2020-05-20 13:38:36 Starting Lynis 3.0.0 with PID 557163, build date 2020-03-20 2020-05-20 13:38:36 ==== 2020-05-20 13:38:36 ### 2007-2020, CISOfy - https://cisofy.com/lynis/ ### 2020-05-20 13:38:36 Checking permissions of /home/cloudadmin/lynis/include/profiles 2020-05-20 13:38:36 File permissions are OK 2020-05-20 13:38:36 Reading profile/configuration /home/cloudadmin/lynis/default.prf 2020-05-20 13:38:36 Action: created temporary file /tmp/lynis.a3J6CiTck4 2020-05-20 13:38:36 Language set via profile to '' 2020-05-20 13:38:36 Plugin 'authentication' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'compliance' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'configuration' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'control-panels' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'crypto' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'dns' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'docker' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'file-integrity' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'file-systems' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'firewalls' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'forensics' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'hardware' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'intrusion-detection' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'intrusion-prevention' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'kernel' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'malware' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'memory' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'nginx' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'pam' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'processes' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'security-modules' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'software' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'system-integrity' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'systemd' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Plugin 'users' enabled according profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:36 Set option to default value: NTPD_ROLE --> client 2020-05-20 13:38:36 ==== 2020-05-20 13:38:36 ==== 2020-05-20 13:38:36 EOL check: 0 2020-05-20 13:38:36 Program version: 3.0.0 2020-05-20 13:38:36 Operating system: Linux 2020-05-20 13:38:36 Operating system name: CentOS Linux 2020-05-20 13:38:36 Operating system version: 7 2020-05-20 13:38:36 Kernel version: 4.14.119 2020-05-20 13:38:36 Kernel version (full): 4.14.119-200.el7.x86_64 2020-05-20 13:38:36 Hardware platform: x86_64 2020-05-20 13:38:36 ----------------------------------------------------- 2020-05-20 13:38:36 Hostname: controller-1 2020-05-20 13:38:36 Auditor: [Not Specified] 2020-05-20 13:38:36 Profiles: /home/cloudadmin/lynis/default.prf 2020-05-20 13:38:36 Work directory: /home/cloudadmin/lynis 2020-05-20 13:38:36 Include directory: /home/cloudadmin/lynis/include 2020-05-20 13:38:36 Plugin directory: ./plugins 2020-05-20 13:38:36 ----------------------------------------------------- 2020-05-20 13:38:36 Log file: /var/log/lynis.log 2020-05-20 13:38:36 Report file: /var/log/lynis-report.dat 2020-05-20 13:38:36 Report version: 1.0 2020-05-20 13:38:36 ----------------------------------------------------- 2020-05-20 13:38:36 Test category: all 2020-05-20 13:38:36 Test group: all 2020-05-20 13:38:36 BusyBox used: 0 2020-05-20 13:38:36 ==== 2020-05-20 13:38:36 Test: Checking for program update... 2020-05-20 13:38:36 Result: dig, drill or host not installed, update check skipped 2020-05-20 13:38:36 Current installed version : 300 2020-05-20 13:38:36 Latest stable version : 0000000000 2020-05-20 13:38:36 Update check skipped due to constraints (e.g. missing dig binary) 2020-05-20 13:38:36 ==== 2020-05-20 13:38:36 Checking permissions of /home/cloudadmin/lynis/include/binaries 2020-05-20 13:38:36 File permissions are OK 2020-05-20 13:38:36 ==== 2020-05-20 13:38:36 Action: Performing tests from category: System Tools 2020-05-20 13:38:36 Start scanning for available audit binaries and tools... 2020-05-20 13:38:36 ==== 2020-05-20 13:38:36 Performing test ID CORE-1000 (Check all system binaries) 2020-05-20 13:38:36 Status: Starting binary scan... 2020-05-20 13:38:36 Test: Checking binaries in directory /usr/local/bin/ 2020-05-20 13:38:36 Directory /usr/local/bin/ exists. Starting directory scanning... 2020-05-20 13:38:36 Test: Checking binaries in directory /usr/bin 2020-05-20 13:38:36 Directory /usr/bin exists. Starting directory scanning... 2020-05-20 13:38:36 Found known binary: as (compiler) - /usr/bin/as 2020-05-20 13:38:36 Found known binary: awk (string tool) - /usr/bin/awk 2020-05-20 13:38:36 Found known binary: base64 (encoding tool) - /usr/bin/base64 2020-05-20 13:38:36 Found known binary: bootctl (systemd-boot manager utility) - /usr/bin/bootctl 2020-05-20 13:38:36 Found known binary: cat (generic file handling) - /usr/bin/cat 2020-05-20 13:38:36 Found known binary: comm (file compare) - /usr/bin/comm 2020-05-20 13:38:36 Found known binary: curl (browser, download utility) - /usr/bin/curl 2020-05-20 13:38:36 Found known binary: cut (text stream editor) - /usr/bin/cut 2020-05-20 13:38:37 Found known binary: dnsdomainname (DNS domain) - /usr/bin/dnsdomainname 2020-05-20 13:38:37 Found known binary: docker (container technology) - /usr/bin/docker 2020-05-20 13:38:37 Found known binary: domainname (NIS domain) - /usr/bin/domainname 2020-05-20 13:38:37 Found known binary: egrep (text search) - /usr/bin/egrep 2020-05-20 13:38:37 Found known binary: file (file type detection) - /usr/bin/file 2020-05-20 13:38:37 Found known binary: find (search tool) - /usr/bin/find 2020-05-20 13:38:37 Found known binary: getent (query tool for name service switch libraries) - /usr/bin/getent 2020-05-20 13:38:37 Found known binary: grep (text search) - /usr/bin/grep 2020-05-20 13:38:37 Found known binary: gzip (compressing utility) - /usr/bin/gzip 2020-05-20 13:38:37 Found known binary: head (text filter) - /usr/bin/head 2020-05-20 13:38:37 Found known binary: journalctl (systemd journal) - /usr/bin/journalctl 2020-05-20 13:38:37 Found known binary: ls (file listing) - /usr/bin/ls 2020-05-20 13:38:37 Found known binary: lsattr (file attributes) - /usr/bin/lsattr 2020-05-20 13:38:37 Found known binary: lsblk (block devices) - /usr/bin/lsblk 2020-05-20 13:38:37 Found known binary: md5sum (hash tool) - /usr/bin/md5sum 2020-05-20 13:38:37 Found known binary: mount (disk utility) - /usr/bin/mount 2020-05-20 13:38:37 Found /usr/bin/mysql (version: 10.1.20-MariaDB) 2020-05-20 13:38:37 Found known binary: netstat (network statistics) - /usr/bin/netstat 2020-05-20 13:38:37 Found /usr/bin/openssl (version 1.0.2k-fips) 2020-05-20 13:38:37 Found /usr/bin/perl (version 5.16.3) 2020-05-20 13:38:37 Found known binary: pgrep (search in process list) - /usr/bin/pgrep 2020-05-20 13:38:37 Found known binary: ps (process listing) - /usr/bin/ps 2020-05-20 13:38:37 Found known binary: python (programming language interpreter) - /usr/bin/python (version 2.7.5) 2020-05-20 13:38:37 Found known binary: python2 (programming language interpreter) - /usr/bin/python2 (version 2.7.5) 2020-05-20 13:38:37 Found known binary: readlink (follows symlinks) - /usr/bin/readlink 2020-05-20 13:38:37 Found known binary: rpm (package manager) - /usr/bin/rpm 2020-05-20 13:38:37 Found known binary: sed (text stream editor) - /usr/bin/sed 2020-05-20 13:38:37 Found known binary: sha1/sha1sum/shasum (crypto hashing) - /usr/bin/sha1sum 2020-05-20 13:38:37 Found known binary: sha256/sha256sum (crypto hashing) - /usr/bin/sha256sum 2020-05-20 13:38:37 Found known binary: sort (sort data streams) - /usr/bin/sort 2020-05-20 13:38:37 Found known binary: ssh-keyscan (scanner for SSH keys) - /usr/bin/ssh-keyscan 2020-05-20 13:38:37 Found known binary: stat (file information) - /usr/bin/stat 2020-05-20 13:38:37 Found known binary: strings (text strings search) - /usr/bin/strings 2020-05-20 13:38:37 Found known binary: systemctl (client to systemd) - /usr/bin/systemctl 2020-05-20 13:38:37 Found known binary: systemd-analyze (systemd service analysis tool) - /usr/bin/systemd-analyze 2020-05-20 13:38:37 Found known binary: tail (text filter) - /usr/bin/tail 2020-05-20 13:38:37 Found known binary: timedatectl (timedate client) - /usr/bin/timedatectl 2020-05-20 13:38:37 Found known binary: tr (text transformation) - /usr/bin/tr 2020-05-20 13:38:37 Found known binary: uname (operating system details) - /usr/bin/uname 2020-05-20 13:38:37 Found known binary: uniq (text manipulation utility) - /usr/bin/uniq 2020-05-20 13:38:37 Found known binary: wc (word count) - /usr/bin/wc 2020-05-20 13:38:37 Found /usr/bin/wget (version 1.14) 2020-05-20 13:38:37 Found known binary: xargs (command output redirection) - /usr/bin/xargs 2020-05-20 13:38:37 Found known binary: yum (package manager) - /usr/bin/yum 2020-05-20 13:38:37 Found known binary: zgrep (text search for compressed files) - /usr/bin/zgrep 2020-05-20 13:38:37 Test: Checking binaries in directory /usr/sbin 2020-05-20 13:38:37 Directory /usr/sbin exists. Starting directory scanning... 2020-05-20 13:38:37 Found known binary: auditctl (control utility for audit daemon) - /usr/sbin/auditctl 2020-05-20 13:38:37 Found known binary: auditd (audit framework) - /usr/sbin/auditd 2020-05-20 13:38:37 Found known binary: blkid (information about block devices) - /usr/sbin/blkid 2020-05-20 13:38:37 Found known binary: chkconfig (administration tool) - /usr/sbin/chkconfig 2020-05-20 13:38:37 Found known binary: cryptsetup (block device encryption) - /usr/sbin/cryptsetup 2020-05-20 13:38:37 Found known binary: dmidecode (hardware collector tool) - /usr/sbin/dmidecode 2020-05-20 13:38:37 Found known binary: getcap (kernel capabilities) - /usr/sbin/getcap 2020-05-20 13:38:37 Found known binary: grpck (consistency checker) - /usr/sbin/grpck 2020-05-20 13:38:37 Found known binary: grub2-install (installer for boot loader) - /usr/sbin/grub2-install 2020-05-20 13:38:37 Found known binary: httpd (web server) - /usr/sbin/httpd 2020-05-20 13:38:37 Found known binary: ipconfig (IP configuration) - /usr/sbin/ifconfig 2020-05-20 13:38:37 Found known binary: ip (IP configuration) - /usr/sbin/ip 2020-05-20 13:38:37 Found known binary: iptables (firewall) - /usr/sbin/iptables 2020-05-20 13:38:37 Found known binary: iptables-save (firewall) - /usr/sbin/iptables-save 2020-05-20 13:38:37 Found known binary: logrotate (log rotation tool) - /usr/sbin/logrotate 2020-05-20 13:38:37 Found known binary: lsmod (kernel modules) - /usr/sbin/lsmod 2020-05-20 13:38:37 Found known binary: lsof (open files) - /usr/sbin/lsof 2020-05-20 13:38:37 Found known binary: lvdisplay (LVM tool) - /usr/sbin/lvdisplay 2020-05-20 13:38:37 Found known binary: modprobe (kernel modules) - /usr/sbin/modprobe 2020-05-20 13:38:37 Found known binary ntpq (time daemon client) - /usr/sbin/ntpq 2020-05-20 13:38:37 Found known binary: rpcinfo (RPC information) - /usr/sbin/rpcinfo 2020-05-20 13:38:37 Found known binary: runlevel (system utility) - /usr/sbin/runlevel 2020-05-20 13:38:37 Found known binary: semanage (SELinux policy management tool) - /usr/sbin/semanage 2020-05-20 13:38:37 Found known binary: service (system services) - /usr/sbin/service 2020-05-20 13:38:37 Found known binary: sestatus (SELinux status tool) - /usr/sbin/sestatus 2020-05-20 13:38:37 Found known binary: ss (show sockets) - /usr/sbin/ss 2020-05-20 13:38:37 Found /usr/sbin/sshd (version 7.4) 2020-05-20 13:38:37 Found known binary: swapon (swap device tool) - /usr/sbin/swapon 2020-05-20 13:38:37 Found known binary: sysctl (kernel parameters) - /usr/sbin/sysctl 2020-05-20 13:38:37 Found known binary: tune2fs (file system tool) - /usr/sbin/tune2fs 2020-05-20 13:38:37 Found known binary: vgdisplay (LVM tool) - /usr/sbin/vgdisplay 2020-05-20 13:38:37 Test: Checking binaries in directory /bin 2020-05-20 13:38:37 Result: directory exists, but is actually a symlink 2020-05-20 13:38:37 Action: checking symlink for file /bin 2020-05-20 13:38:37 Note: Using real readlink binary to determine symlink on /bin 2020-05-20 13:38:37 Result: readlink shows /usr/bin as output 2020-05-20 13:38:37 Result: symlink found, pointing to directory /usr/bin 2020-05-20 13:38:37 Result: found the path behind this symlink (/bin --> /usr/bin) 2020-05-20 13:38:37 Result: Skipping this directory as it was already scanned 2020-05-20 13:38:37 Result: Directory /usr/bin skipped 2020-05-20 13:38:37 Test: Checking binaries in directory /sbin 2020-05-20 13:38:37 Result: directory exists, but is actually a symlink 2020-05-20 13:38:37 Action: checking symlink for file /sbin 2020-05-20 13:38:37 Note: Using real readlink binary to determine symlink on /sbin 2020-05-20 13:38:37 Result: readlink shows /usr/sbin as output 2020-05-20 13:38:37 Result: symlink found, pointing to directory /usr/sbin 2020-05-20 13:38:37 Result: found the path behind this symlink (/sbin --> /usr/sbin) 2020-05-20 13:38:37 Result: Skipping this directory as it was already scanned 2020-05-20 13:38:37 Result: Directory /usr/sbin skipped 2020-05-20 13:38:37 Discovered directories: /usr/local/bin/,/usr/bin,/usr/sbin 2020-05-20 13:38:37 Result: found 1700 binaries including 17 set-uid and 4 set-gid 2020-05-20 13:38:37 Result: set-uid binaries: /usr/bin/chage /usr/bin/chfn /usr/bin/chsh /usr/bin/crontab /usr/bin/gpasswd /usr/bin/mount /usr/bin/newgrp /usr/bin/passwd /usr/bin/pkexec /usr/bin/sg /usr/bin/su /usr/bin/sudo /usr/bin/sudoedit /usr/bin/umount /usr/sbin/pam_timestamp_check /usr/sbin/unix_chkpwd /usr/sbin/usernetctl 2020-05-20 13:38:37 Result: set-gid binaries: /usr/bin/ssh-agent /usr/bin/wall /usr/bin/write /usr/sbin/netreport 2020-05-20 13:38:37 ==== 2020-05-20 13:38:37 Informational: package manager is used 2020-05-20 13:38:37 Test: Determine if this system is a virtual machine 2020-05-20 13:38:37 Result: facter says this machine is not a virtual 2020-05-20 13:38:37 Test: trying to guess virtualization technology with systemd-detect-virt 2020-05-20 13:38:37 Result: found none 2020-05-20 13:38:37 Result: skipped lscpu test, as we already found machine type 2020-05-20 13:38:37 Result: skipped dmidecode test, as we already found machine type 2020-05-20 13:38:37 Result: skipped processes test, as we already found platform 2020-05-20 13:38:37 Result: skipped Amazon EC2 test, as we already found platform 2020-05-20 13:38:37 Result: skipped sysctl test, as we already found platform 2020-05-20 13:38:37 Result: skipped lshw test, as we already found machine type 2020-05-20 13:38:37 Result: Unknown virtualization type, so most likely system is physical 2020-05-20 13:38:37 Result: unknown if this system is a virtual machine 2020-05-20 13:38:37 Result: Lynis is not running in container 2020-05-20 13:38:37 Result: system is using systemd 2020-05-20 13:38:37 ==== 2020-05-20 13:38:37 Action: Performing plugin tests 2020-05-20 13:38:37 Searching plugins... 2020-05-20 13:38:37 Found plugin file: ./plugins/plugin_pam_phase1 2020-05-20 13:38:37 Action: checking plugin status in profile: /home/cloudadmin/lynis/default.prf 2020-05-20 13:38:37 Result: plugin enabled in profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:37 Result: plugin pam is enabled 2020-05-20 13:38:37 Checking permissions of ./plugins/plugin_pam_phase1 2020-05-20 13:38:37 File permissions are OK 2020-05-20 13:38:37 Including plugin file: ./plugins/plugin_pam_phase1 (version: 1.0.5) 2020-05-20 13:38:37 ==== 2020-05-20 13:38:37 Performing test ID PLGN-0008 (Check PAM configuration (pwquality.conf)) 2020-05-20 13:38:37 Value is now: 8 2020-05-20 13:38:37 Returning value: 8 2020-05-20 13:38:37 ==== 2020-05-20 13:38:37 Performing test ID PLGN-0010 (Check PAM configuration) 2020-05-20 13:38:37 Result: /etc/pam.d exists 2020-05-20 13:38:37 Now checking PAM file /etc/pam.d/sudo-i 2020-05-20 13:38:37 Result: using module pam_keyinit.so (optional) with options force revoke 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/sudo 2020-05-20 13:38:38 Result: using module pam_keyinit.so (optional) with options revoke 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/vlock 2020-05-20 13:38:38 Result: using module pam_permit.so (required) without options configured 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/crond 2020-05-20 13:38:38 Result: using module pam_access.so (required) without options configured 2020-05-20 13:38:38 Result: using module pam_loginuid.so (required) without options configured 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/polkit-1 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/systemd-user 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/su-l 2020-05-20 13:38:38 Result: using module pam_keyinit.so (optional) with options force revoke 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/su 2020-05-20 13:38:38 Result: using module pam_rootok.so (sufficient) without options configured 2020-05-20 13:38:38 Unknown control flag found (substack) 2020-05-20 13:38:38 Result: using module system-auth (substack) without options configured 2020-05-20 13:38:38 Result: found pluggable authentication module system-auth, which is unknown 2020-05-20 13:38:38 Result: using module pam_succeed_if.so (sufficient) with options uid = 0 use_uid quiet 2020-05-20 13:38:38 Result: using module pam_xauth.so (optional) without options configured 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/runuser-l 2020-05-20 13:38:38 Result: using module pam_keyinit.so (optional) with options force revoke 2020-05-20 13:38:38 Result: using module pam_systemd.so (optional) without options configured 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/runuser 2020-05-20 13:38:38 Result: using module pam_rootok.so (sufficient) without options configured 2020-05-20 13:38:38 Result: using module pam_keyinit.so (optional) with options revoke 2020-05-20 13:38:38 Result: using module pam_limits.so (required) without options configured 2020-05-20 13:38:38 Result: using module pam_unix.so (required) without options configured 2020-05-20 13:38:38 Result: found pam_unix.so module (generic) 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/remote 2020-05-20 13:38:38 Result: using module pam_securetty.so (required) without options configured 2020-05-20 13:38:38 Unknown control flag found (substack) 2020-05-20 13:38:38 Result: using module password-auth (substack) without options configured 2020-05-20 13:38:38 Result: found pluggable authentication module password-auth, which is unknown 2020-05-20 13:38:38 Result: using module pam_nologin.so (required) without options configured 2020-05-20 13:38:38 Result: using module pam_selinux.so (required) with options close 2020-05-20 13:38:38 Result: using module pam_loginuid.so (required) without options configured 2020-05-20 13:38:38 Result: using module pam_selinux.so (required) with options open 2020-05-20 13:38:38 Result: using module pam_namespace.so (required) without options configured 2020-05-20 13:38:38 Result: using module pam_keyinit.so (optional) with options force revoke 2020-05-20 13:38:38 Now checking PAM file /etc/pam.d/login 2020-05-20 13:38:38 Result: Found brackets in line, indicating multiple options for control flags: user_unknown=ignore success=ok ignore=ignore default=bad 2020-05-20 13:38:38 Result: brackets used, ignoring control flags 2020-05-20 13:38:38 Result: using module pam_securetty.so (other) without options configured 2020-05-20 13:38:38 Unknown control flag found (substack) 2020-05-20 13:38:38 Result: using module system-auth (substack) without options configured 2020-05-20 13:38:38 Result: found pluggable authentication module system-auth, which is unknown 2020-05-20 13:38:38 Result: using module pam_nologin.so (required) without options configured 2020-05-20 13:38:38 Result: using module pam_selinux.so (required) with options close 2020-05-20 13:38:38 Result: using module pam_loginuid.so (required) without options configured 2020-05-20 13:38:38 Result: using module pam_console.so (optional) without options configured 2020-05-20 13:38:38 Result: found pluggable authentication module pam_console.so, which is unknown 2020-05-20 13:38:38 Result: using module pam_selinux.so (required) with options open 2020-05-20 13:38:38 Result: using module pam_namespace.so (required) without options configured 2020-05-20 13:38:38 Result: using module pam_keyinit.so (optional) with options force revoke 2020-05-20 13:38:39 Result: using module pam_ck_connector.so (optional) without options configured 2020-05-20 13:38:39 Result: found pluggable authentication module pam_ck_connector.so, which is unknown 2020-05-20 13:38:39 Now checking PAM file /etc/pam.d/chsh 2020-05-20 13:38:39 Result: using module pam_rootok.so (sufficient) without options configured 2020-05-20 13:38:39 Now checking PAM file /etc/pam.d/chfn 2020-05-20 13:38:39 Result: using module pam_rootok.so (sufficient) without options configured 2020-05-20 13:38:39 Now checking PAM file /etc/pam.d/smartcard-auth-ac 2020-05-20 13:38:39 Result: using module pam_env.so (required) without options configured 2020-05-20 13:38:39 Result: Found brackets in line, indicating multiple options for control flags: success=done ignore=ignore default=die 2020-05-20 13:38:39 Result: brackets used, ignoring control flags 2020-05-20 13:38:39 Result: using module pam_pkcs11.so (other) with options nodebug wait_for_card 2020-05-20 13:38:39 Result: found pluggable authentication module pam_pkcs11.so, which is unknown 2020-05-20 13:38:39 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_unix.so (required) without options configured 2020-05-20 13:38:39 Result: found pam_unix.so module (generic) 2020-05-20 13:38:39 Result: using module pam_localuser.so (sufficient) without options configured 2020-05-20 13:38:39 Result: using module pam_succeed_if.so (sufficient) with options uid < 1000 quiet 2020-05-20 13:38:39 Result: using module pam_permit.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_pkcs11.so (required) without options configured 2020-05-20 13:38:39 Result: found pluggable authentication module pam_pkcs11.so, which is unknown 2020-05-20 13:38:39 Result: using module pam_keyinit.so (optional) with options revoke 2020-05-20 13:38:39 Result: using module pam_limits.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_systemd.so (optional) without options configured 2020-05-20 13:38:39 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-05-20 13:38:39 Result: brackets used, ignoring control flags 2020-05-20 13:38:39 Result: using module pam_succeed_if.so (other) with options service in crond quiet use_uid 2020-05-20 13:38:39 Result: using module pam_unix.so (required) without options configured 2020-05-20 13:38:39 Result: found pam_unix.so module (generic) 2020-05-20 13:38:39 Now checking PAM file /etc/pam.d/fingerprint-auth-ac 2020-05-20 13:38:39 Result: using module pam_env.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_fprintd.so (sufficient) without options configured 2020-05-20 13:38:39 Result: found pluggable authentication module pam_fprintd.so, which is unknown 2020-05-20 13:38:39 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_unix.so (required) without options configured 2020-05-20 13:38:39 Result: found pam_unix.so module (generic) 2020-05-20 13:38:39 Result: using module pam_localuser.so (sufficient) without options configured 2020-05-20 13:38:39 Result: using module pam_succeed_if.so (sufficient) with options uid < 1000 quiet 2020-05-20 13:38:39 Result: using module pam_permit.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_keyinit.so (optional) with options revoke 2020-05-20 13:38:39 Result: using module pam_limits.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_systemd.so (optional) without options configured 2020-05-20 13:38:39 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-05-20 13:38:39 Result: brackets used, ignoring control flags 2020-05-20 13:38:39 Result: using module pam_succeed_if.so (other) with options service in crond quiet use_uid 2020-05-20 13:38:39 Result: using module pam_unix.so (required) without options configured 2020-05-20 13:38:39 Result: found pam_unix.so module (generic) 2020-05-20 13:38:39 Now checking PAM file /etc/pam.d/password-auth-ac 2020-05-20 13:38:39 Result: using module pam_env.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_faildelay.so (required) with options delay=2000000 2020-05-20 13:38:39 Result: using module pam_faillock.so (required) with options preauth silent audit deny=3 unlock_time=3600 fail_interval=900 2020-05-20 13:38:39 Result: found pluggable authentication module pam_faillock.so, which is unknown 2020-05-20 13:38:39 Result: using module pam_unix.so (sufficient) with options nullok try_first_pass 2020-05-20 13:38:39 Result: found pam_unix.so module (generic) 2020-05-20 13:38:39 Result: Found brackets in line, indicating multiple options for control flags: default=die 2020-05-20 13:38:39 Result: brackets used, ignoring control flags 2020-05-20 13:38:39 Result: using module pam_faillock.so (other) with options authfail audit deny=3 unlock_time=3600 fail_interval=900 2020-05-20 13:38:39 Result: found pluggable authentication module pam_faillock.so, which is unknown 2020-05-20 13:38:39 Result: using module pam_succeed_if.so (requisite) with options uid >= 1000 quiet_success 2020-05-20 13:38:39 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_faillock.so (required) without options configured 2020-05-20 13:38:39 Result: found pluggable authentication module pam_faillock.so, which is unknown 2020-05-20 13:38:39 Result: using module pam_unix.so (required) without options configured 2020-05-20 13:38:39 Result: found pam_unix.so module (generic) 2020-05-20 13:38:39 Result: using module pam_localuser.so (sufficient) without options configured 2020-05-20 13:38:39 Result: using module pam_succeed_if.so (sufficient) with options uid < 1000 quiet 2020-05-20 13:38:39 Result: using module pam_permit.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_pwquality.so (requisite) with options try_first_pass local_users_only retry=3 authtok_type= 2020-05-20 13:38:39 Result: found module pam_pwquality.so for password strength testing 2020-05-20 13:38:39 Result: unknown option found: try_first_pass with value 2020-05-20 13:38:39 Result: unknown option found: local_users_only with value 2020-05-20 13:38:39 Result: Max password Retry configured 2020-05-20 13:38:39 Value is now: 3 2020-05-20 13:38:39 Returning value: 3 2020-05-20 13:38:39 Result: unknown option found: authtok_type with value 2020-05-20 13:38:39 Result: using module pam_unix.so (sufficient) with options sha512 shadow nullok try_first_pass use_authtok 2020-05-20 13:38:39 Result: found pam_unix.so module (generic) 2020-05-20 13:38:39 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_keyinit.so (optional) with options revoke 2020-05-20 13:38:39 Result: using module pam_limits.so (required) without options configured 2020-05-20 13:38:39 Result: using module pam_systemd.so (optional) without options configured 2020-05-20 13:38:39 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-05-20 13:38:39 Result: brackets used, ignoring control flags 2020-05-20 13:38:39 Result: using module pam_succeed_if.so (other) with options service in crond quiet use_uid 2020-05-20 13:38:39 Result: using module pam_unix.so (required) without options configured 2020-05-20 13:38:39 Result: found pam_unix.so module (generic) 2020-05-20 13:38:39 Now checking PAM file /etc/pam.d/postlogin-ac 2020-05-20 13:38:39 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-05-20 13:38:39 Result: brackets used, ignoring control flags 2020-05-20 13:38:39 Result: using module pam_succeed_if.so (other) with options service !