipped test FINT-4341 (Check dm-verity status) 2020-11-22 01:50:39 Reason to skip: No veritysetup binary found 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Skipped test FINT-4402 (AIDE configuration: Checksums (SHA256 or SHA512)) 2020-11-22 01:50:39 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Performing test ID FINT-4350 (File integrity software installed) 2020-11-22 01:50:39 Test: Check if at least on file integrity tool is available/installed 2020-11-22 01:50:39 Result: No file integrity tools found 2020-11-22 01:50:39 Suggestion: Install a file integrity tool to monitor changes to critical and sensitive files [test:FINT-4350] [details:-] [solution:-] 2020-11-22 01:50:39 Hardening: assigned partial number of hardening points (0 of 5). Currently having 218 points (out of 324) 2020-11-22 01:50:39 Security check: file is normal 2020-11-22 01:50:39 Checking permissions of /root/lynis/include/tests_tooling 2020-11-22 01:50:39 File permissions are OK 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Action: Performing tests from category: Software: System tooling 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Performing test ID TOOL-5002 (Checking for automation tools) 2020-11-22 01:50:39 Test: checking if directory /root/.ansible exists 2020-11-22 01:50:39 Result: directory /root/.ansible NOT found 2020-11-22 01:50:39 Test: checking if directory /etc/ansible exists 2020-11-22 01:50:39 Result: directory /etc/ansible NOT found 2020-11-22 01:50:39 Test: checking if directory /root/.ansible exists 2020-11-22 01:50:39 Result: directory /root/.ansible NOT found 2020-11-22 01:50:39 Test: checking if directory /tmp/.ansible exists 2020-11-22 01:50:39 Result: directory /tmp/.ansible NOT found 2020-11-22 01:50:39 Test: checking if file /var/log/ansible.log exists 2020-11-22 01:50:39 Result: file /var/log/ansible.log NOT found 2020-11-22 01:50:39 Test: checking if file ~/.ansible-retry exists 2020-11-22 01:50:39 Result: file ~/.ansible-retry NOT found 2020-11-22 01:50:39 Performing pgrep scan without uid 2020-11-22 01:50:39 IsRunning: process 'puppet master' not found 2020-11-22 01:50:39 Suggestion: Determine if automation tools are present for system management [test:TOOL-5002] [details:-] [solution:-] 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Performing test ID TOOL-5102 (Check for presence of Fail2ban) 2020-11-22 01:50:39 Result: Fail2ban not present (fail2ban-server not found) 2020-11-22 01:50:39 Checking Fail2ban configuration file 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Skipped test TOOL-5104 (Enabled tests in Fail2ban) 2020-11-22 01:50:39 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Performing test ID TOOL-5120 (Check for presence of Snort) 2020-11-22 01:50:39 Performing pgrep scan without uid 2020-11-22 01:50:39 IsRunning: process 'snort' not found 2020-11-22 01:50:39 Result: Snort not present (Snort not running) 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Performing test ID TOOL-5122 (Check Snort configuration file) 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Performing test ID TOOL-5126 (Check for active OSSEC daemon) 2020-11-22 01:50:39 Performing pgrep scan without uid 2020-11-22 01:50:39 IsRunning: process 'ossec-analysisd' not found 2020-11-22 01:50:39 Result: OSSEC analysis daemon not active 2020-11-22 01:50:39 Performing pgrep scan without uid 2020-11-22 01:50:39 IsRunning: process 'ossec-agentd' not found 2020-11-22 01:50:39 Result: OSSEC agent daemon not active 2020-11-22 01:50:39 ==== 2020-11-22 01:50:39 Performing test ID TOOL-5190 (Check presence of IDS/IPS tool) 2020-11-22 01:50:40 Hardening: assigned partial number of hardening points (0 of 2). Currently having 218 points (out of 326) 2020-11-22 01:50:40 Security check: file is normal 2020-11-22 01:50:40 Checking permissions of /root/lynis/include/tests_malware 2020-11-22 01:50:40 File permissions are OK 2020-11-22 01:50:40 ==== 2020-11-22 01:50:40 Action: Performing tests from category: Software: Malware 2020-11-22 01:50:40 ==== 2020-11-22 01:50:40 Performing test ID MALW-3275 (Check for