FedoraCore3 Hardened Evaluation
From Rivalug Wiki
Back to HowToList
This document is used in conjuction with FedoraCore3_Hardened
Also see FedoraCore3_Appendix
Contents |
Unhardened System
CIS Benchmark Score 1
Output from CIS Security Benchmark Checker v1.6.7
*** CIS Ruler Run *** Starting at time 20060402-15.40.59
Positive: 1.1 System appears to have been patched within the last month. Neutral: 1.2 Baseline Your System Before Making Changes (NOT SCORED) Negative: 1.3 sshd_config parameter Protocol is not set. Positive: 1.3 sshd_config parameter PermitRootLogin has default negative value. Negative: 1.3 sshd_config parameter Banner is not set. Negative: 1.3 ssh_config must have 'Protocol 2' underneath Host *. Negative: 1.4 sysstat system accounting package is NOT installed. Negative: 1.5 Bastille Linux package is NOT installed. Positive: 2.1 inetd/xinetd is not listening on any of the miscellaneous ports checked in this item. Positive: 2.2 IPTables firewall is installed. Positive: 2.3 telnet is deactivated. Positive: 2.4 ftp is deactivated. Positive: 2.5 rsh, rcp and rlogin are deactivated. Positive: 2.6 tftp is deactivated. Positive: 2.7 imap is deactivated. Note: 3.1 Bad or no umask (022) set in /etc/rc.d/init.d/functions -- checking first init script now. Negative: 3.1 umask not found in first /etc/rcX.d script /etc/rc3.d/S05kudzu. Negative: 3.2 xinetd is still active. Positive: 3.3 Mail daemon is not listening on TCP 25. Positive: 3.4 Graphical login is deactivated. Positive: 3.5 X Font Server (xfs) script has been deactivated Negative: 3.6 Misc. Boot Services -- apmd not deactivated. Negative: 3.6 Misc. Boot Services -- gpm not deactivated. Negative: 3.6 Misc. Boot Services -- isdn not deactivated. Positive: 3.7 Windows compatibility servers (samba) have been deactivated. Positive: 3.8 NFS Server script nfs is deactivated. Negative: 3.9 NFS script nfslock not deactivated. Negative: 3.9 NFS script autofs not deactivated. Positive: 3.10 NIS Client processes are deactivated. Positive: 3.11 NIS Server processes are deactivated. Negative: 3.12 RPC rc-script (portmap) has not been deactivated. Negative: 3.13 netfs rc script not deactivated. Negative: 3.14 cups (printing daemon) not deactivated. Positive: 3.15 Web server is deactivated. Positive: 3.16 SNMP daemon is deactivated. Positive: 3.17 DNS server is deactivated. Positive: 3.18 SQL database server is deactivated. Positive: 3.19 Webmin GUI-based system administration daemon deactivated. Positive: 3.20 Squid web cache daemon deactivated. Negative: 3.21 Kudzu hardware detection program has not been deactivated. Negative: 4.1 sysctl net.ipv4.conf.default.secure_redirects=1 and should be '0'. Negative: 4.1 sysctl net.ipv4.conf.all.secure_redirects=1 and should be '0'. Negative: 4.1 sysctl net.ipv4.conf.all.rp_filter=0 and should be '1'. Negative: 4.1 sysctl net.ipv4.icmp_echo_ignore_broadcasts=0 and should be '1'. Negative: 4.1 sysctl net.ipv4.conf.all.accept_redirects=1 and should be '0'. Negative: 4.1 sysctl net.ipv4.tcp_syncookies=0 and should be '1'. Negative: 4.1 sysctl net.ipv4.conf.default.accept_redirects=1 and should be '0'. Negative: 4.1 sysctl net.ipv4.tcp_max_syn_backlog=256 and should be >= 4096. Negative: 4.2 sysctl net.ipv4.conf.all.send_redirects=1 and should be '0'. Negative: 4.2 sysctl net.ipv4.conf.default.send_redirects=1 and should be '0'. Negative: 4.2 /etc/sysctl.conf should not be world or group readable. Positive: 5.1 syslog captures authpriv messages. Positive: 5.2 FTP server is configured to do full logging. Positive: 5.3 All logfile permissions and owners match benchmark recommendations. Negative: 6.1 /usr/local is not mounted nodev. Negative: 6.1 /usr is not mounted nodev. Negative: 6.1 /var is not mounted nodev. Negative: 6.1 /tmp is not mounted nodev. Negative: 6.1 /home is not mounted nodev. Negative: 6.1 /boot is not mounted nodev. Negative: 6.2 Removable filesystem /media/floppy is not mounted nosuid. Negative: 6.2 Removable filesystem /media/floppy is not mounted nodev. Negative: 6.3 PAM allows users to mount removable media: <floppy>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <cdrom>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <pilot>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <jaz>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <zip>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <ls120>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <camera>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <memstick>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <flash>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <diskonkey>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <rem_ide>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <rio500>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <pmu>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <bluetooth>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <raw1394>. (/etc/security/console.perms) Positive: 6.4 password and group files have right permissions and owners. Positive: 6.5 all temporary directories have sticky bits set. Negative: 6.9 The hotplug package is installed. Positive: 7.1 rhosts authentication totally deactivated in PAM. Positive: 7.2 FTP daemons do not permit system users to use FTP. Positive: 7.3 X11 Server is not running or is not listening on TCP port 6000. Negative: 7.4 Couldn't open cron.allow Negative: 7.4 Couldn't open at.allow Negative: 7.5 The permissions on /etc/crontab are not sufficiently restrictive. Negative: 7.6 xinetd either requires global 'only-from' statement or one for each service. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty7. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty8. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty9. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty10. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty11. Negative: 7.8 GRUB isn't password-protected. Negative: 7.9 /etc/inittab needs a /sbin/sulogin line for single user mode. Positive: 7.10 /etc/exports is empty or doesn't exist, so it doesn't need to be tuned for privports. Positive: 7.11 System is running syslogd without the -r switch, and is NOT accepting remote logging. Negative: 8.1 bin has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 daemon has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 adm has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 lp has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 mail has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 news has a valid shell of /bin/sh. Remember, an empty shell field in /etc/passwd signifies /bin/sh. Negative: 8.1 uucp has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 operator has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 games has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 gopher has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 ftp has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 nobody has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 dbus has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 vcsa has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 nscd has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 rpm has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 haldaemon has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 netdump has a valid shell of /bin/bash. Negative: 8.1 sshd has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 rpc has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 rpcuser has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 mailnull has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 smmsp has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 pcap has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Positive: 8.2 All users have passwords Negative: 8.3 /etc/login.defs value PASS_MAX_DAYS = 99999, but should not exceed 90. Negative: 8.3 /etc/login.defs value PASS_MIN_DAYS = 0, but should not be less than 7. Negative: 8.3 /etc/login.defs value PASS_MIN_LEN = 5, but should be at least 6. Positive: 8.4 There were no +: entries in passwd, shadow or group maps. Positive: 8.5 Only one UID 0 account AND it is named root. Positive: 8.6 root's PATH is clean of group/world writable directories or the current-directory link. Positive: 8.7 No user's home directory is world or group writable. Positive: 8.8 No group or world-writable dotfiles in user home directories! Positive: 8.9 No user has a .netrc file. Negative: 8.10 Current umask setting in file /etc/bashrc is 022 -- it should be stronger to block world-read/write/execute. Negative: 8.10 Current umask setting in file /etc/bashrc is 022 -- it should be stronger to block group-read/write/execute. Negative: 8.10 Current umask setting in file /etc/csh.cshrc is 002 -- it should be stronger to block world-read/write/execute. Negative: 8.10 Current umask setting in file /etc/csh.cshrc is 002 -- it should be stronger to block group-read/write/execute. Negative: 8.11 Coredumps aren't deactivated. Positive: 8.12 The standard compiler packages are not installed. Negative: 8.13 Pam /etc/pam.d/su does not require wheel group for su access. Neutral: 8.14 reboot -- not scored :-) Negative: 9.1 /etc/motd doesn't contain an authorized usage only banner. Negative: 9.1 /etc/issue doesn't contain an authorized usage only banner. Positive: 9.2 No GUI config files found, Authorized Usage banners not required. Positive: 9.3 No FTP config files found, Authorized Usage banners not required. Preliminary rating given at time: Sun Apr 2 15:41:11 2006
Preliminary rating = 5.69 / 10.00
