kylemanna/lynis.txt

## lynis.txt
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
  menu
Suggested packages:
  dnsutils menu-l10n gksu kdebase-bin kdebase-runtime ktsuss sux
The following NEW packages will be installed:
  lynis menu
0 upgraded, 2 newly installed, 0 to remove and 24 not upgraded.
Need to get 550 kB of archives.
After this operation, 2526 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu/ trusty/universe lynis all 1.3.9-1 [95.0 kB]
Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe menu amd64 2.1.46ubuntu1 [455 kB]
Fetched 550 kB in 1s (423 kB/s)
Selecting previously unselected package lynis.
(Reading database ... 11518 files and directories currently installed.)
Preparing to unpack .../archives/lynis_1.3.9-1_all.deb ...
Unpacking lynis (1.3.9-1) ...
Selecting previously unselected package menu.
Preparing to unpack .../menu_2.1.46ubuntu1_amd64.deb ...
Unpacking menu (2.1.46ubuntu1) ...
Processing triggers for mime-support (3.54ubuntu1) ...
Setting up lynis (1.3.9-1) ...
Checking for unneeded old plugin files in /etc/lynis/plugins
Setting up menu (2.1.46ubuntu1) ...
Processing triggers for menu (2.1.46ubuntu1) ...

[ Lynis 1.3.9 ]

################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.

 Copyright 2007-2014 - Michael Boelen, http://cisofy.com
 Enterprise support and plugins available via CISOfy - http://cisofy.com
################################################################################

[+] Initializing program
------------------------------------
[2C- Detecting OS... [41C [ DONE ]
[2C- Clearing log file (/var/log/lynis.log)... [15C [ DONE ]

  ---------------------------------------------------
  Program version:           1.3.9
  Operating system:          Linux
  Operating system name:     Ubuntu
  Operating system version:  14.04
  Kernel version:            3.16.1-1-ARCH
  Hardware platform:         x86_64
  Hostname:                  10984a62183f
  Auditor:                   [Unknown]
  Profile:                   /etc/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  ---------------------------------------------------
[2C- Checking profile file (/etc/lynis/default.prf)...[8C
[2C- Program update status... [32C [ SKIPPED ]

[+] System Tools
------------------------------------
[2C- Scanning available tools...[30C
[2C- Checking system binaries...[30C
[4C- Checking /bin... [38C [ FOUND ]
[4C- Checking /sbin... [37C [ FOUND ]
[4C- Checking /usr/bin... [34C [ FOUND ]
-i used with no filenames on the command line, reading from STDIN.
[4C- Checking /usr/sbin... [33C [ FOUND ]
[4C- Checking /usr/local/bin... [28C [ FOUND ]
[4C- Checking /usr/local/sbin... [27C [ FOUND ]
[4C- Checking /usr/local/libexec... [24C [ NOT FOUND ]
[4C- Checking /usr/libexec... [30C [ NOT FOUND ]
[4C- Checking /usr/sfw/bin... [30C [ NOT FOUND ]
[4C- Checking /usr/sfw/sbin... [29C [ NOT FOUND ]
[4C- Checking /usr/sfw/libexec... [26C [ NOT FOUND ]
[4C- Checking /opt/sfw/bin... [30C [ NOT FOUND ]
[4C- Checking /opt/sfw/sbin... [29C [ NOT FOUND ]
[4C- Checking /opt/sfw/libexec... [26C [ NOT FOUND ]
[4C- Checking /usr/xpg4/bin... [29C [ NOT FOUND ]
[4C- Checking /usr/css/bin... [30C [ NOT FOUND ]
[4C- Checking /usr/ucb... [34C [ NOT FOUND ]
[4C- Checking /usr/X11R6/bin... [28C [ NOT FOUND ]

[+] Boot and services
------------------------------------
[2C- Checking boot loaders[36C
[4C- Checking presence GRUB... [29C [ NOT FOUND ]
[4C- Checking presence LILO... [29C [ NOT FOUND ]
[4C- Checking boot loader SILO[30C [ NOT FOUND ]
[4C- Checking boot loader YABOOT[28C [ NOT FOUND ]
[2C- Check startup files (permissions)... [20C [ OK ]

[+] Kernel
------------------------------------
[2C- Checking default run level...[28C [ UNKNOWN ]
[2C- Checking CPU support (NX/PAE)[28C
[4CCPU support: PAE and/or NoeXecute supported[14C [ FOUND ]
[2C- Checking kernel version and release[22C [ DONE ]
[2C- Checking kernel type[37C [ DONE ]
[2C- Checking loaded kernel modules[27C [ DONE ]
[6CFound 178 active modules[31C
[2C- Checking Linux kernel configuration file...[14C [ NOT FOUND ]
dpkg-query: no path found matching pattern /vmlinuz
[2C- Checking for available kernel update... [17C [ UNKNOWN ]
[2C- Checking core dumps configuration... [20C [ DISABLED ]
[4C- Checking setuid core dumps configuration... [11C [ DEFAULT ]

