#1 Le 21/01/2016, à 21:58
- Arnold59
[Ubuntu 15.10] Rapport suite à l'analyse effectué avec Tiger : WARN ..
Bonjour,
J'ai effectué une analyse du système Linux Ubuntu avec Tiger , le fichier résultat contient de nombreux warn :
Voici l'extrait du rapport :
Beginning security report for tux.home (i686 Linux 4.2.0-25-generic).
# Performing check of passwd files...
# Checking entries from /etc/passwd.
--WARN-- [pass013w] Username `root' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `daemon' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `bin' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `sys' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `sync' is not using an acceptable password hash
(x).
--WARN-- [pass015w] Login ID sync does not have a valid shell (/bin/sync).
--WARN-- [pass013w] Username `games' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `man' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `lp' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `mail' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `news' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `uucp' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `proxy' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `www-data' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `backup' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `list' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `irc' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `gnats' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `nobody' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `systemd-timesync' is not using an acceptable
password hash (x).
--WARN-- [pass013w] Username `systemd-network' is not using an acceptable
password hash (x).
--WARN-- [pass013w] Username `systemd-resolve' is not using an acceptable
password hash (x).
--WARN-- [pass013w] Username `systemd-bus-proxy' is not using an acceptable
password hash (x).
--WARN-- [pass013w] Username `syslog' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `messagebus' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `uuidd' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `avahi' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `dnsmasq' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `whoopsie' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `avahi-autoipd' is not using an acceptable
password hash (x).
--WARN-- [pass013w] Username `speech-dispatcher' is not using an acceptable
password hash (x).
--WARN-- [pass013w] Username `kernoops' is not using an acceptable password
hash (x).
--WARN-- [pass016w] User kernoops has / as home directory
--WARN-- [pass013w] Username `pulse' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `rtkit' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `saned' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `usbmux' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `colord' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `hplip' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `lightdm' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `tux' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `clamav' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `snort' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `postgres' is not using an acceptable password
hash (x).
--WARN-- [pass013w] Username `mysql' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `gdm' is not using an acceptable password hash
(x).
--WARN-- [pass013w] Username `debian-spamd' is not using an acceptable
password hash (x).
--WARN-- [pass013w] Username `postfix' is not using an acceptable password
hash (x).
--WARN-- [pass012w] Home directory /nonexistent exists multiple times (3) in
/etc/passwd.
--WARN-- [pass012w] Home directory /run/systemd exists multiple times (2) in
/etc/passwd.
# Performing check of group files...
# Performing check of user accounts...
# Checking accounts from /etc/passwd.
--WARN-- [acc021w] Login ID avahi-autoipd appears to be a dormant account.
--WARN-- [acc021w] Login ID colord appears to be a dormant account.
--WARN-- [acc021w] Login ID debian-spamd appears to be a dormant account.
--WARN-- [acc021w] Login ID dnsmasq appears to be a dormant account.
--WARN-- [acc021w] Login ID gdm appears to be a dormant account.
--WARN-- [acc006w] Login ID mail's home directory (/var/mail) has group `4096'
write access.
--WARN-- [acc022w] Login ID nobody home directory (/nonexistent) is not
accessible.
# Performing check of /etc/hosts.equiv and .rhosts files...
# Checking accounts from /etc/passwd...
# Performing check of .netrc files...
# Checking accounts from /etc/passwd...
# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...
# Performing check of PATH components...
--WARN-- [path009w] /etc/profile does not export an initial setting for PATH.
# Only checking user 'root'
--WARN-- [path002w] /usr/bin/bsd-write in root's PATH from default is not
owned by root (owned by tty).
--WARN-- [path002w] /usr/bin/chage in root's PATH from default is not owned by
root (owned by shadow).
--WARN-- [path002w] /usr/bin/crontab in root's PATH from default is not owned
by root (owned by crontab).
--WARN-- [path002w] /usr/bin/dotlockfile in root's PATH from default is not
owned by root (owned by mail).
--WARN-- [path002w] /usr/bin/dumpcap in root's PATH from default is not owned
by root (owned by wireshark).
--WARN-- [path002w] /usr/bin/expiry in root's PATH from default is not owned
by root (owned by shadow).
--WARN-- [path002w] /usr/bin/locate in root's PATH from default is not owned
by root (owned by mlocate).