Bastille Assessment 1
Bastille Hardening Assessment Report +-------------------------------------+------------------------------------------+-----+------+------+ | Item | Question | Yes |Weight|Score | +-------------------------------------+------------------------------------------+-----+------+------+ | generalperms_1_1 | Are more restrictive permissions on the | No | 0.00 | 0.00 | | suidmount | Is SUID status for mount/umount disabled | No | 1.00 | 0.00 | | suidping | Is SUID status for ping disabled? | No | 1.00 | 0.00 | | suiddump | Is SUID status for dump and restore disa | Yes | 1.00 | 1.00 | | suidcard | Is SUID status for cardctl disabled? | Yes | 1.00 | 1.00 | | suidat | Is SUID status for at disabled? | No | 1.00 | 0.00 | | suiddos | Is SUID status for DOSEMU disabled? | Yes | 1.00 | 1.00 | | suidnews | Is SUID status for news server tools dis | Yes | 1.00 | 1.00 | | suidprint | Is SUID status for printing utilities di | Yes | 1.00 | 1.00 | | suidrtool | Are the r-tools disabled? | No | 1.00 | 0.00 | | suidusernetctl | Is SUID status for usernetctl disabled? | No | 1.00 | 0.00 | | suidtrace | Is SUID status for traceroute disabled? | No | 1.00 | 0.00 | | suidXwrapper | Is SUID status for Xwrapper disabled? | Yes | 1.00 | 1.00 | | suidXFree86 | Is SUID status for XFree86 disabled? | Yes | 1.00 | 1.00 | | protectrhost | Are clear-text r-protocols that use IP-b | No | 0.00 | 0.00 | | passwdage | Is password aging enforced? | No | 1.00 | 0.00 | | cronuser | Is the use of cron restricted to adminis | Yes | 1.00 | 1.00 | | umaskyn | Is the default umask set to a minimal va | No | 1.00 | 0.00 | | rootttylogins | Are root logins on tty's 1-6 prohibited? | No | 1.00 | 0.00 | | protectgrub | Is the GRUB prompt password-protected? | No | 1.00 | 0.00 | | protectlilo | Is the LILO prompt password-protected? | Yes | 1.00 | 1.00 | | lilodelay | Is the LILO delay time zero? | Yes | 0.00 | 0.00 | | secureinittab | Is CTRL-ALT-DELETE rebooting disabled? | No | 0.00 | 0.00 | | passsum | Is single-user mode password-protected? | No | 1.00 | 0.00 | | tcpd_default_deny | Is a default-deny on TCP Wrappers and xi | No | 1.00 | 0.00 | | deactivate_telnet | Is the telnet service disabled on this s | Yes | 1.00 | 1.00 | | deactivate_ftp | Is inetd's FTP service disabled on this | Yes | 1.00 | 1.00 | | banners | Are "Authorized Use" messages displayed | No | 1.00 | 0.00 | | compiler | Are the gcc and/or g++ compiler disabled | Yes | 1.00 | 1.00 | | morelogging | Has additional logging been added? | Yes | 1.00 | 1.00 | | pacct | Is process accounting set up? | No | 1.00 | 0.00 | | laus | Is LAuS active? | Yes | 1.00 | 1.00 | | apmd | Are acpid and apmd disabled? | No | 1.00 | 0.00 | | remotefs | Are NFS and Samba deactivated? | No | 1.00 | 0.00 | | pcmcia | Are PCMCIA services disabled? | No | 1.00 | 0.00 | | dhcpd | Is the DHCP daemon disabled? | Yes | 1.00 | 1.00 | | gpm | Is GPM disabled? | No | 1.00 | 0.00 | | innd | Is the news server daemon disabled? | Yes | 1.00 | 1.00 | | disable_routed | Is routed deactivated? | Yes | 1.00 | 1.00 | | disable_gated | Is gated deactivated? | Yes | 1.00 | 1.00 | | nis_server | Are NIS server programs deactivated? | Yes | 1.00 | 1.00 | | nis_client | Are NIS client programs deactivated? | Yes | 1.00 | 1.00 | | snmpd | Is SNMPD disabled? | Yes | 1.00 | 1.00 | | disable_kudzu | Is kudzu's run at boot deactivated? | No | 1.00 | 0.00 | | sendmaildaemon | Is sendmail's daemon mode disabled? | No | 1.00 | 0.00 | | sendmailcron | Does sendmail process the queue via cron | Yes | 0.00 | 0.00 | | vrfyexpn | Are the VRFY and EXPN sendmail commands | Yes | 1.00 | 1.00 | | chrootbind | Is named in a chroot jail and is it set | Yes | 0.00 | 0.00 | | namedoff | Is named deactivated? | Yes | 1.00 | 1.00 | | apacheoff | Is the Apache Web server deactivated? | Yes | 1.00 | 1.00 | | bindapachelocal | Is the Web server bound to listen only t | Yes | 0.00 | 0.00 | | bindapachenic | Is the Web server bound to a particular | Yes | 0.00 | 0.00 | | symlink | Is the following of symbolic links deact | Yes | 1.00 | 1.00 | | ssi | Are server-side includes deactivated? | Yes | 1.00 | 1.00 | | cgi | Are CGI scripts disabled? | Yes | 1.00 | 1.00 | | apacheindex | Are indexes disabled? | Yes | 1.00 | 1.00 | | printing | Is printing disabled? | Yes | 1.00 | 1.00 | | printing_cups | Is printing disabled? | No | 1.00 | 0.00 | | printing_cups_lpd_legacy | Is CUPS' legacy LPD support disabled? | Yes | 1.00 | 1.00 | | userftp | Are user privileges on the FTP daemon di | Yes | 1.00 | 1.00 | | anonftp | Is anonymous download disabled? | Yes | 1.00 | 1.00 | +-------------------------------------+------------------------------------------+-----+------+------+ Score: 6.04 / 10.00
Services 1
/sbin/chkconfig --list | sort
acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
bluetooth 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
diskdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off
gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off
irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
microcode_ctl 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
pcmcia 0:off 1:off 2:on 3:on 4:on 5:on 6:off
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
readahead 0:off 1:off 2:off 3:off 4:off 5:on 6:off
readahead_early 0:off 1:off 2:off 3:off 4:off 5:on 6:off
rhnsd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcsvcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yum 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xinetd based services:
eklogin: off
klogin: off
gssftp: off
chargen-udp: off
time-udp: off
cups-lpd: off
kshell: off
rsync: off
chargen: off
time: off
krb5-telnet: off
echo-udp: off
daytime: off
daytime-udp: off
echo: off
Processes 1
/bin/ps faux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.4 2364 596 ? S 16:04 0:01 init [3] root 105 0.0 0.0 0 0 ? S 14:53 0:00 [kseriod] root 196 0.0 0.0 0 0 ? S 14:53 0:00 [scsi_eh_0] root 197 0.0 0.0 0 0 ? S 14:53 0:00 [ahc_dv_0] root 204 0.0 0.0 0 0 ? S 14:53 0:00 [kjournald] root 693 0.0 0.4 2252 532 ? S<s 14:53 0:00 udevd root 1476 0.0 0.0 0 0 ? S 14:54 0:00 [kjournald] root 1477 0.0 0.0 0 0 ? S 14:54 0:00 [kjournald] root 1478 0.0 0.0 0 0 ? S 14:54 0:00 [kjournald] root 1479 0.0 0.0 0 0 ? S 14:54 0:00 [kjournald] root 1480 0.0 0.0 0 0 ? S 14:54 0:00 [kjournald] root 1481 0.0 0.0 0 0 ? S 14:54 0:00 [kjournald] root 1776 0.0 0.4 2192 616 ? Ss 14:54 0:00 syslogd -m 0 root 1780 0.0 0.3 2516 468 ? Ss 14:54 0:00 klogd -x rpc 1806 0.0 0.4 2528 592 ? Ss 14:54 0:00 portmap rpcuser 1826 0.0 0.6 2648 760 ? Ss 14:54 0:00 rpc.statd root 1856 0.0 0.4 2228 600 ? Ss 14:54 0:00 rpc.idmapd root 1886 0.0 0.4 2564 512 ? Ss 14:54 0:00 /usr/sbin/apmd -p 10 -w 5 -W -P /etc/sysconfig/apm-scripts/apmscript root 1924 0.0 0.6 3496 816 ? S 14:54 0:00 /usr/sbin/smartd root 1937 0.0 1.6 9000 2028 ? Ss 14:54 0:00 cupsd root 1997 0.0 1.2 5040 1632 ? Ss 14:54 0:00 /usr/sbin/sshd root 2538 0.1 1.7 7692 2172 ? Ss 14:59 0:06 \_ sshd: root@pts/0 root 2540 0.0 1.1 5508 1424 pts/0 Ss 14:59 0:01 \_ -bash root 3248 0.0 0.6 3032 772 pts/0 R+ 15:58 0:00 \_ ps faux root 2007 0.0 0.6 3484 824 ? Ss 14:54 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid root 2026 0.0 2.3 8468 2996 ? Ss 14:54 0:00 sendmail: accepting connections smmsp 2036 0.0 2.0 7760 2592 ? Ss 14:54 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue root 2046 0.0 0.4 2760 564 ? Ss 14:54 0:00 gpm -m /dev/input/mice -t imps2 root 2055 0.0 0.6 3900 836 ? Ss 14:54 0:00 crond root 2064 0.0 0.5 2040 632 ? SNs 14:54 0:00 anacron -s daemon 2072 0.0 0.5 2736 640 ? Ss 14:54 0:00 /usr/sbin/atd dbus 2081 0.0 0.9 3984 1196 ? Ss 14:54 0:00 dbus-daemon-1 --system root 2092 0.1 3.7 6724 4780 ? Ss 14:54 0:03 hald root 2099 0.0 0.3 3164 440 tty1 Ss+ 14:54 0:00 /sbin/mingetty tty1 root 2100 0.0 0.3 2732 440 tty2 Ss+ 14:54 0:00 /sbin/mingetty tty2 root 2101 0.0 0.3 1772 440 tty3 Ss+ 14:54 0:00 /sbin/mingetty tty3 root 2102 0.0 0.3 2844 440 tty4 Ss+ 14:54 0:00 /sbin/mingetty tty4 root 2103 0.0 0.3 3212 440 tty5 Ss+ 14:54 0:00 /sbin/mingetty tty5 root 2104 0.0 0.3 2860 440 tty6 Ss+ 14:54 0:00 /sbin/mingetty tty6 root 2 0.0 0.0 0 0 ? SN 16:04 0:00 [ksoftirqd/0] root 3 0.0 0.0 0 0 ? S< 1910 0:00 [events/0] root 4 0.0 0.0 0 0 ? S< 1910 0:00 \_ [khelper] root 5 0.0 0.0 0 0 ? S< 1910 0:00 \_ [kblockd/0] root 29 0.0 0.0 0 0 ? S 1910 0:00 \_ [pdflush] root 30 0.0 0.0 0 0 ? S 1910 0:00 \_ [pdflush] root 32 0.0 0.0 0 0 ? S< 1910 0:00 \_ [aio/0] root 6 0.0 0.0 0 0 ? S 1910 0:00 [khubd] root 27 0.0 0.0 0 0 ? S 1910 0:00 [kapmd] root 31 0.0 0.0 0 0 ? S 1910 0:00 [kswapd0]
Disk Usage 1
/bin/df -h
/dev/hda2 494M 104M 366M 23% / /dev/hda1 76M 8.4M 64M 12% /boot none 62M 0 62M 0% /dev/shm /dev/hda9 2.7G 37M 2.6G 2% /home /dev/hda7 251M 11M 228M 5% /tmp /dev/hda6 981M 434M 497M 47% /usr /dev/hda8 251M 11M 228M 5% /usr/local /dev/hda5 981M 44M 887M 5% /var
Network Connections 1
/bin/netstat -a
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:1024 *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:ipp *:* LISTEN tcp 0 0 fc3-hardened:smtp *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 ::ffff:192.168.5.252:ssh ::ffff:192.168.5.197:54692 ESTABLISHED udp 0 0 *:1024 *:* udp 0 0 *:730 *:* udp 0 0 *:sunrpc *:* udp 0 0 *:ipp *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 6952 /dev/gpmctl unix 11 [ ] DGRAM 6190 /dev/log unix 2 [ ] DGRAM 7067 @/var/run/hal/hotplug_socket unix 2 [ ACC ] STREAM LISTENING 7029 /var/run/dbus/system_bus_socket unix 2 [ ] DGRAM 3996 @udevd unix 3 [ ] STREAM CONNECTED 7060 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 7059 unix 3 [ ] STREAM CONNECTED 7032 unix 3 [ ] STREAM CONNECTED 7031 unix 2 [ ] DGRAM 6969 unix 2 [ ] DGRAM 6951 unix 2 [ ] DGRAM 6937 unix 2 [ ] DGRAM 6910 unix 2 [ ] DGRAM 6847 unix 2 [ ] DGRAM 6658 unix 2 [ ] DGRAM 6441 unix 3 [ ] STREAM CONNECTED 6388 unix 3 [ ] STREAM CONNECTED 6387 unix 2 [ ] DGRAM 6268 unix 2 [ ] DGRAM 6201