[+] Memory and processes
------------------------------------
[2C- Checking /proc/meminfo... [31C [ FOUND ]
[2C- Searching for dead/zombie processes...[19C [ OK ]
[2C- Searching for IO waiting processes...[20C [ OK ]

[+] Users, Groups and Authentication
------------------------------------
[2C- Search administrator accounts...[25C [ OK ]
[2C- Checking consistency of group files (grpck)...[11C [ OK ]
[2C- Checking non unique group ID's...[24C [ OK ]
[2C- Checking non unique group names...[23C [ OK ]
[2C- Checking password file consistency...[20C [ OK ]
[2C- Query system users (non daemons)...[22C [ DONE ]
[2C- Checking NIS+ authentication support[21C [ NOT ENABLED ]
[2C- Checking NIS authentication support[22C [ NOT ENABLED ]
[2C- Checking sudoers file[36C [ FOUND ]
[4C- Check sudoers file permissions[25C [ OK ]
[2C- Checking PAM password strength tools[21C [ SUGGESTION ]
[2C- Checking PAM configuration files (pam.conf)[14C [ FOUND ]
[2C- Checking PAM configuration files (pam.d)[17C [ FOUND ]
[2C- Checking PAM modules[37C [ FOUND ]
[2C- Checking LDAP module in PAM[30C [ NOT FOUND ]
[2C- Checking accounts without expire date[20C [ OK ]
[2C- Checking accounts without password[23C [ OK ]
[2C- Checking user password aging[29C [ DISABLED ]
[2C- Determining default umask[32C
[4C- Checking umask (/etc/profile)[26C [ UNKNOWN ]
[4C- Checking umask (/etc/login.defs)[23C [ SUGGESTION ]
[4C- Checking umask (/etc/init.d/rc)[24C [ SUGGESTION ]
[2C- Checking LDAP authentication support[21C [ NOT ENABLED ]

[+] Shells
------------------------------------
[2C- Checking shells from /etc/shells...[22C
[4CResult: found 4 shells (valid shells: 4).[16C

[+] File systems
------------------------------------
[2C- Checking mount points[36C
[4C- Checking /home mount point...[26C [ SUGGESTION ]
[4C- Checking /tmp mount point...[27C [ SUGGESTION ]
[2C- Checking for old files in /tmp...[24C [ OK ]
[2C- Checking /tmp sticky bit...[30C [ OK ]
tune2fs: No such file or directory while trying to open /dev/sda4
Couldn't find valid filesystem superblock.
[2C- ACL support root file system...[26C [ DISABLED ]
[2C- Checking Locate database...[30C [ NOT FOUND ]

[+] Storage
------------------------------------
[2C- Checking usb-storage driver (modprobe config)...[9C [ NOT DISABLED ]
[2C- Checking firewire ohci driver (modprobe config)...[7C [ DISABLED ]

[+] NFS
------------------------------------
[2C- Check running NFS daemon...[30C [ NOT FOUND ]

[+] Software: name services
------------------------------------
[2C- Checking default DNS search domain...[20C [ NONE ]
[2C- Checking search domains...[31C [ FOUND ]
[2C- Checking /etc/resolv.conf options...[21C [ NONE ]
[2C- Searching DNS domain name...[29C [ UNKNOWN ]
[2C- Checking nscd status...[34C [ NOT FOUND ]
[2C- Checking BIND status...[34C [ NOT FOUND ]
[2C- Checking PowerDNS status...[30C [ NOT FOUND ]
[2C- Checking ypbind status...[32C [ NOT FOUND ]
[2C- Checking /etc/hosts[38C
[4C- Checking /etc/hosts (duplicates)[23C [ OK ]
[4C- Checking /etc/hosts (hostname)[25C [ OK ]
[4C- Checking /etc/hosts (localhost)[24C [ OK ]

[+] Ports and packages
------------------------------------
[2C- Searching package managers...[28C
[4C- Searching dpkg package manager...[22C [ FOUND ]
[6C- Querying package manager...[26C
[4C- Query unpurged packages...[29C [ NONE ]
[2C- Checking security repository in sources.list file... [4C [ OK ]
[2C- Checking APT package database...[25C [ OK ]
[2C- Checking vulnerable packages (apt-get only)...[11C [ DONE ]
[2C- Checking upgradeable packages...[25C [ SKIPPED ]
[2C- Checking package audit tool...[27C [ NONE ]

[+] Networking
------------------------------------
[2C- Checking configured nameservers...[23C
[4C- Testing nameservers...[33C
[6CNameserver: 172.17.42.1... [28C [ SKIPPED ]
[4C- Minimal of 2 responsive nameservers...[17C [ SKIPPED ]
[2C- Checking default gateway...[30C [ DONE ]
[2C- Getting listening ports (TCP/UDP)...[21C [ SKIPPED ]
[2C- Checking promiscuous interfaces...[23C [ OK ]
[2C- Checking waiting connections...[26C [ OK ]
[2C- Checking status DHCP client...[27C [ NOT ACTIVE ]

[+] Printers and Spools
------------------------------------
[2C- Checking cups daemon...[34C [ NOT FOUND ]