~ gdm* service !~ su* quiet 2020-05-20 13:38:39 Result: Found brackets in line, indicating multiple options for control flags: default=1 2020-05-20 13:38:39 Result: brackets used, ignoring control flags 2020-05-20 13:38:39 Result: using module pam_lastlog.so (other) with options nowtmp showfailed 2020-05-20 13:38:40 Result: using module pam_lastlog.so (optional) with options silent noupdate showfailed 2020-05-20 13:38:40 Now checking PAM file /etc/pam.d/system-auth-ac 2020-05-20 13:38:40 Result: using module pam_env.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_faildelay.so (required) with options delay=2000000 2020-05-20 13:38:40 Result: using module pam_faillock.so (required) with options preauth silent audit deny=3 unlock_time=3600 fail_interval=900 2020-05-20 13:38:40 Result: found pluggable authentication module pam_faillock.so, which is unknown 2020-05-20 13:38:40 Result: using module pam_unix.so (sufficient) with options nullok try_first_pass 2020-05-20 13:38:40 Result: found pam_unix.so module (generic) 2020-05-20 13:38:40 Result: Found brackets in line, indicating multiple options for control flags: default=die 2020-05-20 13:38:40 Result: brackets used, ignoring control flags 2020-05-20 13:38:40 Result: using module pam_faillock.so (other) with options authfail audit deny=3 unlock_time=3600 fail_interval=900 2020-05-20 13:38:40 Result: found pluggable authentication module pam_faillock.so, which is unknown 2020-05-20 13:38:40 Result: using module pam_succeed_if.so (requisite) with options uid >= 1000 quiet_success 2020-05-20 13:38:40 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_faillock.so (required) without options configured 2020-05-20 13:38:40 Result: found pluggable authentication module pam_faillock.so, which is unknown 2020-05-20 13:38:40 Result: using module pam_unix.so (required) without options configured 2020-05-20 13:38:40 Result: found pam_unix.so module (generic) 2020-05-20 13:38:40 Result: using module pam_localuser.so (sufficient) without options configured 2020-05-20 13:38:40 Result: using module pam_succeed_if.so (sufficient) with options uid < 1000 quiet 2020-05-20 13:38:40 Result: using module pam_permit.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_pwquality.so (requisite) with options try_first_pass local_users_only retry=3 authtok_type= 2020-05-20 13:38:40 Result: found module pam_pwquality.so for password strength testing 2020-05-20 13:38:40 Result: unknown option found: try_first_pass with value 2020-05-20 13:38:40 Result: unknown option found: local_users_only with value 2020-05-20 13:38:40 Result: Max password Retry configured 2020-05-20 13:38:40 Value is now: 3 2020-05-20 13:38:40 Returning value: 3 2020-05-20 13:38:40 Result: unknown option found: authtok_type with value 2020-05-20 13:38:40 Result: using module pam_unix.so (sufficient) with options sha512 shadow nullok try_first_pass use_authtok remember=12 2020-05-20 13:38:40 Result: found pam_unix.so module (generic) 2020-05-20 13:38:40 Result: password history configured for pam_unix 2020-05-20 13:38:40 Value is now: 12 2020-05-20 13:38:40 Returning value: 12 2020-05-20 13:38:40 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_keyinit.so (optional) with options revoke 2020-05-20 13:38:40 Result: using module pam_limits.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_systemd.so (optional) without options configured 2020-05-20 13:38:40 Result: Found brackets in line, indicating multiple options for control flags: success=1 default=ignore 2020-05-20 13:38:40 Result: brackets used, ignoring control flags 2020-05-20 13:38:40 Result: using module pam_succeed_if.so (other) with options service in crond quiet use_uid 2020-05-20 13:38:40 Result: using module pam_unix.so (required) without options configured 2020-05-20 13:38:40 Result: found pam_unix.so module (generic) 2020-05-20 13:38:40 Now checking PAM file /etc/pam.d/passwd 2020-05-20 13:38:40 Unknown control flag found (substack) 2020-05-20 13:38:40 Result: using module system-auth (substack) without options configured 2020-05-20 13:38:40 Result: found pluggable authentication module system-auth, which is unknown 2020-05-20 13:38:40 Result: using module pam_gnome_keyring.so (optional) with options use_authtok 2020-05-20 13:38:40 Result: found pluggable authentication module pam_gnome_keyring.so, which is unknown 2020-05-20 13:38:40 Unknown control flag found (substack) 2020-05-20 13:38:40 Result: using module postlogin (substack) without options configured 2020-05-20 13:38:40 Result: found pluggable authentication module postlogin, which is unknown 2020-05-20 13:38:40 Now checking PAM file /etc/pam.d/sshd 2020-05-20 13:38:40 Result: using module pam_sepermit.so (required) without options configured 2020-05-20 13:38:40 Result: found pluggable authentication module pam_sepermit.so, which is unknown 2020-05-20 13:38:40 Result: using module pam_tally2.so (required) with options deny=5 onerr=fail unlock_time=300 2020-05-20 13:38:40 Result: found a required module for countering brute force cracking attempts 2020-05-20 13:38:40 Unknown control flag found (substack) 2020-05-20 13:38:40 Result: using module password-auth (substack) without options configured 2020-05-20 13:38:40 Result: found pluggable authentication module password-auth, which is unknown 2020-05-20 13:38:40 Result: using module pam_reauthorize.so (optional) with options prepare 2020-05-20 13:38:40 Result: found pluggable authentication module pam_reauthorize.so, which is unknown 2020-05-20 13:38:40 Result: using module pam_nologin.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_tally2.so (required) without options configured 2020-05-20 13:38:40 Result: found a required module for countering brute force cracking attempts 2020-05-20 13:38:40 Result: using module pam_selinux.so (required) with options close 2020-05-20 13:38:40 Result: using module pam_loginuid.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_selinux.so (required) with options open env_params 2020-05-20 13:38:40 Result: using module pam_namespace.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_keyinit.so (optional) with options force revoke 2020-05-20 13:38:40 Result: using module pam_reauthorize.so (optional) with options prepare 2020-05-20 13:38:40 Result: found pluggable authentication module pam_reauthorize.so, which is unknown 2020-05-20 13:38:40 Now checking PAM file /etc/pam.d/other 2020-05-20 13:38:40 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_deny.so (required) without options configured 2020-05-20 13:38:40 Now checking PAM file /etc/pam.d/config-util 2020-05-20 13:38:40 Result: using module pam_rootok.so (sufficient) without options configured 2020-05-20 13:38:40 Result: using module pam_timestamp.so (sufficient) without options configured 2020-05-20 13:38:40 Result: using module pam_permit.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_permit.so (required) without options configured 2020-05-20 13:38:40 Result: using module pam_xauth.so (optional) without options configured 2020-05-20 13:38:40 Result: using module pam_timestamp.so (optional) without options configured 2020-05-20 13:38:40 Now checking PAM file /etc/pam.d/system-auth-local 2020-05-20 13:38:40 Result: using module pam_tty_audit.so (required) with options enable=* 2020-05-20 13:38:40 Result: found pluggable authentication module pam_tty_audit.so, which is unknown 2020-05-20 13:38:40 Result: using module pam_pwquality.so (required) with options retry=3 2020-05-20 13:38:40 Result: found module pam_pwquality.so for password strength testing 2020-05-20 13:38:40 Result: Max password Retry configured 2020-05-20 13:38:40 Value is now: 3 2020-05-20 13:38:40 Returning value: 3 2020-05-20 13:38:40 Now checking PAM file /etc/pam.d/password-auth-local 2020-05-20 13:38:40 Result: using module pam_tty_audit.so (required) with options enable=* 2020-05-20 13:38:40 Result: found pluggable authentication module pam_tty_audit.so, which is unknown 2020-05-20 13:38:41 [PAM] PAM 2F authentication enabled: 0 2020-05-20 13:38:41 [PAM] PAM 2F authentication required: 0 2020-05-20 13:38:41 [PAM] Authentication unlock time: 300 2020-05-20 13:38:41 [PAM] Password brute force protection: 1 2020-05-20 13:38:41 [PAM] Minimum password length: 8 2020-05-20 13:38:41 [PAM] Password strength testing enabled: 1 2020-05-20 13:38:41 [PAM] Minimum password class setting of 3 out of 4 is ignored since at least 1 class are forced 2020-05-20 13:38:41 [PAM] Minimum number of Digital characters required: 1 2020-05-20 13:38:41 [PAM] Minimum number of Lowercase characters required: 1 2020-05-20 13:38:41 [PAM] Minimum number of Other characters required: 1 2020-05-20 13:38:41 [PAM] Minimum number of Uppercase characters required: 1 2020-05-20 13:38:41 [PAM] Password maximum retry: 3 2020-05-20 13:38:41 [PAM] Password history with pam_pwhistory IS NOT enabled 2020-05-20 13:38:41 [PAM] Password history with pam_unix enabled: 1 2020-05-20 13:38:41 [PAM] Password history with pam_unix amount: 12 2020-05-20 13:38:41 ==== 2020-05-20 13:38:41 Result: pam plugin (phase 1) finished 2020-05-20 13:38:41 -- 2020-05-20 13:38:41 Found plugin file: ./plugins/plugin_systemd_phase1 2020-05-20 13:38:41 Action: checking plugin status in profile: /home/cloudadmin/lynis/default.prf 2020-05-20 13:38:41 Result: plugin enabled in profile (/home/cloudadmin/lynis/default.prf) 2020-05-20 13:38:41 Result: plugin systemd is enabled 2020-05-20 13:38:41 Checking permissions of ./plugins/plugin_systemd_phase1 2020-05-20 13:38:41 File permissions are OK 2020-05-20 13:38:41 Including plugin file: ./plugins/plugin_systemd_phase1 (version: 1.0.4) 2020-05-20 13:38:41 ==== 2020-05-20 13:38:41 Performing test ID PLGN-3800 (Gather systemctl exit code) 2020-05-20 13:38:41 ==== 2020-05-20 13:38:41 Performing test ID PLGN-3802 (Query systemd version and options) 2020-05-20 13:38:41 Result: found systemd version 219 2020-05-20 13:38:41 Result: found builtin components list 2020-05-20 13:38:41 ==== 2020-05-20 13:38:41 Performing test ID PLGN-3804 (Gather systemd unit files and their status) 2020-05-20 13:38:41 Result: found systemd unit files via systemctl list-unit-files 2020-05-20 13:38:41 Output: proc-sys-fs-binfmt_misc.automount|static| 2020-05-20 13:38:41 Output: dev-hugepages.mount|static| 2020-05-20 13:38:41 Output: dev-mqueue.mount|static| 2020-05-20 13:38:41 Output: proc-sys-fs-binfmt_misc.mount|static| 2020-05-20 13:38:41 Output: sys-fs-fuse-connections.mount|static| 2020-05-20 13:38:41 Output: sys-kernel-config.mount|static| 2020-05-20 13:38:41 Output: sys-kernel-debug.mount|static| 2020-05-20 13:38:41 Output: tmp.mount|masked| 2020-05-20 13:38:41 Output: brandbot.path|disabled| 2020-05-20 13:38:41 Output: systemd-ask-password-console.path|static| 2020-05-20 13:38:41 Output: systemd-ask-password-wall.path|static| 2020-05-20 13:38:41 Output: session-31.scope|static| 2020-05-20 13:38:41 Output: session-33.scope|static| 2020-05-20 13:38:41 Output: active-standby-controller.service|enabled| 2020-05-20 13:38:41 Output: arp-ethers.service|disabled| 2020-05-20 13:38:41 Output: auditd.service|enabled| 2020-05-20 13:38:41 Output: auth-server.service|enabled| 2020-05-20 13:38:41 Output: autovt@.service|enabled| 2020-05-20 13:38:41 Output: blk-availability.service|disabled| 2020-05-20 13:38:41 Output: brandbot.service|static| 2020-05-20 13:38:41 Output: ceph-disk@.service|static| 2020-05-20 13:38:41 Output: ceph-mds@.service|disabled| 2020-05-20 13:38:41 Output: ceph-mgr@.service|enabled| 2020-05-20 13:38:41 Output: ceph-mon@.service|enabled| 2020-05-20 13:38:41 Output: ceph-osd@.service|enabled-runtime| 2020-05-20 13:38:41 Output: ceph-radosgw@.service|disabled| 2020-05-20 13:38:41 Output: ceph-volume@.service|disabled| 2020-05-20 13:38:41 Output: cloud-config.service|disabled| 2020-05-20 13:38:41 Output: cloud-final.service|disabled| 2020-05-20 13:38:41 Output: cloud-init-local.service|disabled| 2020-05-20 13:38:41 Output: cloud-init.service|disabled| 2020-05-20 13:38:41 Output: cmagent.service|enabled| 2020-05-20 13:38:41 Output: config-manager.service|static| 2020-05-20 13:38:41 Output: console-getty.service|disabled| 2020-05-20 13:38:41 Output: console-shell.service|disabled| 2020-05-20 13:38:41 Output: container-getty@.service|static| 2020-05-20 13:38:41 Output: containerd.service|disabled| 2020-05-20 13:38:41 Output: cpupower.service|disabled| 2020-05-20 13:38:41 Output: crond.service|enabled| 2020-05-20 13:38:41 Output: dbus-org.freedesktop.hostname1.service|static| 2020-05-20 13:38:41 Output: dbus-org.freedesktop.import1.service|static| 2020-05-20 13:38:41 Output: dbus-org.freedesktop.locale1.service|static| 2020-05-20 13:38:41 Output: dbus-org.freedesktop.login1.service|static| 2020-05-20 13:38:41 Output: dbus-org.freedesktop.machine1.service|static| 2020-05-20 13:38:41 Output: dbus-org.freedesktop.timedate1.service|static| 2020-05-20 13:38:41 Output: dbus.service|static| 2020-05-20 13:38:41 Output: debug-shell.service|disabled| 2020-05-20 13:38:41 Output: dm-event.service|static| 2020-05-20 13:38:41 Output: dnsmasq.service|disabled| 2020-05-20 13:38:41 Output: docker.service|enabled| 2020-05-20 13:38:41 Output: dracut-cmdline.service|static| 2020-05-20 13:38:41 Output: dracut-initqueue.service|static| 2020-05-20 13:38:41 Output: dracut-mount.service|static| 2020-05-20 13:38:41 Output: dracut-pre-mount.service|static| 2020-05-20 13:38:41 Output: dracut-pre-pivot.service|static| 2020-05-20 13:38:41 Output: dracut-pre-trigger.service|static| 2020-05-20 13:38:41 Output: dracut-pre-udev.service|static| 2020-05-20 13:38:41 Output: dracut-shutdown.service|static| 2020-05-20 13:38:41 Output: driverctl@.service|static| 2020-05-20 13:38:41 Output: dss-server.service|enabled| 2020-05-20 13:38:41 Output: emergency.service|static| 2020-05-20 13:38:41 Output: epmd.service|disabled| 2020-05-20 13:38:41 Output: epmd@.service|disabled| 2020-05-20 13:38:41 Output: etcd.service|enabled| 2020-05-20 13:38:41 Output: finalize-bootstrap.service|enabled| 2020-05-20 13:38:41 Output: fstrim.service|static| 2020-05-20 13:38:41 Output: garbd.service|disabled| 2020-05-20 13:38:41 Output: getty@.service|enabled| 2020-05-20 13:38:41 Output: gssproxy.service|disabled| 2020-05-20 13:38:41 Output: guest-img-nginx.service|disabled| 2020-05-20 13:38:41 Output: halt-local.service|static| 2020-05-20 13:38:41 Output: haproxy.service|enabled| 2020-05-20 13:38:41 Output: htcacheclean.service|static| 2020-05-20 13:38:41 Output: httpd.service|disabled| 2020-05-20 13:38:41 Output: initrd-cleanup.service|static| 2020-05-20 13:38:41 Output: initrd-parse-etc.service|static| 2020-05-20 13:38:41 Output: initrd-switch-root.service|static| 2020-05-20 13:38:41 Output: initrd-udevadm-cleanup-db.service|static| 2020-05-20 13:38:41 Output: ip6tables.service|disabled| 2020-05-20 13:38:41 Output: ipmi.service|disabled| 2020-05-20 13:38:41 Output: ipmievd.service|disabled| 2020-05-20 13:38:41 Output: iptables.service|enabled| 2020-05-20 13:38:41 Output: ironic-api.service|enabled| 2020-05-20 13:38:41 Output: ironic-conductor.service|enabled| 2020-05-20 13:38:41 Output: irqbalance.service|enabled| 2020-05-20 13:38:41 Output: iscsi-onboot.service|disabled| 2020-05-20 13:38:41 Output: iscsi-shutdown.service|static| 2020-05-20 13:38:41 Output: iscsi.service|enabled| 2020-05-20 13:38:41 Output: iscsid.service|disabled| 2020-05-20 13:38:41 Output: iscsiuio.service|disabled| 2020-05-20 13:38:41 Output: kdump.service|enabled| 2020-05-20 13:38:41 Output: keepalived.service|disabled| 2020-05-20 13:38:41 Output: keepalivedmonitor.service|enabled| 2020-05-20 13:38:41 Output: keepalivedmonitoragent.service|enabled| 2020-05-20 13:38:41 Output: keystone-wsgi-admin.service|enabled| 2020-05-20 13:38:41 Output: keystone-wsgi-public.service|enabled| 2020-05-20 13:38:41 Output: kmod-static-nodes.service|static| 2020-05-20 13:38:41 Output: ksm.service|enabled| 2020-05-20 13:38:41 Output: ksmtuned.service|enabled| 2020-05-20 13:38:41 Output: kubelet.service|enabled| 2020-05-20 13:38:41 Output: kubelet_healthcheck.service|enabled| 2020-05-20 13:38:41 Output: lvm2-lvmetad.service|static| 2020-05-20 13:38:41 Output: lvm2-lvmpolld.service|static| 2020-05-20 13:38:41 Output: lvm2-monitor.service|enabled| 2020-05-20 13:38:41 Output: lvm2-pvscan@.service|static| 2020-05-20 13:38:41 Output: mariadb.service|enabled| 2020-05-20 13:38:41 Output: mariadb@.service|disabled| 2020-05-20 13:38:41 Output: memcached.service|enabled| 2020-05-20 13:38:41 Output: messagebus.service|static| 2020-05-20 13:38:41 Output: nfs-rquotad.service|disabled| 2020-05-20 13:38:41 Output: nginx.service|enabled| 2020-05-20 13:38:41 Output: ntpd.service|enabled| 2020-05-20 13:38:41 Output: ntpdate.service|enabled| 2020-05-20 13:38:41 Output: openstack-ironic-api.service|disabled| 2020-05-20 13:38:41 Output: openstack-ironic-conductor.service|disabled| 2020-05-20 13:38:41 Output: openstack-ironic-inspector-dnsmasq.service|disabled| 2020-05-20 13:38:41 Output: openstack-ironic-inspector.service|disabled| 2020-05-20 13:38:41 Output: openvswitch.service|disabled| 2020-05-20 13:38:41 Output: ovs-delete-transient-ports.service|static| 2020-05-20 13:38:41 Output: ovs-vswitchd.service|static| 2020-05-20 13:38:41 Output: ovsdb-server.service|static| 2020-05-20 13:38:41 Output: polkit.service|static| 2020-05-20 13:38:41 Output: qemu-guest-agent.service|enabled| 2020-05-20 13:38:41 Output: qemu-pr-helper.service|static| 2020-05-20 13:38:41 Output: quotaon.service|static| 2020-05-20 13:38:41 Output: rabbitmq-server.service|enabled| 2020-05-20 13:38:41 Output: rbdmap.service|disabled| 2020-05-20 13:38:41 Output: rc-local.service|static| 2020-05-20 13:38:41 Output: rdisc.service|disabled| 2020-05-20 13:38:41 Output: rdma-load-modules@.service|static| 2020-05-20 13:38:41 Output: rdma-ndd.service|static| 2020-05-20 13:38:41 Output: rdma.service|disabled| 2020-05-20 13:38:41 Output: redis-sentinel.service|disabled| 2020-05-20 13:38:41 Output: redis.service|enabled| 2020-05-20 13:38:41 Output: rediscontroller.service|static| 2020-05-20 13:38:41 Output: redismonitor.service|enabled| 2020-05-20 13:38:41 Output: report-installation-success.service|static| 2020-05-20 13:38:41 Output: rescue.service|static| 2020-05-20 13:38:41 Output: restapi.service|enabled| 2020-05-20 13:38:41 Output: rhel-autorelabel-mark.service|disabled| 2020-05-20 13:38:41 Output: rhel-autorelabel.service|enabled| 2020-05-20 13:38:41 Output: rhel-configure.service|enabled| 2020-05-20 13:38:41 Output: rhel-dmesg.service|enabled| 2020-05-20 13:38:41 Output: rhel-domainname.service|enabled| 2020-05-20 13:38:41 Output: rhel-import-state.service|enabled| 2020-05-20 13:38:41 Output: rhel-loadmodules.service|enabled| 2020-05-20 13:38:41 Output: rhel-readonly.service|enabled| 2020-05-20 13:38:41 Output: rpc-rquotad.service|disabled| 2020-05-20 13:38:41 Output: rpcbind.service|enabled| 2020-05-20 13:38:41 Output: rsyncd.service|disabled| 2020-05-20 13:38:41 Output: rsyncd@.service|static| 2020-05-20 13:38:41 Output: rsyslog.service|disabled| 2020-05-20 13:38:41 Output: saslauthd.service|disabled| 2020-05-20 13:38:41 Output: selinux-policy-migrate-local-changes@.service|static| 2020-05-20 13:38:41 Output: serial-getty@.service|disabled| 2020-05-20 13:38:41 Output: sriov.service|enabled| 2020-05-20 13:38:41 Output: sshd-keygen.service|static| 2020-05-20 13:38:41 Output: sshd.service|enabled| 2020-05-20 13:38:41 Output: sshd@.service|static| 2020-05-20 13:38:41 Output: start-menu.service|disabled| 2020-05-20 13:38:41 Output: systemd-ask-password-console.service|static| 2020-05-20 13:38:41 Output: systemd-ask-password-wall.service|static| 2020-05-20 13:38:41 Output: systemd-backlight@.service|static| 2020-05-20 13:38:41 Output: systemd-binfmt.service|static| 2020-05-20 13:38:41 Output: systemd-bootchart.service|disabled| 2020-05-20 13:38:41 Output: systemd-firstboot.service|static| 2020-05-20 13:38:41 Output: systemd-fsck-root.service|static| 2020-05-20 13:38:41 Output: systemd-fsck@.service|static| 2020-05-20 13:38:41 Output: systemd-halt.service|static| 2020-05-20 13:38:41 Output: systemd-hibernate-resume@.service|static| 2020-05-20 13:38:41 Output: systemd-hibernate.service|static| 2020-05-20 13:38:41 Output: systemd-hostnamed.service|static| 2020-05-20 13:38:41 Output: systemd-hwdb-update.service|static| 2020-05-20 13:38:41 Output: systemd-hybrid-sleep.service|static| 2020-05-20 13:38:41 Output: systemd-importd.service|static| 2020-05-20 13:38:41 Output: systemd-initctl.service|static| 2020-05-20 13:38:41 Output: systemd-journal-catalog-update.service|static| 2020-05-20 13:38:41 Output: systemd-journal-flush.service|static| 2020-05-20 13:38:41 Output: systemd-journald.service|static| 2020-05-20 13:38:41 Output: systemd-kexec.service|static| 2020-05-20 13:38:41 Output: systemd-localed.service|static| 2020-05-20 13:38:41 Output: systemd-logind.service|static| 2020-05-20 13:38:41 Output: systemd-machine-id-commit.service|static| 2020-05-20 13:38:41 Output: systemd-machined.service|static| 2020-05-20 13:38:41 Output: systemd-modules-load.service|static| 2020-05-20 13:38:41 Output: systemd-nspawn@.service|disabled| 2020-05-20 13:38:41 Output: systemd-poweroff.service|static| 2020-05-20 13:38:41 Output: systemd-quotacheck.service|static| 2020-05-20 13:38:41 Output: systemd-random-seed.service|static| 2020-05-20 13:38:41 Output: systemd-readahead-collect.service|enabled| 2020-05-20 13:38:41 Output: systemd-readahead-done.service|indirect| 2020-05-20 13:38:41 Output: systemd-readahead-drop.service|enabled| 2020-05-20 13:38:41 Output: systemd-readahead-replay.service|enabled| 2020-05-20 13:38:41 Output: systemd-reboot.service|static| 2020-05-20 13:38:41 Output: systemd-remount-fs.service|static| 2020-05-20 13:38:41 Output: systemd-rfkill@.service|static| 2020-05-20 13:38:41 Output: systemd-shutdownd.service|static| 2020-05-20 13:38:41 Output: systemd-suspend.service|static| 2020-05-20 13:38:41 Output: systemd-sysctl.service|static| 2020-05-20 13:38:41 Output: systemd-timedated.service|static| 2020-05-20 13:38:41 Output: systemd-tmpfiles-clean.service|static| 2020-05-20 13:38:41 Output: systemd-tmpfiles-setup-dev.service|static| 2020-05-20 13:38:41 Output: systemd-tmpfiles-setup.service|static| 2020-05-20 13:38:41 Output: systemd-udev-settle.service|static| 2020-05-20 13:38:41 Output: systemd-udev-trigger.service|static| 2020-05-20 13:38:41 Output: systemd-udevd.service|static| 2020-05-20 13:38:41 Output: systemd-update-done.service|static| 2020-05-20 13:38:41 Output: systemd-update-utmp-runlevel.service|static| 2020-05-20 13:38:41 Output: systemd-update-utmp.service|static| 2020-05-20 13:38:41 Output: systemd-user-sessions.service|static| 2020-05-20 13:38:41 Output: systemd-vconsole-setup.service|static| 2020-05-20 13:38:41 Output: tcsd.service|disabled| 2020-05-20 13:38:41 Output: tuned.service|enabled| 2020-05-20 13:38:41 Output: unbound-anchor.service|static| 2020-05-20 13:38:41 Output: uwsgi.service|disabled| 2020-05-20 13:38:41 Output: xinetd.service|enabled| 2020-05-20 13:38:41 Output: -.slice|static| 2020-05-20 13:38:41 Output: machine.slice|static| 2020-05-20 13:38:41 Output: podruntime.slice|static| 2020-05-20 13:38:41 Output: system.slice|static| 2020-05-20 13:38:41 Output: user-1000.slice|static| 2020-05-20 13:38:41 Output: user.slice|static| 2020-05-20 13:38:41 Output: dbus.socket|static| 2020-05-20 13:38:41 Output: dm-event.socket|enabled| 2020-05-20 13:38:41 Output: docker.socket|disabled| 2020-05-20 13:38:41 Output: epmd.socket|disabled| 2020-05-20 13:38:41 Output: epmd@.socket|disabled| 2020-05-20 13:38:41 Output: iscsid.socket|enabled| 2020-05-20 13:38:41 Output: iscsiuio.socket|enabled| 2020-05-20 13:38:41 Output: lvm2-lvmetad.socket|enabled| 2020-05-20 13:38:41 Output: lvm2-lvmpolld.socket|enabled| 2020-05-20 13:38:41 Output: qemu-pr-helper.socket|disabled| 2020-05-20 13:38:41 Output: rpcbind.socket|enabled| 2020-05-20 13:38:41 Output: rsyncd.socket|disabled| 2020-05-20 13:38:41 Output: sshd.socket|disabled| 2020-05-20 13:38:41 Output: syslog.socket|static| 2020-05-20 13:38:41 Output: systemd-initctl.socket|static| 2020-05-20 13:38:41 Output: systemd-journald-audit.socket|masked| 2020-05-20 13:38:41 Output: systemd-journald.socket|static| 2020-05-20 13:38:41 Output: systemd-shutdownd.socket|static| 2020-05-20 13:38:41 Output: systemd-udevd-control.socket|static| 2020-05-20 13:38:41 Output: systemd-udevd-kernel.socket|static| 2020-05-20 13:38:41 Output: basic.target|static| 2020-05-20 13:38:41 Output: bluetooth.target|static| 2020-05-20 13:38:41 Output: ceph-mds.target|enabled| 2020-05-20 13:38:41 Output: ceph-mgr.target|enabled| 2020-05-20 13:38:41 Output: ceph-mon.target|enabled| 2020-05-20 13:38:41 Output: ceph-osd.target|enabled| 2020-05-20 13:38:41 Output: ceph-radosgw.target|enabled| 2020-05-20 13:38:41 Output: ceph.target|enabled| 2020-05-20 13:38:41 Output: cloud-config.target|static| 2020-05-20 13:38:41 Output: cloud-init.target|static| 2020-05-20 13:38:41 Output: cryptsetup-pre.target|static| 2020-05-20 13:38:41 Output: cryptsetup.target|static| 2020-05-20 13:38:41 Output: ctrl-alt-del.target|masked| 2020-05-20 13:38:41 Output: default.target|enabled| 2020-05-20 13:38:41 Output: emergency.target|static| 2020-05-20 13:38:41 Output: final.target|static| 2020-05-20 13:38:41 Output: getty-pre.target|static| 2020-05-20 13:38:41 Output: getty.target|static| 2020-05-20 13:38:41 Output: graphical.target|static| 2020-05-20 13:38:41 Output: halt.target|disabled| 2020-05-20 13:38:41 Output: hibernate.target|static| 2020-05-20 13:38:41 Output: hybrid-sleep.target|static| 2020-05-20 13:38:41 Output: initrd-fs.target|static| 2020-05-20 13:38:41 Output: initrd-root-fs.target|static| 2020-05-20 13:38:41 Output: initrd-switch-root.target|static| 2020-05-20 13:38:41 Output: initrd.target|static| 2020-05-20 13:38:41 Output: kexec.target|disabled| 2020-05-20 13:38:41 Output: local-fs-pre.target|static| 2020-05-20 13:38:41 Output: local-fs.target|static| 2020-05-20 13:38:41 Output: machines.target|disabled| 2020-05-20 13:38:41 Output: multi-user.target|enabled| 2020-05-20 13:38:41 Output: network-online.target|static| 2020-05-20 13:38:41 Output: network-pre.target|static| 2020-05-20 13:38:41 Output: network.target|static| 2020-05-20 13:38:41 Output: nss-lookup.target|static| 2020-05-20 13:38:41 Output: nss-user-lookup.target|static| 2020-05-20 13:38:41 Output: paths.target|static| 2020-05-20 13:38:41 Output: poweroff.target|disabled| 2020-05-20 13:38:41 Output: printer.target|static| 2020-05-20 13:38:41 Output: rdma-hw.target|static| 2020-05-20 13:38:41 Output: reboot.target|disabled| 2020-05-20 13:38:41 Output: remote-cryptsetup.target|disabled| 2020-05-20 13:38:41 Output: remote-fs-pre.target|static| 2020-05-20 13:38:41 Output: remote-fs.target|enabled| 2020-05-20 13:38:41 Output: rescue.target|disabled| 2020-05-20 13:38:41 Output: rpcbind.target|static| 2020-05-20 13:38:41 Output: runlevel0.target|disabled| 2020-05-20 13:38:41 Output: runlevel1.target|disabled| 2020-05-20 13:38:41 Output: runlevel2.target|enabled| 2020-05-20 13:38:41 Output: runlevel3.target|enabled| 2020-05-20 13:38:41 Output: runlevel4.target|enabled| 2020-05-20 13:38:41 Output: runlevel5.target|static| 2020-05-20 13:38:41 Output: runlevel6.target|disabled| 2020-05-20 13:38:41 Output: shutdown.target|static| 2020-05-20 13:38:41 Output: sigpwr.target|static| 2020-05-20 13:38:41 Output: sleep.target|static| 2020-05-20 13:38:41 Output: slices.target|static| 2020-05-20 13:38:41 Output: smartcard.target|static| 2020-05-20 13:38:41 Output: sockets.target|static| 2020-05-20 13:38:41 Output: sound.target|static| 2020-05-20 13:38:41 Output: suspend.target|static| 2020-05-20 13:38:41 Output: swap.target|static| 2020-05-20 13:38:41 Output: sysinit.target|static| 2020-05-20 13:38:41 Output: system-update.target|static| 2020-05-20 13:38:41 Output: time-sync.target|static| 2020-05-20 13:38:41 Output: timers.target|static| 2020-05-20 13:38:41 Output: umount.target|static| 2020-05-20 13:38:41 Output: fstrim.timer|disabled| 2020-05-20 13:38:41 Output: systemd-readahead-done.timer|indirect| 2020-05-20 13:38:41 Output: systemd-tmpfiles-clean.timer|static| 2020-05-20 13:38:41 Output: unbound-anchor.timer|enabled| 2020-05-20 13:38:41 ==== 2020-05-20 13:38:41 Performing test ID PLGN-3806 (Gather failed systemd units) 2020-05-20 13:38:41 ==== 2020-05-20 13:38:41 Performing test ID PLGN-3808 (Gather systemd machine ID) 2020-05-20 13:38:41 Result: found machine ID: a3ed469891c7426d9864d5fbf2a95e55 2020-05-20 13:38:41 ==== 2020-05-20 13:38:41 Performing test ID PLGN-3810 (Query main systemd binaries) 2020-05-20 13:38:41 Result: found systemd binaries in /usr/lib/systemd 2020-05-20 13:38:41 ==== 2020-05-20 13:38:41 Performing test ID PLGN-3812 (Query journal for boot related information) 2020-05-20 13:38:41 Output: number of boots listed in journal is 1 2020-05-20 13:38:41 Output: oldest boot date in journal is 2020-05-20 2020-05-20 13:38:41 ==== 2020-05-20 13:38:41 Performing test ID PLGN-3814 (Verify journal integrity) 2020-05-20 13:38:51 Result: systemd journal has no errors 2020-05-20 13:38:51 ==== 2020-05-20 13:38:51 Performing test ID PLGN-3816 (Query journal for boot related information) 2020-05-20 13:38:51 Result: journals are 384.0M in size 2020-05-20 13:38:51 ==== 2020-05-20 13:38:51 Performing test ID PLGN-3818 (Query journal meta data) 2020-05-20 13:38:51 ==== 2020-05-20 13:38:51 Performing test ID PLGN-3820 (Check for journal FSS configuration) 2020-05-20 13:38:51 ==== 2020-05-20 13:38:51 Performing test ID PLGN-3830 (Query systemd status) 2020-05-20 13:38:51 Result: found systemd status = running 2020-05-20 13:38:51 ==== 2020-05-20 13:38:51 Performing test ID PLGN-3832 (Query systemd status for processes which can not be found) 2020-05-20 13:38:51 ==== 2020-05-20 13:38:51 Performing test ID PLGN-3834 (Collect service units which can not be found in systemd) 2020-05-20 13:38:51 Result: found one or more services with faulty state 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) display-manager.