lynis

  • Thread starter Thread starter Anonymous
  • Start date Start date
A

Anonymous

Guest
Hi!

I ran lynis -c on my system (no server FreeBSD 7.2) and I got:
Code: 
Tests performed: 109
  Warnings:
  ----------------------------
   - [15:38:31] Warning: Multiple users with UID 0 found in passwd file [test:AUTH-9204] [impact]
   - [15:38:31] Warning: Multiple accounts found with same UID [test:AUTH-9208] [impact]
   - [15:38:31] Warning: Possible harmful shell found (for passwordless account!) [test:AUTH-9218] [impact]
   - [15:38:31] Warning: Found multiple groups with same group ID [test:AUTH-9222] [impact]
   - [15:38:34] Warning: Found unprotected console in /etc/ttys [test:SHLL-6202] [impact]
   - [15:41:45] Warning: Found one or more vulnerable packages. [test:PKGS-7382] [impact]
   - [15:41:59] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact]
   - [15:41:59] Warning: Found promiscuous interface (pflog0) [test:NETW-3014] [impact]
   - [15:45:26] Warning: No running NTP daemon or available client found [test:TIME-3104] [impact]

  Suggestions:
  ----------------------------
   - [15:38:31] Suggestion: Use vipw to delete the 'toor' user if not used. [test:AUTH-9204]
   - [15:38:31] Suggestion: Check your /etc/group file and correct inconsistencies [test:AUTH-9222]
   - [15:38:34] Suggestion: Change the console line from 'secure' to 'insecure'. [test:SHLL-6202]
   - [15:41:32] Suggestion: Unused distfiles found. Use portsclean to delete these files. For example: portsclean -DD. [test:PKGS-7348]
   - [15:41:45] Suggestion: Update your system with portupgrade or other tools [test:PKGS-7382]
   - [15:41:59] Suggestion: Check your resolv.conf file and connectivity to your nameservers [test:NETW-2705]
   - [15:45:18] Suggestion: Enable logging to an external logging host for archiving purposes and additional protection [test:LOGG-2154]
   - [15:45:26] Suggestion: Check if any NTP daemon is running or a NTP client gets executed daily, to prevent big time differences and avoid 
problems with services like kerberos, authentication or logging differences. [test:TIME-3104]
   - [15:45:34] Suggestion: Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors 
and rootkits to be compiled and installed [test:HRDN-7220]
================================================================================
  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat
================================================================================
  Hardening index : [63]     [############        ]
I don't understand first four warnings. I have default shell for root and tcsh for user, in login.conf I have also
Code: 
:passwd_format=blf:\

Thanks.
 
The first two messages are about root and toor (both have uid 0).

As for the others you will need to have a look at /etc/passwd and /etc/group.
 
SirDice said:
The first two messages are about root and toor (both have uid 0).

As for the others you will need to have a look at /etc/passwd and /etc/group.
Click to expand...

In /etc/passwd I have:
Code: 
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:

and in /etc/group:
Code: 
wheel:*:0:root
and user is in the wheel group too.

but there are no duplicate UIDs in group or passwd.
 
lumiwa said:
but there are no duplicate UIDs in group or passwd.
Click to expand...
Yes there are. Both root and toor have uid 0. Hence a duplicate uid.
 
You must log in or register to reply here.
Back
Top