[+] Software: e-mail and messaging
------------------------------------
[2C- Checking Exim status...[34C [ NOT FOUND ]
[2C- Checking Postfix status...[31C [ NOT FOUND ]
[2C- Checking Qmail smtpd status...[27C [ NOT FOUND ]

[+] Software: firewalls
------------------------------------
[2C- Checking iptables kernel module[26C [ FOUND ]
[4CStatus pf[48C [ NOT FOUND ]
[2C- Checking host based firewall[29C [ ACTIVE ]

[+] Software: webserver
------------------------------------
[2C- Checking Apache...[39C [ NOT FOUND ]
[2C- Checking nginx...[40C [ NOT FOUND ]

[+] SSH Support
------------------------------------
[2C- Checking running SSH daemon...[27C [ NOT FOUND ]

[+] SNMP Support
------------------------------------
[2C- Checking running SNMP daemon...[26C [ NOT FOUND ]

[+] Databases
------------------------------------
[2C- MySQL process status...[34C [ NOT FOUND ]
[2C- PostgreSQL processes status...[27C [ NOT FOUND ]
[2C- Oracle processes status...[31C [ NOT FOUND ]

[+] LDAP Services
------------------------------------
[2C- Checking OpenLDAP instance...[28C [ NOT FOUND ]

[+] Software: PHP
------------------------------------
[2C- Checking PHP...[42C [ NOT FOUND ]

[+] Squid Support
------------------------------------
[2C- Checking running Squid daemon...[25C [ NOT FOUND ]

[+] Logging and files
------------------------------------
[2C- Checking for a running log daemon...[21C [ WARNING ]
[4C- Checking Syslog-NG status[30C [ NOT FOUND ]
[4C- Checking Metalog status[32C [ NOT FOUND ]
[4C- Checking RSyslog status[32C [ NOT FOUND ]
[4C- Checking RFC 3195 daemon status[24C [ NOT FOUND ]
[4C- Checking klogd[41C [ OK ]
[4C- Checking minilogd instances[28C [ NONE ]
[2C- Checking logrotate presence[30C [ OK ]
[2C- Checking log directories (static list)[19C [ DONE ]
[2C- Checking open log files[34C [ SKIPPED ]

[+] Insecure services
------------------------------------
[2C- Checking inetd status...[33C [ NOT ACTIVE ]

[+] Banners and identification
------------------------------------
[2C- /etc/motd...[45C [ NOT FOUND ]
[2C- /etc/issue...[44C [ FOUND ]
[4C- /etc/issue contents...[33C [ WEAK ]
[2C- /etc/issue.net...[40C [ FOUND ]
[4C- /etc/issue.net contents...[29C [ WEAK ]

[+] Scheduled tasks
------------------------------------
[2C- Checking crontab/cronjob[33C [ DONE ]
[2C- Checking atd status[38C [ NOT RUNNING ]

[+] Accounting
------------------------------------
[2C- Checking accounting information... [22C [ NOT FOUND ]
[2C- Checking auditd[42C [ NOT FOUND ]

[+] Time and Synchronization
------------------------------------
[2C- Checking running NTP daemon (ntpd)...[20C [ NOT FOUND ]
[2C- Checking running NTP daemon (timed)...[19C [ NOT FOUND ]
[2C- Checking running NTP daemon (dntpd)...[19C [ NOT FOUND ]
[2C- Checking NTP client in crontab file (/etc/crontab)...[4C [ NOT FOUND ]
[2C- Checking NTP client in cron.d files...[19C [ NOT FOUND ]
[2C- Checking event based ntpdate (if-up)...[18C [ FOUND ]
[2C- Checking for a running NTP daemon or client...[11C [ OK ]

[+] Cryptography
------------------------------------

[+] Virtualization
------------------------------------

[+] Security frameworks
------------------------------------
[2C- Checking presence AppArmor[31C [ NOT FOUND ]
[2C- Checking presence SELinux[32C [ NOT FOUND ]
[2C- Checking presence grsecurity[29C [ NOT FOUND ]
[2C- Checking for implemented MAC framework[19C [ NONE ]

[+] Software: file integrity
------------------------------------
[2C- Checking file integrity tools...[25C
[4C- AFICK...[47C [ NOT FOUND ]
[4C- AIDE...[48C [ NOT FOUND ]
[4C- Osiris...[46C [ NOT FOUND ]
[4C- Samhain...[45C [ NOT FOUND ]
[4C- Tripwire...[44C [ NOT FOUND ]
[4C- OSSEC (syscheck)...[36C [ NOT FOUND ]
[2C- Checking presence integrity tool...[22C [ NOT FOUND ]

[+] Software: Malware scanners
------------------------------------
[2C- Checking chkrootkit...[35C [ NOT FOUND ]
[2C- Checking Rootkit Hunter...[31C [ NOT FOUND ]
[2C- Checking ClamAV scanner...[31C [ NOT FOUND ]
[2C- Checking ClamAV daemon...[32C [ NOT FOUND ]

[+] System Tools
------------------------------------
[2C- Starting file permissions check...[23C
[4C/etc/lilo.conf[43C [ NOT FOUND ]
[4C/root/.ssh[47C [ NOT FOUND ]