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) enable-dpdk.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) lvm2-activation.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) NetworkManager-wait-online.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) NetworkManager.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) nova-compute.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) plymouth-quit-wait.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) plymouth-start.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) sntp.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) syslog.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) systemd-sysusers.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) ypbind.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) yppasswdd.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) ypserv.service 2020-05-20 13:38:51 Result: service seems to be faulty (not-found) ypxfrd.service 2020-05-20 13:38:51 ==== 2020-05-20 13:38:52 Performing test ID PLGN-3856 (Check if systemd-coredump is used) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID PLGN-3860 (Query coredumps from journals since Yesterday) 2020-05-20 13:38:52 Result: found no coredumps 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Result: systemd plugin (phase 1) finished 2020-05-20 13:38:52 -- 2020-05-20 13:38:52 Result: Found 2 plugins of which 2 are enabled 2020-05-20 13:38:52 Result: Plugins phase 1 finished 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Result: No eth0 found (ether found), using first network interface to determine hostid (with ifconfig) 2020-05-20 13:38:52 Info: using hardware address 98:03:9b:8c:64:e6 to create ID 2020-05-20 13:38:52 Result: Found HostID: dde526423bf3f3cb9c0d53decebf89a409353499 2020-05-20 13:38:52 Info: creating a HostID (version 2) 2020-05-20 13:38:52 Result: found file ssh_host_ed25519_key.pub in /etc/ssh, using that to create host identifier 2020-05-20 13:38:52 Using SSH public key to create the second host identifier 2020-05-20 13:38:52 Hash (hostname): 4be3f991c7b2d4e5c9bce8df72f508b7ebf09d6f4b4ce38cae22201d65f827cb 2020-05-20 13:38:52 Hash (ssh or machineid): 492fa5531e245fe1369cad4ede9e31ee1a05e4bcaf15b9e6bfe665d583e2d715 2020-05-20 13:38:52 Info: found valid HostID dde526423bf3f3cb9c0d53decebf89a409353499 2020-05-20 13:38:52 Info: no machine ID found 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Info: perform tests from all categories 2020-05-20 13:38:52 Security check: file is normal 2020-05-20 13:38:52 Checking permissions of /home/cloudadmin/lynis/include/tests_boot_services 2020-05-20 13:38:52 File permissions are OK 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Action: Performing tests from category: Boot and services 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5102 (Check for AIX boot device) 2020-05-20 13:38:52 Reason to skip: Incorrect guest OS (AIX only) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5104 (Determine service manager) 2020-05-20 13:38:52 Result: cmdline found = /usr/lib/systemd/systemd --switched-root --system --deserialize 21 2020-05-20 13:38:52 Result: file on disk = /usr/lib/systemd/systemd 2020-05-20 13:38:52 Found: systemd 2020-05-20 13:38:52 Result: service manager found = systemd 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5106 (Check EFI boot file on Mac OS X/macOS) 2020-05-20 13:38:52 Reason to skip: Incorrect guest OS (macOS only) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5108 (Check Syslinux as bootloader) 2020-05-20 13:38:52 Test: checking if file /boot/syslinux/syslinux.cfg exists 2020-05-20 13:38:52 Result: file /boot/syslinux/syslinux.cfg NOT found 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5109 (Check rEFInd as bootloader) 2020-05-20 13:38:52 Test: checking if file /boot/refind_linux.conf exists 2020-05-20 13:38:52 Result: file /boot/refind_linux.conf NOT found 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5116 (Check if system is booted in UEFI mode) 2020-05-20 13:38:52 Test: checking if UEFI is used 2020-05-20 13:38:52 Result: UEFI not used, can't find /sys/firmware/efi directory 2020-05-20 13:38:52 Test: determine if Secure Boot is used 2020-05-20 13:38:52 Result: system not booted with Secure Boot (no SecureBoot file found) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5117 (Check for systemd-boot bootloader presence) 2020-05-20 13:38:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5121 (Check for GRUB boot loader presence) 2020-05-20 13:38:52 Test: Checking for presence GRUB conf file (/boot/grub/grub.conf or /boot/grub/menu.lst) 2020-05-20 13:38:52 Result: found GRUB2 configuration file (/boot/grub2/grub.cfg) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5122 (Check for GRUB boot password) 2020-05-20 13:38:52 Found file /boot/grub2/grub.cfg, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /boot/grub2/grub.cfg (escaped: /boot/grub2/grub.cfg) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /boot/grub2/grub.cfg is readable (or directory accessible). 2020-05-20 13:38:52 Result: File '/boot/grub/custom.cfg' does not exist 2020-05-20 13:38:52 Found file /etc/grub.d/41_custom, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /etc/grub.d/41_custom (escaped: /etc/grub.d/41_custom) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /etc/grub.d/41_custom is readable (or directory accessible). 2020-05-20 13:38:52 Result: did not find hashed password line in this file 2020-05-20 13:38:52 Found file /etc/grub.d/40_custom, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /etc/grub.d/40_custom (escaped: /etc/grub.d/40_custom) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /etc/grub.d/40_custom is readable (or directory accessible). 2020-05-20 13:38:52 Found file /etc/grub.d/30_os-prober, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /etc/grub.d/30_os-prober (escaped: /etc/grub.d/30_os-prober) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /etc/grub.d/30_os-prober is readable (or directory accessible). 2020-05-20 13:38:52 Result: did not find hashed password line in this file 2020-05-20 13:38:52 Found file /etc/grub.d/20_ppc_terminfo, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /etc/grub.d/20_ppc_terminfo (escaped: /etc/grub.d/20_ppc_terminfo) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /etc/grub.d/20_ppc_terminfo is readable (or directory accessible). 2020-05-20 13:38:52 Result: did not find hashed password line in this file 2020-05-20 13:38:52 Found file /etc/grub.d/20_linux_xen, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /etc/grub.d/20_linux_xen (escaped: /etc/grub.d/20_linux_xen) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /etc/grub.d/20_linux_xen is readable (or directory accessible). 2020-05-20 13:38:52 Result: did not find hashed password line in this file 2020-05-20 13:38:52 Found file /etc/grub.d/10_linux, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /etc/grub.d/10_linux (escaped: /etc/grub.d/10_linux) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /etc/grub.d/10_linux is readable (or directory accessible). 2020-05-20 13:38:52 Result: did not find hashed password line in this file 2020-05-20 13:38:52 Found file /etc/grub.d/01_users, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /etc/grub.d/01_users (escaped: /etc/grub.d/01_users) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /etc/grub.d/01_users is readable (or directory accessible). 2020-05-20 13:38:52 Found file /etc/grub.d/00_header, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /etc/grub.d/00_header (escaped: /etc/grub.d/00_header) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /etc/grub.d/00_header is readable (or directory accessible). 2020-05-20 13:38:52 Result: did not find hashed password line in this file 2020-05-20 13:38:52 Found file /etc/grub.d/00_tuned, proceeding with tests. 2020-05-20 13:38:52 Test: check if we can access /etc/grub.d/00_tuned (escaped: /etc/grub.d/00_tuned) 2020-05-20 13:38:52 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:52 Result: file /etc/grub.d/00_tuned is readable (or directory accessible). 2020-05-20 13:38:52 Result: did not find hashed password line in this file 2020-05-20 13:38:52 Result: GRUB has password protection. 2020-05-20 13:38:52 Hardening: assigned maximum number of hardening points for this item (4). Currently having 4 points (out of 4) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5124 (Check for FreeBSD boot loader presence) 2020-05-20 13:38:52 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5261 (Check for DragonFly boot loader presence) 2020-05-20 13:38:52 Reason to skip: Incorrect guest OS (DragonFly only) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5126 (Check for NetBSD boot loader presence) 2020-05-20 13:38:52 Reason to skip: Incorrect guest OS (NetBSD only) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5139 (Check for LILO boot loader presence) 2020-05-20 13:38:52 Test: checking for presence LILO configuration file 2020-05-20 13:38:52 Result: LILO configuration file not found 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5142 (Check SPARC Improved boot loader (SILO)) 2020-05-20 13:38:52 Result: no SILO configuration file found. 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5155 (Check for YABOOT boot loader configuration file) 2020-05-20 13:38:52 Test: Check for /etc/yaboot.conf 2020-05-20 13:38:52 Result: no YABOOT configuration file found. 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5159 (Check for OpenBSD boot loader presence) 2020-05-20 13:38:52 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5165 (Check for FreeBSD boot services) 2020-05-20 13:38:52 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5177 (Check for Linux boot and running services) 2020-05-20 13:38:52 Test: checking presence systemctl binary 2020-05-20 13:38:52 Result: systemctl binary found, trying that to discover information 2020-05-20 13:38:52 Searching for running services (systemctl services only) 2020-05-20 13:38:52 Found running service: active-standby-controller 2020-05-20 13:38:52 Found running service: auditd 2020-05-20 13:38:52 Found running service: auth-server 2020-05-20 13:38:52 Found running service: ceph-mgr@controller-1 2020-05-20 13:38:52 Found running service: ceph-mon@controller-1 2020-05-20 13:38:52 Found running service: ceph-osd@0 2020-05-20 13:38:52 Found running service: ceph-osd@3 2020-05-20 13:38:52 Found running service: containerd 2020-05-20 13:38:52 Found running service: crond 2020-05-20 13:38:52 Found running service: dbus 2020-05-20 13:38:52 Found running service: docker 2020-05-20 13:38:52 Found running service: dss-server 2020-05-20 13:38:52 Found running service: epmd@0.0.0.0 2020-05-20 13:38:52 Found running service: etcd 2020-05-20 13:38:52 Found running service: getty@tty1 2020-05-20 13:38:52 Found running service: haproxy 2020-05-20 13:38:52 Found running service: ironic-api 2020-05-20 13:38:52 Found running service: irqbalance 2020-05-20 13:38:52 Found running service: keepalivedmonitor 2020-05-20 13:38:52 Found running service: keepalivedmonitoragent 2020-05-20 13:38:52 Found running service: keystone-wsgi-admin 2020-05-20 13:38:52 Found running service: keystone-wsgi-public 2020-05-20 13:38:52 Found running service: ksmtuned 2020-05-20 13:38:52 Found running service: kubelet 2020-05-20 13:38:52 Found running service: kubelet_healthcheck 2020-05-20 13:38:52 Found running service: lvm2-lvmetad 2020-05-20 13:38:52 Found running service: memcached 2020-05-20 13:38:52 Found running service: nginx 2020-05-20 13:38:52 Found running service: ntpd 2020-05-20 13:38:52 Found running service: ovs-vswitchd 2020-05-20 13:38:52 Found running service: ovsdb-server 2020-05-20 13:38:52 Found running service: polkit 2020-05-20 13:38:52 Found running service: rabbitmq-server 2020-05-20 13:38:52 Found running service: rdma-ndd 2020-05-20 13:38:52 Found running service: redis 2020-05-20 13:38:52 Found running service: redismonitor 2020-05-20 13:38:52 Found running service: restapi 2020-05-20 13:38:52 Found running service: rpcbind 2020-05-20 13:38:52 Found running service: serial-getty@ttyS1 2020-05-20 13:38:52 Found running service: sshd 2020-05-20 13:38:52 Found running service: systemd-journald 2020-05-20 13:38:52 Found running service: systemd-logind 2020-05-20 13:38:52 Found running service: systemd-udevd 2020-05-20 13:38:52 Found running service: tuned 2020-05-20 13:38:52 Found running service: xinetd 2020-05-20 13:38:52 Hint: Run systemctl --full --type=service to see all services 2020-05-20 13:38:52 Result: Found 45 running services 2020-05-20 13:38:52 Searching for enabled services (systemctl services only) 2020-05-20 13:38:52 Found enabled service at boot: active-standby-controller 2020-05-20 13:38:52 Found enabled service at boot: auditd 2020-05-20 13:38:52 Found enabled service at boot: auth-server 2020-05-20 13:38:52 Found enabled service at boot: autovt@ 2020-05-20 13:38:52 Found enabled service at boot: ceph-mgr@ 2020-05-20 13:38:52 Found enabled service at boot: ceph-mon@ 2020-05-20 13:38:52 Found enabled service at boot: cmagent 2020-05-20 13:38:52 Found enabled service at boot: crond 2020-05-20 13:38:52 Found enabled service at boot: docker 2020-05-20 13:38:52 Found enabled service at boot: dss-server 2020-05-20 13:38:52 Found enabled service at boot: etcd 2020-05-20 13:38:52 Found enabled service at boot: finalize-bootstrap 2020-05-20 13:38:52 Found enabled service at boot: getty@ 2020-05-20 13:38:52 Found enabled service at boot: haproxy 2020-05-20 13:38:52 Found enabled service at boot: iptables 2020-05-20 13:38:52 Found enabled service at boot: ironic-api 2020-05-20 13:38:52 Found enabled service at boot: ironic-conductor 2020-05-20 13:38:52 Found enabled service at boot: irqbalance 2020-05-20 13:38:52 Found enabled service at boot: iscsi 2020-05-20 13:38:52 Found enabled service at boot: kdump 2020-05-20 13:38:52 Found enabled service at boot: keepalivedmonitor 2020-05-20 13:38:52 Found enabled service at boot: keepalivedmonitoragent 2020-05-20 13:38:52 Found enabled service at boot: keystone-wsgi-admin 2020-05-20 13:38:52 Found enabled service at boot: keystone-wsgi-public 2020-05-20 13:38:52 Found enabled service at boot: ksm 2020-05-20 13:38:52 Found enabled service at boot: ksmtuned 2020-05-20 13:38:52 Found enabled service at boot: kubelet 2020-05-20 13:38:52 Found enabled service at boot: kubelet_healthcheck 2020-05-20 13:38:52 Found enabled service at boot: lvm2-monitor 2020-05-20 13:38:52 Found enabled service at boot: mariadb 2020-05-20 13:38:52 Found enabled service at boot: memcached 2020-05-20 13:38:52 Found enabled service at boot: nginx 2020-05-20 13:38:52 Found enabled service at boot: ntpd 2020-05-20 13:38:52 Found enabled service at boot: ntpdate 2020-05-20 13:38:52 Found enabled service at boot: qemu-guest-agent 2020-05-20 13:38:52 Found enabled service at boot: rabbitmq-server 2020-05-20 13:38:52 Found enabled service at boot: redis 2020-05-20 13:38:52 Found enabled service at boot: redismonitor 2020-05-20 13:38:52 Found enabled service at boot: restapi 2020-05-20 13:38:52 Found enabled service at boot: rhel-autorelabel 2020-05-20 13:38:52 Found enabled service at boot: rhel-configure 2020-05-20 13:38:52 Found enabled service at boot: rhel-dmesg 2020-05-20 13:38:52 Found enabled service at boot: rhel-domainname 2020-05-20 13:38:52 Found enabled service at boot: rhel-import-state 2020-05-20 13:38:52 Found enabled service at boot: rhel-loadmodules 2020-05-20 13:38:52 Found enabled service at boot: rhel-readonly 2020-05-20 13:38:52 Found enabled service at boot: rpcbind 2020-05-20 13:38:52 Found enabled service at boot: sriov 2020-05-20 13:38:52 Found enabled service at boot: sshd 2020-05-20 13:38:52 Found enabled service at boot: systemd-readahead-collect 2020-05-20 13:38:52 Found enabled service at boot: systemd-readahead-drop 2020-05-20 13:38:52 Found enabled service at boot: systemd-readahead-replay 2020-05-20 13:38:52 Found enabled service at boot: tuned 2020-05-20 13:38:52 Found enabled service at boot: xinetd 2020-05-20 13:38:52 Hint: Run systemctl list-unit-files --type=service to see all services 2020-05-20 13:38:52 Result: Found 54 enabled services 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5180 (Check for Linux boot services (Debian style)) 2020-05-20 13:38:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5184 (Check permissions for boot files/scripts) 2020-05-20 13:38:52 Result: checking /etc/init.d scripts for writable bit 2020-05-20 13:38:52 Test: checking if directory /etc/init.d exists 2020-05-20 13:38:52 Result: directory /etc/init.d found 2020-05-20 13:38:52 Test: checking for available files in directory 2020-05-20 13:38:52 Result: found no files in directory. 2020-05-20 13:38:52 Test: checking if directory /etc/rc.d exists 2020-05-20 13:38:52 Result: directory /etc/rc.d found 2020-05-20 13:38:52 Test: checking for available files in directory 2020-05-20 13:38:52 Result: found files in directory, checking permissions now 2020-05-20 13:38:52 Test: checking permissions of file /etc/rc.d/init.d/README 2020-05-20 13:38:52 Result: good, file /etc/rc.d/init.d/README not world writable 2020-05-20 13:38:52 Test: checking permissions of file /etc/rc.d/init.d/functions 2020-05-20 13:38:52 Result: good, file /etc/rc.d/init.d/functions not world writable 2020-05-20 13:38:52 Test: checking permissions of file /etc/rc.d/init.d/netconsole 2020-05-20 13:38:52 Result: good, file /etc/rc.d/init.d/netconsole not world writable 2020-05-20 13:38:52 Test: checking permissions of file /etc/rc.d/init.d/network 2020-05-20 13:38:52 Result: good, file /etc/rc.d/init.d/network not world writable 2020-05-20 13:38:52 Test: checking permissions of file /etc/rc.d/rc.local 2020-05-20 13:38:52 Result: good, file /etc/rc.d/rc.local not world writable 2020-05-20 13:38:52 Test: checking if directory /etc/rcS.d exists 2020-05-20 13:38:52 Result: directory /etc/rcS.d not found. Skipping.. 2020-05-20 13:38:52 Test: Checking /etc/rc0.d scripts for writable bit 2020-05-20 13:38:52 Test: Checking /etc/rc1.d scripts for writable bit 2020-05-20 13:38:52 Test: Checking /etc/rc2.d scripts for writable bit 2020-05-20 13:38:52 Test: Checking /etc/rc3.d scripts for writable bit 2020-05-20 13:38:52 Test: Checking /etc/rc4.d scripts for writable bit 2020-05-20 13:38:52 Test: Checking /etc/rc5.d scripts for writable bit 2020-05-20 13:38:52 Test: Checking /etc/rc6.d scripts for writable bit 2020-05-20 13:38:52 Action: checking symlink for file /etc/rc.local 2020-05-20 13:38:52 Note: Using real readlink binary to determine symlink on /etc/rc.local 2020-05-20 13:38:52 Result: readlink shows /etc/rc.d/rc.local as output 2020-05-20 13:38:52 Result: symlink found, pointing to file /etc/rc.d/rc.local 2020-05-20 13:38:52 Result: found the path behind this symlink (/etc/rc.d/rc.local --> /etc/rc.local) 2020-05-20 13:38:52 Test: Checking /etc/rc.d/rc.local file for writable bit 2020-05-20 13:38:52 Result: good, file /etc/rc.d/rc.local not world writable 2020-05-20 13:38:52 Hardening: assigned maximum number of hardening points for this item (3). Currently having 7 points (out of 7) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5202 (Check uptime of system) 2020-05-20 13:38:52 Uptime (in seconds): 13835 2020-05-20 13:38:52 Uptime (in days): 0 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID BOOT-5260 (Check single user mode for systemd) 2020-05-20 13:38:52 Test: Searching /usr/lib/systemd/system/rescue.service 2020-05-20 13:38:52 Result: file /usr/lib/systemd/system/rescue.service 2020-05-20 13:38:52 Test: checking presence sulogin for single user mode 2020-05-20 13:38:52 Result: found sulogin, so single user is protected 2020-05-20 13:38:52 Hardening: assigned maximum number of hardening points for this item (3). Currently having 10 points (out of 10) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5262 (Check for OpenBSD boot daemons) 2020-05-20 13:38:52 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5263 (Check permissions for boot files/scripts) 2020-05-20 13:38:52 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Skipped test BOOT-5264 (Run systemd-analyze security) 2020-05-20 13:38:52 Reason to skip: systemd-analyze too old (v219), need at least v240 2020-05-20 13:38:52 Security check: file is normal 2020-05-20 13:38:52 Checking permissions of /home/cloudadmin/lynis/include/tests_kernel 2020-05-20 13:38:52 File permissions are OK 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Action: Performing tests from category: Kernel 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID KRNL-5622 (Determine Linux default run level) 2020-05-20 13:38:52 Test: Checking for systemd default.target 2020-05-20 13:38:52 Result: symlink found 2020-05-20 13:38:52 Result: No match found on runlevel, defaulting to runlevel 3 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID KRNL-5677 (Check CPU options and support) 2020-05-20 13:38:52 Test: Checking /proc/cpuinfo 2020-05-20 13:38:52 Result: found /proc/cpuinfo 2020-05-20 13:38:52 Test: Checking CPU options (XD/NX/PAE) 2020-05-20 13:38:52 PAE: Yes 2020-05-20 13:38:52 NX: Yes 2020-05-20 13:38:52 Result: PAE or No eXecute option(s) both found 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID KRNL-5695 (Determine Linux kernel version and release number) 2020-05-20 13:38:52 Result: found kernel release 4.14.119-200.el7.x86_64 2020-05-20 13:38:52 Result: found kernel version #1 SMP Fri May 17 00:01:39 UTC 2019 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID KRNL-5723 (Determining if Linux kernel is monolithic) 2020-05-20 13:38:52 Test: checking if kernel is monolithic or modular 2020-05-20 13:38:52 Result: Found modular kernel 2020-05-20 13:38:52 ==== 2020-05-20 13:38:52 Performing test ID KRNL-5726 (Checking Linux loaded kernel modules) 2020-05-20 13:38:52 Loaded modules according lsmod: 2020-05-20 13:38:52 Loaded module: 8021q 2020-05-20 13:38:52 Loaded module: acpi_cpufreq 2020-05-20 13:38:52 Loaded module: acpi_pad 2020-05-20 13:38:52 Loaded module: acpi_power_meter 2020-05-20 13:38:52 Loaded module: binfmt_misc 2020-05-20 13:38:52 Loaded module: bonding 2020-05-20 13:38:52 Loaded module: br_netfilter 2020-05-20 13:38:52 Loaded module: bridge 2020-05-20 13:38:52 Loaded module: cdc_ether 2020-05-20 13:38:52 Loaded module: coretemp 2020-05-20 13:38:52 Loaded module: crc32_pclmul 2020-05-20 13:38:52 Loaded module: crc32c_intel 2020-05-20 13:38:52 Loaded module: crct10dif_pclmul 2020-05-20 13:38:52 Loaded module: dca 2020-05-20 13:38:52 Loaded module: devlink 2020-05-20 13:38:52 Loaded module: drm 2020-05-20 13:38:52 Loaded module: drm_kms_helper 2020-05-20 13:38:52 Loaded module: garp 2020-05-20 13:38:52 Loaded module: ghash_clmulni_intel 2020-05-20 13:38:52 Loaded module: i2c_algo_bit 2020-05-20 13:38:52 Loaded module: i2c_i801 2020-05-20 13:38:52 Loaded module: iTCO_vendor_support 2020-05-20 13:38:52 Loaded module: iTCO_wdt 2020-05-20 13:38:52 Loaded module: ib_cm 2020-05-20 13:38:52 Loaded module: ib_core 2020-05-20 13:38:53 Loaded module: ib_ipoib 2020-05-20 13:38:53 Loaded module: ib_iser 2020-05-20 13:38:53 Loaded module: ib_isert 2020-05-20 13:38:53 Loaded module: ib_srp 2020-05-20 13:38:53 Loaded module: ib_srpt 2020-05-20 13:38:53 Loaded module: ib_umad 2020-05-20 13:38:53 Loaded module: ib_uverbs 2020-05-20 13:38:53 Loaded module: igb 2020-05-20 13:38:53 Loaded module: inet_diag 2020-05-20 13:38:53 Loaded module: intel_cstate 2020-05-20 13:38:53 Loaded module: intel_powerclamp 2020-05-20 13:38:53 Loaded module: intel_rapl 2020-05-20 13:38:53 Loaded module: intel_rapl_perf 2020-05-20 13:38:53 Loaded module: intel_uncore 2020-05-20 13:38:53 Loaded module: ioatdma 2020-05-20 13:38:53 Loaded module: ip6_udp_tunnel 2020-05-20 13:38:53 Loaded module: ip_vs 2020-05-20 13:38:53 Loaded module: ipmi_devintf 2020-05-20 13:38:53 Loaded module: ipmi_msghandler 2020-05-20 13:38:53 Loaded module: ipmi_si 2020-05-20 13:38:53 Loaded module: ipt_MASQUERADE 2020-05-20 13:38:53 Loaded module: iptable_nat 2020-05-20 13:38:53 Loaded module: irqbypass 2020-05-20 13:38:53 Loaded module: iscsi_target_mod 2020-05-20 13:38:53 Loaded module: iw_cm 2020-05-20 13:38:53 Loaded module: ixgbe 2020-05-20 13:38:53 Loaded module: joydev 2020-05-20 13:38:53 Loaded module: kvm 2020-05-20 13:38:53 Loaded module: kvm_intel 2020-05-20 13:38:53 Loaded module: libceph 2020-05-20 13:38:53 Loaded module: libcrc32c 2020-05-20 13:38:53 Loaded module: libiscsi 2020-05-20 13:38:53 Loaded module: llc 2020-05-20 13:38:53 Loaded module: lpc_ich 2020-05-20 13:38:53 Loaded module: mdio 2020-05-20 13:38:53 Loaded module: mei 2020-05-20 13:38:53 Loaded module: mei_me 2020-05-20 13:38:53 Loaded module: mii 2020-05-20 13:38:53 Loaded module: mlx5_core 2020-05-20 13:38:53 Loaded module: mlx5_ib 2020-05-20 13:38:53 Loaded module: mlxfw 2020-05-20 13:38:53 Loaded module: mrp 2020-05-20 