chkrootkit) 2020-11-22 01:50:40 Test: checking presence chkrootkit 2020-11-22 01:50:40 Result: chkrootkit not found 2020-11-22 01:50:40 ==== 2020-11-22 01:50:40 Performing test ID MALW-3276 (Check for Rootkit Hunter) 2020-11-22 01:50:40 Test: checking presence Rootkit Hunter 2020-11-22 01:50:40 Result: Rootkit Hunter not found 2020-11-22 01:50:40 ==== 2020-11-22 01:50:40 Performing test ID MALW-3278 (Check for LMD) 2020-11-22 01:50:40 Test: checking presence LMD 2020-11-22 01:50:40 Result: LMD not found 2020-11-22 01:50:40 ==== 2020-11-22 01:50:40 Performing test ID MALW-3280 (Check if anti-virus tool is installed) 2020-11-22 01:50:40 Test: checking process com.avast.daemon 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'com.avast.daemon' not found 2020-11-22 01:50:40 Test: checking process Avira daemon 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'avqmd' not found 2020-11-22 01:50:40 Test: checking process epagd 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'bdagentd' not found 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'epagd' not found 2020-11-22 01:50:40 Test: checking process falcon-sensor (CrowdStrike) 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'falcon-sensor' not found 2020-11-22 01:50:40 Test: checking process CylanceSvc 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'CylanceSvc' not found 2020-11-22 01:50:40 Test: checking process esets_daemon 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'esets_daemon' not found 2020-11-22 01:50:40 Test: checking process wdserver or klnagent (Kaspersky) 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'klnagent' not found 2020-11-22 01:50:40 Test: checking process cma or cmdagent (McAfee) 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'cmdagent' not found 2020-11-22 01:50:40 Test: checking process savscand 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'savscand' not found 2020-11-22 01:50:40 Test: checking process SophosScanD 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'SophosScanD' not found 2020-11-22 01:50:40 Test: checking process rtvscand 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'rtvscand' not found 2020-11-22 01:50:40 Test: checking process Symantec management client service 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'smcd' not found 2020-11-22 01:50:40 Test: checking process Symantec Endpoint Protection configuration service 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'symcfgd' not found 2020-11-22 01:50:40 Test: checking process TmccMac to test for Trend Micro anti-virus (macOS) 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'TmccMac' not found 2020-11-22 01:50:40 Result: no commercial anti-virus tools found 2020-11-22 01:50:40 Hardening: assigned partial number of hardening points (0 of 3). Currently having 218 points (out of 329) 2020-11-22 01:50:40 ==== 2020-11-22 01:50:40 Performing test ID MALW-3282 (Check for clamscan) 2020-11-22 01:50:40 Test: checking presence clamscan 2020-11-22 01:50:40 Result: clamscan couldn't be found 2020-11-22 01:50:40 ==== 2020-11-22 01:50:40 Performing test ID MALW-3284 (Check for clamd) 2020-11-22 01:50:40 Test: checking running ClamAV daemon (clamd) 2020-11-22 01:50:40 Performing pgrep scan without uid 2020-11-22 01:50:40 IsRunning: process 'clamd' not found 2020-11-22 01:50:40 Result: clamd not running 2020-11-22 01:50:40 ==== 2020-11-22 01:50:40 Skipped test MALW-3286 (Check for freshclam) 2020-11-22 01:50:41 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:41 ==== 2020-11-22 01:50:41 Skipped test MALW-3288 (Check for ClamXav) 2020-11-22 01:50:41 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-11-22 01:50:41 Security check: file is normal 2020-11-22 01:50:41 Checking permissions of /root/lynis/include/tests_file_permissions 2020-11-22 01:50:41 File permissions are OK 2020-11-22 01:50:41 ==== 2020-11-22 01:50:41 Action: Performing tests from category: File Permissions 2020-11-22 01:50:41 ==== 2020-11-22 01:50:41 Performing test ID FILE-7524 (Perform file permissions check) 2020-11-22 01:50:41 Test: Checking file permissions 2020-11-22 01:50:41 Using profile /root/lynis/default.prf for baseline. 