[+] Home directories
------------------------------------
[2C- Checking shell history files... [25C [ OK ]

[+] Kernel Hardening
------------------------------------
[2C- Comparing sysctl key pairs with scan profile...[10C
[4C- kernel.core_uses_pid (exp: 1)[26C [ OK ]
[4C- kernel.ctrl-alt-del (exp: 0)[27C [ OK ]
[4C- kernel.sysrq (exp: 0)[34C [ DIFFERENT ]
[4C- net.ipv4.conf.all.accept_redirects (exp: 0)[12C [ OK ]
[4C- net.ipv4.conf.all.accept_source_route (exp: 0)[9C [ OK ]
[4C- net.ipv4.conf.all.bootp_relay (exp: 0)[17C [ OK ]
[4C- net.ipv4.conf.all.forwarding (exp: 0)[18C [ DIFFERENT ]
[4C- net.ipv4.conf.all.log_martians (exp: 1)[16C [ DIFFERENT ]
[4C- net.ipv4.conf.all.mc_forwarding (exp: 0)[15C [ OK ]
[4C- net.ipv4.conf.all.proxy_arp (exp: 0)[19C [ OK ]
[4C- net.ipv4.conf.all.rp_filter (exp: 1)[19C [ DIFFERENT ]
[4C- net.ipv4.conf.all.send_redirects (exp: 0)[14C [ DIFFERENT ]
[4C- net.ipv4.conf.default.accept_redirects (exp: 0)[8C [ DIFFERENT ]
[4C- net.ipv4.conf.default.accept_source_route (exp: 0)[5C [ OK ]
[4C- net.ipv4.conf.default.log_martians (exp: 1)[12C [ DIFFERENT ]
[4C- net.ipv4.icmp_echo_ignore_broadcasts (exp: 1)[10C [ OK ]
[4C- net.ipv4.icmp_ignore_bogus_error_responses (exp: 1)[4C [ OK ]
[4C- net.ipv6.conf.all.accept_redirects (exp: 0)[12C [ DIFFERENT ]
[4C- net.ipv6.conf.all.accept_source_route (exp: 0)[9C [ OK ]
[4C- net.ipv6.conf.default.accept_redirects (exp: 0)[8C [ DIFFERENT ]
[4C- net.ipv6.conf.default.accept_source_route (exp: 0)[5C [ OK ]

[+] Hardening
------------------------------------
[4C- Installed compiler(s)...[31C [ NOT FOUND ]
[4C- Installed malware scanner...[27C [ NOT FOUND ]

[+] Custom Tests
------------------------------------
[2C- Running custom tests... [33C [ SKIPPED ]

================================================================================

  -[ Lynis 1.3.9 Results ]-

  Tests performed: 144

  Warnings:
  ----------------------------
  - No syslog daemon found [test:LOGG-2130]
  - klogd is not running, which could lead to missing kernel messages in log files [test:LOGG-2138]

  Suggestions:
  ----------------------------
  - Please check the output of apt-cache policy manually to determine why output is empty [test:KRNL-5788]
  - Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [test:AUTH-9262]
  - Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
  - Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328]
  - Default umask in /etc/init.d/rc could be more strict like 027 [test:AUTH-9328]
  - To decrease the impact of a full /home file system, place /home on a separated partition [test:FILE-6310]
  - To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
  - The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [test:FILE-6410]
  - Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
  - Install package apt-show-versions for patch management purposes [test:PKGS-7394]
  - Install a package audit tool to determine vulnerable packages [test:PKGS-7398]
  - Check if any syslog daemon is running and correctly configured. [test:LOGG-2130]
  - Check why klogd is not running [test:LOGG-2138]
  - Add a legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126]
  - Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130]
  - Enable auditd to collect audit information [test:ACCT-9628]
  - Install a file integrity tool [test:FINT-4350]
  - One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000]
  - Harden the system by installing one or malware scanners to perform periodic file system scans [test:HRDN-7230]
================================================================================
  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat
================================================================================
  Hardening index : [57]     [###########         ]

  Enterprise support and plugins available via CISOfy - http://cisofy.com
================================================================================
  Tip: Disable all tests which are not relevant or are too strict for the
       purpose of this particular machine. This will remove unwanted suggestions
       and also boost the hardening index. Each test should be properly analyzed
       to see if the related risks can be accepted, before disabling the test.
================================================================================
  Lynis 1.3.9
  Copyright 2007-2014 - Michael Boelen, http://cisofy.com
================================================================================
	Reading package lists...
	Building dependency tree...
	Reading state information...
	The following extra packages will be installed:
	menu
	Suggested packages:
	dnsutils menu-l10n gksu kdebase-bin kdebase-runtime ktsuss sux
	The following NEW packages will be installed:
	lynis menu
	0 upgraded, 2 newly installed, 0 to remove and 24 not upgraded.
	Need to get 550 kB of archives.
	After this operation, 2526 kB of additional disk space will be used.
	Get:1 http://archive.ubuntu.com/ubuntu/ trusty/universe lynis all 1.3.9-1 [95.0 kB]
	Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe menu amd64 2.1.46ubuntu1 [455 kB]
	Fetched 550 kB in 1s (423 kB/s)
	Selecting previously unselected package lynis.
	(Reading database ... 11518 files and directories currently installed.)
	Preparing to unpack .../archives/lynis_1.3.9-1_all.deb ...
	Unpacking lynis (1.3.9-1) ...
	Selecting previously unselected package menu.
	Preparing to unpack .../menu_2.1.46ubuntu1_amd64.deb ...
	Unpacking menu (2.1.46ubuntu1) ...
	Processing triggers for mime-support (3.54ubuntu1) ...
	Setting up lynis (1.3.9-1) ...
	Checking for unneeded old plugin files in /etc/lynis/plugins
	Setting up menu (2.1.46ubuntu1) ...
	Processing triggers for menu (2.1.46ubuntu1) ...