Open Files 1
lsof | wc -l
593
/usr/sbin/lsof
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME init 1 root cwd DIR 3,2 1024 2 / init 1 root rtd DIR 3,2 1024 2 / init 1 root txt REG 3,2 32684 69524 /sbin/init init 1 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so init 1 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so init 1 root mem REG 3,2 56288 8288 /lib/libselinux.so.1 init 1 root mem REG 3,2 53736 8302 /lib/libsepol.so.1 init 1 root 3r REG 0,1 896 21 /init init 1 root 10u FIFO 0,13 1284 /dev/initctl ksoftirqd 2 root cwd DIR 3,2 1024 2 / ksoftirqd 2 root rtd DIR 3,2 1024 2 / ksoftirqd 2 root txt unknown /proc/2/exe events/0 3 root cwd DIR 3,2 1024 2 / events/0 3 root rtd DIR 3,2 1024 2 / events/0 3 root txt unknown /proc/3/exe khelper 4 root cwd DIR 3,2 1024 2 / khelper 4 root rtd DIR 3,2 1024 2 / khelper 4 root txt unknown /proc/4/exe kblockd/0 5 root cwd DIR 3,2 1024 2 / kblockd/0 5 root rtd DIR 3,2 1024 2 / kblockd/0 5 root txt unknown /proc/5/exe khubd 6 root cwd DIR 3,2 1024 2 / khubd 6 root rtd DIR 3,2 1024 2 / khubd 6 root txt unknown /proc/6/exe kapmd 27 root cwd DIR 3,2 1024 2 / kapmd 27 root rtd DIR 3,2 1024 2 / kapmd 27 root txt unknown /proc/27/exe pdflush 29 root cwd DIR 3,2 1024 2 / pdflush 29 root rtd DIR 3,2 1024 2 / pdflush 29 root txt unknown /proc/29/exe pdflush 30 root cwd DIR 3,2 1024 2 / pdflush 30 root rtd DIR 3,2 1024 2 / pdflush 30 root txt unknown /proc/30/exe kswapd0 31 root cwd DIR 3,2 1024 2 / kswapd0 31 root rtd DIR 3,2 1024 2 / kswapd0 31 root txt unknown /proc/31/exe aio/0 32 root cwd DIR 3,2 1024 2 / aio/0 32 root rtd DIR 3,2 1024 2 / aio/0 32 root txt unknown /proc/32/exe kseriod 105 root cwd DIR 3,2 1024 2 / kseriod 105 root rtd DIR 3,2 1024 2 / kseriod 105 root txt unknown /proc/105/exe scsi_eh_0 196 root cwd DIR 3,2 1024 2 / scsi_eh_0 196 root rtd DIR 3,2 1024 2 / scsi_eh_0 196 root txt unknown /proc/196/exe ahc_dv_0 197 root cwd DIR 3,2 1024 2 / ahc_dv_0 197 root rtd DIR 3,2 1024 2 / ahc_dv_0 197 root txt unknown /proc/197/exe kjournald 204 root cwd DIR 3,2 1024 2 / kjournald 204 root rtd DIR 3,2 1024 2 / kjournald 204 root txt unknown /proc/204/exe udevd 693 root cwd DIR 3,2 1024 2 / udevd 693 root rtd DIR 3,2 1024 2 / udevd 693 root txt REG 3,2 13060 69449 /sbin/udevd udevd 693 root mem REG 3,2 8262 /lib/libselinux.so.1 (path inode=8288) udevd 693 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) udevd 693 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) udevd 693 root 0u CHR 1,3 3662 /dev/null udevd 693 root 1u CHR 1,3 3662 /dev/null udevd 693 root 2u CHR 1,3 3662 /dev/null udevd 693 root 3r FIFO 0,7 3995 pipe udevd 693 root 4w FIFO 0,7 3995 pipe udevd 693 root 5u unix 0x098e3700 3996 socket udevd 693 root 6u unix 0x08905b80 6658 socket kjournald 1476 root cwd DIR 3,2 1024 2 / kjournald 1476 root rtd DIR 3,2 1024 2 / kjournald 1476 root txt unknown /proc/1476/exe kjournald 1477 root cwd DIR 3,2 1024 2 / kjournald 1477 root rtd DIR 3,2 1024 2 / kjournald 1477 root txt unknown /proc/1477/exe kjournald 1478 root cwd DIR 3,2 1024 2 / kjournald 1478 root rtd DIR 3,2 1024 2 / kjournald 1478 root txt unknown /proc/1478/exe kjournald 1479 root cwd DIR 3,2 1024 2 / kjournald 1479 root rtd DIR 3,2 1024 2 / kjournald 1479 root txt unknown /proc/1479/exe kjournald 1480 root cwd DIR 3,2 1024 2 / kjournald 1480 root rtd DIR 3,2 1024 2 / kjournald 1480 root txt unknown /proc/1480/exe kjournald 1481 root cwd DIR 3,2 1024 2 / kjournald 1481 root rtd DIR 3,2 1024 2 / kjournald 1481 root txt unknown /proc/1481/exe syslogd 1776 root cwd DIR 3,2 1024 2 / syslogd 1776 root rtd DIR 3,2 1024 2 / syslogd 1776 root txt REG 3,2 31540 69431 /sbin/syslogd syslogd 1776 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so syslogd 1776 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) syslogd 1776 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) syslogd 1776 root 0u unix 0x098e3b80 6190 /dev/log syslogd 1776 root 1w REG 3,5 76120 63881 /var/log/messages syslogd 1776 root 2w REG 3,5 1507 63882 /var/log/secure syslogd 1776 root 3w REG 3,5 2028 63883 /var/log/maillog syslogd 1776 root 4w REG 3,5 1971 63903 /var/log/cron syslogd 1776 root 5w REG 3,5 0 63884 /var/log/spooler syslogd 1776 root 6w REG 3,5 5873 63904 /var/log/boot.log klogd 1780 root cwd DIR 3,2 1024 2 / klogd 1780 root rtd DIR 3,2 1024 2 / klogd 1780 root txt REG 3,2 22384 69430 /sbin/klogd klogd 1780 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) klogd 1780 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) klogd 1780 root 0r REG 0,3 0 4026531850 /proc/kmsg klogd 1780 root 1u unix 0x09620040 6201 socket portmap 1806 rpc cwd DIR 3,2 1024 2 / portmap 1806 rpc rtd DIR 3,2 1024 2 / portmap 1806 rpc txt REG 3,2 31380 69557 /sbin/portmap portmap 1806 rpc mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so portmap 1806 rpc mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) portmap 1806 rpc mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) portmap 1806 rpc mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) portmap 1806 rpc 0u CHR 1,3 3662 /dev/null portmap 1806 rpc 1u CHR 1,3 3662 /dev/null portmap 1806 rpc 2u CHR 1,3 3662 /dev/null portmap 1806 rpc 3u IPv4 6240 UDP *:sunrpc portmap 1806 rpc 4u IPv4 6243 TCP *:sunrpc (LISTEN) rpc.statd 1826 rpcuser cwd DIR 3,5 4096 95840 /var/lib/nfs/statd rpc.statd 1826 rpcuser rtd DIR 3,2 1024 2 / rpc.statd 1826 rpcuser txt REG 3,2 39456 69559 /sbin/rpc.statd rpc.statd 1826 rpcuser mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so rpc.statd 1826 rpcuser mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) rpc.statd 1826 rpcuser mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) rpc.statd 1826 rpcuser mem REG 3,6 50616 /usr/lib/libwrap.so.0.7.6 (path inode=50693) rpc.statd 1826 rpcuser mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) rpc.statd 1826 rpcuser 0u CHR 1,3 3662 /dev/null rpc.statd 1826 rpcuser 1u CHR 1,3 3662 /dev/null rpc.statd 1826 rpcuser 2u CHR 1,3 3662 /dev/null rpc.statd 1826 rpcuser 3u unix 0x098e3dc0 6268 socket rpc.statd 1826 rpcuser 4u IPv4 6278 UDP *:1024 rpc.statd 1826 rpcuser 5u IPv4 6269 UDP *:730 rpc.statd 1826 rpcuser 6u IPv4 6283 TCP *:1024 (LISTEN) rpc.statd 1826 rpcuser 7w REG 3,5 5 63906 /var/run/rpc.statd.pid rpc.idmap 1856 root cwd DIR 3,2 1024 2 / rpc.idmap 1856 root rtd DIR 3,2 1024 2 / rpc.idmap 1856 root txt REG 3,6 34564 16206 /usr/sbin/rpc.idmapd rpc.idmap 1856 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so rpc.idmap 1856 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) rpc.idmap 1856 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) rpc.idmap 1856 root 0u CHR 1,3 3662 /dev/null rpc.idmap 1856 root 1u CHR 1,3 3662 /dev/null rpc.idmap 1856 root 2u CHR 1,3 3662 /dev/null rpc.idmap 1856 root 3r 0000 0,8 0 6386 unknown inode type rpc.idmap 1856 root 5r DIR 0,3 0 121634825 /proc/1856/fd rpc.idmap 1856 root 6u unix 0x098e34c0 6387 socket rpc.idmap 1856 root 7u unix 0x098e3940 6388 socket rpc.idmap 1856 root 8r DIR 0,17 0 4 /var/lib/nfs/rpc_pipefs/nfs apmd 1886 root cwd DIR 3,2 1024 2 / apmd 1886 root rtd DIR 3,2 1024 2 / apmd 1886 root txt REG 3,6 16904 16157 /usr/sbin/apmd apmd 1886 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) apmd 1886 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) apmd 1886 root 0u CHR 10,134 958 /dev/apm_bios apmd 1886 root 1u unix 0x08905dc0 6441 socket smartd 1924 root cwd DIR 3,2 1024 2 / smartd 1924 root rtd DIR 3,2 1024 2 / smartd 1924 root txt REG 3,6 201056 16188 /usr/sbin/smartd smartd 1924 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) smartd 1924 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) smartd 1924 root 0u CHR 1,3 3662 /dev/null smartd 1924 root 1u CHR 1,3 3662 /dev/null smartd 1924 root 2u CHR 1,3 3662 /dev/null cupsd 1937 root cwd DIR 3,2 1024 2 / cupsd 1937 root rtd DIR 3,2 1024 2 / cupsd 1937 root txt REG 3,6 254660 16259 /usr/sbin/cupsd cupsd 1937 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so cupsd 1937 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive cupsd 1937 root mem REG 3,2 8222 /lib/libresolv-2.3.3.so (path inode=8290) cupsd 1937 root mem REG 3,6 50473 /usr/lib/libk5crypto.so.3.0 (path inode=50801) cupsd 1937 root mem REG 3,2 8247 /lib/libcom_err.so.2.1 (path inode=8289) cupsd 1937 root mem REG 3,6 50483 /usr/lib/libkrb5.so.3.2 (path inode=50802) cupsd 1937 root DEL REG 3,6 50469 /usr/lib/libgssapi_krb5.so.2.2.#prelink#.2yQiDY cupsd 1937 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) cupsd 1937 root mem REG 3,6 50443 /usr/lib/libdbus-1.so.0.0.0 (path inode=50774) cupsd 1937 root mem REG 3,2 8188 /lib/libcrypt-2.3.3.so (path inode=8295) cupsd 1937 root mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) cupsd 1937 root mem REG 3,6 50657 /usr/lib/libcups.so.2 (path inode=50680) cupsd 1937 root mem REG 3,2 8190 /lib/libdl-2.3.3.so (path inode=8291) cupsd 1937 root mem REG 3,2 8274 /lib/libpam.so.0.77 (path inode=8297) cupsd 1937 root DEL REG 3,2 8269 /lib/libcrypto.so.0.9.7a.