--WARN-- [path002w] /usr/bin/mail-lock in root's PATH from default is not
owned by root (owned by mail).
--WARN-- [path002w] /usr/bin/mail-touchlock in root's PATH from default is not
owned by root (owned by mail).
--WARN-- [path002w] /usr/bin/mail-unlock in root's PATH from default is not
owned by root (owned by mail).
--WARN-- [path002w] /usr/bin/mlocate in root's PATH from default is not owned
by root (owned by mlocate).
--WARN-- [path002w] /usr/bin/ssh-agent in root's PATH from default is not
owned by root (owned by ssh).
--WARN-- [path002w] /usr/bin/wall in root's PATH from default is not owned by
root (owned by tty).
--WARN-- [path002w] /usr/bin/write in root's PATH from default is not owned by
root (owned by tty).
--WARN-- [path002w] /usr/sbin/postdrop in root's PATH from default is not
owned by root (owned by postdrop).
--WARN-- [path002w] /usr/sbin/postqueue in root's PATH from default is not
owned by root (owned by postdrop).
# Performing check of anonymous FTP...
# Performing checks of mail aliases...
# Checking aliases from /etc/aliases.
# Performing check of `cron' entries...
--WARN-- [cron004w] Root crontab does not exist
--WARN-- [cron005w] Use of cron is not restricted
# Performing check of 'services' ...
# Checking services from /etc/services.
--WARN-- [inet003w] The port for service pop-2 is also assigned to service
pop2.
--WARN-- [inet003w] The port for service x400-snd is also assigned to service
acr-nema.
# Performing NFS exports check...
# Performing check of system file permissions...
--ERROR-- [init004e] `/usr/lib/tiger/systems/default/gen_mounts' is not executable (command GET_MOUNTS).
# Checking for known intrusion signs...
--ERROR-- [init004e] `/usr/lib/tiger/systems/default/gen_mounts' is not executable (command GET_MOUNTS).
# Performing check for rookits...
# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...
--WARN-- [rootkit004w] Chkrootkit has detected a possible rootkit installation
Possible Linux/Ebury - Operation Windigo installetd
# Performing system specific checks...
# Performing check of root directory...
# Checking device permissions...
--WARN-- [dev003w] The directory /dev/block resides in a device directory.
--WARN-- [dev003w] The directory /dev/char resides in a device directory.
--WARN-- [dev003w] The directory /dev/cpu resides in a device directory.
--FAIL-- [dev002f] /dev/fuse has world permissions
--WARN-- [dev003w] The directory /dev/hugepages resides in a device directory.
--FAIL-- [dev002f] /dev/kmsg has world permissions
--WARN-- [dev003w] The directory /dev/mqueue resides in a device directory.
--FAIL-- [dev002f] /dev/rfkill has world permissions
--WARN-- [dev003w] The directory /dev/vfio resides in a device directory.
# Checking for existence of log files...
--FAIL-- [logf005f] Log file /var/log/wtmp permission should be 644
--FAIL-- [logf005f] Log file /var/run/utmp permission should be 644
--FAIL-- [logf007f] Log file /var/log/messages does not exist
# Checking for correct umask settings...
--FAIL-- [misc022f] The umask setting in /etc/profile is insecure
# Checking listening processes
--WARN-- [lin003w] The process `apache2' is listening on socket TCP (0t0 on
TCP interface) is run by root.
--WARN-- [lin003w] The process `apache2' is listening on socket TCP (0t0 on
TCP interface) is run by www-data.
--WARN-- [lin003w] The process `avahi-dae' is listening on socket UDP (0t0 on
UDP interface) is run by avahi.
--WARN-- [lin003w] The process `cups-brow' is listening on socket UDP (0t0 on
UDP interface) is run by root.
--WARN-- [lin003w] The process `cupsd' is listening on socket TCP (0t0 on TCP
interface) is run by root.
--WARN-- [lin003w] The process `dconf' is listening on socket 8,6 (mem on 8,6
interface) is run by 2486.
--WARN-- [lin003w] The process `dhclient' is listening on socket UDP (0t0 on
UDP interface) is run by root.
--WARN-- [lin003w] The process `dnsmasq' is listening on socket TCP (0t0 on
TCP interface) is run by nobody.