	[ Lynis 1.3.9 ]

	################################################################################
	Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
	welcome to redistribute it under the terms of the GNU General Public License.
	See the LICENSE file for details about using this software.

	Copyright 2007-2014 - Michael Boelen, http://cisofy.com
	Enterprise support and plugins available via CISOfy - http://cisofy.com
	################################################################################

	[+] Initializing program
	------------------------------------
	[2C- Detecting OS... [41C [ DONE ]
	[2C- Clearing log file (/var/log/lynis.log)... [15C [ DONE ]

	---------------------------------------------------
	Program version: 1.3.9
	Operating system: Linux
	Operating system name: Ubuntu
	Operating system version: 14.04
	Kernel version: 3.16.1-1-ARCH
	Hardware platform: x86_64
	Hostname: 10984a62183f
	Auditor: [Unknown]
	Profile: /etc/lynis/default.prf
	Log file: /var/log/lynis.log
	Report file: /var/log/lynis-report.dat
	Report version: 1.0
	---------------------------------------------------
	[2C- Checking profile file (/etc/lynis/default.prf)...[8C
	[2C- Program update status... [32C [ SKIPPED ]

	[+] System Tools
	------------------------------------
	[2C- Scanning available tools...[30C
	[2C- Checking system binaries...[30C
	[4C- Checking /bin... [38C [ FOUND ]
	[4C- Checking /sbin... [37C [ FOUND ]
	[4C- Checking /usr/bin... [34C [ FOUND ]
	-i used with no filenames on the command line, reading from STDIN.
	[4C- Checking /usr/sbin... [33C [ FOUND ]
	[4C- Checking /usr/local/bin... [28C [ FOUND ]
	[4C- Checking /usr/local/sbin... [27C [ FOUND ]
	[4C- Checking /usr/local/libexec... [24C [ NOT FOUND ]
	[4C- Checking /usr/libexec... [30C [ NOT FOUND ]
	[4C- Checking /usr/sfw/bin... [30C [ NOT FOUND ]
	[4C- Checking /usr/sfw/sbin... [29C [ NOT FOUND ]
	[4C- Checking /usr/sfw/libexec... [26C [ NOT FOUND ]
	[4C- Checking /opt/sfw/bin... [30C [ NOT FOUND ]
	[4C- Checking /opt/sfw/sbin... [29C [ NOT FOUND ]
	[4C- Checking /opt/sfw/libexec... [26C [ NOT FOUND ]
	[4C- Checking /usr/xpg4/bin... [29C [ NOT FOUND ]
	[4C- Checking /usr/css/bin... [30C [ NOT FOUND ]
	[4C- Checking /usr/ucb... [34C [ NOT FOUND ]
	[4C- Checking /usr/X11R6/bin... [28C [ NOT FOUND ]

	[+] Boot and services
	------------------------------------
	[2C- Checking boot loaders[36C
	[4C- Checking presence GRUB... [29C [ NOT FOUND ]
	[4C- Checking presence LILO... [29C [ NOT FOUND ]
	[4C- Checking boot loader SILO[30C [ NOT FOUND ]
	[4C- Checking boot loader YABOOT[28C [ NOT FOUND ]
	[2C- Check startup files (permissions)... [20C [ OK ]

	[+] Kernel
	------------------------------------
	[2C- Checking default run level...[28C [ UNKNOWN ]
	[2C- Checking CPU support (NX/PAE)[28C
	[4CCPU support: PAE and/or NoeXecute supported[14C [ FOUND ]
	[2C- Checking kernel version and release[22C [ DONE ]
	[2C- Checking kernel type[37C [ DONE ]
	[2C- Checking loaded kernel modules[27C [ DONE ]
	[6CFound 178 active modules[31C
	[2C- Checking Linux kernel configuration file...[14C [ NOT FOUND ]
	dpkg-query: no path found matching pattern /vmlinuz
	[2C- Checking for available kernel update... [17C [ UNKNOWN ]
	[2C- Checking core dumps configuration... [20C [ DISABLED ]
	[4C- Checking setuid core dumps configuration... [11C [ DEFAULT ]

	[+] Memory and processes
	------------------------------------
	[2C- Checking /proc/meminfo... [31C [ FOUND ]
	[2C- Searching for dead/zombie processes...[19C [ OK ]
	[2C- Searching for IO waiting processes...[20C [ OK ]