13:38:53 Loaded module: nbd 2020-05-20 13:38:53 Loaded module: nf_conntrack 2020-05-20 13:38:53 Loaded module: nf_conntrack_ipv4 2020-05-20 13:38:53 Loaded module: nf_conntrack_ipv6 2020-05-20 13:38:53 Loaded module: nf_conntrack_netlink 2020-05-20 13:38:53 Loaded module: nf_defrag_ipv4 2020-05-20 13:38:53 Loaded module: nf_defrag_ipv6 2020-05-20 13:38:53 Loaded module: nf_log_common 2020-05-20 13:38:53 Loaded module: nf_log_ipv4 2020-05-20 13:38:53 Loaded module: nf_nat 2020-05-20 13:38:53 Loaded module: nf_nat_ipv4 2020-05-20 13:38:53 Loaded module: nf_nat_ipv6 2020-05-20 13:38:53 Loaded module: nf_nat_masquerade_ipv4 2020-05-20 13:38:53 Loaded module: nfnetlink 2020-05-20 13:38:53 Loaded module: openvswitch 2020-05-20 13:38:53 Loaded module: overlay 2020-05-20 13:38:53 Loaded module: pcc_cpufreq 2020-05-20 13:38:53 Loaded module: pps_core 2020-05-20 13:38:53 Loaded module: ptp 2020-05-20 13:38:53 Loaded module: rbd 2020-05-20 13:38:53 Loaded module: rdma_cm 2020-05-20 13:38:53 Loaded module: rdma_ucm 2020-05-20 13:38:53 Loaded module: rpcrdma 2020-05-20 13:38:53 Loaded module: scsi_transport_iscsi 2020-05-20 13:38:53 Loaded module: scsi_transport_srp 2020-05-20 13:38:53 Loaded module: shpchp 2020-05-20 13:38:53 Loaded module: stp 2020-05-20 13:38:53 Loaded module: sunrpc 2020-05-20 13:38:53 Loaded module: target_core_mod 2020-05-20 13:38:53 Loaded module: tcp_diag 2020-05-20 13:38:53 Loaded module: tpm 2020-05-20 13:38:53 Loaded module: tpm_crb 2020-05-20 13:38:53 Loaded module: tpm_tis 2020-05-20 13:38:53 Loaded module: tpm_tis_core 2020-05-20 13:38:53 Loaded module: ttm 2020-05-20 13:38:53 Loaded module: uas 2020-05-20 13:38:53 Loaded module: udp_diag 2020-05-20 13:38:53 Loaded module: udp_tunnel 2020-05-20 13:38:53 Loaded module: usb_storage 2020-05-20 13:38:53 Loaded module: usbnet 2020-05-20 13:38:53 Loaded module: veth 2020-05-20 13:38:53 Loaded module: vxlan 2020-05-20 13:38:53 Loaded module: wmi 2020-05-20 13:38:53 Loaded module: x86_pkg_temp_thermal 2020-05-20 13:38:53 Loaded module: xfs 2020-05-20 13:38:53 Loaded module: xt_LOG 2020-05-20 13:38:53 Loaded module: xt_addrtype 2020-05-20 13:38:53 Loaded module: xt_comment 2020-05-20 13:38:53 Loaded module: xt_conntrack 2020-05-20 13:38:53 Loaded module: xt_limit 2020-05-20 13:38:53 Loaded module: xt_mark 2020-05-20 13:38:53 Loaded module: xt_multiport 2020-05-20 13:38:53 Loaded module: xt_nat 2020-05-20 13:38:53 Loaded module: xt_recent 2020-05-20 13:38:53 Loaded module: xt_statistic 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID KRNL-5728 (Checking Linux kernel config) 2020-05-20 13:38:53 Result: found config (/boot/config-4.14.119-200.el7.x86_64) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID KRNL-5730 (Checking disk I/O kernel scheduler) 2020-05-20 13:38:53 Test: Checking the default I/O kernel scheduler 2020-05-20 13:38:53 Result: found IO scheduler 'cfq' 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Skipped test KRNL-5745 (Checking FreeBSD loaded kernel modules) 2020-05-20 13:38:53 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Skipped test KRNL-5831 (Checking DragonFly loaded kernel modules) 2020-05-20 13:38:53 Reason to skip: Incorrect guest OS (DragonFly only) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Skipped test KRNL-5770 (Checking active kernel modules) 2020-05-20 13:38:53 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Skipped test KRNL-5788 (Checking availability new Linux kernel) 2020-05-20 13:38:53 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID KRNL-5820 (Checking core dumps configuration) 2020-05-20 13:38:53 Test: Checking presence of systemd 2020-05-20 13:38:53 Result: systemd is present on this system 2020-05-20 13:38:53 Test: Checking if core dumps are disabled in /etc/systemd/coredump.conf and /etc/systemd/coredump.conf.d/*.conf 2020-05-20 13:38:53 Result: core dumps are not disabled in systemd configuration. Didn't find settings 'ProcessSizeMax=0' and 'Storage=none' 2020-05-20 13:38:53 Hardening: assigned partial number of hardening points (0 of 1). Currently having 10 points (out of 11) 2020-05-20 13:38:53 Test: Checking presence /etc/profile 2020-05-20 13:38:53 Test: Checking if 'ulimit -c 0' exists in /etc/profile or /etc/profile.d/*.sh 2020-05-20 13:38:53 Result: core dumps are not disabled in /etc/profile or /etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0' 2020-05-20 13:38:53 Hardening: assigned partial number of hardening points (0 of 1). Currently having 10 points (out of 12) 2020-05-20 13:38:53 Test: Checking presence /etc/security/limits.conf 2020-05-20 13:38:53 Result: file /etc/security/limits.conf exists 2020-05-20 13:38:53 Test: Checking if core dumps are disabled in /etc/security/limits.conf and /etc/security/limits.d/* 2020-05-20 13:38:53 Result: core dumps are hard disabled 2020-05-20 13:38:53 Hardening: assigned maximum number of hardening points for this item (3). Currently having 13 points (out of 15) 2020-05-20 13:38:53 Test: Checking sysctl value of fs.suid_dumpable 2020-05-20 13:38:53 Result: value 0 found 2020-05-20 13:38:53 Result: found default option (0), no execute only program or program with changed privilege levels can dump 2020-05-20 13:38:53 Hardening: assigned maximum number of hardening points for this item (1). Currently having 14 points (out of 16) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID KRNL-5830 (Checking if system is running on the latest installed kernel) 2020-05-20 13:38:53 Test: Checking presence /var/run/reboot-required.pkgs 2020-05-20 13:38:53 Result: file /var/run/reboot-required.pkgs not found 2020-05-20 13:38:53 Result: /boot exists, performing more tests from here 2020-05-20 13:38:53 Result: found /boot/vmlinuz-4.14.119-200.el7.x86_64 2020-05-20 13:38:53 Test: checking kernel version on disk 2020-05-20 13:38:53 Result: found version 4.14.119-200.el7.x86_64 2020-05-20 13:38:53 Result: active kernel version 4.14.119-200.el7.x86_64 2020-05-20 13:38:53 Result: no reboot needed, active kernel is the same version as the one on disk 2020-05-20 13:38:53 Result: /var/cache/apt/archives/ does not exist 2020-05-20 13:38:53 Hardening: assigned maximum number of hardening points for this item (5). Currently having 19 points (out of 21) 2020-05-20 13:38:53 Security check: file is normal 2020-05-20 13:38:53 Checking permissions of /home/cloudadmin/lynis/include/tests_memory_processes 2020-05-20 13:38:53 File permissions are OK 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Action: Performing tests from category: Memory and Processes 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID PROC-3602 (Checking /proc/meminfo for memory details) 2020-05-20 13:38:53 Result: found /proc/meminfo 2020-05-20 13:38:53 Result: Found 196454636 kB memory 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Skipped test PROC-3604 (Query prtconf for memory details) 2020-05-20 13:38:53 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID PROC-3612 (Check dead or zombie processes) 2020-05-20 13:38:53 Result: no zombie processes found 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID PROC-3614 (Check heavy IO waiting based processes) 2020-05-20 13:38:53 Result: No processes were waiting for IO requests to be handled first 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID PROC-3802 (Check presence of prelink tooling) 2020-05-20 13:38:53 Result: prelink package is NOT installed 2020-05-20 13:38:53 Hardening: assigned maximum number of hardening points for this item (3). Currently having 22 points (out of 24) 2020-05-20 13:38:53 Security check: file is normal 2020-05-20 13:38:53 Checking permissions of /home/cloudadmin/lynis/include/tests_authentication 2020-05-20 13:38:53 File permissions are OK 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Action: Performing tests from category: Users, Groups and Authentication 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9204 (Check users with an UID of zero) 2020-05-20 13:38:53 Test: Searching accounts with UID 0 2020-05-20 13:38:53 Result: No accounts found with UID 0 other than root. 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9208 (Check non-unique accounts in passwd file) 2020-05-20 13:38:53 Test: Checking for non-unique accounts 2020-05-20 13:38:53 Result: all accounts found in /etc/passwd are unique 2020-05-20 13:38:53 Remarks: Non unique UIDs can be a risk for the system or part of a configuration mistake 2020-05-20 13:38:53 Prerequisite test: /usr/sbin/chkgrp 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Skipped test AUTH-9212 (Test group file) 2020-05-20 13:38:53 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9216 (Check group and shadow group files) 2020-05-20 13:38:53 Test: Checking for grpck binary output 2020-05-20 13:38:53 Result: grpck binary didn't find any errors in the group files 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Skipped test AUTH-9218 (Check login shells for passwordless accounts) 2020-05-20 13:38:53 Reason to skip: Incorrect guest OS (DragonFly FreeBSD NetBSD OpenBSD only) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9222 (Check unique groups (IDs)) 2020-05-20 13:38:53 Test: Checking for non unique group ID's in /etc/group 2020-05-20 13:38:53 Result: All group ID's are unique 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9226 (Check unique group names) 2020-05-20 13:38:53 Test: Checking for non unique group names in /etc/group 2020-05-20 13:38:53 Result: All group names are unique 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9228 (Check password file consistency with pwck) 2020-05-20 13:38:53 Test: Checking password file consistency (pwck) 2020-05-20 13:38:53 Result: pwck found one or more errors/warnings in the password file. 2020-05-20 13:38:53 Suggestion: Run pwck manually and correct any errors in the password file [test:AUTH-9228] [details:-] [solution:-] 2020-05-20 13:38:53 Hardening: assigned partial number of hardening points (0 of 2). Currently having 22 points (out of 26) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9229 (Check password hashing methods) 2020-05-20 13:38:53 Test: Checking password hashing methods 2020-05-20 13:38:53 Result: no poor password hashing methods found 2020-05-20 13:38:53 Hardening: assigned maximum number of hardening points for this item (2). Currently having 24 points (out of 28) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9230 (Check group password hashing rounds) 2020-05-20 13:38:53 Test: Checking SHA_CRYPT_MIN_ROUNDS option in /etc/login.defs 2020-05-20 13:38:53 Result: number of minimum rounds used by the encryption algorithm is not configured 2020-05-20 13:38:53 Suggestion: Configure minimum encryption algorithm rounds in /etc/login.defs [test:AUTH-9230] [details:-] [solution:-] 2020-05-20 13:38:53 Hardening: assigned partial number of hardening points (0 of 2). Currently having 24 points (out of 30) 2020-05-20 13:38:53 Test: Checking SHA_CRYPT_MAX_ROUNDS option in /etc/login.defs 2020-05-20 13:38:53 Result: number of maximum rounds used by the encryption algorithm is not configured 2020-05-20 13:38:53 Suggestion: Configure maximum encryption algorithm rounds in /etc/login.defs [test:AUTH-9230] [details:-] [solution:-] 2020-05-20 13:38:53 Hardening: assigned partial number of hardening points (0 of 2). Currently having 24 points (out of 32) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9234 (Query user accounts) 2020-05-20 13:38:53 Test: Read system users (including root user) from password database (e.g. /etc/passwd) 2020-05-20 13:38:53 Result: found minimal user id specified: 1000 2020-05-20 13:38:53 Linux real users output (ID = 0, or 1000+, but not 65534): 2020-05-20 13:38:53 Real user: root,0 2020-05-20 13:38:53 Real user: cloudadmin,1000 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9240 (Query NIS+ authentication support) 2020-05-20 13:38:53 Result: NIS+ authentication not enabled 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9242 (Query NIS authentication support) 2020-05-20 13:38:53 Result: NIS authentication not enabled 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9250 (Checking sudoers file) 2020-05-20 13:38:53 Test: checking presence /etc/sudoers 2020-05-20 13:38:53 Result: found file (/etc/sudoers) 2020-05-20 13:38:53 Test: checking presence /usr/local/etc/sudoers 2020-05-20 13:38:53 Result: file /usr/local/etc/sudoers not found 2020-05-20 13:38:53 Test: checking presence /usr/pkg/etc/sudoers 2020-05-20 13:38:53 Result: file /usr/pkg/etc/sudoers not found 2020-05-20 13:38:53 Result: sudoers file found (/etc/sudoers) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9252 (Check ownership and permissions for sudo configuration files) 2020-05-20 13:38:53 Test: checking drop-in directory (/etc/sudoers.d) 2020-05-20 13:38:53 Result: Found directory permissions: rwxr-x--- and owner UID GID: 00 2020-05-20 13:38:53 Result: directory /etc/sudoers.d permissions OK 2020-05-20 13:38:53 Result: directory /etc/sudoers.d ownership OK 2020-05-20 13:38:53 Test: checking file (/etc/sudoers) 2020-05-20 13:38:53 Result: Found file permissions: r--r----- and owner UID GID: 00 2020-05-20 13:38:53 Result: file /etc/sudoers permissions OK 2020-05-20 13:38:53 Result: file /etc/sudoers ownership OK 2020-05-20 13:38:53 Test: checking file (/etc/sudoers.d/ironic-inspector) 2020-05-20 13:38:53 Result: Found file permissions: r--r----- and owner UID GID: 00 2020-05-20 13:38:53 Result: file /etc/sudoers.d/ironic-inspector permissions OK 2020-05-20 13:38:53 Result: file /etc/sudoers.d/ironic-inspector ownership OK 2020-05-20 13:38:53 Test: checking file (/etc/sudoers.d/ironic) 2020-05-20 13:38:53 Result: Found file permissions: r--r----- and owner UID GID: 00 2020-05-20 13:38:53 Result: file /etc/sudoers.d/ironic permissions OK 2020-05-20 13:38:53 Result: file /etc/sudoers.d/ironic ownership OK 2020-05-20 13:38:53 Test: checking file (/etc/sudoers.d/cloudadmin) 2020-05-20 13:38:53 Result: Found file permissions: r--r----- and owner UID GID: 00 2020-05-20 13:38:53 Result: file /etc/sudoers.d/cloudadmin permissions OK 2020-05-20 13:38:53 Result: file /etc/sudoers.d/cloudadmin ownership OK 2020-05-20 13:38:53 Test: checking file (/etc/sudoers.d/ironic_sudoers) 2020-05-20 13:38:53 Result: Found file permissions: r--r----- and owner UID GID: 00 2020-05-20 13:38:53 Result: file /etc/sudoers.d/ironic_sudoers permissions OK 2020-05-20 13:38:53 Result: file /etc/sudoers.d/ironic_sudoers ownership OK 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Skipped test AUTH-9254 (Solaris passwordless accounts) 2020-05-20 13:38:53 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9262 (Checking presence password strength testing tools (PAM)) 2020-05-20 13:38:53 Searching PAM password testing modules (cracklib, passwdqc, pwquality) 2020-05-20 13:38:53 Result: found pam_cracklib.so (crack library PAM) in /lib64/security 2020-05-20 13:38:53 Result: found pam_pwquality.so (password quality control PAM) in /lib64/security 2020-05-20 13:38:53 Result: pam_cracklib.so found 2020-05-20 13:38:53 Result: pam_passwdqc.so NOT found (passwd quality control PAM) 2020-05-20 13:38:53 Result: pam_pwquality.so found 2020-05-20 13:38:53 Result: found at least one PAM module for password strength testing 2020-05-20 13:38:53 Hardening: assigned maximum number of hardening points for this item (3). Currently having 27 points (out of 35) 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9264 (Checking presence pam.conf) 2020-05-20 13:38:53 Test: Checking file /etc/pam.conf 2020-05-20 13:38:53 Result: file /etc/pam.conf could not be found 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9266 (Checking presence pam.d files) 2020-05-20 13:38:53 Test: Checking directory /etc/pam.d 2020-05-20 13:38:53 Result: directory /etc/pam.d exists 2020-05-20 13:38:53 Test: searching PAM configuration files 2020-05-20 13:38:53 Found file: /etc/pam.d/chfn 2020-05-20 13:38:53 Found file: /etc/pam.d/chsh 2020-05-20 13:38:53 Found file: /etc/pam.d/config-util 2020-05-20 13:38:53 Found file: /etc/pam.d/crond 2020-05-20 13:38:53 Found file: /etc/pam.d/fingerprint-auth-ac 2020-05-20 13:38:53 Found file: /etc/pam.d/login 2020-05-20 13:38:53 Found file: /etc/pam.d/other 2020-05-20 13:38:53 Found file: /etc/pam.d/passwd 2020-05-20 13:38:53 Found file: /etc/pam.d/password-auth-ac 2020-05-20 13:38:53 Found file: /etc/pam.d/password-auth-local 2020-05-20 13:38:53 Found file: /etc/pam.d/polkit-1 2020-05-20 13:38:53 Found file: /etc/pam.d/postlogin-ac 2020-05-20 13:38:53 Found file: /etc/pam.d/remote 2020-05-20 13:38:53 Found file: /etc/pam.d/runuser 2020-05-20 13:38:53 Found file: /etc/pam.d/runuser-l 2020-05-20 13:38:53 Found file: /etc/pam.d/smartcard-auth-ac 2020-05-20 13:38:53 Found file: /etc/pam.d/sshd 2020-05-20 13:38:53 Found file: /etc/pam.d/su 2020-05-20 13:38:53 Found file: /etc/pam.d/su-l 2020-05-20 13:38:53 Found file: /etc/pam.d/sudo 2020-05-20 13:38:53 Found file: /etc/pam.d/sudo-i 2020-05-20 13:38:53 Found file: /etc/pam.d/system-auth-ac 2020-05-20 13:38:53 Found file: /etc/pam.d/system-auth-local 2020-05-20 13:38:53 Found file: /etc/pam.d/systemd-user 2020-05-20 13:38:53 Found file: /etc/pam.d/vlock 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9268 (Checking presence pam.d files) 2020-05-20 13:38:53 Test: Searching pam modules 2020-05-20 13:38:53 Test: Checking /lib/arm-linux-gnueabihf/security 2020-05-20 13:38:53 Result: directory /lib/arm-linux-gnueabihf/security could not be found or is a symlink to another directory 2020-05-20 13:38:53 Test: Checking /lib/i386-linux-gnu/security 2020-05-20 13:38:53 Result: directory /lib/i386-linux-gnu/security could not be found or is a symlink to another directory 2020-05-20 13:38:53 Test: Checking /lib/security 2020-05-20 13:38:53 Result: directory /lib/security could not be found or is a symlink to another directory 2020-05-20 13:38:53 Test: Checking /lib/x86_64-linux-gnu/security 2020-05-20 13:38:53 Result: directory /lib/x86_64-linux-gnu/security could not be found or is a symlink to another directory 2020-05-20 13:38:53 Test: Checking /lib64/security 2020-05-20 13:38:53 Result: directory /lib64/security exists 2020-05-20 13:38:53 Found file: /lib64/security/pam_access.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_cap.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_chroot.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_console.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_cracklib.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_debug.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_deny.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_echo.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_env.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_exec.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_faildelay.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_faillock.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_filter.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_ftp.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_group.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_issue.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_keyinit.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_lastlog.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_limits.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_listfile.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_localuser.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_loginuid.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_mail.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_mkhomedir.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_motd.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_namespace.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_nologin.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_permit.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_postgresok.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_pwhistory.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_pwquality.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_rhosts.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_rootok.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_securetty.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_selinux.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_sepermit.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_shells.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_stress.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_succeed_if.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_systemd.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_tally2.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_time.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_timestamp.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_tty_audit.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_umask.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_unix.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_userdb.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_warn.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_wheel.so 2020-05-20 13:38:53 Found file: /lib64/security/pam_xauth.so 2020-05-20 13:38:53 Test: Checking /usr/lib 2020-05-20 13:38:53 Result: directory /usr/lib exists 2020-05-20 13:38:53 Test: Checking /usr/lib/security 2020-05-20 13:38:53 Result: directory /usr/lib/security could not be found or is a symlink to another directory 2020-05-20 13:38:53 ==== 2020-05-20 13:38:53 Performing test ID AUTH-9278 (Determine LDAP support in PAM files) 2020-05-20 13:38:53 Test: checking presence /etc/pam.d/common-auth 2020-05-20 13:38:53 Result: file /etc/pam.d/common-auth not found, skipping test 2020-05-20 13:38:53 Test: checking presence /etc/pam.d/system-auth 2020-05-20 13:38:53 Result: file /etc/pam.d/system-auth exists 2020-05-20 13:38:53 Test: checking presence LDAP module 2020-05-20 13:38:53 Result: LDAP module not found 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID AUTH-9282 (Checking password protected account without expire date) 2020-05-20 13:38:54 Test: Checking Linux version and password expire date status 2020-05-20 13:38:54 Result: found one or more accounts without expire date set 2020-05-20 13:38:54 Account without expire date: cloudadmin 2020-05-20 13:38:54 Suggestion: When possible set expire dates for all password protected accounts [test:AUTH-9282] [details:-] [solution:-] 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID AUTH-9283 (Checking accounts without password) 2020-05-20 13:38:54 Test: Checking passwordless accounts 2020-05-20 13:38:54 Result: found one or more accounts without password 2020-05-20 13:38:54 Account without password: kube 2020-05-20 13:38:54 Account without password: docker 2020-05-20 13:38:54 Account without password: caas_etcd 2020-05-20 13:38:54 Account without password: kubedns 2020-05-20 13:38:54 Account without password: flannel 2020-05-20 13:38:54 Account without password: swift 2020-05-20 13:38:54 Account without password: dockerreg 2020-05-20 13:38:54 Account without password: chartrepo 2020-05-20 13:38:54 Account without password: danm 2020-05-20 13:38:54 Account without password: elasticsearch 2020-05-20 13:38:54 Warning: Found accounts without password [test:AUTH-9283] [details:-] [solution:-] 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID AUTH-9286 (Checking user password aging) 2020-05-20 13:38:54 Test: Checking PASS_MIN_DAYS option in /etc/login.defs 2020-05-20 13:38:54 Result: password minimum age is not configured 2020-05-20 13:38:54 Suggestion: Configure minimum password age in /etc/login.defs [test:AUTH-9286] [details:-] [solution:-] 2020-05-20 13:38:54 Hardening: assigned partial number of hardening points (0 of 1). Currently having 27 points (out of 36) 2020-05-20 13:38:54 Test: Checking PASS_MAX_DAYS option in /etc/login.defs 2020-05-20 13:38:54 Result: max password age is 90 days 2020-05-20 13:38:54 Hardening: assigned maximum number of hardening points for this item (3). Currently having 30 points (out of 39) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID AUTH-9288 (Checking for expired passwords) 2020-05-20 13:38:54 Test: check if we can access /etc/shadow (escaped: /etc/shadow) 2020-05-20 13:38:54 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:38:54 Result: file /etc/shadow is readable (or directory accessible). 