--WARN-- [lin003w] The process `dnsmasq' is listening on socket UDP (0t0 on
UDP interface) is run by nobody.
--WARN-- [lin003w] The process `gdbus' is listening on socket 8,6 (mem on 8,6
interface) is run by 2485.
--WARN-- [lin003w] The process `gdbus' is listening on socket 0t0 (16821 on
0t0 interface) is run by 757.
--WARN-- [lin003w] The process `gedit' is listening on socket 26320 (REG on
26320 interface) is run by arnaud.
--WARN-- [lin003w] The process `gmain' is listening on socket 8,6 (mem on 8,6
interface) is run by 2484.
--WARN-- [lin003w] The process `gmain' is listening on socket 0t0 (16821 on
0t0 interface) is run by 756.
--WARN-- [lin003w] The process `master' is listening on socket TCP (0t0 on TCP
interface) is run by root.
--WARN-- [lin003w] The process `threaded-' is listening on socket 8,6 (mem on
8,6 interface) is run by 2500.
# Checking sshd_config configuration files...
--WARN-- [ssh004w] The PasswordAuthentication directive in
/usr/local/etc/sshd_config is set to the unapproved defult value:
yes.
# Performing common access checks for root...
--FAIL-- [netw020f] There is no /etc/ftpusers file.
# Checking ntpd configuration...
--ERROR-- [init001e] Don't have required command NETSTAT.
--ERROR-- [init004e] `/usr/lib/tiger/systems/default/getdisks' is not executable (command GETDISKS).Comment corriger les messages WARN, ERROR, FAIL ?
D'avance merci.
Hors ligne
#2 Le 21/01/2016, à 22:02
- J5012
Re : [Ubuntu 15.10] Rapport suite à l'analyse effectué avec Tiger : WARN ..
STOP arrete de t'inquieter : tu n'es plus sous w ... tu dois raisonner autrement !
tiger fonctionne normalement , et detecte des erreurs normales , parce que la securité de base de tout gnulinux est de ne pas configurer ce qui n'a pas besoin de l'etre ... tu n'as pas besoin de te logguer avec le user daemon ? et ben y en a pas ... simple !
Hors ligne
#3 Le 21/01/2016, à 22:09
- Arnold59
Re : [Ubuntu 15.10] Rapport suite à l'analyse effectué avec Tiger : WARN ..
Bonsoir,
Les WARN, ERROR, FAIL c'est normal ?
J'utilise le bureau Gnome avec les applications :
- bureautiques ( LibreOffice, OpenOffice),
- Web ( Google Chrome, Mozilla Firefox / SeaMonkey)
- GIMP, VLC
- lecteur PDF : evince
- Sécurité : Pare-feu ( iptable, GuFw ) Antivirus Clamav/ClamTK, anti rootkit
Hors ligne
#4 Le 21/01/2016, à 22:16
- smokeh
Re : [Ubuntu 15.10] Rapport suite à l'analyse effectué avec Tiger : WARN ..
bonsoir . oui c'est normal . ton système est en bonne santé. il faut savoir que 99 % des virus /malwares/etc sont prévu pour le système d'exploitation microsoft.
Sous linux tu restes plutôt tranquille tant que tu fais correctement tes mises à jours de sécurité.
Il existe très peu de virus sous linux et ceux-ci attaquent plutôt les serveurs...En gros la sécurité est géré différemment :)sous linux . C'est pas comme sous windows ou tu fais suivant > suivant > oui > oops j'ai installé une bêtise.
Et la tu pars dans l'engrenage antivirus antimalwares etc...
Hors ligne
#5 Le 21/01/2016, à 22:17
- J5012
Re : [Ubuntu 15.10] Rapport suite à l'analyse effectué avec Tiger : WARN ..
oui normal parce que pour tiger il est anormal qu'il y ait un probleme de non configuration sur ces variables ...
mais comment un attaquant pourrait-il attaquer celles-ci si elles ne sont accessibles d'aucune facon ?
en pratique , c'est impossible, mais pour tiger ou pour les devs de tiger , c'est impensable ... ils pensent des outils gnulinux en etant sous w ...
un bon outil gnulinux serait un outil capable de detecter un saut de privileges sans autorisation ...
Hors ligne