#prelink#.UOdQ24 cupsd 1937 root mem REG 3,2 8270 /lib/libssl.so.0.9.7a (path inode=8236) cupsd 1937 root mem REG 3,6 50454 /usr/lib/libz.so.1.2.1.2 (path inode=50804) cupsd 1937 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) cupsd 1937 root 0u IPv4 6685 TCP *:ipp (LISTEN) cupsd 1937 root 1u REG 3,5 2320 63898 /var/log/cups/error_log cupsd 1937 root 2u IPv4 6686 UDP *:ipp cupsd 1937 root 3r FIFO 0,7 6687 pipe cupsd 1937 root 4w FIFO 0,7 6687 pipe sshd 1997 root cwd DIR 3,2 1024 2 / sshd 1997 root rtd DIR 3,2 1024 2 / sshd 1997 root txt REG 3,6 279944 16196 /usr/sbin/sshd sshd 1997 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so sshd 1997 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) sshd 1997 root mem REG 3,2 8222 /lib/libresolv-2.3.3.so (path inode=8290) sshd 1997 root mem REG 3,2 8247 /lib/libcom_err.so.2.1 (path inode=8289) sshd 1997 root mem REG 3,6 50473 /usr/lib/libk5crypto.so.3.0 (path inode=50801) sshd 1997 root mem REG 3,6 50483 /usr/lib/libkrb5.so.3.2 (path inode=50802) sshd 1997 root DEL REG 3,6 50469 /usr/lib/libgssapi_krb5.so.2.2.#prelink#.2yQiDY sshd 1997 root mem REG 3,2 8262 /lib/libselinux.so.1 (path inode=8288) sshd 1997 root mem REG 3,2 8188 /lib/libcrypt-2.3.3.so (path inode=8295) sshd 1997 root mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) sshd 1997 root mem REG 3,6 50454 /usr/lib/libz.so.1.2.1.2 (path inode=50804) sshd 1997 root mem REG 3,2 8228 /lib/libutil-2.3.3.so (path inode=8293) sshd 1997 root DEL REG 3,2 8269 /lib/libcrypto.so.0.9.7a.#prelink#.UOdQ24 sshd 1997 root mem REG 3,2 8190 /lib/libdl-2.3.3.so (path inode=8291) sshd 1997 root mem REG 3,2 8274 /lib/libpam.so.0.77 (path inode=8297) sshd 1997 root mem REG 3,6 50616 /usr/lib/libwrap.so.0.7.6 (path inode=50693) sshd 1997 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) sshd 1997 root 0u CHR 1,3 3662 /dev/null sshd 1997 root 1u CHR 1,3 3662 /dev/null sshd 1997 root 2u CHR 1,3 3662 /dev/null sshd 1997 root 3u IPv6 6821 TCP *:ssh (LISTEN) xinetd 2007 root cwd DIR 3,2 1024 2 / xinetd 2007 root rtd DIR 3,2 1024 2 / xinetd 2007 root txt REG 3,6 152348 16255 /usr/sbin/xinetd xinetd 2007 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so xinetd 2007 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) xinetd 2007 root mem REG 3,2 8188 /lib/libcrypt-2.3.3.so (path inode=8295) xinetd 2007 root mem REG 3,2 8232 /lib/tls/libm-2.3.3.so (path inode=8299) xinetd 2007 root mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) xinetd 2007 root mem REG 3,6 50616 /usr/lib/libwrap.so.0.7.6 (path inode=50693) xinetd 2007 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) xinetd 2007 root 0r CHR 1,3 3662 /dev/null xinetd 2007 root 1r CHR 1,3 3662 /dev/null xinetd 2007 root 2r CHR 1,3 3662 /dev/null xinetd 2007 root 3r FIFO 0,7 6842 pipe xinetd 2007 root 4w FIFO 0,7 6842 pipe xinetd 2007 root 7u unix 0x09620280 6847 socket sendmail 2026 root cwd DIR 3,5 4096 16014 /var/spool/mqueue sendmail 2026 root rtd DIR 3,2 1024 2 / sendmail 2026 root txt REG 3,6 732356 16234 /usr/sbin/sendmail.sendmail sendmail 2026 root mem REG 3,6 12820 50512 /usr/lib/sasl2/libanonymous.so.2.0.19 sendmail 2026 root mem REG 3,6 15216 50528 /usr/lib/sasl2/libcrammd5.so.2.0.19 sendmail 2026 root mem REG 3,6 13296 50717 /usr/lib/sasl2/liblogin.so.2.0.19 sendmail 2026 root mem REG 3,6 784960 50516 /usr/lib/sasl2/libsasldb.so.2.0.19 sendmail 2026 root mem REG 3,6 42964 50532 /usr/lib/sasl2/libdigestmd5.so.2.0.19 sendmail 2026 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so sendmail 2026 root DEL REG 3,2 8234 /lib/tls/libpthread-2.3.3.so.#prelink#.lD5Ooc sendmail 2026 root mem REG 3,6 50454 /usr/lib/libz.so.1.2.1.2 (path inode=50804) sendmail 2026 root mem REG 3,2 8190 /lib/libdl-2.3.3.so (path inode=8291) sendmail 2026 root mem REG 3,6 50473 /usr/lib/libk5crypto.so.3.0 (path inode=50801) sendmail 2026 root mem REG 3,2 8247 /lib/libcom_err.so.2.1 (path inode=8289) sendmail 2026 root mem REG 3,6 50483 /usr/lib/libkrb5.so.3.2 (path inode=50802) sendmail 2026 root DEL REG 3,6 50469 /usr/lib/libgssapi_krb5.so.2.2.#prelink#.2yQiDY sendmail 2026 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) sendmail 2026 root DEL REG 3,6 50534 /usr/lib/liblber-2.2.so.7.0.6.#prelink#.QgKeVW sendmail 2026 root DEL REG 3,6 50536 /usr/lib/libldap-2.2.so.7.0.6.#prelink#.rEhsZL sendmail 2026 root mem REG 3,6 50502 /usr/lib/libsasl2.so.2.0.19 (path inode=50497) sendmail 2026 root mem REG 3,6 50576 /usr/lib/libhesiod.so.0 (path inode=50495) sendmail 2026 root mem REG 3,6 50616 /usr/lib/libwrap.so.0.7.6 (path inode=50693) sendmail 2026 root mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) sendmail 2026 root mem REG 3,2 8188 /lib/libcrypt-2.3.3.so (path inode=8295) sendmail 2026 root mem REG 3,2 8222 /lib/libresolv-2.3.3.so (path inode=8290) sendmail 2026 root mem REG 3,2 844080 10206 /lib/tls/i686/libdb-4.2.so sendmail 2026 root DEL REG 3,2 8269 /lib/libcrypto.so.0.9.7a.#prelink#.UOdQ24 sendmail 2026 root mem REG 3,2 8270 /lib/libssl.so.0.9.7a (path inode=8236) sendmail 2026 root mem REG 3,6 13360 50721 /usr/lib/sasl2/libplain.so.2.0.19 sendmail 2026 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) sendmail 2026 root 0r CHR 1,3 3662 /dev/null sendmail 2026 root 1w CHR 1,3 3662 /dev/null sendmail 2026 root 2w CHR 1,3 3662 /dev/null sendmail 2026 root 3u unix 0x09620b80 6910 socket sendmail 2026 root 4u IPv4 6919 TCP fc3-hardened:smtp (LISTEN) sendmail 2026 root 5wW REG 3,5 33 63912 /var/run/sendmail.pid sendmail 2036 smmsp cwd DIR 3,5 4096 16013 /var/spool/clientmqueue sendmail 2036 smmsp rtd DIR 3,2 1024 2 / sendmail 2036 smmsp txt REG 3,6 732356 16234 /usr/sbin/sendmail.sendmail sendmail 2036 smmsp mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so sendmail 2036 smmsp DEL REG 3,2 8234 /lib/tls/libpthread-2.3.3.so.#prelink#.lD5Ooc sendmail 2036 smmsp mem REG 3,6 50454 /usr/lib/libz.so.1.2.1.2 (path inode=50804) sendmail 2036 smmsp mem REG 3,2 8190 /lib/libdl-2.3.3.so (path inode=8291) sendmail 2036 smmsp mem REG 3,6 50473 /usr/lib/libk5crypto.so.3.0 (path inode=50801) sendmail 2036 smmsp mem REG 3,2 8247 /lib/libcom_err.so.2.1 (path inode=8289) sendmail 2036 smmsp mem REG 3,6 50483 /usr/lib/libkrb5.so.3.2 (path inode=50802) sendmail 2036 smmsp DEL REG 3,6 50469 /usr/lib/libgssapi_krb5.so.2.2.#prelink#.2yQiDY sendmail 2036 smmsp mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) sendmail 2036 smmsp DEL REG 3,6 50534 /usr/lib/liblber-2.2.so.7.0.6.#prelink#.QgKeVW sendmail 2036 smmsp DEL REG 3,6 50536 /usr/lib/libldap-2.2.so.7.0.6.#prelink#.rEhsZL sendmail 2036 smmsp mem REG 3,6 50502 /usr/lib/libsasl2.so.2.0.19 (path inode=50497) sendmail 2036 smmsp mem REG 3,6 50576 /usr/lib/libhesiod.so.0 (path inode=50495) sendmail 2036 smmsp mem REG 3,6 50616 /usr/lib/libwrap.so.0.7.6 (path inode=50693) sendmail 2036 smmsp mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) sendmail 2036 smmsp mem REG 3,2 8188 /lib/libcrypt-2.3.3.so (path inode=8295) sendmail 2036 smmsp mem REG 3,2 8222 /lib/libresolv-2.3.3.so (path inode=8290) sendmail 2036 smmsp mem REG 3,2 844080 10206 /lib/tls/i686/libdb-4.2.so sendmail 2036 smmsp DEL REG 3,2 8269 /lib/libcrypto.so.0.9.7a.#prelink#.UOdQ24 sendmail 2036 smmsp mem REG 3,2 8270 /lib/libssl.so.0.9.7a (path inode=8236) sendmail 2036 smmsp mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) sendmail 2036 smmsp 0r CHR 1,3 3662 /dev/null sendmail 2036 smmsp 1w CHR 1,3 3662 /dev/null sendmail 2036 smmsp 2w CHR 1,3 3662 /dev/null sendmail 2036 smmsp 3u unix 0x096204c0 6937 socket sendmail 2036 smmsp 4wW REG 3,5 50 63911 /var/run/sm-client.pid gpm 2046 root cwd DIR 3,2 1024 2 / gpm 2046 root rtd DIR 3,2 1024 2 / gpm 2046 root txt REG 3,6 84476 16132 /usr/sbin/gpm gpm 2046 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) gpm 2046 root mem REG 3,2 8232 /lib/tls/libm-2.3.3.so (path inode=8299) gpm 2046 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) gpm 2046 root 0u CHR 5,1 936 /dev/console gpm 2046 root 1w FIFO 0,7 6947 pipe gpm 2046 root 2w FIFO 0,7 6948 pipe gpm 2046 root 3u unix 0x09620940 6951 socket gpm 2046 root 4u CHR 13,63 4043 /dev/input/mice gpm 2046 root 5u unix 0x09620700 6952 /dev/gpmctl crond 2055 root cwd DIR 3,5 4096 15971 /var/spool crond 2055 root rtd DIR 3,2 1024 2 / crond 2055 root txt REG 3,6 39204 16253 /usr/sbin/crond crond 2055 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so crond 2055 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive crond 2055 root mem REG 3,2 8190 /lib/libdl-2.3.3.so (path inode=8291) crond 2055 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) crond 2055 root DEL REG 3,2 8275 /lib/libpam_misc.so.0.77.