2020-05-20 13:38:54 Data: Days since epoch is 18402 2020-05-20 13:38:54 Test: collecting accounts which have an expired password (last day changed + maximum change time) 2020-05-20 13:38:54 Result: good, no passwords have been expired 2020-05-20 13:38:54 Hardening: assigned maximum number of hardening points for this item (10). Currently having 40 points (out of 49) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Skipped test AUTH-9304 (Check single user login configuration) 2020-05-20 13:38:54 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Skipped test AUTH-9306 (Check single boot authentication) 2020-05-20 13:38:54 Reason to skip: Incorrect guest OS (HP-UX only) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID AUTH-9308 (Check single user login configuration) 2020-05-20 13:38:54 Test: going to check several systemd targets now 2020-05-20 13:38:54 Test: checking if target console-shell.service is available (/lib/systemd/system/console-shell.service) 2020-05-20 13:38:54 Result: found target console-shell.service 2020-05-20 13:38:54 Result: sulogin was found, which is a good measure to protect single user mode 2020-05-20 13:38:54 Test: checking if target emergency.service is available (/lib/systemd/system/emergency.service) 2020-05-20 13:38:54 Result: found target emergency.service 2020-05-20 13:38:54 Result: sulogin was found, which is a good measure to protect single user mode 2020-05-20 13:38:54 Test: checking if target rescue.service is available (/lib/systemd/system/rescue.service) 2020-05-20 13:38:54 Result: found target rescue.service 2020-05-20 13:38:54 Result: sulogin was found, which is a good measure to protect single user mode 2020-05-20 13:38:54 Result: option set, password is needed at single user mode boot 2020-05-20 13:38:54 Hardening: assigned maximum number of hardening points for this item (2). Currently having 42 points (out of 51) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID AUTH-9328 (Default umask values) 2020-05-20 13:38:54 Test: Checking /etc/profile.d directory 2020-05-20 13:38:54 Result: found /etc/profile.d, with one or more files in it 2020-05-20 13:38:54 Test: Checking /etc/profile 2020-05-20 13:38:54 Result: file /etc/profile exists 2020-05-20 13:38:54 Test: Checking umask value in /etc/profile 2020-05-20 13:38:54 Result: found multiple umask values configured in /etc/profile 2020-05-20 13:38:54 Result: Found umask 027, which is fine 2020-05-20 13:38:54 Hardening: assigned maximum number of hardening points for this item (2). Currently having 44 points (out of 53) 2020-05-20 13:38:54 Result: Found umask 077, which is fine 2020-05-20 13:38:54 Hardening: assigned maximum number of hardening points for this item (2). Currently having 46 points (out of 55) 2020-05-20 13:38:54 Hardening: assigned maximum number of hardening points for this item (2). Currently having 48 points (out of 57) 2020-05-20 13:38:54 Test: Checking umask entries in /etc/passwd (pam_umask) 2020-05-20 13:38:54 Result: file /etc/passwd exists 2020-05-20 13:38:54 Test: Checking umask value in /etc/passwd 2020-05-20 13:38:54 Manual: one or more manual actions are required for further testing of this control/plugin 2020-05-20 13:38:54 Test: Checking /etc/login.defs 2020-05-20 13:38:54 Result: file /etc/login.defs exists 2020-05-20 13:38:54 Test: Checking umask value in /etc/login.defs 2020-05-20 13:38:54 Result: umask is 077, which is fine 2020-05-20 13:38:54 Hardening: assigned maximum number of hardening points for this item (2). Currently having 50 points (out of 59) 2020-05-20 13:38:54 Test: Checking /etc/init.d/functions 2020-05-20 13:38:54 Result: file /etc/init.d/functions exists 2020-05-20 13:38:54 Test: Checking umask value in /etc/init.d/functions 2020-05-20 13:38:54 Result: found umask 022, which could be improved 2020-05-20 13:38:54 Hardening: assigned partial number of hardening points (0 of 2). Currently having 50 points (out of 61) 2020-05-20 13:38:54 Test: Checking /etc/init.d/rc 2020-05-20 13:38:54 Result: file /etc/init.d/rc does not exist 2020-05-20 13:38:54 Test: Checking /etc/init.d/rcS 2020-05-20 13:38:54 Result: file /etc/init.d/rcS does not exist 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Skipped test AUTH-9340 (Solaris account locking) 2020-05-20 13:38:54 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID AUTH-9402 (Query LDAP authentication support) 2020-05-20 13:38:54 Result: LDAP authentication not enabled 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Skipped test AUTH-9406 (Query LDAP servers in client configuration) 2020-05-20 13:38:54 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID AUTH-9408 (Logging of failed login attempts) 2020-05-20 13:38:54 Test: Checking FAILLOG_ENAB option in /etc/login.defs 2020-05-20 13:38:54 Result: failed login attempts may not logged 2020-05-20 13:38:54 Hardening: assigned partial number of hardening points (0 of 1). Currently having 50 points (out of 62) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Skipped test AUTH-9409 (Checking /etc/doas.conf file) 2020-05-20 13:38:54 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Skipped test AUTH-9410 (Check /etc/doas.conf file permissions) 2020-05-20 13:38:54 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-05-20 13:38:54 Security check: file is normal 2020-05-20 13:38:54 Checking permissions of /home/cloudadmin/lynis/include/tests_shells 2020-05-20 13:38:54 File permissions are OK 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Action: Performing tests from category: Shells 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Skipped test SHLL-6202 (Check console TTYs) 2020-05-20 13:38:54 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID SHLL-6211 (Available and valid shells) 2020-05-20 13:38:54 Test: Searching for /etc/shells 2020-05-20 13:38:54 Result: Found /etc/shells file 2020-05-20 13:38:54 Test: Reading available shells from /etc/shells 2020-05-20 13:38:54 Found installed shell: /bin/sh 2020-05-20 13:38:54 Found installed shell: /bin/bash 2020-05-20 13:38:54 Found installed shell: /usr/bin/sh 2020-05-20 13:38:54 Found installed shell: /usr/bin/bash 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID SHLL-6220 (Idle session killing tools or settings) 2020-05-20 13:38:54 Test: Search for session timeout tools or settings in shell 2020-05-20 13:38:54 Performing pgrep scan without uid 2020-05-20 13:38:54 IsRunning: process 'timeoutd' not found 2020-05-20 13:38:54 Performing pgrep scan without uid 2020-05-20 13:38:54 IsRunning: process 'autolog' not found 2020-05-20 13:38:54 Result: could not find TMOUT setting in /etc/profile 2020-05-20 13:38:54 Result: could not find export, readonly or typeset -r in /etc/profile 2020-05-20 13:38:54 Result: could not find TMOUT setting in /etc/profile.d/*.sh 2020-05-20 13:38:54 Result: could not find export, readonly or typeset -r in /etc/profile 2020-05-20 13:38:54 Hardening: assigned partial number of hardening points (1 of 3). Currently having 51 points (out of 65) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID SHLL-6230 (Perform umask check for shell configurations) 2020-05-20 13:38:54 Result: file /etc/bashrc exists 2020-05-20 13:38:54 Result: found umask 002 in /etc/bashrc 2020-05-20 13:38:54 Result: umask 002 can be hardened 2020-05-20 13:38:54 Result: found umask 022 in /etc/bashrc 2020-05-20 13:38:54 Result: umask 022 can be hardened 2020-05-20 13:38:54 Hardening: assigned partial number of hardening points (1 of 3). Currently having 52 points (out of 68) 2020-05-20 13:38:54 Result: file /etc/bash.bashrc not found 2020-05-20 13:38:54 Result: file /etc/bash.bashrc.local not found 2020-05-20 13:38:54 Result: file /etc/csh.cshrc exists 2020-05-20 13:38:54 Result: found umask 002 in /etc/csh.cshrc 2020-05-20 13:38:54 Result: umask 002 can be hardened 2020-05-20 13:38:54 Result: found umask 022 in /etc/csh.cshrc 2020-05-20 13:38:54 Result: umask 022 can be hardened 2020-05-20 13:38:54 Hardening: assigned partial number of hardening points (1 of 3). Currently having 53 points (out of 71) 2020-05-20 13:38:54 Result: file /etc/profile exists 2020-05-20 13:38:54 Result: found umask 027 in /etc/profile 2020-05-20 13:38:54 Result: umask 027 is considered a properly hardened value 2020-05-20 13:38:54 Result: found umask 077 in /etc/profile 2020-05-20 13:38:54 Result: umask 077 is considered a properly hardened value 2020-05-20 13:38:54 Hardening: assigned maximum number of hardening points for this item (3). Currently having 56 points (out of 74) 2020-05-20 13:38:54 Security check: file is normal 2020-05-20 13:38:54 Checking permissions of /home/cloudadmin/lynis/include/tests_filesystems 2020-05-20 13:38:54 File permissions are OK 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Action: Performing tests from category: File systems 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID FILE-6310 (Checking /tmp, /home and /var directory) 2020-05-20 13:38:54 Test: Checking if /home is mounted separately or mounted on / file system 2020-05-20 13:38:54 Result: directory /home exists 2020-05-20 13:38:54 Result: found /home as a separated mount point 2020-05-20 13:38:54 Hardening: assigned maximum number of hardening points for this item (10). Currently having 66 points (out of 84) 2020-05-20 13:38:54 Test: Checking if /tmp is mounted separately or mounted on / file system 2020-05-20 13:38:54 Result: directory /tmp exists 2020-05-20 13:38:54 Result: /tmp not found in mount list. Directory most likely stored on / file system 2020-05-20 13:38:54 Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separate partition [test:FILE-6310] [details:-] [solution:-] 2020-05-20 13:38:54 Hardening: assigned partial number of hardening points (9 of 10). Currently having 75 points (out of 94) 2020-05-20 13:38:54 Test: Checking if /var is mounted separately or mounted on / file system 2020-05-20 13:38:54 Result: directory /var exists 2020-05-20 13:38:54 Result: /var not found in mount list. Directory most likely stored on / file system 2020-05-20 13:38:54 Suggestion: To decrease the impact of a full /var file system, place /var on a separate partition [test:FILE-6310] [details:-] [solution:-] 2020-05-20 13:38:54 Hardening: assigned partial number of hardening points (9 of 10). Currently having 84 points (out of 104) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID FILE-6311 (Checking LVM volume groups) 2020-05-20 13:38:54 Test: Checking for LVM volume groups 2020-05-20 13:38:54 Result: found one or more volume groups 2020-05-20 13:38:54 Found LVM volume group: VG 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID FILE-6312 (Checking LVM volumes) 2020-05-20 13:38:54 Test: Checking for LVM volumes 2020-05-20 13:38:54 Result: found one or more volumes 2020-05-20 13:38:54 Found LVM volume: audit 2020-05-20 13:38:54 Found LVM volume: cephmgr 2020-05-20 13:38:54 Found LVM volume: cephmon 2020-05-20 13:38:54 Found LVM volume: docker 2020-05-20 13:38:54 Found LVM volume: home 2020-05-20 13:38:54 Found LVM volume: log 2020-05-20 13:38:54 Found LVM volume: swift 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID FILE-6323 (Checking EXT file systems) 2020-05-20 13:38:54 Test: Checking for Linux EXT file systems 2020-05-20 13:38:54 Result: found one or more EXT file systems 2020-05-20 13:38:54 File system: /home/kubelet/plugins/kubernetes.io/rbd/mounts/caas-image-kubernetes-dynamic-pvc-27552b62-0338-4948-872e-24deecd43f2c (type: ext4) 2020-05-20 13:38:54 File system: /home/kubelet/pods/f50d50be-0783-4bbf-a9c0-9450b6522446/volumes/kubernetes.io~rbd/pvc-cec08bbb-0c7e-4395-9619-ec1eacec3bed (type: ext4) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID FILE-6324 (Checking XFS file systems) 2020-05-20 13:38:54 Test: Checking for Linux XFS file systems 2020-05-20 13:38:54 Result: found one or more XFS file systems 2020-05-20 13:38:54 File system: / (type: xfs) 2020-05-20 13:38:54 File system: /var/lib/ceph/mgr (type: xfs) 2020-05-20 13:38:54 File system: /home (type: xfs) 2020-05-20 13:38:54 File system: /var/lib/ceph/mon (type: xfs) 2020-05-20 13:38:54 File system: /var/log (type: xfs) 2020-05-20 13:38:54 File system: /srv/node/swift (type: xfs) 2020-05-20 13:38:54 File system: /var/log/audit (type: xfs) 2020-05-20 13:38:54 File system: /var/lib/docker (type: xfs) 2020-05-20 13:38:54 File system: /var/lib/ceph/osd/ceph-3 (type: xfs) 2020-05-20 13:38:54 File system: /var/lib/ceph/osd/ceph-0 (type: xfs) 2020-05-20 13:38:54 File system: /home/kubelet/pods/824bfd46-1c15-4dc7-95be-1ee04777112e/volume-subpaths/elasticsearch-config/elasticsearch/2 (type: xfs) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID FILE-6329 (Checking FFS/UFS file systems) 2020-05-20 13:38:54 Test: Query /etc/fstab for available FFS/UFS mount points 2020-05-20 13:38:54 Result: unable to find any single mount point (FFS/UFS) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Skipped test FILE-6330 (Checking ZFS file systems) 2020-05-20 13:38:54 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Skipped test FILE-6439 (Checking HAMMER PFS mounts) 2020-05-20 13:38:54 Reason to skip: Incorrect guest OS (DragonFly only) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID FILE-6332 (Checking swap partitions) 2020-05-20 13:38:54 Test: query swap partitions from /etc/fstab file 2020-05-20 13:38:54 Result: no swap partitions found in /etc/fstab 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID FILE-6336 (Checking swap mount options) 2020-05-20 13:38:54 Test: check swap partitions with incorrect mount options 2020-05-20 13:38:54 Result: all swap partitions have correct options (sw or swap) 2020-05-20 13:38:54 ==== 2020-05-20 13:38:54 Performing test ID FILE-6344 (Checking proc mount options) 2020-05-20 13:38:54 Test: check proc mount with incorrect mount options 2020-05-20 13:38:54 Hardening: assigned partial number of hardening points (0 of 3). Currently having 84 points (out of 107) 2020-05-20 13:38:54 Result: /proc filesystem is not mounted with option hidepid=1 or hidepid=2 2020-05-20 13:38:54 ==== 2020-05-20 13:38:55 Performing test ID FILE-6354 (Searching for old files in /tmp) 2020-05-20 13:38:55 Test: Searching for old files in /tmp 2020-05-20 13:38:55 Result: no files found in /tmp which are older than 3 months 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID FILE-6362 (Checking /tmp sticky bit) 2020-05-20 13:38:55 Result: sticky bit found on /tmp directory 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 87 points (out of 110) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID FILE-6363 (Checking /var/tmp sticky bit) 2020-05-20 13:38:55 Result: sticky bit found on /var/tmp directory 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 90 points (out of 113) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID FILE-6368 (Checking ACL support on root file system) 2020-05-20 13:38:55 Test: Checking acl option on ext[2-4] root file system 2020-05-20 13:38:55 Result: mount point probably mounted with defaults 2020-05-20 13:38:55 Test: Checking device which holds root file system 2020-05-20 13:38:55 Result: No file system found with root file system 2020-05-20 13:38:55 Test: Checking acl option on xfs root file system 2020-05-20 13:38:55 Result: ACL option enabled on root file system 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 93 points (out of 116) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID FILE-6372 (Checking / mount options) 2020-05-20 13:38:55 Result: mount system / is configured with options: defaults 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID FILE-6374 (Linux mount options) 2020-05-20 13:38:55 Result: file system /boot not found in /etc/fstab 2020-05-20 13:38:55 File system: /dev 2020-05-20 13:38:55 Expected flags: noexec nosuid 2020-05-20 13:38:55 Found flags: (rw nosuid seclabel size=98169804k nr_inodes=24542451 mode=755) 2020-05-20 13:38:55 Result: Could not find mount option noexec on file system /dev 2020-05-20 13:38:55 Result: GOOD, found mount option nosuid on file system /dev 2020-05-20 13:38:55 Result: marked /dev as partially hardened 2020-05-20 13:38:55 Hardening: assigned partial number of hardening points (4 of 5). Currently having 97 points (out of 121) 2020-05-20 13:38:55 File system: /dev/shm 2020-05-20 13:38:55 Expected flags: nosuid nodev noexec 2020-05-20 13:38:55 Found flags: rw nosuid nodev seclabel noexec 2020-05-20 13:38:55 Result: GOOD, found mount option nosuid on file system /dev/shm 2020-05-20 13:38:55 Result: GOOD, found mount option nodev on file system /dev/shm 2020-05-20 13:38:55 Result: GOOD, found mount option noexec on file system /dev/shm 2020-05-20 13:38:55 Result: marked /dev/shm as fully hardened 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (5). Currently having 102 points (out of 126) 2020-05-20 13:38:55 File system: /home 2020-05-20 13:38:55 Expected flags: nodev nosuid 2020-05-20 13:38:55 Found flags: noatime nodev nosuid 2020-05-20 13:38:55 Result: GOOD, found mount option nodev on file system /home 2020-05-20 13:38:55 Result: GOOD, found mount option nosuid on file system /home 2020-05-20 13:38:55 Result: marked /home as fully hardened 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (5). Currently having 107 points (out of 131) 2020-05-20 13:38:55 File system: /run 2020-05-20 13:38:55 Expected flags: nodev nosuid 2020-05-20 13:38:55 Found flags: (rw nosuid nodev seclabel mode=755) 2020-05-20 13:38:55 Result: GOOD, found mount option nodev on file system /run 2020-05-20 13:38:55 Result: GOOD, found mount option nosuid on file system /run 2020-05-20 13:38:55 Result: marked /run as fully hardened 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (5). Currently having 112 points (out of 136) 2020-05-20 13:38:55 Result: file system /tmp not found in /etc/fstab 2020-05-20 13:38:55 Result: file system /var not found in /etc/fstab 2020-05-20 13:38:55 File system: /var/log 2020-05-20 13:38:55 Expected flags: nodev noexec nosuid 2020-05-20 13:38:55 Found flags: noatime nodev nosuid noexec 2020-05-20 13:38:55 Result: GOOD, found mount option nodev on file system /var/log 2020-05-20 13:38:55 Result: GOOD, found mount option noexec on file system /var/log 2020-05-20 13:38:55 Result: GOOD, found mount option nosuid on file system /var/log 2020-05-20 13:38:55 Result: marked /var/log as fully hardened 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (5). Currently having 117 points (out of 141) 2020-05-20 13:38:55 File system: /var/log/audit 2020-05-20 13:38:55 Expected flags: nodev noexec nosuid 2020-05-20 13:38:55 Found flags: noatime nodev nosuid noexec 2020-05-20 13:38:55 Result: GOOD, found mount option nodev on file system /var/log/audit 2020-05-20 13:38:55 Result: GOOD, found mount option noexec on file system /var/log/audit 2020-05-20 13:38:55 Result: GOOD, found mount option nosuid on file system /var/log/audit 2020-05-20 13:38:55 Result: marked /var/log/audit as fully hardened 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (5). Currently having 122 points (out of 146) 2020-05-20 13:38:55 Result: file system /var/tmp not found in /etc/fstab 2020-05-20 13:38:55 Result: Total without nodev:86 noexec:88 nosuid:84 ro or noexec (W^X): 88, of total 130 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID FILE-6376 (Determine if /var/tmp is bound to /tmp) 2020-05-20 13:38:55 Result: no mount point /var/tmp or expected options found 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID FILE-6394 (Determine level of swappiness.) 2020-05-20 13:38:55 Test: checking level of vm.swappiness: 10 2020-05-20 13:38:55 Result: vm.swappiness=10 which is the preferred setting for database servers. 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test FILE-6410 (Checking Locate database) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID FILE-6430 (Disable mounting of some filesystems) 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 125 points (out of 149) 2020-05-20 13:38:55 Result: module cramfs is blacklisted 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 128 points (out of 152) 2020-05-20 13:38:55 Result: module freevxfs is blacklisted 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 131 points (out of 155) 2020-05-20 13:38:55 Result: module hfs is blacklisted 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 134 points (out of 158) 2020-05-20 13:38:55 Result: module hfsplus is blacklisted 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 137 points (out of 161) 2020-05-20 13:38:55 Result: module jffs2 is blacklisted 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 140 points (out of 164) 2020-05-20 13:38:55 Result: module squashfs is blacklisted 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 143 points (out of 167) 2020-05-20 13:38:55 Result: module udf is blacklisted 2020-05-20 13:38:55 Security check: file is normal 2020-05-20 13:38:55 Checking permissions of /home/cloudadmin/lynis/include/tests_usb 2020-05-20 13:38:55 File permissions are OK 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Action: Performing tests from category: USB Devices 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID USB-1000 (Check if USB storage is disabled) 2020-05-20 13:38:55 Test: Checking USB storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf 2020-05-20 13:38:55 Result: found usb-storage driver in disabled state (blacklisted) 2020-05-20 13:38:55 Result: usb-storage driver is disabled 2020-05-20 13:38:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 146 points (out of 170) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID USB-2000 (Check USB authorizations) 2020-05-20 13:38:55 Test: checking presence of USB devices path (/sys/bus/usb/devices) 2020-05-20 13:38:55 Test: Checking USB devices authorization to connect to the system 2020-05-20 13:38:55 Test: /sys/bus/usb/devices/usb1 is authorized by default (authorized_default=1) 2020-05-20 13:38:55 Test: /sys/bus/usb/devices/usb1 is authorized currently (authorized=1) 2020-05-20 13:38:55 Test: /sys/bus/usb/devices/usb2 is authorized by default (authorized_default=1) 2020-05-20 13:38:55 Test: /sys/bus/usb/devices/usb2 is authorized currently (authorized=1) 2020-05-20 13:38:55 Result: Some USB devices are authorized by default (or temporary) to connect to the system 2020-05-20 13:38:55 Hardening: assigned partial number of hardening points (0 of 3). Currently having 146 points (out of 173) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID USB-3000 (Check for presence of USBGuard) 2020-05-20 13:38:55 Result: USBGuard not found 2020-05-20 13:38:55 Hardening: assigned partial number of hardening points (0 of 8). Currently having 146 points (out of 181) 2020-05-20 13:38:55 Security check: file is normal 2020-05-20 13:38:55 Checking permissions of /home/cloudadmin/lynis/include/tests_storage 2020-05-20 13:38:55 File permissions are OK 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Action: Performing tests from category: Storage 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID STRG-1846 (Check if firewire storage is disabled) 2020-05-20 13:38:55 Test: Checking firewire storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf 2020-05-20 13:38:55 Result: firewire ohci driver is not explicitly disabled 2020-05-20 13:38:55 Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846] [details:-] [solution:-] 2020-05-20 13:38:55 Hardening: assigned partial number of hardening points (2 of 3). Currently having 148 points (out of 184) 2020-05-20 13:38:55 Security check: file is normal 2020-05-20 13:38:55 Checking permissions of /home/cloudadmin/lynis/include/tests_storage_nfs 2020-05-20 13:38:55 File permissions are OK 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Action: Performing tests from category: NFS 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID STRG-1902 (Check rpcinfo registered programs) 2020-05-20 13:38:55 Test: Checking rpcinfo registered programs 2020-05-20 13:38:55 rpcinfo: ,program,vers,proto,port,service 2020-05-20 13:38:55 rpcinfo: ,100000,4,tcp,111,portmapper 2020-05-20 13:38:55 rpcinfo: ,100000,3,tcp,111,portmapper 2020-05-20 13:38:55 rpcinfo: ,100000,2,tcp,111,portmapper 2020-05-20 13:38:55 rpcinfo: ,100000,4,udp,111,portmapper 2020-05-20 13:38:55 rpcinfo: ,100000,3,udp,111,portmapper 2020-05-20 13:38:55 rpcinfo: ,100000,2,udp,111,portmapper 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID STRG-1904 (Check nfs rpc) 2020-05-20 13:38:55 Test: Checking NFS registered versions 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID STRG-1906 (Check nfs rpc) 2020-05-20 13:38:55 Test: Checking NFS registered protocols 2020-05-20 13:38:55 Output: no NFS protocols found 2020-05-20 13:38:55 Test: Checking NFS registered ports 2020-05-20 13:38:55 Output: no NFS port number found 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID STRG-1920 (Checking NFS daemon) 2020-05-20 13:38:55 Test: Checking running NFS daemon 2020-05-20 13:38:55 Output: NFS daemon is not running 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test STRG-1926 (Checking NFS exports) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test STRG-1928 (Checking empty /etc/exports) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test STRG-1930 (Check client access to nfs share) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 Security check: file is normal 2020-05-20 13:38:55 Checking permissions of /home/cloudadmin/lynis/include/tests_nameservices 2020-05-20 13:38:55 File permissions are OK 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Action: Performing tests from category: Name services 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID NAME-4016 (Check /etc/resolv.conf default domain) 2020-05-20 13:38:55 Test: check /etc/resolv.conf for default domain 2020-05-20 13:38:55 Result: /etc/resolv.conf found 2020-05-20 13:38:55 Result: no default domain found 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID NAME-4018 (Check /etc/resolv.conf search domains) 2020-05-20 13:38:55 Test: check /etc/resolv.conf for search domains 2020-05-20 13:38:55 Result: /etc/resolv.conf found 2020-05-20 13:38:55 Result: no search domains found, default domain is being used 2020-05-20 13:38:55 Result: found 0 line(s) with a search statement (expecting less than 2 lines) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID NAME-4020 (Check non default options) 2020-05-20 13:38:55 Test: check /etc/resolv.conf for non default options 2020-05-20 13:38:55 Result: /etc/resolv.conf found 2020-05-20 13:38:55 Found option: rotate 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test NAME-4024 (Solaris uname -n output) 2020-05-20 13:38:55 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test NAME-4026 (Check /etc/nodename) 2020-05-20 13:38:55 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID NAME-4028 (Check domain name) 2020-05-20 13:38:55 Test: Checking if dnsdomainname command is available 2020-05-20 13:38:55 Result: dnsdomainname command returned no value 2020-05-20 13:38:55 Result: using domain name from FQDN hostname (controller-1) 2020-05-20 13:38:55 Suggestion: Check DNS configuration for the dns domain name [test:NAME-4028] [details:-] [solution:-] 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID NAME-4032 (Check nscd status) 2020-05-20 13:38:55 Test: checking nscd status 2020-05-20 13:38:55 Performing pgrep scan without uid 2020-05-20 13:38:55 IsRunning: process 'nscd' not found 2020-05-20 13:38:55 Result: nscd is not running 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID NAME-4034 (Check Unbound status) 2020-05-20 13:38:55 Test: checking Unbound (unbound) status 2020-05-20 13:38:55 Performing pgrep scan without uid 2020-05-20 13:38:55 IsRunning: process 'unbound' not found 2020-05-20 13:38:55 Result: Unbound daemon is not running 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test NAME-4036 (Check Unbound configuration file) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID NAME-4202 (Check BIND status) 2020-05-20 13:38:55 Test: Checking for running BIND instance 2020-05-20 13:38:55 Performing pgrep scan without uid 2020-05-20 13:38:55 IsRunning: process 'named' not found 2020-05-20 13:38:55 Result: BIND not running 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test NAME-4204 (Search BIND configuration file) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test NAME-4206 (Check BIND configuration consistency) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test NAME-4210 (Check DNS banner) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID NAME-4230 (Check PowerDNS status) 2020-05-20 13:38:55 Test: Checking for running PowerDNS instance 2020-05-20 13:38:55 Performing pgrep scan without uid 2020-05-20 13:38:55 IsRunning: process 'pdns_server' not found 2020-05-20 13:38:55 Result: PowerDNS not running 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test NAME-4232 (Search PowerDNS configuration file) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test NAME-4236 (Check PowerDNS backends) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Skipped test NAME-4238 (Check PowerDNS authoritative status) 2020-05-20 13:38:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:55 ==== 2020-05-20 13:38:55 Performing test ID NAME-4304 (Check NIS ypbind status) 2020-05-20 13:38:55 Test: Checking status of ypbind daemon 2020-05-20 13:38:55 Performing pgrep scan without uid 2020-05-20 13:38:56 IsRunning: process 'ypbind' not found 2020-05-20 13:38:56 Result: ypbind is not active 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Skipped test NAME-4306 (Check NIS domain) 2020-05-20 13:38:56 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Performing test ID NAME-4402 (Check duplicate line in /etc/hosts) 2020-05-20 13:38:56 Test: check duplicate line in /etc/hosts 2020-05-20 13:38:56 Found duplicate line: 172.29.16.201 controller-1 172.29.16.204 controller-2 172.29.16.205 controller-3 2020-05-20 13:38:56 Result: found duplicate line 2020-05-20 13:38:56 Suggestion: Remove duplicate lines in /etc/hosts [test:NAME-4402] [details:-] [solution:-] 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Performing test ID NAME-4404 (Check /etc/hosts contains an entry for this server name) 2020-05-20 13:38:56 Test: Check /etc/hosts contains an entry for this server name 2020-05-20 13:38:56 Result: Found entry for controller-1 in /etc/hosts 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Performing test ID NAME-4406 (Check server hostname mapping) 2020-05-20 13:38:56 Test: Check server hostname not locally mapped in /etc/hosts 2020-05-20 13:38:56 Result: this server hostname is not mapped to a local address 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Performing test ID NAME-4408 (Check localhost entry) 2020-05-20 13:38:56 Test: Check server hostname not locally mapped in /etc/hosts 2020-05-20 13:38:56 Result: localhost mapped to ::1 2020-05-20 13:38:56 Security check: file is normal 2020-05-20 13:38:56 Checking permissions of /home/cloudadmin/lynis/include/tests_dns 2020-05-20 13:38:56 File permissions are OK 2020-05-20 13:38:56 Security check: file is normal 2020-05-20 13:38:56 Checking permissions of /home/cloudadmin/lynis/include/tests_ports_packages 2020-05-20 13:38:56 File permissions are OK 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Action: Performing tests from category: Ports and packages 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Skipped test PKGS-7301 (Query FreeBSD pkg) 2020-05-20 13:38:56 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Skipped test PKGS-7302 (Query FreeBSD/NetBSD pkg_info) 2020-05-20 13:38:56 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Skipped test PKGS-7303 (Query brew package manager) 2020-05-20 13:38:56 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:56 Result: brew can NOT be found on this system 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Skipped test PKGS-7304 (Querying Gentoo packages) 2020-05-20 13:38:56 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:56 Result: emerge can NOT be found on this system 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Skipped test PKGS-7306 (Querying Solaris packages) 2020-05-20 13:38:56 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:38:56 Result: pkginfo can NOT be found on this system 2020-05-20 13:38:56 ==== 2020-05-20 13:38:56 Performing test ID PKGS-7308 (Checking package list with RPM) 2020-05-20 13:38:56 Result: Found rpm binary (/usr/bin/rpm) 2020-05-20 13:38:56 Test: Querying 'rpm -qa' to get package list 2020-05-20 13:38:56 Output: 2020-05-20 13:38:56 -------- 2020-05-20 13:38:56 Found package: GeoIP,1.5.0-14.el7.x86_64 2020-05-20 13:38:56 Found package: MySQL-python,1.2.5-1.el7.x86_64 2020-05-20 13:38:56 Found package: OpenIPMI,2.0.27-1.el7.x86_64 2020-05-20 13:38:56 Found package: OpenIPMI-libs,2.0.27-1.el7.x86_64 2020-05-20 13:38:56 Found package: OpenIPMI-modalias,2.0.27-1.el7.x86_64 2020-05-20 13:38:56 Found package: PyYAML,3.10-11.el7.x86_64 2020-05-20 13:38:56 Found package: access-management,c4.g34040e0-1.