	[+] Users, Groups and Authentication
	------------------------------------
	[2C- Search administrator accounts...[25C [ OK ]
	[2C- Checking consistency of group files (grpck)...[11C [ OK ]
	[2C- Checking non unique group ID's...[24C [ OK ]
	[2C- Checking non unique group names...[23C [ OK ]
	[2C- Checking password file consistency...[20C [ OK ]
	[2C- Query system users (non daemons)...[22C [ DONE ]
	[2C- Checking NIS+ authentication support[21C [ NOT ENABLED ]
	[2C- Checking NIS authentication support[22C [ NOT ENABLED ]
	[2C- Checking sudoers file[36C [ FOUND ]
	[4C- Check sudoers file permissions[25C [ OK ]
	[2C- Checking PAM password strength tools[21C [ SUGGESTION ]
	[2C- Checking PAM configuration files (pam.conf)[14C [ FOUND ]
	[2C- Checking PAM configuration files (pam.d)[17C [ FOUND ]
	[2C- Checking PAM modules[37C [ FOUND ]
	[2C- Checking LDAP module in PAM[30C [ NOT FOUND ]
	[2C- Checking accounts without expire date[20C [ OK ]
	[2C- Checking accounts without password[23C [ OK ]
	[2C- Checking user password aging[29C [ DISABLED ]
	[2C- Determining default umask[32C
	[4C- Checking umask (/etc/profile)[26C [ UNKNOWN ]
	[4C- Checking umask (/etc/login.defs)[23C [ SUGGESTION ]
	[4C- Checking umask (/etc/init.d/rc)[24C [ SUGGESTION ]
	[2C- Checking LDAP authentication support[21C [ NOT ENABLED ]

	[+] Shells
	------------------------------------
	[2C- Checking shells from /etc/shells...[22C
	[4CResult: found 4 shells (valid shells: 4).[16C

	[+] File systems
	------------------------------------
	[2C- Checking mount points[36C
	[4C- Checking /home mount point...[26C [ SUGGESTION ]
	[4C- Checking /tmp mount point...[27C [ SUGGESTION ]
	[2C- Checking for old files in /tmp...[24C [ OK ]
	[2C- Checking /tmp sticky bit...[30C [ OK ]
	tune2fs: No such file or directory while trying to open /dev/sda4
	Couldn't find valid filesystem superblock.
	[2C- ACL support root file system...[26C [ DISABLED ]
	[2C- Checking Locate database...[30C [ NOT FOUND ]

	[+] Storage
	------------------------------------
	[2C- Checking usb-storage driver (modprobe config)...[9C [ NOT DISABLED ]
	[2C- Checking firewire ohci driver (modprobe config)...[7C [ DISABLED ]

	[+] NFS
	------------------------------------
	[2C- Check running NFS daemon...[30C [ NOT FOUND ]

	[+] Software: name services
	------------------------------------
	[2C- Checking default DNS search domain...[20C [ NONE ]
	[2C- Checking search domains...[31C [ FOUND ]
	[2C- Checking /etc/resolv.conf options...[21C [ NONE ]
	[2C- Searching DNS domain name...[29C [ UNKNOWN ]
	[2C- Checking nscd status...[34C [ NOT FOUND ]
	[2C- Checking BIND status...[34C [ NOT FOUND ]
	[2C- Checking PowerDNS status...[30C [ NOT FOUND ]
	[2C- Checking ypbind status...[32C [ NOT FOUND ]
	[2C- Checking /etc/hosts[38C
	[4C- Checking /etc/hosts (duplicates)[23C [ OK ]
	[4C- Checking /etc/hosts (hostname)[25C [ OK ]
	[4C- Checking /etc/hosts (localhost)[24C [ OK ]

	[+] Ports and packages
	------------------------------------
	[2C- Searching package managers...[28C
	[4C- Searching dpkg package manager...[22C [ FOUND ]
	[6C- Querying package manager...[26C
	[4C- Query unpurged packages...[29C [ NONE ]
	[2C- Checking security repository in sources.list file... [4C [ OK ]
	[2C- Checking APT package database...[25C [ OK ]
	[2C- Checking vulnerable packages (apt-get only)...[11C [ DONE ]
	[2C- Checking upgradeable packages...[25C [ SKIPPED ]
	[2C- Checking package audit tool...[27C [ NONE ]

	[+] Networking
	------------------------------------
	[2C- Checking configured nameservers...[23C
	[4C- Testing nameservers...[33C
	[6CNameserver: 172.17.42.1... [28C [ SKIPPED ]
	[4C- Minimal of 2 responsive nameservers...[17C [ SKIPPED ]
	[2C- Checking default gateway...[30C [ DONE ]
	[2C- Getting listening ports (TCP/UDP)...[21C [ SKIPPED ]
	[2C- Checking promiscuous interfaces...[23C [ OK ]
	[2C- Checking waiting connections...[26C [ OK ]
	[2C- Checking status DHCP client...[27C [ NOT ACTIVE ]