#prelink#.q1XHiL crond 2055 root mem REG 3,2 8274 /lib/libpam.so.0.77 (path inode=8297) crond 2055 root mem REG 3,2 8262 /lib/libselinux.so.1 (path inode=8288) crond 2055 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) crond 2055 root 0u CHR 1,3 3662 /dev/null crond 2055 root 1u CHR 1,3 3662 /dev/null crond 2055 root 2u CHR 1,3 3662 /dev/null crond 2055 root 3u REG 3,5 5 63914 /var/run/crond.pid crond 2055 root 4u unix 0x09620dc0 6969 socket anacron 2064 root cwd DIR 3,5 4096 15975 /var/spool/anacron anacron 2064 root rtd DIR 3,2 1024 2 / anacron 2064 root txt REG 3,6 19956 16113 /usr/sbin/anacron anacron 2064 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so anacron 2064 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) anacron 2064 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) anacron 2064 root 0r CHR 1,3 3662 /dev/null anacron 2064 root 1w CHR 1,3 3662 /dev/null anacron 2064 root 2w CHR 1,3 3662 /dev/null anacron 2064 root 3u unix 0x098e3040 6987 socket anacron 2064 root 4u REG 3,7 117 6025 /tmp/filemLLX82 (deleted) anacron 2064 root 5uW REG 3,5 9 16021 /var/spool/anacron/cron.weekly anacron 2064 root 6uW REG 3,5 0 16022 /var/spool/anacron/cron.monthly atd 2072 daemon cwd DIR 3,5 4096 15976 /var/spool/at atd 2072 daemon rtd DIR 3,2 1024 2 / atd 2072 daemon txt REG 3,6 17456 16134 /usr/sbin/atd atd 2072 daemon mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so atd 2072 daemon mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) atd 2072 daemon mem REG 3,2 8262 /lib/libselinux.so.1 (path inode=8288) atd 2072 daemon mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) atd 2072 daemon 0u CHR 1,3 3662 /dev/null atd 2072 daemon 1u CHR 1,3 3662 /dev/null atd 2072 daemon 2u CHR 1,3 3662 /dev/null atd 2072 daemon 3uW REG 3,5 5 63915 /var/run/atd.pid dbus-daem 2081 dbus cwd DIR 3,2 1024 2 / dbus-daem 2081 dbus rtd DIR 3,2 1024 2 / dbus-daem 2081 dbus txt REG 3,6 494820 65246 /usr/bin/dbus-daemon-1 dbus-daem 2081 dbus mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so dbus-daem 2081 dbus mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) dbus-daem 2081 dbus mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) dbus-daem 2081 dbus mem REG 3,2 8262 /lib/libselinux.so.1 (path inode=8288) dbus-daem 2081 dbus mem REG 3,6 50384 /usr/lib/libexpat.so.0.5.0 (path inode=50461) dbus-daem 2081 dbus mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) dbus-daem 2081 dbus 0u CHR 1,3 3662 /dev/null dbus-daem 2081 dbus 1u CHR 1,3 3662 /dev/null dbus-daem 2081 dbus 2u CHR 1,3 3662 /dev/null dbus-daem 2081 dbus 3u sock 0,4 7024 can't identify protocol dbus-daem 2081 dbus 4u unix 0x098e3280 7029 /var/run/dbus/system_bus_socket dbus-daem 2081 dbus 5u CHR 1,3 3662 /dev/null dbus-daem 2081 dbus 6u unix 0x08905040 7031 socket dbus-daem 2081 dbus 7u unix 0x08905280 7032 socket dbus-daem 2081 dbus 8u unix 0x08905700 7060 /var/run/dbus/system_bus_socket hald 2092 root cwd DIR 3,2 1024 2 / hald 2092 root rtd DIR 3,2 1024 2 / hald 2092 root txt REG 3,6 205452 16042 /usr/sbin/hald hald 2092 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache hald 2092 root mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) hald 2092 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) hald 2092 root mem REG 3,2 8262 /lib/libselinux.so.1 (path inode=8288) hald 2092 root mem REG 3,6 50384 /usr/lib/libexpat.so.0.5.0 (path inode=50461) hald 2092 root mem REG 3,2 8261 /lib/libcap.so.1.10 (path inode=8259) hald 2092 root mem REG 3,2 8232 /lib/tls/libm-2.3.3.so (path inode=8299) hald 2092 root mem REG 3,6 50443 /usr/lib/libdbus-1.so.0.0.0 (path inode=50774) hald 2092 root DEL REG 3,6 50388 /usr/lib/libglib-2.0.so.0.400.7.#prelink#.0bjENM hald 2092 root DEL REG 3,6 50445 /usr/lib/libdbus-glib-1.so.0.0.0.#prelink#.jhwOZK hald 2092 root DEL REG 3,6 50392 /usr/lib/libgobject-2.0.so.0.400.7.#prelink#.OoLGOX hald 2092 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) hald 2092 root 0u CHR 1,3 3662 /dev/null hald 2092 root 1u CHR 1,3 3662 /dev/null hald 2092 root 2u CHR 1,3 3662 /dev/null hald 2092 root 5u CHR 1,3 3662 /dev/null hald 2092 root 6r FIFO 0,7 7055 pipe hald 2092 root 7w FIFO 0,7 7055 pipe hald 2092 root 8u unix 0x089054c0 7059 socket hald 2092 root 9u unix 0x08905940 7067 socket hald 2092 root 10r FIFO 0,7 7931 pipe hald 2092 root 11w FIFO 0,7 7931 pipe hald 2092 root 12r DIR 3,2 5120 12241 /etc hald 2092 root 13u sock 0,4 8212 can't identify protocol mingetty 2099 root cwd DIR 3,2 1024 2 / mingetty 2099 root rtd DIR 3,2 1024 2 / mingetty 2099 root txt REG 3,2 10196 69386 /sbin/mingetty mingetty 2099 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) mingetty 2099 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) mingetty 2099 root 0u CHR 4,1 3636 /dev/tty1 mingetty 2099 root 1u CHR 4,1 3636 /dev/tty1 mingetty 2099 root 2u CHR 4,1 3636 /dev/tty1 mingetty 2099 root 3r REG 0,1 896 21 /init mingetty 2100 root cwd DIR 3,2 1024 2 / mingetty 2100 root rtd DIR 3,2 1024 2 / mingetty 2100 root txt REG 3,2 10196 69386 /sbin/mingetty mingetty 2100 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) mingetty 2100 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) mingetty 2100 root 0u CHR 4,2 3637 /dev/tty2 mingetty 2100 root 1u CHR 4,2 3637 /dev/tty2 mingetty 2100 root 2u CHR 4,2 3637 /dev/tty2 mingetty 2100 root 3r REG 0,1 896 21 /init mingetty 2101 root cwd DIR 3,2 1024 2 / mingetty 2101 root rtd DIR 3,2 1024 2 / mingetty 2101 root txt REG 3,2 10196 69386 /sbin/mingetty mingetty 2101 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) mingetty 2101 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) mingetty 2101 root 0u CHR 4,3 3638 /dev/tty3 mingetty 2101 root 1u CHR 4,3 3638 /dev/tty3 mingetty 2101 root 2u CHR 4,3 3638 /dev/tty3 mingetty 2101 root 3r REG 0,1 896 21 /init mingetty 2102 root cwd DIR 3,2 1024 2 / mingetty 2102 root rtd DIR 3,2 1024 2 / mingetty 2102 root txt REG 3,2 10196 69386 /sbin/mingetty mingetty 2102 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) mingetty 2102 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) mingetty 2102 root 0u CHR 4,4 3639 /dev/tty4 mingetty 2102 root 1u CHR 4,4 3639 /dev/tty4 mingetty 2102 root 2u CHR 4,4 3639 /dev/tty4 mingetty 2102 root 3r REG 0,1 896 21 /init mingetty 2103 root cwd DIR 3,2 1024 2 / mingetty 2103 root rtd DIR 3,2 1024 2 / mingetty 2103 root txt REG 3,2 10196 69386 /sbin/mingetty mingetty 2103 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) mingetty 2103 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) mingetty 2103 root 0u CHR 4,5 3640 /dev/tty5 mingetty 2103 root 1u CHR 4,5 3640 /dev/tty5 mingetty 2103 root 2u CHR 4,5 3640 /dev/tty5 mingetty 2103 root 3r REG 0,1 896 21 /init mingetty 2104 root cwd DIR 3,2 1024 2 / mingetty 2104 root rtd DIR 3,2 1024 2 / mingetty 2104 root txt REG 3,2 10196 69386 /sbin/mingetty mingetty 2104 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) mingetty 2104 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) mingetty 2104 root 0u CHR 4,6 3641 /dev/tty6 mingetty 2104 root 1u CHR 4,6 3641 /dev/tty6 mingetty 2104 root 2u CHR 4,6 3641 /dev/tty6 mingetty 2104 root 3r REG 0,1 896 21 /init sshd 2538 root cwd DIR 3,2 1024 2 / sshd 2538 root rtd DIR 3,2 1024 2 / sshd 2538 root txt REG 3,6 279944 16196 /usr/sbin/sshd sshd 2538 root DEL REG 0,6 8234 /dev/zero sshd 2538 root mem REG 3,6 50406 /usr/lib/libcrack.so.2.7 (path inode=50430) sshd 2538 root mem REG 3,2 18008 10221 /lib/security/pam_limits.so sshd 2538 root mem REG 3,2 12160 10212 /lib/security/pam_cracklib.so sshd 2538 root mem REG 3,2 3220 10228 /lib/security/pam_permit.so sshd 2538 root mem REG 3,2 17216 10239 /lib/security/pam_succeed_if.so sshd 2538 root mem REG 3,2 48680 10243 /lib/security/pam_unix.so sshd 2538 root mem REG 3,2 22624 8207 /lib/libnss_dns-2.3.3.so sshd 2538 root mem REG 3,2 10260 10215 /lib/security/pam_env.so sshd 2538 root mem REG 3,2 2912 10214 /lib/security/pam_deny.so sshd 2538 root mem REG 3,2 6640 10227 /lib/security/pam_nologin.so sshd 2538 root mem REG 3,2 10484 10237 /lib/security/pam_stack.so sshd 2538 root DEL REG 0,6 8227 /dev/zero sshd 2538 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so sshd 2538 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) sshd 2538 root mem REG 3,2 8222 /lib/libresolv-2.3.3.so (path inode=8290) sshd 2538 root mem REG 3,2 8247 /lib/libcom_err.so.2.1 (path inode=8289) sshd 2538 root mem REG 3,6 50473 /usr/lib/libk5crypto.so.3.0 (path inode=50801) sshd 2538 root mem REG 3,6 50483 /usr/lib/libkrb5.so.3.2 (path inode=50802) sshd 2538 root DEL REG 3,6 50469 /usr/lib/libgssapi_krb5.so.2.2.#prelink#.2yQiDY sshd 2538 root mem REG 3,2 8262 /lib/libselinux.so.1 (path inode=8288) sshd 2538 root mem REG 3,2 8188 /lib/libcrypt-2.3.3.so (path inode=8295) sshd 2538 root mem REG 3,2 8194 /lib/libnsl-2.3.3.so (path inode=8294) sshd 2538 root mem REG 3,6 50454 /usr/lib/libz.so.1.2.1.2 (path inode=50804) sshd 2538 root mem REG 3,2 8228 /lib/libutil-2.3.3.so (path inode=8293) sshd 2538 root DEL REG 3,2 8269 /lib/libcrypto.so.0.9.7a.#prelink#.UOdQ24 sshd 2538 root mem REG 3,2 8190 /lib/libdl-2.3.3.so (path inode=8291) sshd 2538 root mem REG 3,2 8274 /lib/libpam.so.0.77 (path inode=8297) sshd 2538 root mem REG 3,6 50616 /usr/lib/libwrap.so.0.7.6 (path inode=50693) sshd 2538 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) sshd 2538 root 0u CHR 1,3 3662 /dev/null sshd 2538 root 1u CHR 1,3 3662 /dev/null sshd 2538 root 2u CHR 1,3 3662 /dev/null sshd 2538 root 3u IPv6 8213 TCP 192.168.5.252:ssh->192.168.5.197:54692 (ESTABLISHED) sshd 2538 root 4r FIFO 0,7 8235 pipe sshd 2538 root 5w FIFO 0,7 8235 pipe sshd 2538 root 6u CHR 5,2 987 /dev/ptmx sshd 2538 root 7u CHR 5,2 987 /dev/ptmx sshd 2538 root 8u CHR 5,2 987 /dev/ptmx bash 2540 root cwd DIR 3,2 1024 4099 /root/CIS bash 2540 root rtd DIR 3,2 1024 2 / bash 2540 root txt REG 3,2 610616 116288 /bin/bash bash 2540 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache bash 2540 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive bash 2540 root mem REG 3,2 47244 8210 /lib/libnss_files-2.3.3.so bash 2540 root mem REG 3,2 8230 /lib/tls/libc-2.3.3.so (path inode=8287) bash 2540 root mem REG 3,2 8190 /lib/libdl-2.3.3.so (path inode=8291) bash 2540 root DEL REG 3,2 8266 /lib/libtermcap.so.2.0.8.