2020-11-22 01:50:41 Test: checking file/directory /boot/grub/grub.cfg 2020-11-22 01:50:41 Skipping file/directory /boot/grub/grub.cfg as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /boot/grub2/grub.cfg 2020-11-22 01:50:41 Skipping file/directory /boot/grub2/grub.cfg as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /boot/grub2/user.cfg 2020-11-22 01:50:41 Skipping file/directory /boot/grub2/user.cfg as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /etc/at.allow 2020-11-22 01:50:41 Skipping file/directory /etc/at.allow as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /etc/at.deny 2020-11-22 01:50:41 Skipping file/directory /etc/at.deny as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /etc/cron.allow 2020-11-22 01:50:41 Skipping file/directory /etc/cron.allow as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /etc/cron.deny 2020-11-22 01:50:41 Test: checking if file /etc/cron.deny has the permissions set to 600 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (600) 2020-11-22 01:50:41 Test: checking file/directory /etc/crontab 2020-11-22 01:50:41 Test: checking if file /etc/crontab has the permissions set to 600 or more restrictive 2020-11-22 01:50:41 Outcome: permissions of file /etc/crontab are not matching expected value (644 != rw-------) 2020-11-22 01:50:41 Test: checking file/directory /etc/group 2020-11-22 01:50:41 Test: checking if file /etc/group has the permissions set to 644 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (644) 2020-11-22 01:50:41 Test: checking file/directory /etc/group- 2020-11-22 01:50:41 Test: checking if file /etc/group- has the permissions set to 644 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (644) 2020-11-22 01:50:41 Test: checking file/directory /etc/hosts.allow 2020-11-22 01:50:41 Test: checking if file /etc/hosts.allow has the permissions set to 644 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (644) 2020-11-22 01:50:41 Test: checking file/directory /etc/hosts.deny 2020-11-22 01:50:41 Test: checking if file /etc/hosts.deny has the permissions set to 644 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (644) 2020-11-22 01:50:41 Test: checking file/directory /etc/issue 2020-11-22 01:50:41 Test: checking if file /etc/issue has the permissions set to 644 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (644) 2020-11-22 01:50:41 Test: checking file/directory /etc/issue.net 2020-11-22 01:50:41 Test: checking if file /etc/issue.net has the permissions set to 644 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (644) 2020-11-22 01:50:41 Test: checking file/directory /etc/lilo.conf 2020-11-22 01:50:41 Skipping file/directory /etc/lilo.conf as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /etc/motd 2020-11-22 01:50:41 Test: checking if file /etc/motd has the permissions set to 644 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (644) 2020-11-22 01:50:41 Test: checking file/directory /etc/passwd 2020-11-22 01:50:41 Test: checking if file /etc/passwd has the permissions set to 644 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (644) 2020-11-22 01:50:41 Test: checking file/directory /etc/passwd- 2020-11-22 01:50:41 Test: checking if file /etc/passwd- has the permissions set to 644 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (644) 2020-11-22 01:50:41 Test: checking file/directory /etc/ssh/sshd_config 2020-11-22 01:50:41 Test: checking if file /etc/ssh/sshd_config has the permissions set to 600 or more restrictive 2020-11-22 01:50:41 Outcome: correct permissions (600) 2020-11-22 01:50:41 Test: checking file/directory /etc/hosts.equiv 2020-11-22 01:50:41 Skipping file/directory /etc/hosts.equiv as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /etc/shosts.equiv 2020-11-22 01:50:41 Skipping file/directory /etc/shosts.equiv as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /root/.rhosts 2020-11-22 01:50:41 Skipping file/directory /root/.rhosts as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /root/.rlogin 2020-11-22 