	[+] Printers and Spools
	------------------------------------
	[2C- Checking cups daemon...[34C [ NOT FOUND ]

	[+] Software: e-mail and messaging
	------------------------------------
	[2C- Checking Exim status...[34C [ NOT FOUND ]
	[2C- Checking Postfix status...[31C [ NOT FOUND ]
	[2C- Checking Qmail smtpd status...[27C [ NOT FOUND ]

	[+] Software: firewalls
	------------------------------------
	[2C- Checking iptables kernel module[26C [ FOUND ]
	[4CStatus pf[48C [ NOT FOUND ]
	[2C- Checking host based firewall[29C [ ACTIVE ]

	[+] Software: webserver
	------------------------------------
	[2C- Checking Apache...[39C [ NOT FOUND ]
	[2C- Checking nginx...[40C [ NOT FOUND ]

	[+] SSH Support
	------------------------------------
	[2C- Checking running SSH daemon...[27C [ NOT FOUND ]

	[+] SNMP Support
	------------------------------------
	[2C- Checking running SNMP daemon...[26C [ NOT FOUND ]

	[+] Databases
	------------------------------------
	[2C- MySQL process status...[34C [ NOT FOUND ]
	[2C- PostgreSQL processes status...[27C [ NOT FOUND ]
	[2C- Oracle processes status...[31C [ NOT FOUND ]

	[+] LDAP Services
	------------------------------------
	[2C- Checking OpenLDAP instance...[28C [ NOT FOUND ]

	[+] Software: PHP
	------------------------------------
	[2C- Checking PHP...[42C [ NOT FOUND ]

	[+] Squid Support
	------------------------------------
	[2C- Checking running Squid daemon...[25C [ NOT FOUND ]

	[+] Logging and files
	------------------------------------
	[2C- Checking for a running log daemon...[21C [ WARNING ]
	[4C- Checking Syslog-NG status[30C [ NOT FOUND ]
	[4C- Checking Metalog status[32C [ NOT FOUND ]
	[4C- Checking RSyslog status[32C [ NOT FOUND ]
	[4C- Checking RFC 3195 daemon status[24C [ NOT FOUND ]
	[4C- Checking klogd[41C [ OK ]
	[4C- Checking minilogd instances[28C [ NONE ]
	[2C- Checking logrotate presence[30C [ OK ]
	[2C- Checking log directories (static list)[19C [ DONE ]
	[2C- Checking open log files[34C [ SKIPPED ]

	[+] Insecure services
	------------------------------------
	[2C- Checking inetd status...[33C [ NOT ACTIVE ]

	[+] Banners and identification
	------------------------------------
	[2C- /etc/motd...[45C [ NOT FOUND ]
	[2C- /etc/issue...[44C [ FOUND ]
	[4C- /etc/issue contents...[33C [ WEAK ]
	[2C- /etc/issue.net...[40C [ FOUND ]
	[4C- /etc/issue.net contents...[29C [ WEAK ]

	[+] Scheduled tasks
	------------------------------------
	[2C- Checking crontab/cronjob[33C [ DONE ]
	[2C- Checking atd status[38C [ NOT RUNNING ]

	[+] Accounting
	------------------------------------
	[2C- Checking accounting information... [22C [ NOT FOUND ]
	[2C- Checking auditd[42C [ NOT FOUND ]

	[+] Time and Synchronization
	------------------------------------
	[2C- Checking running NTP daemon (ntpd)...[20C [ NOT FOUND ]
	[2C- Checking running NTP daemon (timed)...[19C [ NOT FOUND ]
	[2C- Checking running NTP daemon (dntpd)...[19C [ NOT FOUND ]
	[2C- Checking NTP client in crontab file (/etc/crontab)...[4C [ NOT FOUND ]
	[2C- Checking NTP client in cron.d files...[19C [ NOT FOUND ]
	[2C- Checking event based ntpdate (if-up)...[18C [ FOUND ]
	[2C- Checking for a running NTP daemon or client...[11C [ OK ]

	[+] Cryptography
	------------------------------------

	[+] Virtualization
	------------------------------------

	[+] Security frameworks
	------------------------------------
	[2C- Checking presence AppArmor[31C [ NOT FOUND ]
	[2C- Checking presence SELinux[32C [ NOT FOUND ]
	[2C- Checking presence grsecurity[29C [ NOT FOUND ]
	[2C- Checking for implemented MAC framework[19C [ NONE ]

	[+] Software: file integrity
	------------------------------------
	[2C- Checking file integrity tools...[25C
	[4C- AFICK...[47C [ NOT FOUND ]
	[4C- AIDE...[48C [ NOT FOUND ]
	[4C- Osiris...[46C [ NOT FOUND ]
	[4C- Samhain...[45C [ NOT FOUND ]
	[4C- Tripwire...[44C [ NOT FOUND ]
	[4C- OSSEC (syscheck)...[36C [ NOT FOUND ]
	[2C- Checking presence integrity tool...[22C [ NOT FOUND ]