#prelink#.s2UuoM bash 2540 root mem REG 3,2 8175 /lib/ld-2.3.3.so (path inode=8286) bash 2540 root 0u CHR 136,0 2 /dev/pts/0 bash 2540 root 1u CHR 136,0 2 /dev/pts/0 bash 2540 root 2u CHR 136,0 2 /dev/pts/0 bash 2540 root 255u CHR 136,0 2 /dev/pts/0 run-parts 5349 root cwd DIR 3,2 1024 2 / run-parts 5349 root rtd DIR 3,2 1024 2 / run-parts 5349 root txt REG 3,2 616312 116320 /bin/bash run-parts 5349 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so run-parts 5349 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so run-parts 5349 root mem REG 3,2 16908 8291 /lib/libdl-2.3.3.so run-parts 5349 root mem REG 3,2 12592 8296 /lib/libtermcap.so.2.0.8 run-parts 5349 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache run-parts 5349 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive run-parts 5349 root 0r CHR 1,3 3662 /dev/null run-parts 5349 root 1u REG 3,7 117 6025 /tmp/filemLLX82 (deleted) run-parts 5349 root 2u REG 3,7 117 6025 /tmp/filemLLX82 (deleted) run-parts 5349 root 255r REG 3,6 749 65511 /usr/bin/run-parts makewhati 5381 root cwd DIR 3,2 1024 2 / makewhati 5381 root rtd DIR 3,2 1024 2 / makewhati 5381 root txt REG 3,2 616312 116320 /bin/bash makewhati 5381 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so makewhati 5381 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so makewhati 5381 root mem REG 3,2 16908 8291 /lib/libdl-2.3.3.so makewhati 5381 root mem REG 3,2 12592 8296 /lib/libtermcap.so.2.0.8 makewhati 5381 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache makewhati 5381 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive makewhati 5381 root 0r CHR 1,3 3662 /dev/null makewhati 5381 root 1w FIFO 0,7 14245 pipe makewhati 5381 root 2w FIFO 0,7 14245 pipe makewhati 5381 root 255r REG 3,2 414 13076 /etc/cron.weekly/makewhatis.cron awk 5382 root cwd DIR 3,2 1024 2 / awk 5382 root rtd DIR 3,2 1024 2 / awk 5382 root txt REG 3,2 252412 116344 /bin/gawk awk 5382 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so awk 5382 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so awk 5382 root mem REG 3,2 16908 8291 /lib/libdl-2.3.3.so awk 5382 root mem REG 3,2 215248 8299 /lib/tls/libm-2.3.3.so awk 5382 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache awk 5382 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive awk 5382 root 0r FIFO 0,7 14245 pipe awk 5382 root 1u REG 3,7 117 6025 /tmp/filemLLX82 (deleted) awk 5382 root 2u REG 3,7 117 6025 /tmp/filemLLX82 (deleted) makewhati 5384 root cwd DIR 3,6 65536 79914 /usr/share/man/man3 makewhati 5384 root rtd DIR 3,2 1024 2 / makewhati 5384 root txt REG 3,2 616312 116320 /bin/bash makewhati 5384 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so makewhati 5384 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so makewhati 5384 root mem REG 3,2 16908 8291 /lib/libdl-2.3.3.so makewhati 5384 root mem REG 3,2 12592 8296 /lib/libtermcap.so.2.0.8 makewhati 5384 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache makewhati 5384 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive makewhati 5384 root 0r CHR 1,3 3662 /dev/null makewhati 5384 root 1w REG 3,7 126408 6026 /tmp/whatis.dA5386 makewhati 5384 root 2w FIFO 0,7 14245 pipe makewhati 5384 root 10w FIFO 0,7 14245 pipe makewhati 5384 root 255r REG 3,6 11151 65651 /usr/bin/makewhatis makewhati 15528 root cwd DIR 3,6 65536 79914 /usr/share/man/man3 makewhati 15528 root rtd DIR 3,2 1024 2 / makewhati 15528 root txt REG 3,2 616312 116320 /bin/bash makewhati 15528 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so makewhati 15528 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so makewhati 15528 root mem REG 3,2 16908 8291 /lib/libdl-2.3.3.so makewhati 15528 root mem REG 3,2 12592 8296 /lib/libtermcap.so.2.0.8 makewhati 15528 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache makewhati 15528 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive makewhati 15528 root 0r FIFO 0,7 20919 pipe makewhati 15528 root 1w REG 3,7 126408 6026 /tmp/whatis.dA5386 makewhati 15528 root 2w FIFO 0,7 14245 pipe makewhati 15528 root 10w FIFO 0,7 14245 pipe lsof 15529 root cwd DIR 3,2 1024 4099 /root/CIS lsof 15529 root rtd DIR 3,2 1024 2 / lsof 15529 root txt REG 3,6 107352 16158 /usr/sbin/lsof lsof 15529 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so lsof 15529 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so lsof 15529 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache lsof 15529 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive lsof 15529 root 0u CHR 136,0 2 /dev/pts/0 lsof 15529 root 1w FIFO 0,7 20920 pipe lsof 15529 root 2u CHR 136,0 2 /dev/pts/0 makewhati 5384 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache makewhati 5384 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive makewhati 5384 root 0r CHR 1,3 3662 /dev/null makewhati 5384 root 1w REG 3,7 126408 6026 /tmp/whatis.dA5386 makewhati 5384 root 2w FIFO 0,7 14245 pipe makewhati 5384 root 10w FIFO 0,7 14245 pipe makewhati 5384 root 255r REG 3,6 11151 65651 /usr/bin/makewhatis makewhati 15528 root cwd DIR 3,6 65536 79914 /usr/share/man/man3 makewhati 15528 root rtd DIR 3,2 1024 2 / makewhati 15528 root txt REG 3,2 616312 116320 /bin/bash makewhati 15528 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so makewhati 15528 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so makewhati 15528 root mem REG 3,2 16908 8291 /lib/libdl-2.3.3.so makewhati 15528 root mem REG 3,2 12592 8296 /lib/libtermcap.so.2.0.8 makewhati 15528 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache makewhati 15528 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive makewhati 15528 root 0r FIFO 0,7 20919 pipe makewhati 15528 root 1w REG 3,7 126408 6026 /tmp/whatis.dA5386 makewhati 15528 root 2w FIFO 0,7 14245 pipe makewhati 15528 root 10w FIFO 0,7 14245 pipe lsof 15529 root cwd DIR 3,2 1024 4099 /root/CIS lsof 15529 root rtd DIR 3,2 1024 2 / lsof 15529 root txt REG 3,6 107352 16158 /usr/sbin/lsof lsof 15529 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so lsof 15529 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so lsof 15529 root mem REG 3,6 21544 64082 /usr/lib/gconv/gconv-modules.cache lsof 15529 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive lsof 15529 root 0u CHR 136,0 2 /dev/pts/0 lsof 15529 root 1w FIFO 0,7 20920 pipe lsof 15529 root 2u CHR 136,0 2 /dev/pts/0 lsof 15529 root 3r DIR 0,3 0 1 /proc lsof 15529 root 4r DIR 0,3 0 1017708553 /proc/15529/fd lsof 15529 root 5w FIFO 0,7 20926 pipe lsof 15529 root 6r FIFO 0,7 20927 pipe more 15530 root cwd DIR 3,2 1024 4099 /root/CIS more 15530 root rtd DIR 3,2 1024 2 / more 15530 root txt REG 3,2 32496 116317 /bin/more more 15530 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so more 15530 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so more 15530 root mem REG 3,2 12592 8296 /lib/libtermcap.so.2.0.8 more 15530 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive more 15530 root 0r FIFO 0,7 20920 pipe more 15530 root 1u CHR 136,0 2 /dev/pts/0 more 15530 root 2u CHR 136,0 2 /dev/pts/0 lsof 15531 root cwd DIR 3,2 1024 4099 /root/CIS lsof 15531 root rtd DIR 3,2 1024 2 / lsof 15531 root txt REG 3,6 107352 16158 /usr/sbin/lsof lsof 15531 root mem REG 3,2 108332 8286 /lib/ld-2.3.3.so lsof 15531 root mem REG 3,2 1512400 8287 /lib/tls/libc-2.3.3.so lsof 15531 root mem REG 3,6 38654896 50378 /usr/lib/locale/locale-archive lsof 15531 root 4r FIFO 0,7 20926 pipe lsof 15531 root 7w FIFO 0,7 20927 pipe
Firewall 1
/sbin/iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353 ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Vulnerability Scan 1
nmap 4.01 against iptables running 1
nmap -A -T4 -P0 192.168.5.252
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-02 17:10 EDT Warning: Finishing early because retransmission cap hit. Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Interesting ports on 192.168.5.252: (The 1671 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99) MAC Address: 00:90:27:12:C6:28 (Intel) Device type: broadband router|general purpose Running: Level One embedded, Linux 2.6.X OS details: LevelOne WBR-3403TX Wireless Broadband router, Linux 2.6.5 - 2.6.11 Uptime 0.101 days (since Sun Apr 2 14:58:56 2006)
Nmap finished: 1 IP address (1 host up) scanned in 832.423 seconds
nmap 4.01 against iptables stopped 1
nmap -A -T4 192.168.5.252
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-02 17:27 EDT Interesting ports on 192.168.5.252: (The 1668 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99) 111/tcp open rpcbind 2 (rpc #100000) 631/tcp open ipp CUPS 1.1 1024/tcp open status 1 (rpc #100024) MAC Address: 00:90:27:12:C6:28 (Intel) Device type: general purpose Running: Linux 2.4.X|2.5.X|2.6.X OS details: Linux 2.4.7 - 2.6.11 Uptime 0.103 days (since Sun Apr 2 14:58:56 2006)
Nmap finished: 1 IP address (1 host up) scanned in 13.727 seconds
nessus 3.0.2 against iptables running 1
Nessus Scan Report
SUMMARY
- Number of hosts which were alive during the test : 1 - Number of security holes found : 0 - Number of security warnings found : 1 - Number of security notes found : 8
TESTED HOSTS
192.168.5.252 (Security warnings found)
DETAILS
+ 192.168.5.252 : . List of open ports : o ssh (22/tcp) (Security warnings found) o general/icmp (Security notes found) o general/udp (Security notes found) o general/tcp (Security notes found)
. Warning found on port ssh (22/tcp)
The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
. Information found on port ssh (22/tcp)
An ssh server is running on this port
. Information found on port ssh (22/tcp)
Remote SSH version : SSH-1.99-OpenSSH_3.9p1
Remote SSH supported authentication : publickey,gssapi-with-mic,password
. Information found on port ssh (22/tcp)
The remote SSH daemon supports the following versions of the SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
SSHv1 host key fingerprint : ae:2d:6d:b5:d4:b6:ad:af:11:59:38:11:4a:dc:ef:c4 SSHv2 host key fingerprint : 60:53:da:a1:4f:88:f7:1f:e9:09:67:e4:10:80:3b:c7
. Information found on port general/icmp
Synopsis :
It is possible to determine the exact time set on the remote host.