01:50:41 Skipping file/directory /root/.rlogin as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /root/.shosts 2020-11-22 01:50:41 Skipping file/directory /root/.shosts as it does not exist on this system 2020-11-22 01:50:41 Test: checking file/directory /root/.ssh 2020-11-22 01:50:41 Test: checking if file /root/.ssh has the permissions set to 700 or more restrictive 2020-11-22 01:50:41 Outcome: permissions of file /root/.ssh are not matching expected value (755 != rwx------) 2020-11-22 01:50:41 Test: checking file/directory /etc/cron.d 2020-11-22 01:50:42 Test: checking if file /etc/cron.d has the permissions set to 700 or more restrictive 2020-11-22 01:50:42 Outcome: permissions of file /etc/cron.d are not matching expected value (755 != rwx------) 2020-11-22 01:50:42 Test: checking file/directory /etc/cron.daily 2020-11-22 01:50:42 Test: checking if file /etc/cron.daily has the permissions set to 700 or more restrictive 2020-11-22 01:50:42 Outcome: permissions of file /etc/cron.daily are not matching expected value (755 != rwx------) 2020-11-22 01:50:42 Test: checking file/directory /etc/cron.hourly 2020-11-22 01:50:42 Test: checking if file /etc/cron.hourly has the permissions set to 700 or more restrictive 2020-11-22 01:50:42 Outcome: permissions of file /etc/cron.hourly are not matching expected value (755 != rwx------) 2020-11-22 01:50:42 Test: checking file/directory /etc/cron.weekly 2020-11-22 01:50:42 Test: checking if file /etc/cron.weekly has the permissions set to 700 or more restrictive 2020-11-22 01:50:42 Outcome: permissions of file /etc/cron.weekly are not matching expected value (755 != rwx------) 2020-11-22 01:50:42 Test: checking file/directory /etc/cron.monthly 2020-11-22 01:50:42 Test: checking if file /etc/cron.monthly has the permissions set to 700 or more restrictive 2020-11-22 01:50:42 Outcome: permissions of file /etc/cron.monthly are not matching expected value (755 != rwx------) 2020-11-22 01:50:42 Suggestion: Consider restricting file permissions [test:FILE-7524] [details:See screen output or log file] [solution:text:Use chmod to change file permissions] 2020-11-22 01:50:42 Security check: file is normal 2020-11-22 01:50:42 Checking permissions of /root/lynis/include/tests_homedirs 2020-11-22 01:50:42 File permissions are OK 2020-11-22 01:50:42 ==== 2020-11-22 01:50:42 Action: Performing tests from category: Home directories 2020-11-22 01:50:42 ==== 2020-11-22 01:50:42 Performing test ID HOME-9302 (Create list with home directories) 2020-11-22 01:50:42 Test: query /etc/passwd to obtain home directories 2020-11-22 01:50:42 Result: found home directory: / (directory exists) 2020-11-22 01:50:42 Result: found home directory: /bin (directory exists) 2020-11-22 01:50:42 Result: found home directory: /root (directory exists) 2020-11-22 01:50:42 Result: found home directory: /sbin (directory exists) 2020-11-22 01:50:42 Result: found home directory: /usr/games (directory exists) 2020-11-22 01:50:42 Result: found home directory: /var/adm (directory exists) 2020-11-22 01:50:42 Result: found home directory: /var/empty/sshd (directory exists) 2020-11-22 01:50:42 Result: found home directory: /var/ftp (directory does not exist) 2020-11-22 01:50:42 Result: found home directory: /var/lib/chrony (directory exists) 2020-11-22 01:50:42 Result: found home directory: /var/spool/lpd (directory exists) 2020-11-22 01:50:42 Result: found home directory: /var/spool/mail (directory exists) 2020-11-22 01:50:42 Result: found home directory: /var/spool/postfix (directory exists) 2020-11-22 01:50:42 ==== 2020-11-22 01:50:42 Performing test ID HOME-9304 (Check if users' home directories permissions are 750 or more restrictive) 2020-11-22 01:50:42 Test: checking directory '' for user '' 2020-11-22 01:50:42 Result: OK, all permissions of the home directories are 750 or more restrictive 2020-11-22 01:50:42 ==== 2020-11-22 01:50:42 Performing test ID HOME-9306 (Check if users own their home directories) 2020-11-22 01:50:42 Test: checking directory '' for user '' 2020-11-22 01:50:42 Result: OK, all users own their home directories 2020-11-22 01:50:42 ==== 2020-11-22 01:50:42 Performing test ID HOME-9310 (Checking for suspicious shell history files) 2020-11-22 01:50:42 Result: Ok, history files are type 'file'. 