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: acl,2.2.51-15.el7.x86_64 2020-05-20 13:38:56 Found package: activators,c32.ge8deeb0-1.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: ansible,2.9.7-1.el7.noarch 2020-05-20 13:38:56 Found package: ansible-role-ntp,0.4.0.2.g4fc673c-1.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: apr,1.4.8-5.el7.x86_64 2020-05-20 13:38:56 Found package: apr-util,1.5.2-6.el7.x86_64 2020-05-20 13:38:56 Found package: audit,2.8.5-4.el7.x86_64 2020-05-20 13:38:56 Found package: audit-libs,2.8.5-4.el7.x86_64 2020-05-20 13:38:56 Found package: audit-libs-python,2.8.5-4.el7.x86_64 2020-05-20 13:38:56 Found package: authconfig,6.2.8-30.el7.x86_64 2020-05-20 13:38:56 Found package: autogen-libopts,5.18-5.el7.x86_64 2020-05-20 13:38:56 Found package: avahi-libs,0.6.31-20.el7.x86_64 2020-05-20 13:38:56 Found package: basesystem,10.0-7.el7.centos.noarch 2020-05-20 13:38:56 Found package: bash,4.2.46-34.el7.x86_64 2020-05-20 13:38:56 Found package: bash-completion,2.1-8.el7.noarch 2020-05-20 13:38:56 Found package: bind-export-libs,9.11.4-16.P2.el7_8.3.x86_64 2020-05-20 13:38:56 Found package: bind-libs-lite,9.11.4-16.P2.el7_8.3.x86_64 2020-05-20 13:38:56 Found package: bind-license,9.11.4-16.P2.el7_8.3.noarch 2020-05-20 13:38:56 Found package: binutils,2.27-43.base.el7_8.1.x86_64 2020-05-20 13:38:56 Found package: boost-program-options,1.53.0-28.el7.x86_64 2020-05-20 13:38:56 Found package: boost159-atomic,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: boost159-chrono,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: boost159-date-time,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: boost159-filesystem,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: boost159-locale,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: boost159-log,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: boost159-program-options,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: boost159-regex,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: boost159-system,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: boost159-thread,1.59.0-2.el7.1.x86_64 2020-05-20 13:38:56 Found package: btrfs-progs,4.9.1-1.el7.x86_64 2020-05-20 13:38:56 Found package: bzip2-libs,1.0.6-13.el7.x86_64 2020-05-20 13:38:56 Found package: ca-certificates,2019.2.32-76.el7_7.noarch 2020-05-20 13:38:56 Found package: caas-chartrepo,1.0.0-12.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-cpupooler,0.3.0-7.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-custom_metrics,0.5.0-4.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-danm,4.1.0-2.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-dynamic_local_pv_provisioner,0.1.0-4.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-elasticsearch,7.4.2-0.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-etcd,3.4.3-0.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-flannel,0.11.0-11.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-fluentd,1.7.4-0.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-helm,2.15.2-0.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-hyperdanm,4.1.0-2.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-infra-charts,1.0.0-45.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: caas-instantiate,1.0.0-23.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: caas-kubedns,1.15.7-0.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-kubernetes,1.16.2-3.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-lcm,1.0.0-9.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-logging,c20.g6b5969e-1.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: caas-metrics_server,0.3.5-0.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-prometheus,2.13.0-0.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-registry,2.7.1-11.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-security,1.0.0-9.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-sriovdp,3.0.0-2.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-storage_local_static_provisioner,2.3.3-1.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-swift,2.23.1-0.el7.centos.ta.x86_64 2020-05-20 13:38:56 Found package: caas-utils,1.0.0-10.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: centos-indexhtml,7-9.el7.centos.noarch 2020-05-20 13:38:56 Found package: centos-logos,70.0.6-3.el7.centos.noarch 2020-05-20 13:38:56 Found package: centos-release,7-8.2003.0.el7.centos.x86_64 2020-05-20 13:38:56 Found package: ceph,12.2.11-0.el7.x86_64 2020-05-20 13:38:56 Found package: ceph-ansible,3.0.24-1.el7.noarch 2020-05-20 13:38:56 Found package: ceph-base,12.2.11-0.el7.x86_64 2020-05-20 13:38:56 Found package: ceph-common,12.2.11-0.el7.x86_64 2020-05-20 13:38:56 Found package: ceph-mds,12.2.11-0.el7.x86_64 2020-05-20 13:38:56 Found package: ceph-mgr,12.2.11-0.el7.x86_64 2020-05-20 13:38:56 Found package: ceph-mon,12.2.11-0.el7.x86_64 2020-05-20 13:38:56 Found package: ceph-osd,12.2.11-0.el7.x86_64 2020-05-20 13:38:56 Found package: ceph-radosgw,12.2.11-0.el7.x86_64 2020-05-20 13:38:56 Found package: ceph-selinux,12.2.11-0.el7.x86_64 2020-05-20 13:38:56 Found package: checkpolicy,2.5-8.el7.x86_64 2020-05-20 13:38:56 Found package: chkconfig,1.7.4-1.el7.x86_64 2020-05-20 13:38:56 Found package: cloud-init,18.5-6.el7.centos.x86_64 2020-05-20 13:38:56 Found package: cloud-utils-growpart,0.29-5.el7.noarch 2020-05-20 13:38:56 Found package: config-encoder-macros,master.624ed05-1.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: config-manager,c34.g4ce1263-1.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: container-selinux,2.119.1-1.c57a6f9.el7.noarch 2020-05-20 13:38:56 Found package: containerd.io,1.2.6-3.3.el7.x86_64 2020-05-20 13:38:56 Found package: coreutils,8.22-24.el7.x86_64 2020-05-20 13:38:56 Found package: cpio,2.11-27.el7.x86_64 2020-05-20 13:38:56 Found package: cpp-hocon,0.1.6-9.el7.x86_64 2020-05-20 13:38:56 Found package: cracklib,2.9.0-11.el7.x86_64 2020-05-20 13:38:56 Found package: cracklib-dicts,2.9.0-11.el7.x86_64 2020-05-20 13:38:56 Found package: cronie,1.4.11-23.el7.x86_64 2020-05-20 13:38:56 Found package: cronie-anacron,1.4.11-23.el7.x86_64 2020-05-20 13:38:56 Found package: crontabs,1.11-6.20121102git.el7.noarch 2020-05-20 13:38:56 Found package: cryptsetup,2.0.3-6.el7.x86_64 2020-05-20 13:38:56 Found package: cryptsetup-libs,2.0.3-6.el7.x86_64 2020-05-20 13:38:56 Found package: curl,7.29.0-57.el7.x86_64 2020-05-20 13:38:56 Found package: cyrus-sasl,2.1.26-23.el7.x86_64 2020-05-20 13:38:56 Found package: cyrus-sasl-gssapi,2.1.26-23.el7.x86_64 2020-05-20 13:38:56 Found package: cyrus-sasl-lib,2.1.26-23.el7.x86_64 2020-05-20 13:38:56 Found package: dbus,1.10.24-13.el7_6.x86_64 2020-05-20 13:38:56 Found package: dbus-glib,0.100-7.el7.x86_64 2020-05-20 13:38:56 Found package: dbus-libs,1.10.24-13.el7_6.x86_64 2020-05-20 13:38:56 Found package: dbus-python,1.1.1-9.el7.x86_64 2020-05-20 13:38:56 Found package: dejavu-fonts-common,2.33-6.el7.noarch 2020-05-20 13:38:56 Found package: dejavu-sans-fonts,2.33-6.el7.noarch 2020-05-20 13:38:56 Found package: device-mapper,1.02.164-7.el7_8.2.x86_64 2020-05-20 13:38:56 Found package: device-mapper-event,1.02.164-7.el7_8.2.x86_64 2020-05-20 13:38:56 Found package: device-mapper-event-libs,1.02.164-7.el7_8.2.x86_64 2020-05-20 13:38:56 Found package: device-mapper-libs,1.02.164-7.el7_8.2.x86_64 2020-05-20 13:38:56 Found package: device-mapper-multipath-libs,0.4.9-131.el7.x86_64 2020-05-20 13:38:56 Found package: device-mapper-persistent-data,0.8.5-2.el7.x86_64 2020-05-20 13:38:56 Found package: dhclient,4.2.5-79.el7.centos.x86_64 2020-05-20 13:38:56 Found package: dhcp-common,4.2.5-79.el7.centos.x86_64 2020-05-20 13:38:56 Found package: dhcp-libs,4.2.5-79.el7.centos.x86_64 2020-05-20 13:38:56 Found package: dialog,1.2-5.20130523.el7.x86_64 2020-05-20 13:38:56 Found package: diffutils,3.3-5.el7.x86_64 2020-05-20 13:38:56 Found package: distributed-state-server,c2.gbd5a0a1-1.el7.centos.ta.noarch 2020-05-20 13:38:56 Found package: dmidecode,3.2-3.el7.x86_64 2020-05-20 13:38:56 Found package: dnsmasq,2.76-10.el7_7.1.x86_64 2020-05-20 13:38:56 Found package: docker-ce,19.03.3-3.el7.x86_64 2020-05-20 13:38:56 Found package: docker-ce-cli,19.03.3-3.el7.x86_64 2020-05-20 13:38:56 Found package: dosfstools,3.0.20-10.el7.x86_64 2020-05-20 13:38:56 Found package: dpdk,18.11.5-1.el7_8.x86_64 2020-05-20 13:38:56 Found package: dpdk-tools,18.11.5-1.el7_8.x86_64 2020-05-20 13:38:56 Found package: dracut,033-568.el7.x86_64 2020-05-20 13:38:56 Found package: dracut-config-generic,033-568.el7.x86_64 2020-05-20 13:38:56 Found package: dracut-config-rescue,033-568.el7.x86_64 2020-05-20 13:38:56 Found package: dracut-network,033-568.el7.x86_64 2020-05-20 13:38:56 Found package: driverctl,0.108-1.el7_6.noarch 2020-05-20 13:38:56 Found package: e2fsprogs,1.42.9-17.el7.x86_64 2020-05-20 13:38:56 Found package: e2fsprogs-libs,1.42.9-17.el7.x86_64 2020-05-20 13:38:57 Found package: elfutils-default-yama-scope,0.176-4.el7.noarch 2020-05-20 13:38:57 Found package: elfutils-libelf,0.176-4.el7.x86_64 2020-05-20 13:38:57 Found package: elfutils-libs,0.176-4.el7.x86_64 2020-05-20 13:38:57 Found package: elrepo-release,7.0-4.el7.elrepo.noarch 2020-05-20 13:38:57 Found package: erlang-asn1,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-compiler,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-crypto,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-eldap,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-erts,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-hipe,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-inets,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-kernel,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-mnesia,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-os_mon,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-otp_mibs,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-public_key,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-runtime_tools,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-sasl,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-sd_notify,1.0-2.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-snmp,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-ssl,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-stdlib,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-syntax_tools,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-tools,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: erlang-xmerl,19.3.6.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: etcd,3.3.11-2.el7.centos.x86_64 2020-05-20 13:38:57 Found package: ethtool,4.8-10.el7.x86_64 2020-05-20 13:38:57 Found package: expat,2.1.0-11.el7.x86_64 2020-05-20 13:38:57 Found package: facter,3.9.3-7.el7.x86_64 2020-05-20 13:38:57 Found package: file,5.11-36.el7.x86_64 2020-05-20 13:38:57 Found package: file-libs,5.11-36.el7.x86_64 2020-05-20 13:38:57 Found package: filesystem,3.2-25.el7.x86_64 2020-05-20 13:38:57 Found package: findutils,4.5.11-6.el7.x86_64 2020-05-20 13:38:57 Found package: fipscheck,1.4.1-6.el7.x86_64 2020-05-20 13:38:57 Found package: fipscheck-lib,1.4.1-6.el7.x86_64 2020-05-20 13:38:57 Found package: fontconfig,2.13.0-4.3.el7.x86_64 2020-05-20 13:38:57 Found package: fontpackages-filesystem,1.44-8.el7.noarch 2020-05-20 13:38:57 Found package: freetype,2.8-14.el7.x86_64 2020-05-20 13:38:57 Found package: fuse-libs,2.9.2-11.el7.x86_64 2020-05-20 13:38:57 Found package: galera,25.3.16-3.el7.x86_64 2020-05-20 13:38:57 Found package: gawk,4.0.2-4.el7_3.1.x86_64 2020-05-20 13:38:57 Found package: gd,2.0.35-26.el7.x86_64 2020-05-20 13:38:57 Found package: gdbm,1.10-8.el7.x86_64 2020-05-20 13:38:57 Found package: gdisk,0.8.10-3.el7.x86_64 2020-05-20 13:38:57 Found package: gdk-pixbuf2,2.36.12-3.el7.x86_64 2020-05-20 13:38:57 Found package: genisoimage,1.1.11-25.el7.x86_64 2020-05-20 13:38:57 Found package: geoipupdate,2.5.0-1.el7.x86_64 2020-05-20 13:38:57 Found package: gettext,0.19.8.1-3.el7.x86_64 2020-05-20 13:38:57 Found package: gettext-libs,0.19.8.1-3.el7.x86_64 2020-05-20 13:38:57 Found package: git,1.8.3.1-22.el7_8.x86_64 2020-05-20 13:38:57 Found package: glib2,2.56.1-5.el7.x86_64 2020-05-20 13:38:57 Found package: glibc,2.17-307.el7.1.x86_64 2020-05-20 13:38:57 Found package: glibc-common,2.17-307.el7.1.x86_64 2020-05-20 13:38:57 Found package: glusterfs,6.0-29.el7.x86_64 2020-05-20 13:38:57 Found package: glusterfs-api,6.0-29.el7.x86_64 2020-05-20 13:38:57 Found package: glusterfs-client-xlators,6.0-29.el7.x86_64 2020-05-20 13:38:57 Found package: glusterfs-libs,6.0-29.el7.x86_64 2020-05-20 13:38:57 Found package: gmp,6.0.0-15.el7.x86_64 2020-05-20 13:38:57 Found package: gnupg2,2.0.22-5.el7_5.x86_64 2020-05-20 13:38:57 Found package: gnutls,3.3.29-9.el7_6.x86_64 2020-05-20 13:38:57 Found package: gobject-introspection,1.56.1-1.el7.x86_64 2020-05-20 13:38:57 Found package: gperftools-libs,2.6.1-1.el7.x86_64 2020-05-20 13:38:57 Found package: gpg-pubkey,baadae52-49beffa4.(none) 2020-05-20 13:38:57 Found package: gpg-pubkey,f4a80eb5-53a7ff4b.(none) 2020-05-20 13:38:57 Found package: gpgme,1.3.2-5.el7.x86_64 2020-05-20 13:38:57 Found package: gpm-libs,1.20.7-6.el7.x86_64 2020-05-20 13:38:57 Found package: grep,2.20-3.el7.x86_64 2020-05-20 13:38:57 Found package: groff-base,1.22.2-8.el7.x86_64 2020-05-20 13:38:57 Found package: grub2,2.02-0.81.el7.centos.x86_64 2020-05-20 13:38:57 Found package: grub2-common,2.02-0.81.el7.centos.noarch 2020-05-20 13:38:57 Found package: grub2-pc,2.02-0.81.el7.centos.x86_64 2020-05-20 13:38:57 Found package: grub2-pc-modules,2.02-0.81.el7.centos.noarch 2020-05-20 13:38:57 Found package: grub2-tools,2.02-0.81.el7.centos.x86_64 2020-05-20 13:38:57 Found package: grub2-tools-extra,2.02-0.81.el7.centos.x86_64 2020-05-20 13:38:57 Found package: grub2-tools-minimal,2.02-0.81.el7.centos.x86_64 2020-05-20 13:38:57 Found package: grubby,8.28-26.el7.x86_64 2020-05-20 13:38:57 Found package: gssproxy,0.7.0-28.el7.x86_64 2020-05-20 13:38:57 Found package: gzip,1.5-10.el7.x86_64 2020-05-20 13:38:57 Found package: haproxy,1.5.18-9.el7.x86_64 2020-05-20 13:38:57 Found package: hardlink,1.0-19.el7.x86_64 2020-05-20 13:38:57 Found package: hostcli,c2.g9a52ce0-1.el7.centos.ta.noarch 2020-05-20 13:38:57 Found package: hostname,3.13-3.el7_7.1.x86_64 2020-05-20 13:38:57 Found package: httpd,2.4.6-93.el7.centos.x86_64 2020-05-20 13:38:57 Found package: httpd-tools,2.4.6-93.el7.centos.x86_64 2020-05-20 13:38:57 Found package: hw-detector,c5.g29b2481-1.el7.centos.ta.noarch 2020-05-20 13:38:57 Found package: hwdata,0.252-9.5.el7.x86_64 2020-05-20 13:38:57 Found package: image-provision,c6.g06e73ed-1.el7.centos.ta.noarch 2020-05-20 13:38:57 Found package: info,5.1-5.el7.x86_64 2020-05-20 13:38:57 Found package: infra-ansible,c31.gab187a5-1.el7.centos.ta.noarch 2020-05-20 13:38:57 Found package: initscripts,9.49.49-1.el7.x86_64 2020-05-20 13:38:57 Found package: inventoryhandlers,c32.ge8deeb0-1.el7.centos.ta.noarch 2020-05-20 13:38:57 Found package: ipa-deployer,c6.ga45f454-1.el7.centos.ta.noarch 2020-05-20 13:38:57 Found package: ipmitool,1.8.18-9.el7_7.x86_64 2020-05-20 13:38:57 Found package: iproute,4.11.0-25.el7_7.2.x86_64 2020-05-20 13:38:57 Found package: ipset-libs,7.1-1.el7.x86_64 2020-05-20 13:38:57 Found package: iptables,1.4.21-34.el7.x86_64 2020-05-20 13:38:57 Found package: iptables-services,1.4.21-34.el7.x86_64 2020-05-20 13:38:57 Found package: iputils,20160308-10.el7.x86_64 2020-05-20 13:38:57 Found package: ironic-virtmedia-driver,c4.g9d7df7d-1.el7.centos.ta.noarch 2020-05-20 13:38:57 Found package: irqbalance,1.0.7-12.el7.x86_64 2020-05-20 13:38:57 Found package: iscsi-initiator-utils,6.2.0.874-17.el7.x86_64 2020-05-20 13:38:57 Found package: iscsi-initiator-utils-iscsiuio,6.2.0.874-17.el7.x86_64 2020-05-20 13:38:57 Found package: iwl7260-firmware,25.30.13.0-77.el7.centos.noarch 2020-05-20 13:38:57 Found package: jansson,2.10-1.el7.x86_64 2020-05-20 13:38:57 Found package: jasper-libs,1.900.1-33.el7.x86_64 2020-05-20 13:38:57 Found package: jbigkit-libs,2.0-11.el7.x86_64 2020-05-20 13:38:57 Found package: jemalloc,3.6.0-1.el7.x86_64 2020-05-20 13:38:57 Found package: jq,1.5-10.el7.x86_64 2020-05-20 13:38:57 Found package: json-c,0.11-4.el7_0.x86_64 2020-05-20 13:38:57 Found package: kbd,1.15.5-15.el7.x86_64 2020-05-20 13:38:57 Found package: kbd-legacy,1.15.5-15.el7.noarch 2020-05-20 13:38:57 Found package: kbd-misc,1.15.5-15.el7.noarch 2020-05-20 13:38:57 Found package: keepalived,1.3.5-16.el7.x86_64 2020-05-20 13:38:57 Found package: kernel,4.14.119-200.el7.x86_64 2020-05-20 13:38:57 Found package: kernel-core,4.14.119-200.el7.x86_64 2020-05-20 13:38:57 Found package: kernel-modules,4.14.119-200.el7.x86_64 2020-05-20 13:38:57 Found package: kernel-tools,4.14.119-200.el7.x86_64 2020-05-20 13:38:57 Found package: kernel-tools-libs,4.14.119-200.el7.x86_64 2020-05-20 13:38:57 Found package: kexec-tools,2.0.15-43.el7.x86_64 2020-05-20 13:38:57 Found package: keyutils,1.5.8-3.el7.x86_64 2020-05-20 13:38:57 Found package: keyutils-libs,1.5.8-3.el7.x86_64 2020-05-20 13:38:57 Found package: keyutils-libs-devel,1.5.8-3.el7.x86_64 2020-05-20 13:38:57 Found package: kmod,20-28.el7.x86_64 2020-05-20 13:38:57 Found package: kmod-libs,20-28.el7.x86_64 2020-05-20 13:38:57 Found package: kpartx,0.4.9-131.el7.x86_64 2020-05-20 13:38:57 Found package: krb5-devel,1.15.1-46.el7.x86_64 2020-05-20 13:38:57 Found package: krb5-libs,1.15.1-46.el7.x86_64 2020-05-20 13:38:57 Found package: leatherman,1.3.0-9.el7.x86_64 2020-05-20 13:38:57 Found package: less,458-9.el7.x86_64 2020-05-20 13:38:57 Found package: leveldb,1.12.0-11.el7.x86_64 2020-05-20 13:38:57 Found package: libICE,1.0.9-9.el7.x86_64 2020-05-20 13:38:57 Found package: libSM,1.2.2-2.el7.x86_64 2020-05-20 13:38:57 Found package: libX11,1.6.7-2.el7.x86_64 2020-05-20 13:38:57 Found package: libX11-common,1.6.7-2.el7.noarch 2020-05-20 13:38:57 Found package: libXau,1.0.8-2.1.el7.x86_64 2020-05-20 13:38:57 Found package: libXcursor,1.1.15-1.el7.x86_64 2020-05-20 13:38:57 Found package: libXext,1.3.3-3.el7.x86_64 2020-05-20 13:38:57 Found package: libXfixes,5.0.3-1.el7.x86_64 2020-05-20 13:38:57 Found package: libXi,1.7.9-1.el7.x86_64 2020-05-20 13:38:57 Found package: libXinerama,1.1.3-2.1.el7.x86_64 2020-05-20 13:38:57 Found package: libXmu,1.1.2-2.el7.x86_64 2020-05-20 13:38:57 Found package: libXpm,3.5.12-1.el7.x86_64 2020-05-20 13:38:57 Found package: libXrandr,1.5.1-2.el7.x86_64 2020-05-20 13:38:57 Found package: libXrender,0.9.10-1.el7.x86_64 2020-05-20 13:38:57 Found package: libXt,1.1.5-3.el7.x86_64 2020-05-20 13:38:57 Found package: libXxf86misc,1.0.3-7.1.el7.x86_64 2020-05-20 13:38:57 Found package: libXxf86vm,1.1.4-1.el7.x86_64 2020-05-20 13:38:57 Found package: libacl,2.2.51-15.el7.x86_64 2020-05-20 13:38:57 Found package: libaio,0.3.109-13.el7.x86_64 2020-05-20 13:38:57 Found package: libassuan,2.1.0-3.el7.x86_64 2020-05-20 13:38:57 Found package: libattr,2.4.46-13.el7.x86_64 2020-05-20 13:38:57 Found package: libbabeltrace,1.2.4-3.1.el7.x86_64 2020-05-20 13:38:57 Found package: libbasicobjects,0.1.1-32.el7.x86_64 2020-05-20 13:38:57 Found package: libblkid,2.23.2-63.el7.x86_64 2020-05-20 13:38:57 Found package: libcap,2.22-11.el7.x86_64 2020-05-20 13:38:57 Found package: libcap-ng,0.7.5-4.el7.x86_64 2020-05-20 13:38:57 Found package: libcephfs2,12.2.11-0.el7.x86_64 2020-05-20 13:38:57 Found package: libcgroup,0.41-21.el7.x86_64 2020-05-20 13:38:57 Found package: libcollection,0.7.0-32.el7.x86_64 2020-05-20 13:38:57 Found package: libcom_err,1.42.9-17.el7.x86_64 2020-05-20 13:38:57 Found package: libcom_err-devel,1.42.9-17.el7.x86_64 2020-05-20 13:38:57 Found package: libcroco,0.6.12-4.el7.x86_64 2020-05-20 13:38:57 Found package: libcurl,7.29.0-57.el7.x86_64 2020-05-20 13:38:57 Found package: libdaemon,0.14-7.el7.x86_64 2020-05-20 13:38:57 Found package: libdb,5.3.21-25.el7.x86_64 2020-05-20 13:38:57 Found package: libdb-utils,5.3.21-25.el7.x86_64 2020-05-20 13:38:57 Found package: libedit,3.0-12.20121213cvs.el7.x86_64 2020-05-20 13:38:57 Found package: libestr,0.1.9-2.el7.x86_64 2020-05-20 13:38:57 Found package: libevent,2.0.21-4.el7.x86_64 2020-05-20 13:38:57 Found package: libfastjson,0.99.4-3.el7.x86_64 2020-05-20 13:38:57 Found package: libffi,3.0.13-19.el7.x86_64 2020-05-20 13:38:57 Found package: libfontenc,1.1.3-3.el7.x86_64 2020-05-20 13:38:57 Found package: libgcc,4.8.5-39.el7.x86_64 2020-05-20 13:38:57 Found package: libgcrypt,1.5.3-14.el7.x86_64 2020-05-20 13:38:57 Found package: libgomp,4.8.5-39.el7.x86_64 2020-05-20 13:38:57 Found package: libgpg-error,1.12-3.el7.x86_64 2020-05-20 13:38:57 Found package: libibverbs,22.4-2.el7_8.x86_64 2020-05-20 13:38:57 Found package: libicu,50.2-4.el7_7.x86_64 2020-05-20 13:38:57 Found package: libidn,1.28-4.el7.x86_64 2020-05-20 13:38:57 Found package: libini_config,1.3.1-32.el7.x86_64 2020-05-20 13:38:57 Found package: libiscsi,1.9.0-7.el7.x86_64 2020-05-20 13:38:57 Found package: libjpeg-turbo,1.2.90-8.el7.x86_64 2020-05-20 13:38:57 Found package: libkadm5,1.15.1-46.el7.x86_64 2020-05-20 13:38:57 Found package: libmnl,1.0.3-7.el7.x86_64 2020-05-20 13:38:57 Found package: libmount,2.23.2-63.el7.x86_64 2020-05-20 13:38:57 Found package: libndp,1.2-9.el7.x86_64 2020-05-20 13:38:57 Found package: libnetfilter_conntrack,1.0.6-1.el7_3.x86_64 2020-05-20 13:38:57 Found package: libnfnetlink,1.0.1-4.el7.x86_64 2020-05-20 13:38:57 Found package: libnfsidmap,0.25-19.el7.x86_64 2020-05-20 13:38:57 Found package: libnl3,3.2.28-4.el7.x86_64 2020-05-20 13:38:57 Found package: libnl3-cli,3.2.28-4.el7.x86_64 2020-05-20 13:38:57 Found package: libpath_utils,0.2.1-32.el7.x86_64 2020-05-20 13:38:57 Found package: libpcap,1.5.3-12.el7.x86_64 2020-05-20 13:38:57 Found package: libpipeline,1.2.3-3.el7.x86_64 2020-05-20 13:38:57 Found package: libpng,1.5.13-7.el7_2.x86_64 2020-05-20 13:38:57 Found package: libpwquality,1.2.3-5.el7.x86_64 2020-05-20 13:38:57 Found package: librados2,12.2.11-0.el7.x86_64 2020-05-20 13:38:57 Found package: libradosstriper1,12.2.11-0.el7.x86_64 2020-05-20 13:38:57 Found package: librbd1,12.2.11-0.el7.x86_64 2020-05-20 13:38:57 Found package: libref_array,0.1.5-32.el7.x86_64 2020-05-20 13:38:57 Found package: librgw2,12.2.11-0.el7.x86_64 2020-05-20 13:38:57 Found package: libseccomp,2.3.1-4.el7.x86_64 2020-05-20 13:38:57 Found package: libselinux,2.5-15.el7.x86_64 2020-05-20 13:38:57 Found package: libselinux-devel,2.5-15.el7.x86_64 2020-05-20 13:38:57 Found package: libselinux-python,2.5-15.el7.x86_64 2020-05-20 13:38:57 Found package: libselinux-utils,2.5-15.el7.x86_64 2020-05-20 13:38:57 Found package: libsemanage,2.5-14.el7.x86_64 2020-05-20 13:38:57 Found package: libsemanage-python,2.5-14.el7.x86_64 2020-05-20 13:38:57 Found package: libsepol,2.5-10.el7.x86_64 2020-05-20 13:38:57 Found package: libsepol-devel,2.5-10.el7.x86_64 2020-05-20 13:38:57 Found package: libsmartcols,2.23.2-63.el7.x86_64 2020-05-20 13:38:57 Found package: libss,1.42.9-17.el7.x86_64 2020-05-20 13:38:57 Found package: libssh2,1.8.0-3.el7.x86_64 2020-05-20 13:38:57 Found package: libstdc++,4.8.5-39.el7.x86_64 2020-05-20 13:38:57 Found package: libsysfs,2.1.0-16.el7.x86_64 2020-05-20 13:38:57 Found package: libtasn1,4.10-1.el7.x86_64 2020-05-20 13:38:57 Found package: libteam,1.29-1.el7.x86_64 2020-05-20 13:38:57 Found package: libtiff,4.0.3-32.el7.x86_64 2020-05-20 13:38:57 Found package: libtirpc,0.2.4-0.16.el7.x86_64 2020-05-20 13:38:57 Found package: libtomcrypt,1.17-33.20170623gitcd6e602.el7.x86_64 2020-05-20 13:38:57 Found package: libtommath,1.0-8.el7.x86_64 2020-05-20 13:38:57 Found package: libunistring,0.9.3-9.el7.x86_64 2020-05-20 13:38:57 Found package: libusal,1.1.11-25.el7.x86_64 2020-05-20 13:38:57 Found package: libuser,0.60-9.el7.x86_64 2020-05-20 13:38:57 Found package: libutempter,1.1.6-4.el7.x86_64 2020-05-20 13:38:57 Found package: libuuid,2.23.2-63.el7.x86_64 2020-05-20 13:38:57 Found package: libverto,0.2.5-4.el7.x86_64 2020-05-20 13:38:57 Found package: libverto-devel,0.2.5-4.el7.x86_64 2020-05-20 13:38:57 Found package: libverto-libevent,0.2.5-4.el7.x86_64 2020-05-20 13:38:57 Found package: libvirt-libs,4.5.0-33.el7_8.1.x86_64 2020-05-20 13:38:57 Found package: libvirt-python,4.5.0-1.el7.x86_64 2020-05-20 13:38:57 Found package: libwmf,0.2.8.4-41.el7_1.x86_64 2020-05-20 13:38:57 Found package: libwmf-lite,0.2.8.4-41.el7_1.x86_64 2020-05-20 13:38:57 Found package: libxcb,1.13-1.el7.x86_64 2020-05-20 13:38:57 Found package: libxml2,2.9.1-6.el7.4.x86_64 2020-05-20 13:38:57 Found package: libxml2-python,2.9.1-6.el7.4.x86_64 2020-05-20 13:38:57 Found package: libxslt,1.1.28-5.el7.x86_64 2020-05-20 13:38:57 Found package: libyaml,0.1.4-11.el7_0.x86_64 2020-05-20 13:38:57 Found package: linux-firmware,20191203-76.gite8a0f4c.el7.noarch 2020-05-20 13:38:57 Found package: lksctp-tools,1.0.17-2.el7.x86_64 2020-05-20 13:38:57 Found package: lm_sensors-libs,3.4.0-8.20160601gitf9185e5.el7.x86_64 2020-05-20 13:38:57 Found package: lockcli,c3.g54aed66-1.el7.centos.ta.noarch 2020-05-20 13:38:57 Found package: logrotate,3.8.6-19.el7.x86_64 2020-05-20 13:38:57 Found package: lshw,B.02.18-14.el7.x86_64 2020-05-20 13:38:57 Found package: lsof,4.87-6.el7.x86_64 2020-05-20 13:38:57 Found package: lttng-ust,2.10.0-1.el7.x86_64 2020-05-20 13:38:58 Found package: lua,5.1.4-15.el7.x86_64 2020-05-20 13:38:58 Found package: lvm2,2.02.186-7.el7_8.2.x86_64 2020-05-20 13:38:58 Found package: lvm2-libs,2.02.186-7.el7_8.2.x86_64 2020-05-20 13:38:58 Found package: lz4,1.7.5-3.el7.x86_64 2020-05-20 13:38:58 Found package: lzo,2.06-8.el7.x86_64 2020-05-20 13:38:58 Found package: m2crypto,0.21.1-17.el7.x86_64 2020-05-20 13:38:58 Found package: mailcap,2.1.41-2.el7.noarch 2020-05-20 13:38:58 Found package: make,3.82-24.el7.x86_64 2020-05-20 13:38:58 Found package: man-db,2.6.3-11.el7.x86_64 2020-05-20 13:38:58 Found package: mariadb,10.1.20-2.el7.x86_64 2020-05-20 13:38:58 Found package: mariadb-common,10.1.20-2.el7.x86_64 2020-05-20 13:38:58 Found package: mariadb-config,10.1.20-2.el7.x86_64 2020-05-20 13:38:58 Found package: mariadb-devel,10.1.20-2.el7.x86_64 2020-05-20 13:38:58 Found package: mariadb-errmsg,10.1.20-2.el7.x86_64 2020-05-20 13:38:58 Found package: mariadb-libs,10.1.20-2.el7.x86_64 2020-05-20 13:38:58 Found package: mariadb-server,10.1.20-2.el7.x86_64 2020-05-20 13:38:58 Found package: mariadb-server-galera,10.1.20-2.el7.x86_64 2020-05-20 13:38:58 Found package: memcached,1.5.6-1.el7.x86_64 2020-05-20 13:38:58 Found package: mod_wsgi,3.4-18.el7.x86_64 2020-05-20 13:38:58 Found package: monitoring,c3.g6ee5a86-1.el7.centos.ta.noarch 2020-05-20 13:38:58 Found package: mozjs17,17.0.0-20.el7.x86_64 2020-05-20 13:38:58 Found package: ncurses,5.9-14.20130511.el7_4.x86_64 2020-05-20 13:38:58 Found package: ncurses-base,5.9-14.20130511.el7_4.noarch 2020-05-20 13:38:58 Found package: ncurses-libs,5.9-14.20130511.el7_4.x86_64 2020-05-20 13:38:58 Found package: net-snmp-agent-libs,5.7.2-48.el7_8.x86_64 2020-05-20 13:38:58 Found package: net-snmp-libs,5.7.2-48.el7_8.x86_64 2020-05-20 13:38:58 Found package: net-tools,2.0-0.25.20131004git.el7.x86_64 2020-05-20 13:38:58 Found package: nettle,2.7.1-8.el7.x86_64 2020-05-20 13:38:58 Found package: newt,0.52.15-4.el7.x86_64 2020-05-20 13:38:58 Found package: newt-python,0.52.15-4.el7.x86_64 2020-05-20 13:38:58 Found package: nginx,1.16.1-1.el7.x86_64 2020-05-20 13:38:58 Found package: nginx-all-modules,1.16.1-1.el7.noarch 2020-05-20 13:38:58 Found package: nginx-filesystem,1.16.1-1.el7.noarch 2020-05-20 13:38:58 Found package: nginx-mod-http-image-filter,1.16.1-1.el7.x86_64 2020-05-20 13:38:58 Found package: nginx-mod-http-perl,1.16.1-1.el7.x86_64 2020-05-20 13:38:58 Found package: nginx-mod-http-xslt-filter,1.16.1-1.el7.x86_64 2020-05-20 13:38:58 Found package: nginx-mod-mail,1.16.1-1.el7.x86_64 2020-05-20 13:38:58 Found package: nginx-mod-stream,1.16.1-1.el7.x86_64 2020-05-20 13:38:58 Found package: nmap-ncat,6.40-19.el7.x86_64 2020-05-20 13:38:58 Found package: nspr,4.21.0-1.el7.x86_64 2020-05-20 13:38:58 Found package: nss,3.44.0-7.el7_7.x86_64 2020-05-20 13:38:58 Found package: nss-pem,1.0.3-7.el7.x86_64 2020-05-20 13:38:58 Found package: nss-softokn,3.44.0-8.el7_7.x86_64 2020-05-20 13:38:58 Found package: nss-softokn-freebl,3.44.0-8.el7_7.x86_64 2020-05-20 13:38:58 Found package: nss-sysinit,3.44.0-7.el7_7.x86_64 2020-05-20 13:38:58 Found package: nss-tools,3.44.0-7.el7_7.x86_64 2020-05-20 13:38:58 Found package: nss-util,3.44.0-4.el7_7.x86_64 2020-05-20 13:38:58 Found package: ntp,4.2.6p5-29.el7.centos.x86_64 2020-05-20 13:38:58 Found package: ntpdate,4.2.6p5-29.el7.centos.x86_64 2020-05-20 13:38:58 Found package: numactl-libs,2.0.12-5.el7.x86_64 2020-05-20 13:38:58 Found package: oniguruma,6.7.0-1.el7.x86_64 2020-05-20 13:38:58 Found package: openldap,2.4.44-21.el7_6.x86_64 2020-05-20 13:38:58 Found package: openssh,7.4p1-21.el7.x86_64 2020-05-20 13:38:58 Found package: openssh-clients,7.4p1-21.el7.x86_64 2020-05-20 13:38:58 Found package: openssh-server,7.4p1-21.el7.x86_64 2020-05-20 13:38:58 Found package: openssl,1.0.2k-19.el7.x86_64 2020-05-20 13:38:58 Found package: openssl-devel,1.0.2k-19.el7.x86_64 2020-05-20 13:38:58 Found package: openssl-libs,1.0.2k-19.el7.x86_64 2020-05-20 13:38:58 Found package: openstack-ansible,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-galera_client,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-galera_server,17.0.2-1.el7.centos.ta.2.