Description :
The remote host answers to an ICMP timestamp request. This allows an
attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing
ICMP
timestamp replies (14).
Risk factor :
None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) CVE : CVE-1999-0524
. Information found on port general/icmp
Here is the route recorded between 192.168.5.197 and 192.168.5.252 : 192.168.5.252. 192.168.5.252.
. Information found on port general/udp
For your information, here is the traceroute from 192.168.5.197 to
192.168.5.252 :
192.168.5.197
192.168.5.252
. Information found on port general/tcp
The remote host is running Linux Kernel 2.6
. Information found on port general/tcp
Information about this scan :
Nessus version : 3.0.2 Plugin feed version : 200604011715 Type of plugin feed : Registered (7 days delay) Scanner IP : 192.168.5.197 Port scanner(s) : nessus_tcp_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : no Max hosts : 20 Max checks : 4 Scan Start Date : 2006/4/2 16:53 Scan duration : 302 sec
This file was generated by the Nessus Security Scanner
nessus 3.0.2 against iptables stopped 1
Nessus Scan Report
SUMMARY
- Number of hosts which were alive during the test : 1 - Number of security holes found : 0 - Number of security warnings found : 1 - Number of security notes found : 15
TESTED HOSTS
192.168.5.252 (Security warnings found)
DETAILS
+ 192.168.5.252 : . List of open ports : o ssh (22/tcp) (Security warnings found) o sunrpc (111/tcp) (Security notes found) o ipp (631/tcp) (Security notes found) o kdm (1024/tcp) (Security notes found) o general/icmp (Security notes found) o sunrpc (111/udp) (Security notes found) o unknown (1024/udp) (Security notes found) o general/udp (Security notes found) o general/tcp (Security notes found)
. Warning found on port ssh (22/tcp)
The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
. Information found on port ssh (22/tcp)
An ssh server is running on this port
. Information found on port ssh (22/tcp)
Remote SSH version : SSH-1.99-OpenSSH_3.9p1
Remote SSH supported authentication : publickey,gssapi-with-mic,password
. Information found on port ssh (22/tcp)
The remote SSH daemon supports the following versions of the SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
SSHv1 host key fingerprint : ae:2d:6d:b5:d4:b6:ad:af:11:59:38:11:4a:dc:ef:c4 SSHv2 host key fingerprint : 60:53:da:a1:4f:88:f7:1f:e9:09:67:e4:10:80:3b:c7
. Information found on port sunrpc (111/tcp)
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list of RPC services. We recommend you filter traffic going to this port.
Risk factor : Low CVE : CVE-1999-0632, CVE-1999-0189 BID : 205
. Information found on port sunrpc (111/tcp)
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is
running on this port
. Information found on port ipp (631/tcp)
A web server is running on this port
. Information found on port ipp (631/tcp)
The remote web server type is :
CUPS/1.1
. Information found on port kdm (1024/tcp)
RPC program #100024 version 1 'status' is running on this port
. Information found on port general/icmp
Synopsis :
It is possible to determine the exact time set on the remote host.
Description :
The remote host answers to an ICMP timestamp request. This allows an
attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing
ICMP
timestamp replies (14).
Risk factor :
None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) CVE : CVE-1999-0524
. Information found on port general/icmp
Here is the route recorded between 192.168.5.197 and 192.168.5.252 : 192.168.5.252. 192.168.5.252.
. Information found on port sunrpc (111/udp)
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is
running on this port
. Information found on port unknown (1024/udp)
RPC program #100024 version 1 'status' is running on this port
. Information found on port general/udp
For your information, here is the traceroute from 192.168.5.197 to
192.168.5.252 :
192.168.5.197
192.168.5.252
. Information found on port general/tcp
The remote host is running Linux Kernel 2.6
. Information found on port general/tcp
Information about this scan :
Nessus version : 3.0.2 Plugin feed version : 200604011715 Type of plugin feed : Registered (7 days delay) Scanner IP : 192.168.5.197 Port scanner(s) : nessus_tcp_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : no Max hosts : 20 Max checks : 4 Scan Start Date : 2006/4/2 17:32 Scan duration : 336 sec
This file was generated by the Nessus Security Scanner
After package and service adjustments
CIS Benchmark Score 2
egrep "^Negative" ./cis-most-recent-log
Negative: 1.3 sshd_config parameter Protocol is not set. Negative: 1.3 sshd_config parameter Banner is not set. Negative: 1.3 ssh_config must have 'Protocol 2' underneath Host *. Negative: 1.4 sysstat system accounting package is NOT installed. Negative: 3.1 umask not found in first /etc/rcX.d script /etc/rc3.d/S08iptables. Negative: 4.1 sysctl net.ipv4.conf.default.secure_redirects=1 and should be '0'. Negative: 4.1 sysctl net.ipv4.conf.all.secure_redirects=1 and should be '0'. Negative: 4.1 sysctl net.ipv4.conf.all.rp_filter=0 and should be '1'. Negative: 4.1 sysctl net.ipv4.icmp_echo_ignore_broadcasts=0 and should be '1'. Negative: 4.1 sysctl net.ipv4.conf.all.accept_redirects=1 and should be '0'. Negative: 4.1 sysctl net.ipv4.tcp_syncookies=0 and should be '1'. Negative: 4.1 sysctl net.ipv4.conf.default.accept_redirects=1 and should be '0'. Negative: 4.1 sysctl net.ipv4.tcp_max_syn_backlog=256 and should be >= 4096. Negative: 4.2 sysctl net.ipv4.conf.all.send_redirects=1 and should be '0'. Negative: 4.2 sysctl net.ipv4.conf.default.send_redirects=1 and should be '0'. Negative: 4.2 /etc/sysctl.conf should not be world or group readable. Negative: 6.1 /usr/local is not mounted nodev. Negative: 6.1 /usr is not mounted nodev. Negative: 6.1 /var is not mounted nodev. Negative: 6.1 /tmp is not mounted nodev. Negative: 6.1 /home is not mounted nodev. Negative: 6.1 /boot is not mounted nodev. Negative: 6.2 Removable filesystem /media/floppy is not mounted nosuid. Negative: 6.2 Removable filesystem /media/floppy is not mounted nodev. Negative: 6.3 PAM allows users to mount removable media: <floppy>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <cdrom>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <pilot>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <jaz>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <zip>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <ls120>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <camera>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <memstick>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <flash>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <diskonkey>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <rem_ide>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <rio500>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <pmu>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <bluetooth>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <raw1394>. (/etc/security/console.perms) Negative: 6.9 The hotplug package is installed. Negative: 7.4 Couldn't open cron.allow Negative: 7.4 Couldn't open at.allow Negative: 7.5 The permissions on /etc/crontab are not sufficiently restrictive. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty7. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty8. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty9. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty10. Negative: 7.7 /etc/securetty has a non console or tty 1-6 line: tty11. Negative: 7.8 GRUB isn't password-protected. Negative: 7.9 /etc/inittab needs a /sbin/sulogin line for single user mode. Negative: 8.1 bin has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 daemon has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 adm has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 lp has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 mail has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 news has a valid shell of /bin/sh. Remember, an empty shell field in /etc/passwd signifies /bin/sh. Negative: 8.1 uucp has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 operator has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 games has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 gopher has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 ftp has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 nobody has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 dbus has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 vcsa has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 rpm has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 haldaemon has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 netdump has a valid shell of /bin/bash. Negative: 8.1 sshd has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 rpc has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 mailnull has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 smmsp has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.1 pcap has a valid shell of /sbin/nologin. Remember, the /sbin/nologin shell, when found in /etc/shells, leaves a user potentially able to use FTP. Negative: 8.3 User carlisle should have a minimum password life of at least 7 days. Negative: 8.3 User carlisle should have a maximum password life of between 1 and 90 days. Negative: 8.3 /etc/login.defs value PASS_MAX_DAYS = 99999, but should not exceed 90. Negative: 8.3 /etc/login.defs value PASS_MIN_DAYS = 0, but should not be less than 7. Negative: 8.3 /etc/login.defs value PASS_MIN_LEN = 5, but should be at least 6. Negative: 8.10 Current umask setting in file /etc/bashrc is 022 -- it should be stronger to block world-read/write/execute. Negative: 8.10 Current umask setting in file /etc/bashrc is 022 -- it should be stronger to block group-read/write/execute. Negative: 8.10 Current umask setting in file /etc/csh.cshrc is 002 -- it should be stronger to block world-read/write/execute. Negative: 8.10 Current umask setting in file /etc/csh.cshrc is 002 -- it should be stronger to block group-read/write/execute. Negative: 8.11 Coredumps aren't deactivated. Negative: 8.13 Pam /etc/pam.d/su does not require wheel group for su access. Negative: 9.1 /etc/motd doesn't contain an authorized usage only banner. Negative: 9.1 /etc/issue doesn't contain an authorized usage only banner.