2020-11-22 01:50:42 Remark: History files are normally of the type 'file'. Symbolic links and other types are suspicious. 2020-11-22 01:50:42 ==== 2020-11-22 01:50:42 Performing test ID HOME-9350 (Collecting information from home directories) 2020-11-22 01:50:42 Result: IGNORE_HOME_DIRS empty, no paths excluded 2020-11-22 01:50:42 Security check: file is normal 2020-11-22 01:50:42 Checking permissions of /root/lynis/include/tests_kernel_hardening 2020-11-22 01:50:42 File permissions are OK 2020-11-22 01:50:42 ==== 2020-11-22 01:50:42 Action: Performing tests from category: Kernel Hardening 2020-11-22 01:50:42 ==== 2020-11-22 01:50:42 Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) 2020-11-22 01:50:43 Result: sysctl key fs.protected_hardlinks contains equal expected and current value (1) 2020-11-22 01:50:43 Hardening: assigned maximum number of hardening points for this item (1). Currently having 219 points (out of 330) 2020-11-22 01:50:43 Result: sysctl key fs.protected_symlinks contains equal expected and current value (1) 2020-11-22 01:50:43 Hardening: assigned maximum number of hardening points for this item (1). Currently having 220 points (out of 331) 2020-11-22 01:50:43 Result: sysctl key fs.suid_dumpable contains equal expected and current value (0) 2020-11-22 01:50:43 Hardening: assigned maximum number of hardening points for this item (1). Currently having 221 points (out of 332) 2020-11-22 01:50:43 Result: key hw.kbd.keymap_restrict_change does not exist on this machine 2020-11-22 01:50:43 Result: key kern.sugid_coredump does not exist on this machine 2020-11-22 01:50:43 Result: key kernel.core_setuid_ok does not exist on this machine 2020-11-22 01:50:43 Result: sysctl key kernel.core_uses_pid contains equal expected and current value (1) 2020-11-22 01:50:43 Hardening: assigned maximum number of hardening points for this item (1). Currently having 222 points (out of 333) 2020-11-22 01:50:43 Result: sysctl key kernel.ctrl-alt-del contains equal expected and current value (0) 2020-11-22 01:50:43 Hardening: assigned maximum number of hardening points for this item (1). Currently having 223 points (out of 334) 2020-11-22 01:50:43 Result: sysctl key kernel.dmesg_restrict has a different value than expected in scan profile. Expected=1, Real=0 2020-11-22 01:50:43 Hardening: assigned partial number of hardening points (0 of 1). Currently having 223 points (out of 335) 2020-11-22 01:50:43 Result: key kernel.exec-shield-randomize does not exist on this machine 2020-11-22 01:50:44 Result: key kernel.exec-shield does not exist on this machine 2020-11-22 01:50:44 Result: sysctl key kernel.kptr_restrict has a different value than expected in scan profile. Expected=2, Real=0 2020-11-22 01:50:44 Hardening: assigned partial number of hardening points (0 of 1). Currently having 223 points (out of 336) 2020-11-22 01:50:44 Result: key kernel.maps_protect does not exist on this machine 2020-11-22 01:50:44 Result: sysctl key kernel.randomize_va_space contains equal expected and current value (2) 2020-11-22 01:50:44 Hardening: assigned maximum number of hardening points for this item (1). Currently having 224 points (out of 337) 2020-11-22 01:50:44 Result: key kernel.suid_dumpable does not exist on this machine 2020-11-22 01:50:44 Result: sysctl key kernel.sysrq has a different value than expected in scan profile. Expected=0, Real=16 2020-11-22 01:50:44 Hardening: assigned partial number of hardening points (0 of 1). Currently having 224 points (out of 338) 2020-11-22 01:50:44 Result: key kernel.use-nx does not exist on this machine 2020-11-22 01:50:44 Result: sysctl key kernel.yama.ptrace_scope has a different value than expected in scan profile. Expected=1 2 3, Real=0 2020-11-22 01:50:44 Hardening: assigned partial number of hardening points (0 of 1). Currently having 224 points (out of 339) 2020-11-22 01:50:44 Result: key net.inet.icmp.bmcastecho