	[+] Software: Malware scanners
	------------------------------------
	[2C- Checking chkrootkit...[35C [ NOT FOUND ]
	[2C- Checking Rootkit Hunter...[31C [ NOT FOUND ]
	[2C- Checking ClamAV scanner...[31C [ NOT FOUND ]
	[2C- Checking ClamAV daemon...[32C [ NOT FOUND ]

	[+] System Tools
	------------------------------------
	[2C- Starting file permissions check...[23C
	[4C/etc/lilo.conf[43C [ NOT FOUND ]
	[4C/root/.ssh[47C [ NOT FOUND ]

	[+] Home directories
	------------------------------------
	[2C- Checking shell history files... [25C [ OK ]

	[+] Kernel Hardening
	------------------------------------
	[2C- Comparing sysctl key pairs with scan profile...[10C
	[4C- kernel.core_uses_pid (exp: 1)[26C [ OK ]
	[4C- kernel.ctrl-alt-del (exp: 0)[27C [ OK ]
	[4C- kernel.sysrq (exp: 0)[34C [ DIFFERENT ]
	[4C- net.ipv4.conf.all.accept_redirects (exp: 0)[12C [ OK ]
	[4C- net.ipv4.conf.all.accept_source_route (exp: 0)[9C [ OK ]
	[4C- net.ipv4.conf.all.bootp_relay (exp: 0)[17C [ OK ]
	[4C- net.ipv4.conf.all.forwarding (exp: 0)[18C [ DIFFERENT ]
	[4C- net.ipv4.conf.all.log_martians (exp: 1)[16C [ DIFFERENT ]
	[4C- net.ipv4.conf.all.mc_forwarding (exp: 0)[15C [ OK ]
	[4C- net.ipv4.conf.all.proxy_arp (exp: 0)[19C [ OK ]
	[4C- net.ipv4.conf.all.rp_filter (exp: 1)[19C [ DIFFERENT ]
	[4C- net.ipv4.conf.all.send_redirects (exp: 0)[14C [ DIFFERENT ]
	[4C- net.ipv4.conf.default.accept_redirects (exp: 0)[8C [ DIFFERENT ]
	[4C- net.ipv4.conf.default.accept_source_route (exp: 0)[5C [ OK ]
	[4C- net.ipv4.conf.default.log_martians (exp: 1)[12C [ DIFFERENT ]
	[4C- net.ipv4.icmp_echo_ignore_broadcasts (exp: 1)[10C [ OK ]
	[4C- net.ipv4.icmp_ignore_bogus_error_responses (exp: 1)[4C [ OK ]
	[4C- net.ipv6.conf.all.accept_redirects (exp: 0)[12C [ DIFFERENT ]
	[4C- net.ipv6.conf.all.accept_source_route (exp: 0)[9C [ OK ]
	[4C- net.ipv6.conf.default.accept_redirects (exp: 0)[8C [ DIFFERENT ]
	[4C- net.ipv6.conf.default.accept_source_route (exp: 0)[5C [ OK ]

	[+] Hardening
	------------------------------------
	[4C- Installed compiler(s)...[31C [ NOT FOUND ]
	[4C- Installed malware scanner...[27C [ NOT FOUND ]

	[+] Custom Tests
	------------------------------------
	[2C- Running custom tests... [33C [ SKIPPED ]

	================================================================================

	-[ Lynis 1.3.9 Results ]-

	Tests performed: 144

	Warnings:
	----------------------------
	- No syslog daemon found [test:LOGG-2130]
	- klogd is not running, which could lead to missing kernel messages in log files [test:LOGG-2138]

	Suggestions:
	----------------------------
	- Please check the output of apt-cache policy manually to determine why output is empty [test:KRNL-5788]
	- Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [test:AUTH-9262]
	- Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
	- Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328]
	- Default umask in /etc/init.d/rc could be more strict like 027 [test:AUTH-9328]
	- To decrease the impact of a full /home file system, place /home on a separated partition [test:FILE-6310]
	- To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
	- The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [test:FILE-6410]
	- Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
	- Install package apt-show-versions for patch management purposes [test:PKGS-7394]
	- Install a package audit tool to determine vulnerable packages [test:PKGS-7398]
	- Check if any syslog daemon is running and correctly configured. [test:LOGG-2130]
	- Check why klogd is not running [test:LOGG-2138]
	- Add a legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126]
	- Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130]
	- Enable auditd to collect audit information [test:ACCT-9628]
	- Install a file integrity tool [test:FINT-4350]
	- One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000]
	- Harden the system by installing one or malware scanners to perform periodic file system scans [test:HRDN-7230]
	================================================================================
	Files:
	- Test and debug information : /var/log/lynis.log
	- Report data : /var/log/lynis-report.dat
	================================================================================
	Hardening index : [57] [########### ]

	Enterprise support and plugins available via CISOfy - http://cisofy.com
	================================================================================
	Tip: Disable all tests which are not relevant or are too strict for the
	purpose of this particular machine. This will remove unwanted suggestions
	and also boost the hardening index. Each test should be properly analyzed
	to see if the related risks can be accepted, before disabling the test.
	================================================================================
	Lynis 1.3.9
	Copyright 2007-2014 - Michael Boelen, http://cisofy.com
	================================================================================