Bastille Assessment 2
Bastille Hardening Assessment Report +-------------------------------------+------------------------------------------+-----+------+------+ | Item | Question | Yes |Weight|Score | +-------------------------------------+------------------------------------------+-----+------+------+ | generalperms_1_1 | Are more restrictive permissions on the | No | 0.00 | 0.00 | | suidmount | Is SUID status for mount/umount disabled | No | 1.00 | 0.00 | | suidping | Is SUID status for ping disabled? | No | 1.00 | 0.00 | | suiddump | Is SUID status for dump and restore disa | Yes | 1.00 | 1.00 | | suidcard | Is SUID status for cardctl disabled? | Yes | 1.00 | 1.00 | | suidat | Is SUID status for at disabled? | Yes | 1.00 | 1.00 | | suiddos | Is SUID status for DOSEMU disabled? | Yes | 1.00 | 1.00 | | suidnews | Is SUID status for news server tools dis | Yes | 1.00 | 1.00 | | suidprint | Is SUID status for printing utilities di | Yes | 1.00 | 1.00 | | suidrtool | Are the r-tools disabled? | Yes | 1.00 | 1.00 | | suidusernetctl | Is SUID status for usernetctl disabled? | No | 1.00 | 0.00 | | suidtrace | Is SUID status for traceroute disabled? | No | 1.00 | 0.00 | | suidXwrapper | Is SUID status for Xwrapper disabled? | Yes | 1.00 | 1.00 | | suidXFree86 | Is SUID status for XFree86 disabled? | Yes | 1.00 | 1.00 | | protectrhost | Are clear-text r-protocols that use IP-b | No | 0.00 | 0.00 | | passwdage | Is password aging enforced? | No | 1.00 | 0.00 | | cronuser | Is the use of cron restricted to adminis | Yes | 1.00 | 1.00 | | umaskyn | Is the default umask set to a minimal va | No | 1.00 | 0.00 | | rootttylogins | Are root logins on tty's 1-6 prohibited? | No | 1.00 | 0.00 | | protectgrub | Is the GRUB prompt password-protected? | No | 1.00 | 0.00 | | protectlilo | Is the LILO prompt password-protected? | Yes | 1.00 | 1.00 | | lilodelay | Is the LILO delay time zero? | Yes | 0.00 | 0.00 | | secureinittab | Is CTRL-ALT-DELETE rebooting disabled? | No | 0.00 | 0.00 | | passsum | Is single-user mode password-protected? | No | 1.00 | 0.00 | | tcpd_default_deny | Is a default-deny on TCP Wrappers and xi | No | 1.00 | 0.00 | | deactivate_telnet | Is the telnet service disabled on this s | Yes | 1.00 | 1.00 | | deactivate_ftp | Is inetd's FTP service disabled on this | Yes | 1.00 | 1.00 | | banners | Are "Authorized Use" messages displayed | No | 1.00 | 0.00 | | compiler | Are the gcc and/or g++ compiler disabled | Yes | 1.00 | 1.00 | | morelogging | Has additional logging been added? | Yes | 1.00 | 1.00 | | pacct | Is process accounting set up? | No | 1.00 | 0.00 | | laus | Is LAuS active? | Yes | 1.00 | 1.00 | | apmd | Are acpid and apmd disabled? | Yes | 1.00 | 1.00 | | remotefs | Are NFS and Samba deactivated? | No | 1.00 | 0.00 | | pcmcia | Are PCMCIA services disabled? | Yes | 1.00 | 1.00 | | dhcpd | Is the DHCP daemon disabled? | Yes | 1.00 | 1.00 | | gpm | Is GPM disabled? | Yes | 1.00 | 1.00 | | innd | Is the news server daemon disabled? | Yes | 1.00 | 1.00 | | disable_routed | Is routed deactivated? | Yes | 1.00 | 1.00 | | disable_gated | Is gated deactivated? | Yes | 1.00 | 1.00 | | nis_server | Are NIS server programs deactivated? | Yes | 1.00 | 1.00 | | nis_client | Are NIS client programs deactivated? | Yes | 1.00 | 1.00 | | snmpd | Is SNMPD disabled? | Yes | 1.00 | 1.00 | | disable_kudzu | Is kudzu's run at boot deactivated? | Yes | 1.00 | 1.00 | | sendmaildaemon | Is sendmail's daemon mode disabled? | No | 1.00 | 0.00 | | sendmailcron | Does sendmail process the queue via cron | Yes | 0.00 | 0.00 | | vrfyexpn | Are the VRFY and EXPN sendmail commands | Yes | 1.00 | 1.00 | | chrootbind | Is named in a chroot jail and is it set | Yes | 0.00 | 0.00 | | namedoff | Is named deactivated? | Yes | 1.00 | 1.00 | | apacheoff | Is the Apache Web server deactivated? | Yes | 1.00 | 1.00 | | bindapachelocal | Is the Web server bound to listen only t | Yes | 0.00 | 0.00 | | bindapachenic | Is the Web server bound to a particular | Yes | 0.00 | 0.00 | | symlink | Is the following of symbolic links deact | Yes | 1.00 | 1.00 | | ssi | Are server-side includes deactivated? | Yes | 1.00 | 1.00 | | cgi | Are CGI scripts disabled? | Yes | 1.00 | 1.00 | | apacheindex | Are indexes disabled? | Yes | 1.00 | 1.00 | | printing | Is printing disabled? | Yes | 1.00 | 1.00 | | printing_cups | Is printing disabled? | Yes | 1.00 | 1.00 | | printing_cups_lpd_legacy | Is CUPS' legacy LPD support disabled? | Yes | 1.00 | 1.00 | | userftp | Are user privileges on the FTP daemon di | Yes | 1.00 | 1.00 | | anonftp | Is anonymous download disabled? | Yes | 1.00 | 1.00 | +-------------------------------------+------------------------------------------+-----+------+------+ Score: 7.36 / 10.00
Services 2
chkconfig --list | sort acpid 0:off 1:off 2:off 3:off 4:off 5:off 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off apmd 0:off 1:off 2:off 3:off 4:off 5:off 6:off cpuspeed 0:off 1:off 2:off 3:off 4:off 5:off 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off irqbalance 0:off 1:off 2:off 3:off 4:off 5:off 6:off kudzu 0:off 1:off 2:off 3:off 4:off 5:off 6:off mdmonitor 0:off 1:off 2:off 3:off 4:off 5:off 6:off mdmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off microcode_ctl 0:off 1:off 2:off 3:off 4:off 5:off 6:off netdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off netfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off readahead 0:off 1:off 2:off 3:off 4:off 5:off 6:off readahead_early 0:off 1:off 2:off 3:off 4:off 5:off 6:off saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off yum 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Processes 2
/bin/ps faux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.4 2396 588 ? S 22:39 0:01 init [3] root 196 0.0 0.0 0 0 ? S 21:28 0:00 [scsi_eh_0] root 197 0.0 0.0 0 0 ? S 21:28 0:00 [ahc_dv_0] root 204 0.0 0.0 0 0 ? S 21:28 0:00 [kjournald] root 691 0.0 0.3 2512 480 ? S<s 21:28 0:00 udevd root 1181 0.0 0.0 0 0 ? S 21:28 0:00 [kjournald] root 1182 0.0 0.0 0 0 ? S 21:28 0:00 [kjournald] root 1183 0.0 0.0 0 0 ? S 21:28 0:00 [kjournald] root 1184 0.0 0.0 0 0 ? S 21:28 0:00 [kjournald] root 1185 0.0 0.0 0 0 ? S 21:28 0:00 [kjournald] root 1186 0.0 0.0 0 0 ? S 21:28 0:00 [kjournald] root 1585 0.0 0.4 2076 628 ? Ss 21:29 0:00 syslogd -m 0 root 1589 0.0 0.3 2144 472 ? Ss 21:29 0:00 klogd -x root 1600 0.0 0.6 3332 816 ? S 21:29 0:00 /usr/sbin/smartd root 1636 0.0 1.3 4500 1660 ? Ss 21:29 0:00 /usr/sbin/sshd root 2059 0.0 1.7 6968 2192 ? Ss 21:29 0:00 \_ sshd: root@pts/0 root 2190 0.0 1.1 5388 1440 pts/0 Ss 21:29 0:00 \_ -bash root 2294 0.0 0.5 2836 744 pts/0 R+ 21:55 0:00 \_ ps faux root 1654 0.0 2.3 8900 3004 ? Ss 21:29 0:00 sendmail: accepting connections smmsp 1662 0.0 2.0 6472 2568 ? Ss 21:29 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue root 1672 0.0 0.8 5436 1112 ? Ss 21:29 0:00 crond dbus 1689 0.0 0.9 3204 1208 ? Ss 21:29 0:00 dbus-daemon-1 --system root 1698 0.1 4.4 7572 5620 ? Ss 21:29 0:02 hald root 1727 0.0 0.3 2444 452 tty1 Ss+ 21:29 0:00 /sbin/mingetty tty1 root 1732 0.0 0.3 2200 448 tty2 Ss+ 21:29 0:00 /sbin/mingetty tty2 root 1733 0.0 0.3 3036 448 tty3 Ss+ 21:29 0:00 /sbin/mingetty tty3 root 1734 0.0 0.3 1636 452 tty4 Ss+ 21:29 0:00 /sbin/mingetty tty4 root 1735 0.0 0.3 2788 452 tty5 Ss+ 21:29 0:00 /sbin/mingetty tty5 root 1736 0.0 0.3 1616 448 tty6 Ss+ 21:29 0:00 /sbin/mingetty tty6 root 2 0.0 0.0 0 0 ? SN 22:39 0:00 [ksoftirqd/0] root 3 0.0 0.0 0 0 ? S< 22:39 0:00 [events/0] root 4 0.0 0.0 0 0 ? S< 22:39 0:00 \_ [khelper] root 5 0.0 0.0 0 0 ? S< 22:39 0:00 \_ [kblockd/0] root 29 0.0 0.0 0 0 ? S 22:39 0:00 \_ [pdflush] root 30 0.0 0.0 0 0 ? S 22:39 0:00 \_ [pdflush] root 32 0.0 0.0 0 0 ? S< 22:39 0:00 \_ [aio/0] root 6 0.0 0.0 0 0 ? S 22:39 0:00 [khubd] root 27 0.0 0.0 0 0 ? S 22:39 0:00 [kapmd] root 31 0.0 0.0 0 0 ? S 22:39 0:00 [kswapd0] root 105 0.0 0.0 0 0 ? S 22:39 0:00 [kseriod]
Disk Usage 3
After Reducing Remote Access
CIS Benchmark Score 3
Rating = 8.19 / 10.00
egrep "^Negative" ./cis-most-recent-log
Negative: 1.4 sysstat system accounting package is NOT installed. Negative: 3.1 umask not found in first /etc/rcX.d script /etc/rc3.d/S08iptables. Negative: 6.1 /usr/local is not mounted nodev. Negative: 6.1 /usr is not mounted nodev. Negative: 6.1 /var is not mounted nodev. Negative: 6.1 /tmp is not mounted nodev. Negative: 6.1 /home is not mounted nodev. Negative: 6.1 /boot is not mounted nodev. Negative: 6.2 Removable filesystem /media/floppy is not mounted nosuid. Negative: 6.2 Removable filesystem /media/floppy is not mounted nodev. Negative: 6.3 PAM allows users to mount removable media: <floppy>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <cdrom>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <pilot>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to mount removable media: <jaz>. (/etc/security/console.perms) Negative: 6.3 PAM allows users to