does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.icmp.drop_redirect does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.icmp.rediraccept does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.icmp.timestamp does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.ip.accept_sourceroute does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.ip.check_interface does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.ip.forwarding does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.ip.linklocal.in.allowbadttl does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.ip.process_options does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.ip.random_id does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.ip.redirect does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.ip.sourceroute does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.ip6.redirect does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.tcp.always_keepalive does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.tcp.blackhole does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.tcp.drop_synfin does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.tcp.icmp_may_rst does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.tcp.nolocaltimewait does not exist on this machine 2020-11-22 01:50:44 Result: key net.inet.tcp.path_mtu_discovery does not exist on this machine 2020-11-22 01:50:45 Result: key net.inet.udp.blackhole does not exist on this machine 2020-11-22 01:50:45 Result: key net.inet6.icmp6.rediraccept does not exist on this machine 2020-11-22 01:50:45 Result: key net.inet6.ip6.forwarding does not exist on this machine 2020-11-22 01:50:45 Result: key net.inet6.ip6.fw.enable does not exist on this machine 2020-11-22 01:50:45 Result: key net.inet6.ip6.redirect does not exist on this machine 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.all.accept_redirects contains equal expected and current value (0) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 225 points (out of 340) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.all.accept_source_route contains equal expected and current value (0) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 226 points (out of 341) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.all.bootp_relay contains equal expected and current value (0) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 227 points (out of 342) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.all.forwarding has a different value than expected in scan profile. Expected=0, Real=1 2020-11-22 01:50:45 Hardening: assigned partial number of hardening points (0 of 1). Currently having 227 points (out of 343) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.all.log_martians has a different value than expected in scan profile. Expected=1, Real=0 2020-11-22 01:50:45 Hardening: assigned partial number of hardening points (0 of 1). Currently having 227 points (out of 344) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.all.mc_forwarding contains equal expected and current value (0) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 228 points (out of 345) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.all.proxy_arp contains equal expected and current value (0) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 229 points (out of 346) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.all.rp_filter contains equal expected and current value (1) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 230 points (out of 347) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.all.send_redirects has a different value than expected in scan profile. Expected=0, Real=1 2020-11-22 01:50:45 Hardening: assigned partial number of hardening points (0 of 1). Currently having 230 points (out of 348) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1 2020-11-22 01:50:45 Hardening: assigned partial number of hardening points (0 of 1). Currently having 230 points (out of 349) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 231 points (out of 350) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.conf.default.log_martians has a different value than expected in scan profile. Expected=1, Real=0 2020-11-22 01:50:45 Hardening: assigned partial number of hardening points (0 of 1). Currently having 231 points (out of 351) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.icmp_echo_ignore_broadcasts contains equal expected and current value (1) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 232 points (out of 352) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.icmp_ignore_bogus_error_responses contains equal expected and current value (1) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 233 points (out of 353) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.tcp_syncookies contains equal expected and current value (1) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 234 points (out of 354) 2020-11-22 01:50:45 Result: sysctl key net.ipv4.tcp_timestamps contains equal expected and current value (0 1) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 235 points (out of 355) 2020-11-22 01:50:45 Result: sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1 2020-11-22 01:50:45 Hardening: assigned partial number of hardening points (0 of 1). Currently having 235 points (out of 356) 2020-11-22 01:50:45 Result: sysctl key net.ipv6.conf.all.accept_source_route contains equal expected and current value (0) 2020-11-22 01:50:45 Hardening: assigned maximum number of hardening points for this item (1). Currently having 236 points (out of 357) 2020-11-22 01:50:46 Result: key net.ipv6.conf.all.send_redirects does not exist on this machine 2020-11-22 01:50:46 Result: sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1 2020-11-22 01:50:46 Hardening: assigned partial number of hardening points (0 of 1). Currently having 236 points (out of 358) 2020-11-22 01:50:46 Result: sysctl key net.ipv6.conf.default.accept_source_route contains equal expected and current value (0) 2020-11-22 01:50:46 Hardening: assigned maximum number of hardening points for this item (1). Currently having 237 points (out of 359) 2020-11-22 01:50:46 Result: key security.bsd.hardlink_check_gid does not exist on this machine 2020-11-22 01:50:46 Result: key security.bsd.hardlink_check_uid does not exist on this machine 2020-11-22 01:50:46 Result: key security.bsd.see_other_gids does not exist on this machine 2020-11-22 01:50:46 Result: key security.bsd.see_other_uids does not exist on this machine 2020-11-22 01:50:46 Result: key security.bsd.stack_guard_page does not exist on this machine 2020-11-22 01:50:46 Result: key security.bsd.unprivileged_proc_debug does not exist on this machine 2020-11-22 01:50:46 Result: key security.bsd.unprivileged_read_msgbuf does not exist on this machine 2020-11-22 01:50:46 Result: found 11 keys that can use tuning, according scan profile 2020-11-22 01:50:46 Suggestion: One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000] [details:] [solution:Change sysctl value or disable test (skip-test=KRNL-6000:)] 2020-11-22 01:50:46 Security check: file is normal 2020-11-22 01:50:46 Checking permissions of /root/lynis/include/tests_hardening 2020-11-22 01:50:46 File permissions are OK 2020-11-22 01:50:46 ==== 2020-11-22 01:50:46 Action: Performing tests from category: Hardening 2020-11-22 01:50:46 ==== 2020-11-22 01:50:46 Performing test ID HRDN-7220 (Check if one or more compilers are installed) 2020-11-22 01:50:46 Test: Check if one or more compilers can be found on the system 2020-11-22 01:50:46 Result: found installed compiler. See top of logfile which compilers have been found or use /usr/bin/grep to filter on 'compiler' 2020-11-22 01:50:46 Hardening: assigned partial number of hardening points (1 of 3). Currently having 238 points (out of 362) 2020-11-22 01:50:46 ==== 2020-11-22 01:50:46 Performing test ID HRDN-7222 (Check compiler permissions) 2020-11-22 01:50:46 Test: Check if one or more compilers can be found on the system 2020-11-22 01:50:46 Test: Check file permissions for /usr/bin/as 2020-11-22 01:50:46 Action: checking symlink for file /usr/bin/as 2020-11-22 01:50:46 Result: file /usr/bin/as is not a symlink 2020-11-22 01:50:46 Binary: found /usr/bin/as (world executable) 2020-11-22 01:50:46 Hardening: assigned partial number of hardening points (2 of 3). Currently having 240 points (out of 365) 2020-11-22 01:50:46 Test: Check file permissions for /usr/bin/cc 2020-11-22 01:50:46 Action: checking symlink for file /usr/bin/cc 2020-11-22 01:50:46 Note: Using real readlink binary to determine symlink on /usr/bin/cc 2020-11-22 01:50:46 Result: readlink shows /usr/bin/gcc as output 2020-11-22 01:50:46 Result: symlink found, pointing to file /usr/bin/gcc 2020-11-22 01:50:46 Binary: found /usr/bin/gcc (world executable) 2020-11-22 01:50:46 Hardening: assigned partial number of hardening points (2 of 3). Currently having 242 points (out of 368) 2020-11-22 01:50:46 Test: Check file permissions for /usr/bin/gcc 2020-11-22 01:50:46 Action: checking symlink for file /usr/bin/gcc 2020-11-22 01:50:46 Result: file /usr/bin/gcc is not a symlink 2020-11-22 01:50:46 Binary: found /usr/bin/gcc (world executable) 2020-11-22 01:50:46 Hardening: assigned partial number of hardening points (2 of 3). Currently having 244 points (out of 371) 2020-11-22 01:50:46 Result: at least one compiler could be better hardened by restricting executable access to root or group only 2020-11-22 01:50:46 Suggestion: Harden compilers like restricting access to root user only [test:HRDN-7222] [details:-] [solution:-] 2020-11-22 01:50:46 ==== 2020-11-22 01:50:46 Performing test ID HRDN-7230 (Check for malware scanner) 2020-11-22 01:50:46 Test: Check if a malware scanner is installed 2020-11-22 01:50:46 Result: no malware scanner found 2020-11-22 01:50:46 Suggestion: Harden the system by installing at least one malware scanner, to perform periodic file system scans [test:HRDN-7230] [details:-] [solution:Install a tool like rkhunter, chkrootkit, OSSEC] 2020-11-22 01:50:46 Hardening: assigned partial number of hardening points (1 of 3). Currently having 245 points (out of 374) 2020-11-22 01:50:46 Result: no malware scanner found 2020-11-22 01:50:46 ==== 2020-11-22 01:50:46 Action: Performing tests from category: Custom tests 2020-11-22 01:50:46 Test: Checking for tests_custom file 2020-11-22 01:50:46 ==== 2020-11-22 01:50:46 Action: Performing plugin tests 2020-11-22 01:50:46 Result: Found 2 plugins of which 2 are enabled 2020-11-22 01:50:46 Result: Plugins phase 2 finished 2020-11-22 01:50:46 Checking permissions of /root/lynis/include/report 2020-11-22 01:50:46 File permissions are OK 2020-11-22 01:50:46 Hardening index : [65] [############# ] 2020-11-22 01:50:46 Hardening strength: System has been hardened, but could use additional hardening 2020-11-22 01:50:46 ==== 2020-11-22 01:50:49 Checking permissions of /root/lynis/include/tool_tips 2020-11-22 01:50:49 File permissions are OK 2020-11-22 01:50:49 Tool tips: enabled 2020-11-22 01:50:49 ================================================================================ 2020-11-22 01:50:49 Tests performed: 256 2020-11-22 01:50:49 Total tests: 450 2020-11-22 01:50:49 Active plugins: 2 2020-11-22 01:50:49 Total plugins: 2 2020-11-22 01:50:49 ================================================================================ 2020-11-22 01:50:49 Lynis 3.0.1 2020-11-22 01:50:49 2007-2020, CISOfy - https://cisofy.com/lynis/ 2020-11-22 01:50:49 Enterprise support available (compliance, plugins, interface and tools) 2020-11-22 01:50:49 Program ended successfully 2020-11-22 01:50:49 ================================================================================ 2020-11-22 01:50:49 PID file removed (/var/run/lynis.pid) 2020-11-22 01:50:49 Temporary files: /tmp/lynis.NQWECgIAL7 /tmp/lynis.SU7G6PVjM5 /tmp/lynis.56XKWgDbcg /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:49 Action: removing temporary file /tmp/lynis.NQWECgIAL7 2020-11-22 01:50:49 Info: temporary file /tmp/lynis.SU7G6PVjM5 was already removed 2020-11-22 01:50:49 Info: temporary file /tmp/lynis.56XKWgDbcg was already removed 2020-11-22 01:50:49 Action: removing temporary file /tmp/lynis.oxMAxi3DUR 2020-11-22 01:50:49 Lynis ended successfully.