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-haproxy_server,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-memcached_server,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-openstack_openrc,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-os_ironic,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-os_keystone,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-plugins,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-rabbitmq_server,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ansible-rsyslog_client,17.0.2-1.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: openstack-ironic-api,10.1.4-1.el7.centos.ta.2.noarch 2020-05-20 13:38:58 Found package: openstack-ironic-common,10.1.4-1.el7.centos.ta.2.noarch 2020-05-20 13:38:58 Found package: openstack-ironic-conductor,10.1.4-1.el7.centos.ta.2.noarch 2020-05-20 13:38:58 Found package: openstack-ironic-inspector,7.2.4-1.el7.noarch 2020-05-20 13:38:58 Found package: openstack-keystone,13.0.2-2.el7.noarch 2020-05-20 13:38:58 Found package: openvswitch,2.11.0-3.el7.x86_64 2020-05-20 13:38:58 Found package: os-net-config,10.4.1-0.20191003.14e46a5.el7.centos.ta.1.noarch 2020-05-20 13:38:58 Found package: os-prober,1.58-9.el7.x86_64 2020-05-20 13:38:58 Found package: p11-kit,0.23.5-3.el7.x86_64 2020-05-20 13:38:58 Found package: p11-kit-trust,0.23.5-3.el7.x86_64 2020-05-20 13:38:58 Found package: pam,1.1.8-23.el7.x86_64 2020-05-20 13:38:58 Found package: parted,3.1-32.el7.x86_64 2020-05-20 13:38:58 Found package: partfs_rootdisk,c3.g821dc53-1.el7.centos.ta.noarch 2020-05-20 13:38:58 Found package: passwd,0.79-6.el7.x86_64 2020-05-20 13:38:58 Found package: pciutils,3.5.1-3.el7.x86_64 2020-05-20 13:38:58 Found package: pciutils-libs,3.5.1-3.el7.x86_64 2020-05-20 13:38:58 Found package: pcre,8.32-17.el7.x86_64 2020-05-20 13:38:58 Found package: pcre-devel,8.32-17.el7.x86_64 2020-05-20 13:38:58 Found package: perl,5.16.3-295.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Carp,1.26-244.el7.noarch 2020-05-20 13:38:58 Found package: perl-Compress-Raw-Bzip2,2.061-3.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Compress-Raw-Zlib,2.061-4.el7.x86_64 2020-05-20 13:38:58 Found package: perl-DBD-MySQL,4.023-6.el7.x86_64 2020-05-20 13:38:58 Found package: perl-DBI,1.627-4.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Data-Dumper,2.145-3.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Encode,2.51-7.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Error,0.17020-2.el7.noarch 2020-05-20 13:38:58 Found package: perl-Exporter,5.68-3.el7.noarch 2020-05-20 13:38:58 Found package: perl-File-Path,2.09-2.el7.noarch 2020-05-20 13:38:58 Found package: perl-File-Temp,0.23.01-3.el7.noarch 2020-05-20 13:38:58 Found package: perl-Filter,1.49-3.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Getopt-Long,2.40-3.el7.noarch 2020-05-20 13:38:58 Found package: perl-Git,1.8.3.1-22.el7_8.noarch 2020-05-20 13:38:58 Found package: perl-HTTP-Tiny,0.033-3.el7.noarch 2020-05-20 13:38:58 Found package: perl-IO-Compress,2.061-2.el7.noarch 2020-05-20 13:38:58 Found package: perl-Net-Daemon,0.48-5.el7.noarch 2020-05-20 13:38:58 Found package: perl-PathTools,3.40-5.el7.x86_64 2020-05-20 13:38:58 Found package: perl-PlRPC,0.2020-14.el7.noarch 2020-05-20 13:38:58 Found package: perl-Pod-Escapes,1.04-295.el7.noarch 2020-05-20 13:38:58 Found package: perl-Pod-Perldoc,3.20-4.el7.noarch 2020-05-20 13:38:58 Found package: perl-Pod-Simple,3.28-4.el7.noarch 2020-05-20 13:38:58 Found package: perl-Pod-Usage,1.63-3.el7.noarch 2020-05-20 13:38:58 Found package: perl-Scalar-List-Utils,1.27-248.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Socket,2.010-5.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Storable,2.45-3.el7.x86_64 2020-05-20 13:38:58 Found package: perl-TermReadKey,2.30-20.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Text-ParseWords,3.29-4.el7.noarch 2020-05-20 13:38:58 Found package: perl-Time-HiRes,1.9725-3.el7.x86_64 2020-05-20 13:38:58 Found package: perl-Time-Local,1.2300-2.el7.noarch 2020-05-20 13:38:58 Found package: perl-constant,1.27-2.el7.noarch 2020-05-20 13:38:58 Found package: perl-libs,5.16.3-295.el7.x86_64 2020-05-20 13:38:58 Found package: perl-macros,5.16.3-295.el7.x86_64 2020-05-20 13:38:58 Found package: perl-parent,0.225-244.el7.noarch 2020-05-20 13:38:58 Found package: perl-podlators,2.5.1-3.el7.noarch 2020-05-20 13:38:58 Found package: perl-threads,1.87-4.el7.x86_64 2020-05-20 13:38:58 Found package: perl-threads-shared,1.43-6.el7.x86_64 2020-05-20 13:38:58 Found package: pinentry,0.8.1-17.el7.x86_64 2020-05-20 13:38:58 Found package: pkgconfig,0.27.1-4.el7.x86_64 2020-05-20 13:38:58 Found package: policycoreutils,2.5-34.el7.x86_64 2020-05-20 13:38:58 Found package: policycoreutils-python,2.5-34.el7.x86_64 2020-05-20 13:38:58 Found package: polkit,0.112-26.el7.x86_64 2020-05-20 13:38:58 Found package: polkit-pkla-compat,0.1-4.el7.x86_64 2020-05-20 13:38:58 Found package: popt,1.13-16.el7.x86_64 2020-05-20 13:38:58 Found package: procps-ng,3.3.10-27.el7.x86_64 2020-05-20 13:38:58 Found package: product-manifest,237-1.el7.centos.ta.noarch 2020-05-20 13:38:58 Found package: psmisc,22.20-16.el7.x86_64 2020-05-20 13:38:58 Found package: pth,2.0.7-23.el7.x86_64 2020-05-20 13:38:58 Found package: pygpgme,0.3-9.el7.x86_64 2020-05-20 13:38:58 Found package: pyliblzma,0.5.3-11.el7.x86_64 2020-05-20 13:38:58 Found package: pysendfile,2.0.0-5.el7.x86_64 2020-05-20 13:38:58 Found package: pyserial,2.6-6.el7.noarch 2020-05-20 13:38:58 Found package: python,2.7.5-88.el7.x86_64 2020-05-20 13:38:58 Found package: python-IPy,0.75-6.el7.noarch 2020-05-20 13:38:58 Found package: python-UcsSdk,0.8.2.5-1.el7.noarch 2020-05-20 13:38:58 Found package: python-aniso8601,0.82-3.el7.noarch 2020-05-20 13:38:58 Found package: python-anyjson,0.3.3-3.el7.noarch 2020-05-20 13:38:58 Found package: python-backports,1.0-8.el7.x86_64 2020-05-20 13:38:58 Found package: python-backports-ssl_match_hostname,3.5.0.1-1.el7.noarch 2020-05-20 13:38:58 Found package: python-beaker,1.5.4-10.el7.noarch 2020-05-20 13:38:58 Found package: python-beautifulsoup4,4.6.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python-cephfs,12.2.11-0.el7.x86_64 2020-05-20 13:38:58 Found package: python-chardet,2.2.1-3.el7.noarch 2020-05-20 13:38:58 Found package: python-cherrypy,3.2.2-4.el7.noarch 2020-05-20 13:38:58 Found package: python-cmd2,0.6.8-8.el7.noarch 2020-05-20 13:38:58 Found package: python-configobj,4.7.2-7.el7.noarch 2020-05-20 13:38:58 Found package: python-configparser,3.5.0b2-1.el7.noarch 2020-05-20 13:38:58 Found package: python-construct,2.8.10-1.el7.noarch 2020-05-20 13:38:58 Found package: python-contextlib2,0.5.1-3.el7.noarch 2020-05-20 13:38:58 Found package: python-decorator,3.4.0-3.el7.noarch 2020-05-20 13:38:58 Found package: python-django-bash-completion,1.11.27-1.el7.noarch 2020-05-20 13:38:58 Found package: python-dns,1.15.0-5.el7.noarch 2020-05-20 13:38:58 Found package: python-dogpile-cache,0.6.2-1.el7.noarch 2020-05-20 13:38:58 Found package: python-dogpile-core,0.4.1-2.el7.noarch 2020-05-20 13:38:58 Found package: python-dracclient,1.6.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python-editor,0.4-4.el7.noarch 2020-05-20 13:38:58 Found package: python-enum34,1.0.4-1.el7.noarch 2020-05-20 13:38:58 Found package: python-flask,0.10.1-5.el7_7.noarch 2020-05-20 13:38:58 Found package: python-gobject-base,3.22.0-1.el7_4.1.x86_64 2020-05-20 13:38:58 Found package: python-httplib2,0.9.2-1.el7.noarch 2020-05-20 13:38:58 Found package: python-ilorest-library,v2.3.1.29.gf6dae68-1.el7.centos.ta.1.x86_64 2020-05-20 13:38:58 Found package: python-iniparse,0.4-9.el7.noarch 2020-05-20 13:38:58 Found package: python-inotify,0.9.4-4.el7.noarch 2020-05-20 13:38:58 Found package: python-ipaddr,2.1.11-2.el7.noarch 2020-05-20 13:38:58 Found package: python-ipaddress,1.0.16-3.el7.noarch 2020-05-20 13:38:58 Found package: python-ironic-inspector-client,3.1.2-1.el7.noarch 2020-05-20 13:38:58 Found package: python-ironic-lib,2.12.3-1.el7.noarch 2020-05-20 13:38:58 Found package: python-itsdangerous,0.23-2.el7.noarch 2020-05-20 13:38:58 Found package: python-jsonpath-rw,1.2.3-2.el7.noarch 2020-05-20 13:38:58 Found package: python-jwcrypto,0.4.2-1.el7.noarch 2020-05-20 13:38:58 Found package: python-kazoo,2.2.1-1.el7.noarch 2020-05-20 13:38:58 Found package: python-keyring,5.7.1-1.el7.noarch 2020-05-20 13:38:58 Found package: python-keystone,13.0.2-2.el7.noarch 2020-05-20 13:38:58 Found package: python-kitchen,1.1.1-5.el7.noarch 2020-05-20 13:38:58 Found package: python-ldap,2.4.15-2.el7.x86_64 2020-05-20 13:38:58 Found package: python-ldappool,1.0-4.el7.noarch 2020-05-20 13:38:58 Found package: python-libs,2.7.5-88.el7.x86_64 2020-05-20 13:38:58 Found package: python-linecache2,1.0.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python-linux-procfs,0.4.11-4.el7.noarch 2020-05-20 13:38:58 Found package: python-logutils,0.3.3-3.el7.noarch 2020-05-20 13:38:58 Found package: python-lxml,3.2.1-4.el7.x86_64 2020-05-20 13:38:58 Found package: python-mako,0.8.1-2.el7.noarch 2020-05-20 13:38:58 Found package: python-memcached,1.58-1.el7.noarch 2020-05-20 13:38:58 Found package: python-migrate,0.11.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python-monotonic,0.6-1.el7.noarch 2020-05-20 13:38:58 Found package: python-netifaces,0.10.4-3.el7.x86_64 2020-05-20 13:38:58 Found package: python-openstackclient-lang,3.14.3-1.el7.noarch 2020-05-20 13:38:58 Found package: python-oslo-cache-lang,1.28.1-1.el7.noarch 2020-05-20 13:38:58 Found package: python-oslo-concurrency-lang,3.25.1-1.el7.noarch 2020-05-20 13:38:58 Found package: python-oslo-db-lang,4.33.4-1.el7.noarch 2020-05-20 13:38:58 Found package: python-oslo-i18n-lang,3.19.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python-oslo-log-lang,3.36.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python-oslo-middleware-lang,3.34.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python-oslo-policy-lang,1.33.2-1.el7.noarch 2020-05-20 13:38:58 Found package: python-oslo-utils-lang,3.35.1-1.el7.noarch 2020-05-20 13:38:58 Found package: python-oslo-versionedobjects-lang,1.31.3-1.el7.noarch 2020-05-20 13:38:58 Found package: python-paramiko,2.1.1-9.el7.noarch 2020-05-20 13:38:58 Found package: python-paste,1.7.5.1-9.20111221hg1498.el7.noarch 2020-05-20 13:38:58 Found package: python-paste-deploy,1.5.2-6.el7.noarch 2020-05-20 13:38:58 Found package: python-perf,4.14.119-200.el7.x86_64 2020-05-20 13:38:58 Found package: python-ply,3.4-11.el7.noarch 2020-05-20 13:38:58 Found package: python-prettytable,0.7.2-3.el7.noarch 2020-05-20 13:38:58 Found package: python-proliantutils,2.5.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python-pycadf-common,2.7.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python-pycparser,2.14-1.el7.noarch 2020-05-20 13:38:58 Found package: python-pycurl,7.19.0-19.el7.x86_64 2020-05-20 13:38:58 Found package: python-pyudev,0.15-9.el7.noarch 2020-05-20 13:38:58 Found package: python-rados,12.2.11-0.el7.x86_64 2020-05-20 13:38:58 Found package: python-rbd,12.2.11-0.el7.x86_64 2020-05-20 13:38:58 Found package: python-repoze-lru,0.4-3.el7.noarch 2020-05-20 13:38:58 Found package: python-repoze-who,2.1-1.el7.noarch 2020-05-20 13:38:58 Found package: python-retrying,1.2.3-4.el7.noarch 2020-05-20 13:38:58 Found package: python-rgw,12.2.11-0.el7.x86_64 2020-05-20 13:38:58 Found package: python-routes,2.4.1-1.el7.noarch 2020-05-20 13:38:58 Found package: python-schedutils,0.4-6.el7.x86_64 2020-05-20 13:38:58 Found package: python-simplegeneric,0.8-7.el7.noarch 2020-05-20 13:38:58 Found package: python-sqlparse,0.1.18-5.el7.noarch 2020-05-20 13:38:58 Found package: python-tempita,0.5.1-8.el7.noarch 2020-05-20 13:38:58 Found package: python-testtools,1.8.0-2.el7.noarch 2020-05-20 13:38:58 Found package: python-unicodecsv,0.14.1-4.el7.noarch 2020-05-20 13:38:58 Found package: python-unittest2,1.1.0-4.el7.noarch 2020-05-20 13:38:58 Found package: python-urlgrabber,3.10-10.el7.noarch 2020-05-20 13:38:58 Found package: python-waitress,0.8.9-5.el7.noarch 2020-05-20 13:38:58 Found package: python-warlock,1.0.1-1.el7.noarch 2020-05-20 13:38:58 Found package: python-webob,1.7.2-1.el7.noarch 2020-05-20 13:38:58 Found package: python-webtest,2.0.23-1.el7.noarch 2020-05-20 13:38:58 Found package: python-werkzeug,0.9.1-2.el7.noarch 2020-05-20 13:38:58 Found package: python-wrapt,1.10.8-2.el7.x86_64 2020-05-20 13:38:58 Found package: python-zope-interface,4.0.5-4.el7.x86_64 2020-05-20 13:38:58 Found package: python2-PyMySQL,0.9.2-2.el7.noarch 2020-05-20 13:38:58 Found package: python2-alembic,0.9.7-1.el7.noarch 2020-05-20 13:38:58 Found package: python2-amqp,2.4.0-1.el7.noarch 2020-05-20 13:38:58 Found package: python2-appdirs,1.4.0-4.el7.noarch 2020-05-20 13:38:58 Found package: python2-asn1crypto,0.24.0-7.el7.noarch 2020-05-20 13:38:59 Found package: python2-automaton,1.14.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-babel,2.3.4-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-bcrypt,3.1.6-2.el7.x86_64 2020-05-20 13:38:59 Found package: python2-cachetools,2.0.1-3.el7.noarch 2020-05-20 13:38:59 Found package: python2-cffi,1.11.2-1.el7.x86_64 2020-05-20 13:38:59 Found package: python2-cinderclient,3.5.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-cliff,2.11.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-crypto,2.6.1-16.el7.x86_64 2020-05-20 13:38:59 Found package: python2-cryptography,2.1.4-2.el7.x86_64 2020-05-20 13:38:59 Found package: python2-dateutil,2.6.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-debtcollector,1.19.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-deprecation,1.0-3.el7.noarch 2020-05-20 13:38:59 Found package: python2-django,1.11.27-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-eventlet,0.20.1-6.el7.noarch 2020-05-20 13:38:59 Found package: python2-extras,1.0.0-2.el7.noarch 2020-05-20 13:38:59 Found package: python2-fasteners,0.14.1-6.el7.noarch 2020-05-20 13:38:59 Found package: python2-fixtures,3.0.0-7.el7.noarch 2020-05-20 13:38:59 Found package: python2-flask-restful,0.3.5-4.el7.noarch 2020-05-20 13:38:59 Found package: python2-funcsigs,1.0.2-4.el7.noarch 2020-05-20 13:38:59 Found package: python2-futures,3.1.1-5.el7.noarch 2020-05-20 13:38:59 Found package: python2-futurist,1.6.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-glanceclient,2.10.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-greenlet,0.4.12-1.el7.x86_64 2020-05-20 13:38:59 Found package: python2-idna,2.5-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-ironicclient,2.2.1-1.el7.centos.ta.noarch 2020-05-20 13:38:59 Found package: python2-iso8601,0.1.11-8.el7.noarch 2020-05-20 13:38:59 Found package: python2-jinja2,2.10-2.el7.noarch 2020-05-20 13:38:59 Found package: python2-jmespath,0.9.0-5.el7.noarch 2020-05-20 13:38:59 Found package: python2-jsonpatch,1.21-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-jsonpointer,1.10-4.el7.noarch 2020-05-20 13:38:59 Found package: python2-jsonschema,2.6.0-2.el7.noarch 2020-05-20 13:38:59 Found package: python2-keystoneauth1,3.4.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-keystoneclient,3.15.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-keystonemiddleware,4.21.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-kombu,4.2.2-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-markupsafe,0.23-16.el7.x86_64 2020-05-20 13:38:59 Found package: python2-mimeparse,1.6.0-5.el7.noarch 2020-05-20 13:38:59 Found package: python2-mock,2.0.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-msgpack,0.5.6-5.el7.x86_64 2020-05-20 13:38:59 Found package: python2-munch,2.2.0-2.el7.noarch 2020-05-20 13:38:59 Found package: python2-netaddr,0.7.19-5.el7.noarch 2020-05-20 13:38:59 Found package: python2-neutronclient,6.7.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-novaclient,10.1.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oauthlib,2.0.1-8.el7.noarch 2020-05-20 13:38:59 Found package: python2-openstackclient,3.14.3-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-openstacksdk,0.11.3-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-os-client-config,1.29.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-os-service-types,1.1.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-os-traits,0.5.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-osc-lib,1.9.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-cache,1.28.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-concurrency,3.25.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-config,5.2.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-context,2.20.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-db,4.33.4-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-i18n,3.19.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-log,3.36.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-messaging,5.35.5-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-middleware,3.34.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-policy,1.33.2-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-reports,1.26.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-rootwrap,5.13.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-serialization,2.24.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-service,1.29.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-utils,3.35.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-oslo-versionedobjects,1.31.3-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-osprofiler,1.15.2-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-passlib,1.7.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-pbr,3.1.1-8.el7.noarch 2020-05-20 13:38:59 Found package: python2-pecan,1.1.2-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-peewee,2.10.2-3.el7.centos.ta.x86_64 2020-05-20 13:38:59 Found package: python2-pika,0.10.0-10.el7.noarch 2020-05-20 13:38:59 Found package: python2-pika_pool,0.1.3-3.el7.noarch 2020-05-20 13:38:59 Found package: python2-pip,8.1.2-12.el7.noarch 2020-05-20 13:38:59 Found package: python2-psutil,5.6.7-1.el7.x86_64 2020-05-20 13:38:59 Found package: python2-pyOpenSSL,17.3.0-3.el7.noarch 2020-05-20 13:38:59 Found package: python2-pyasn1,0.1.9-7.el7.noarch 2020-05-20 13:38:59 Found package: python2-pycadf,2.7.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-pyghmi,1.0.22-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-pyngus,2.3.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-pyparsing,2.1.10-7.el7.noarch 2020-05-20 13:38:59 Found package: python2-pysaml2,3.0.2-2.el7.noarch 2020-05-20 13:38:59 Found package: python2-pysnmp,4.3.2-3.el7.noarch 2020-05-20 13:38:59 Found package: python2-pysocks,1.6.8-6.el7.noarch 2020-05-20 13:38:59 Found package: python2-python-etcd,0.4.3-5.el7.noarch 2020-05-20 13:38:59 Found package: python2-qpid-proton,0.29.0-1.el7.x86_64 2020-05-20 13:38:59 Found package: python2-redis,2.10.6-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-requests,2.14.2-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-requestsexceptions,1.4.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-rfc3986,1.3.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-scciclient,0.6.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-scrypt,0.8.0-2.el7.x86_64 2020-05-20 13:38:59 Found package: python2-setuptools,22.0.5-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-shade,1.27.2-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-simplejson,3.10.0-2.el7.x86_64 2020-05-20 13:38:59 Found package: python2-singledispatch,3.4.0.3-4.el7.noarch 2020-05-20 13:38:59 Found package: python2-six,1.10.0-9.el7.noarch 2020-05-20 13:38:59 Found package: python2-sqlalchemy,1.2.2-2.el7.x86_64 2020-05-20 13:38:59 Found package: python2-statsd,3.2.1-5.el7.noarch 2020-05-20 13:38:59 Found package: python2-stevedore,1.28.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-sushy,1.3.3-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-swiftclient,3.5.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-tenacity,4.8.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-tooz,1.60.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-traceback2,1.4.0-7.el7.noarch 2020-05-20 13:38:59 Found package: python2-urllib3,1.21.1-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-vine,1.2.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-virtualbmc,1.2.0-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-voluptuous,0.10.5-2.el7.noarch 2020-05-20 13:38:59 Found package: python2-wsme,0.9.3-1.el7.noarch 2020-05-20 13:38:59 Found package: python2-zake,0.2.2-2.el7.noarch 2020-05-20 13:38:59 Found package: pytz,2016.10-2.el7.noarch 2020-05-20 13:38:59 Found package: pyxattr,0.5.1-5.el7.x86_64 2020-05-20 13:38:59 Found package: qemu-guest-agent,2.12.0-3.el7.x86_64 2020-05-20 13:38:59 Found package: qemu-img-ev,2.12.0-18.el7_6.7.1.x86_64 2020-05-20 13:38:59 Found package: qemu-kvm-common-ev,2.12.0-18.el7_6.7.1.x86_64 2020-05-20 13:38:59 Found package: qpid-proton-c,0.29.0-1.el7.x86_64 2020-05-20 13:38:59 Found package: qrencode-libs,3.4.1-3.el7.x86_64 2020-05-20 13:38:59 Found package: quota,4.01-19.el7.x86_64 2020-05-20 13:38:59 Found package: quota-nls,4.01-19.el7.noarch 2020-05-20 13:38:59 Found package: rabbitmq-server,3.6.16-1.el7.noarch 2020-05-20 13:38:59 Found package: rdma-core,22.4-2.el7_8.x86_64 2020-05-20 13:38:59 Found package: readline,6.2-11.el7.x86_64 2020-05-20 13:38:59 Found package: recuserconfighandlers,c32.ge8deeb0-1.el7.centos.ta.noarch 2020-05-20 13:38:59 Found package: redis,3.2.12-2.el7.x86_64 2020-05-20 13:38:59 Found package: rootfiles,8.1-11.el7.noarch 2020-05-20 13:38:59 Found package: rpcbind,0.2.0-49.el7.x86_64 2020-05-20 13:38:59 Found package: rpm,4.11.3-43.el7.x86_64 2020-05-20 13:38:59 Found package: rpm-build-libs,4.11.3-43.el7.x86_64 2020-05-20 13:38:59 Found package: rpm-libs,4.11.3-43.el7.x86_64 2020-05-20 13:38:59 Found package: rpm-python,4.11.3-43.el7.x86_64 2020-05-20 13:38:59 Found package: rsync,3.1.2-10.el7.x86_64 2020-05-20 13:38:59 Found package: rsyslog,8.24.0-52.el7.x86_64 2020-05-20 13:38:59 Found package: sed,4.2.2-6.el7.x86_64 2020-05-20 13:38:59 Found package: selinux-policy,3.13.1-266.el7.noarch 2020-05-20 13:38:59 Found package: selinux-policy-targeted,3.13.1-266.el7.noarch 2020-05-20 13:38:59 Found package: setools-libs,3.3.8-4.el7.x86_64 2020-05-20 13:38:59 Found package: setup,2.8.71-11.el7.noarch 2020-05-20 13:38:59 Found package: sg3_utils,1.37-19.el7.x86_64 2020-05-20 13:38:59 Found package: sg3_utils-libs,1.37-19.el7.x86_64 2020-05-20 13:38:59 Found package: shadow-utils,4.6-5.el7.x86_64 2020-05-20 13:38:59 Found package: shared-mime-info,1.8-5.el7.x86_64 2020-05-20 13:38:59 Found package: slang,2.2.4-11.el7.x86_64 2020-05-20 13:38:59 Found package: snappy,1.1.0-3.el7.x86_64 2020-05-20 13:38:59 Found package: socat,1.7.3.2-2.el7.x86_64 2020-05-20 13:38:59 Found package: sqlite,3.7.17-8.el7_7.1.x86_64 2020-05-20 13:38:59 Found package: sshpass,1.06-2.el7.x86_64 2020-05-20 13:38:59 Found package: start-menu,c2.gb375099-1.el7.centos.ta.noarch 2020-05-20 13:38:59 Found package: sudo,1.8.23-9.el7.x86_64 2020-05-20 13:38:59 Found package: systemd,219-73.el7_8.6.x86_64 2020-05-20 13:38:59 Found package: systemd-libs,219-73.el7_8.6.x86_64 2020-05-20 13:38:59 Found package: systemd-sysv,219-73.el7_8.6.x86_64 2020-05-20 13:38:59 Found package: sysvinit-tools,2.88-14.dsf.el7.x86_64 2020-05-20 13:38:59 Found package: tar,1.26-35.el7.x86_64 2020-05-20 13:38:59 Found package: tcp_wrappers,7.6-77.el7.x86_64 2020-05-20 13:38:59 Found package: tcp_wrappers-libs,7.6-77.el7.x86_64 2020-05-20 13:38:59 Found package: tcpdump,4.9.2-4.el7_7.1.x86_64 2020-05-20 13:38:59 Found package: traceroute,2.0.22-2.el7.x86_64 2020-05-20 13:38:59 Found package: trousers,0.3.14-2.el7.x86_64 2020-05-20 13:38:59 Found package: tuned,2.11.0-8.el7.noarch 2020-05-20 13:38:59 Found package: tzdata,2020a-1.el7.noarch 2020-05-20 13:38:59 Found package: unbound-libs,1.6.6-3.el7.x86_64 2020-05-20 13:38:59 Found package: urw-base35-bookman-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-c059-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-d050000l-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-fonts-common,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-gothic-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-nimbus-mono-ps-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-nimbus-roman-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-nimbus-sans-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-p052-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-standard-symbols-ps-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: urw-base35-z003-fonts,20170801-10.el7.noarch 2020-05-20 13:38:59 Found package: userconfighandlers,c32.ge8deeb0-1.el7.centos.ta.noarch 2020-05-20 13:38:59 Found package: userspace-rcu,0.10.0-3.el7.x86_64 2020-05-20 13:38:59 Found package: ustr,1.0.4-16.el7.x86_64 2020-05-20 13:38:59 Found package: util-linux,2.23.2-63.el7.x86_64 2020-05-20 13:38:59 Found package: uwsgi,2.0.17.1-2.el7.x86_64 2020-05-20 13:38:59 Found package: uwsgi-plugin-common,2.0.17.1-2.el7.x86_64 2020-05-20 13:38:59 Found package: uwsgi-plugin-python2,2.0.17.1-2.el7.x86_64 2020-05-20 13:38:59 Found package: validators,c32.ge8deeb0-1.el7.centos.ta.noarch 2020-05-20 13:38:59 Found package: vim-common,7.4.629-6.el7.x86_64 2020-05-20 13:38:59 Found package: vim-enhanced,7.4.629-6.el7.x86_64 2020-05-20 13:38:59 Found package: vim-filesystem,7.4.629-6.el7.x86_64 2020-05-20 13:38:59 Found package: vim-minimal,7.4.629-6.el7.x86_64 2020-05-20 13:38:59 Found package: virt-what,1.18-4.el7.x86_64 2020-05-20 13:38:59 Found package: wget,1.14-18.el7_6.1.x86_64 2020-05-20 13:38:59 Found package: which,2.20-7.el7.x86_64 2020-05-20 13:38:59 Found package: xfsprogs,4.5.0-20.el7.x86_64 2020-05-20 13:38:59 Found package: xinetd,2.3.15-14.el7.x86_64 2020-05-20 13:38:59 Found package: xorg-x11-font-utils,7.5-21.el7.x86_64 2020-05-20 13:38:59 Found package: xorg-x11-server-utils,7.7-20.el7.x86_64 2020-05-20 13:38:59 Found package: xz,5.2.2-1.el7.x86_64 2020-05-20 13:38:59 Found package: xz-libs,5.2.2-1.el7.x86_64 2020-05-20 13:38:59 Found package: yajl,2.0.4-4.el7.x86_64 2020-05-20 13:38:59 Found package: yaml-cpp,0.5.1-2.el7.x86_64 2020-05-20 13:38:59 Found package: yarf,c2.g51e80b4-1.el7.centos.ta.x86_64 2020-05-20 13:38:59 Found package: yum,3.4.3-167.el7.centos.noarch 2020-05-20 13:38:59 Found package: yum-metadata-parser,1.1.4-10.el7.x86_64 2020-05-20 13:38:59 Found package: yum-plugin-fastestmirror,1.1.31-54.el7_8.noarch 2020-05-20 13:38:59 Found package: yum-plugin-priorities,1.1.31-54.el7_8.noarch 2020-05-20 13:38:59 Found package: yum-utils,1.1.31-54.el7_8.noarch 2020-05-20 13:38:59 Found package: zlib,1.2.7-18.el7.x86_64 2020-05-20 13:38:59 Found package: zlib-devel,1.2.7-18.el7.x86_64 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7310 (Checking package list with pacman) 2020-05-20 13:38:59 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7312 (Checking available updates for pacman based system) 2020-05-20 13:38:59 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:59 Result: pacman binary NOT found on this system, test skipped 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7314 (Checking pacman configuration options) 2020-05-20 13:38:59 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7320 (Checking for arch-audit tooling) 2020-05-20 13:38:59 Reason to skip: Test only applies to Arch Linux 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7322 (Discover vulnerable packages with arch-audit) 2020-05-20 13:38:59 Reason to skip: arch-audit not found 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7328 (Querying Zypper for installed packages) 2020-05-20 13:38:59 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7330 (Querying Zypper for vulnerable packages) 2020-05-20 13:38:59 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7332 (Query macOS ports) 2020-05-20 13:38:59 Reason to skip: Incorrect guest OS (macOS only) 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7334 (Query port for port upgrades) 2020-05-20 13:38:59 Reason to skip: Incorrect guest OS (macOS only) 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7345 (Querying dpkg) 2020-05-20 13:38:59 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:59 Result: dpkg can NOT be found on this system, test skipped 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7346 (Search unpurged packages on system) 2020-05-20 13:38:59 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:59 Result: dpkg can NOT be found on this system, test skipped 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7348 (Check for old distfiles) 2020-05-20 13:38:59 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7350 (Checking for installed packages with DNF utility) 2020-05-20 13:38:59 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:38:59 ==== 2020-05-20 13:38:59 Skipped test PKGS-7352 (Checking for security updates with DNF utility) 2020-05-20 13:38:59 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:00 ==== 2020-05-20 13:39:00 Skipped test PKGS-7354 (Checking package database integrity) 2020-05-20 13:39:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:00 ==== 2020-05-20 13:39:00 Skipped test PKGS-7366 (Checking for debsecan utility) 2020-05-20 13:39:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:00 ==== 2020-05-20 13:39:00 Skipped test PKGS-7370 (Checking for debsums utility) 2020-05-20 13:39:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:00 ==== 2020-05-20 13:39:00 Skipped test PKGS-7378 (Query portmaster for port upgrades) 2020-05-20 13:39:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:00 ==== 2020-05-20 13:39:00 Skipped test PKGS-7380 (Check for vulnerable NetBSD packages) 2020-05-20 13:39:00 Reason to skip: Incorrect guest OS (NetBSD only) 2020-05-20 13:39:00 ==== 2020-05-20 13:39:00 Skipped test PKGS-7381 (Check for vulnerable FreeBSD packages with pkg) 2020-05-20 13:39:00 Reason to skip: pkg tool not available 2020-05-20 13:39:00 ==== 2020-05-20 13:39:00 Skipped test PKGS-7382 (Check for vulnerable FreeBSD packages with portaudit) 2020-05-20 13:39:00 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:00 ==== 2020-05-20 13:39:00 Performing test ID PKGS-7383 (Check for YUM package update management) 2020-05-20 13:39:00 Test: YUM package update management 2020-05-20 13:39:01 Result: YUM repository available (11288) 2020-05-20 13:39:01 ==== 2020-05-20 13:39:01 Performing test ID PKGS-7384 (Check for YUM utils package) 2020-05-20 13:39:01 Result: found YUM utils package (package-cleanup) 2020-05-20 13:39:01 Test: Checking for duplicate packages 2020-05-20 13:39:02 Result: No duplicate packages found 2020-05-20 13:39:02 Test: Checking for database problems 2020-05-20 13:39:02 Result: No package database problems found 2020-05-20 13:39:02 ==== 2020-05-20 13:39:02 Performing test ID PKGS-7386 (Check for YUM security package) 2020-05-20 13:39:02 Test: Determining if yum-security package installed 2020-05-20 13:39:02 Test: checking if file /usr/share/yum-cli/cli.py exists 2020-05-20 13:39:02 Result: file /usr/share/yum-cli/cli.py exists 2020-05-20 13:39:02 Test: search string \-\-security in file /usr/share/yum-cli/cli.py 2020-05-20 13:39:02 Result: found search string '\-\-security' 2020-05-20 13:39:02 Full string returned: group.add_option("--security", action="store_true", 2020-05-20 13:39:02 Result: found built-in security in yum 2020-05-20 13:39:02 Test: Checking for vulnerable packages 2020-05-20 13:39:04 Result: no vulnerable packages found 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Performing test ID PKGS-7387 (Check for GPG signing in YUM security package) 2020-05-20 13:39:04 Test: checking enabled repositories 2020-05-20 13:39:04 Result: software repository 'base' is signed 2020-05-20 13:39:04 Hardening: assigned maximum number of hardening points for this item (4). Currently having 152 points (out of 188) 2020-05-20 13:39:04 Result: software repository 'elrepo' is signed 2020-05-20 13:39:04 Hardening: assigned maximum number of hardening points for this item (4). Currently having 156 points (out of 192) 2020-05-20 13:39:04 Result: software repository 'extras' is signed 2020-05-20 13:39:04 Hardening: assigned maximum number of hardening points for this item (4). Currently having 160 points (out of 196) 2020-05-20 13:39:04 Result: software repository 'updates' is signed 2020-05-20 13:39:04 Hardening: assigned maximum number of hardening points for this item (4). Currently having 164 points (out of 200) 2020-05-20 13:39:04 Test: checking if file /etc/yum.conf exists 2020-05-20 13:39:04 Result: file /etc/yum.conf exists 2020-05-20 13:39:04 Test: search string ^gpgenabled\s*=\s*1$ in file /etc/yum.conf 2020-05-20 13:39:04 Result: search search string '^gpgenabled\s*=\s*1$' NOT found 2020-05-20 13:39:04 Test: search string ^gpgcheck\s*=\s*1$ in file /etc/yum.conf 2020-05-20 13:39:04 Result: found search string '^gpgcheck\s*=\s*1$' 2020-05-20 13:39:04 Full string returned: gpgcheck=1 2020-05-20 13:39:04 Result: GPG check is enabled 2020-05-20 13:39:04 Hardening: assigned maximum number of hardening points for this item (3). Currently having 167 points (out of 203) 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Skipped test PKGS-7388 (Check security repository in apt sources.list file) 2020-05-20 13:39:04 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Skipped test PKGS-7390 (Check Ubuntu database consistency) 2020-05-20 13:39:04 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Skipped test PKGS-7392 (Check for Debian/Ubuntu security updates) 2020-05-20 13:39:04 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Skipped test PKGS-7393 (Check for Gentoo vulnerable packages) 2020-05-20 13:39:04 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Skipped test PKGS-7394 (Check for Ubuntu updates) 2020-05-20 13:39:04 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Performing test ID PKGS-7398 (Check for package audit tool) 2020-05-20 13:39:04 Test: checking for package audit tool 2020-05-20 13:39:04 Result: found package audit tool: yum-security 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Performing test ID PKGS-7410 (Count installed kernel packages) 2020-05-20 13:39:04 Test: Checking how many kernel packages are installed 2020-05-20 13:39:04 Result: found 1 kernel packages on the system, which is fine 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Performing test ID PKGS-7420 (Detect toolkit to automatically download and apply upgrades) 2020-05-20 13:39:04 Hardening: assigned partial number of hardening points (1 of 5). Currently having 168 points (out of 208) 2020-05-20 13:39:04 Result: no toolkit for automatic updates discovered 2020-05-20 13:39:04 Suggestion: Consider using a tool to automatically apply upgrades [test:PKGS-7420] [details:-] [solution:-] 2020-05-20 13:39:04 Security check: file is normal 2020-05-20 13:39:04 Checking permissions of /home/cloudadmin/lynis/include/tests_networking 2020-05-20 13:39:04 File permissions are OK 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Action: Performing tests from category: Networking 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Performing test ID NETW-2400 (Hostname length and value check) 2020-05-20 13:39:04 Result: FQDN is defined and not longer than 253 characters (12 characters) 2020-05-20 13:39:04 Result: hostnamed is defined and not longer than 63 characters 2020-05-20 13:39:04 Result: good, no unexpected characters discovered in hostname 2020-05-20 13:39:04 ==== 2020-05-20 13:39:04 Performing test ID NETW-2600 (Checking IPv6 configuration) 2020-05-20 13:39:51 Result: IPV6 mode is auto 2020-05-20 13:39:51 Result: IPv6 only configuration: NO 2020-05-20 13:39:51 ==== 2020-05-20 13:39:51 Performing test ID NETW-2704 (Basic nameserver configuration tests) 2020-05-20 13:39:51 Test: Checking /etc/resolv.conf file 2020-05-20 13:39:51 Result: Found /etc/resolv.conf file 2020-05-20 13:39:51 Test: Querying nameservers 2020-05-20 13:39:51 Found nameserver: 172.29.16.201 2020-05-20 13:39:51 Result: Nameserver test for 172.29.16.201 skipped, 'dig' not installed 2020-05-20 13:39:51 Found nameserver: 172.29.16.204 2020-05-20 13:39:51 Result: Nameserver test for 172.29.16.204 skipped, 'dig' not installed 2020-05-20 13:39:52 Found nameserver: 172.29.16.205 2020-05-20 13:39:52 Result: Nameserver test for 172.29.16.205 skipped, 'dig' not installed 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-2705 (Check availability two nameservers) 2020-05-20 13:39:52 Result: dig not installed, test can't be fully performed 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test NETW-2706 (Check systemd-resolved and upstream DNSSEC status) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 Result: Test most likely skipped due to not having resolvectl 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3001 (Find default gateway (route)) 2020-05-20 13:39:52 Test: Searching default gateway(s) 2020-05-20 13:39:52 Result: Found default gateway 172.28.16.1 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3004 (Search for available network interfaces) 2020-05-20 13:39:52 Found network interface: lo 2020-05-20 13:39:52 Found network interface: enp0s20f0u7u3c2 2020-05-20 13:39:52 Found network interface: eno1 2020-05-20 13:39:52 Found network interface: ens1f0 2020-05-20 13:39:52 Found network interface: ens1f1 2020-05-20 13:39:52 Found network interface: ens11f0 2020-05-20 13:39:52 Found network interface: ens11f1 2020-05-20 13:39:52 Found network interface: bond0 2020-05-20 13:39:52 Found network interface: vlan141@bond0 2020-05-20 13:39:52 Found network interface: vlan142@bond0 2020-05-20 13:39:52 Found network interface: vlan144@bond0 2020-05-20 13:39:52 Found network interface: vlan2001@bond0 2020-05-20 13:39:52 Found network interface: enp179s1f2 2020-05-20 13:39:52 Found network interface: enp179s1f3 2020-05-20 13:39:52 Found network interface: enp179s1f4 2020-05-20 13:39:52 Found network interface: enp179s1f5 2020-05-20 13:39:52 Found network interface: docker0 2020-05-20 13:39:52 Found network interface: enp179s1f6 2020-05-20 13:39:52 Found network interface: enp179s1f7 2020-05-20 13:39:52 Found network interface: enp179s2 2020-05-20 13:39:52 Found network interface: enp179s2f1 2020-05-20 13:39:52 Found network interface: flannel.1 2020-05-20 13:39:52 Found network interface: cni0 2020-05-20 13:39:52 Found network interface: vethbf07b229@if3 2020-05-20 13:39:52 Found network interface: veth0f473779@if3 2020-05-20 13:39:52 Found network interface: vethee523c10@if3 2020-05-20 13:39:52 Found network interface: veth32e67c87@if3 2020-05-20 13:39:52 Found network interface: veth3c272541@if3 2020-05-20 13:39:52 Found network interface: veth06d65032@if3 2020-05-20 13:39:52 Found network interface: veth00b52a23@if3 2020-05-20 13:39:52 Found network interface: veth755a0c9f@if3 2020-05-20 13:39:52 Found network interface: veth3ad44d65@if3 2020-05-20 13:39:52 Found network interface: vethf298ded3@if3 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3006 (Get network MAC addresses) 2020-05-20 13:39:52 Found MAC address: 02:42:2b:24:36:f2 2020-05-20 13:39:52 Found MAC address: 26:1d:b0:f4:35:5b 2020-05-20 13:39:52 Found MAC address: 26:e1:c6:80:55:cc 2020-05-20 13:39:52 Found MAC address: 3a:1a:c9:12:ce:1f 2020-05-20 13:39:52 Found MAC address: 3e:d6:34:41:d5:fc 2020-05-20 13:39:52 Found MAC address: 42:e4:c0:07:40:6c 2020-05-20 13:39:52 Found MAC address: 4e:74:a1:b1:a4:31 2020-05-20 13:39:52 Found MAC address: 5a:69:12:2c:3c:27 2020-05-20 13:39:52 Found MAC address: 62:3d:dd:a7:50:52 2020-05-20 13:39:52 Found MAC address: 76:cf:01:e5:04:0e 2020-05-20 13:39:52 Found MAC address: 7a:9e:34:2c:ec:a9 2020-05-20 13:39:52 Found MAC address: 82:ef:d5:f5:e6:2a 2020-05-20 13:39:52 Found MAC address: 92:23:d2:53:ca:bd 2020-05-20 13:39:52 Found MAC address: 96:9d:a2:61:9c:3d 2020-05-20 13:39:52 Found MAC address: 98:03:9b:8c:56:8c 2020-05-20 13:39:52 Found MAC address: 98:03:9b:8c:56:8d 2020-05-20 13:39:52 Found MAC address: 98:03:9b:8c:64:e6 2020-05-20 13:39:52 Found MAC address: a2:65:69:11:2b:d6 2020-05-20 13:39:52 Found MAC address: a6:23:b5:83:9f:27 2020-05-20 13:39:52 Found MAC address: ce:e4:09:33:df:48 2020-05-20 13:39:52 Found MAC address: d6:6d:0b:5f:76:62 2020-05-20 13:39:52 Found MAC address: d8:c4:97:b5:b9:c9 2020-05-20 13:39:52 Found MAC address: e2:b6:a2:85:55:1d 2020-05-20 13:39:52 Found MAC address: f2:91:51:06:98:d1 2020-05-20 13:39:52 Found MAC address: fa:5f:d1:6a:9c:26 2020-05-20 13:39:52 Found MAC address: fe:d2:6d:87:97:76 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3008 (Get network IP addresses) 2020-05-20 13:39:52 Found IPv4 address: 10.244.2.1 2020-05-20 13:39:52 Found IPv4 address: 172.17.0.1 2020-05-20 13:39:52 Found IPv4 address: 10.244.2.0 2020-05-20 13:39:52 Found IPv4 address: 127.0.0.1 2020-05-20 13:39:52 Found IPv4 address: 172.28.16.201 2020-05-20 13:39:52 Found IPv4 address: 172.31.16.201 2020-05-20 13:39:52 Found IPv4 address: 172.29.16.201 2020-05-20 13:39:52 Found IPv4 address: 172.16.16.2 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3012 (Check listening ports) 2020-05-20 13:39:52 Test: Retrieving ss information to find listening ports 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test NETW-3014 (Checking promiscuous interfaces (BSD)) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3015 (Checking promiscuous interfaces (Linux)) 2020-05-20 13:39:52 Test: Using ip binary to retrieve network interfaces 2020-05-20 13:39:52 Test: Checking all interfaces to discover any with promiscuous mode enabled 2020-05-20 13:39:52 Result: No promiscuous interfaces found 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3028 (Checking connections in WAIT state) 2020-05-20 13:39:52 Test: Using netstat for check for connections in WAIT state 2020-05-20 13:39:52 Result: currently 583 connections are in a waiting state (max configured: 5000). 2020-05-20 13:39:52 Result: 583 connections are in WAIT state 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3030 (Checking DHCP client status) 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'dhclient' not found 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'dhcpcd' not found 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'udhcpc' not found 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3032 (Checking for ARP monitoring software) 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'addrwatch' not found 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'arpwatch' not found 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'arpon' not found 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID NETW-3200 (Determine available network protocols) 2020-05-20 13:39:52 Test: checking the status of some network protocols that typically are not used 2020-05-20 13:39:52 Test: now checking module 'dccp' 2020-05-20 13:39:52 Result: found dccp module disabled via /etc/modprobe.d/dccp.conf 2020-05-20 13:39:52 Test: now checking module 'sctp' 2020-05-20 13:39:52 Suggestion: Determine if protocol 'sctp' is really needed on this system [test:NETW-3200] [details:-] [solution:-] 2020-05-20 13:39:52 Test: now checking module 'rds' 2020-05-20 13:39:52 Suggestion: Determine if protocol 'rds' is really needed on this system [test:NETW-3200] [details:-] [solution:-] 2020-05-20 13:39:52 Test: now checking module 'tipc' 2020-05-20 13:39:52 Suggestion: Determine if protocol 'tipc' is really needed on this system [test:NETW-3200] [details:-] [solution:-] 2020-05-20 13:39:52 Security check: file is normal 2020-05-20 13:39:52 Checking permissions of /home/cloudadmin/lynis/include/tests_printers_spoolers 2020-05-20 13:39:52 File permissions are OK 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Action: Performing tests from category: Printers and Spools 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test PRNT-2302 (Check for printcap consistency) 2020-05-20 13:39:52 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID PRNT-2304 (Check cupsd status) 2020-05-20 13:39:52 Test: Checking cupsd status 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'cupsd' not found 2020-05-20 13:39:52 Result: cups daemon not running, cups daemon tests skipped 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test PRNT-2306 (Check CUPSd configuration file) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test PRNT-2307 (Check CUPSd configuration file permissions) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test PRNT-2308 (Check CUPSd network configuration) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID PRNT-2314 (Check lpd status) 2020-05-20 13:39:52 Test: Checking lpd status 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'lpd' not found 2020-05-20 13:39:52 Result: lp daemon not running 2020-05-20 13:39:52 Hardening: assigned maximum number of hardening points for this item (4). Currently having 172 points (out of 212) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test PRNT-2316 (Checking /etc/qconfig file) 2020-05-20 13:39:52 Reason to skip: Incorrect guest OS (AIX only) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test PRNT-2418 (Checking qdaemon printer spooler status) 2020-05-20 13:39:52 Reason to skip: Incorrect guest OS (AIX only) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test PRNT-2420 (Checking old print jobs) 2020-05-20 13:39:52 Reason to skip: Incorrect guest OS (AIX only) 2020-05-20 13:39:52 Security check: file is normal 2020-05-20 13:39:52 Checking permissions of /home/cloudadmin/lynis/include/tests_mail_messaging 2020-05-20 13:39:52 File permissions are OK 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Action: Performing tests from category: Software: e-mail and messaging 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID MAIL-8802 (Check Exim status) 2020-05-20 13:39:52 Test: check Exim status 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'exim4' not found 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'exim' not found 2020-05-20 13:39:52 Result: no running Exim processes found 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test MAIL-8804 (Exim configuration options) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID MAIL-8814 (Check postfix process status) 2020-05-20 13:39:52 Test: check Postfix status 2020-05-20 13:39:52 Result: no running Postfix processes found 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test MAIL-8816 (Check Postfix configuration) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test MAIL-8817 (Check Postfix configuration errors) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test MAIL-8818 (Check Postfix configuration: banner) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID MAIL-8820 (Postfix configuration scan) 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID MAIL-8838 (Check dovecot process) 2020-05-20 13:39:52 Test: check dovecot status 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'dovecot' not found 2020-05-20 13:39:52 Result: dovecot not found 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID MAIL-8860 (Check Qmail status) 2020-05-20 13:39:52 Test: check Qmail status 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'qmail-smtpd' not found 2020-05-20 13:39:52 Result: no running Qmail processes found 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Performing test ID MAIL-8880 (Check Sendmail status) 2020-05-20 13:39:52 Test: check sendmail status 2020-05-20 13:39:52 Performing pgrep scan without uid 2020-05-20 13:39:52 IsRunning: process 'sendmail' not found 2020-05-20 13:39:52 Result: no running Sendmail processes found 2020-05-20 13:39:52 ==== 2020-05-20 13:39:52 Skipped test MAIL-8920 (Check OpenSMTPD status) 2020-05-20 13:39:52 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:52 Security check: file is normal 2020-05-20 13:39:52 Checking permissions of /home/cloudadmin/lynis/include/tests_firewalls 2020-05-20 13:39:53 File permissions are OK 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Action: Performing tests from category: Software: firewalls 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID FIRE-4502 (Check iptables kernel module) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID FIRE-4508 (Check used policies of iptables chains) 2020-05-20 13:39:53 Test: gathering information from table filter 2020-05-20 13:39:53 Result: iptables \nfilter -- INPUT policy is DROP. 2020-05-20 13:39:53 Result: DROP 2020-05-20 13:39:53 Result: Found DROP for INPUT (table: \nfilter) 2020-05-20 13:39:53 Hardening: assigned maximum number of hardening points for this item (3). Currently having 175 points (out of 215) 2020-05-20 13:39:53 Result: iptables filter -- KUBE policy is SERVICES. 2020-05-20 13:39:53 Result: SERVICES 2020-05-20 13:39:53 Result: iptables filter -- NEW policy is KUBE. 2020-05-20 13:39:53 Result: KUBE 2020-05-20 13:39:53 Result: iptables filter -- EXTERNAL policy is SERVICES. 2020-05-20 13:39:53 Result: SERVICES 2020-05-20 13:39:53 Result: iptables filter -- NEW policy is KUBE. 2020-05-20 13:39:53 Result: KUBE 2020-05-20 13:39:53 Result: iptables filter -- FIREWALL policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- OAM policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- RELATED policy is ESTABLISHED. 2020-05-20 13:39:53 Result: ESTABLISHED 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is SSH. 2020-05-20 13:39:53 Result: SSH 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is NEW. 2020-05-20 13:39:53 Result: NEW 2020-05-20 13:39:53 Result: iptables filter -- ESTABLISHED policy is NEW. 2020-05-20 13:39:53 Result: NEW 2020-05-20 13:39:53 Result: iptables filter -- SET policy is DEFAULT. 2020-05-20 13:39:53 Result: DEFAULT 2020-05-20 13:39:53 Result: iptables filter -- DROP policy is NEW. 2020-05-20 13:39:53 Result: NEW 2020-05-20 13:39:53 Result: iptables filter -- UPDATE policy is DEFAULT. 2020-05-20 13:39:53 Result: DEFAULT 2020-05-20 13:39:53 Result: iptables filter -- DROP policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- ICMP policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- ICMP policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- ICMP policy is TTL. 2020-05-20 13:39:53 Result: TTL 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is ICMP. 2020-05-20 13:39:53 Result: ICMP 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is NTP. 2020-05-20 13:39:53 Result: NTP 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is DNS. 2020-05-20 13:39:53 Result: DNS 2020-05-20 13:39:53 Result: iptables filter -- ESTABLISHED policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- SNMP policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- LOG policy is LOG. 2020-05-20 13:39:53 Result: LOG 2020-05-20 13:39:53 Result: iptables filter -- DROP policy is FORWARD. 2020-05-20 13:39:53 Result: FORWARD 2020-05-20 13:39:53 Result: iptables filter -- DROP policy is KUBE. 2020-05-20 13:39:53 Result: KUBE 2020-05-20 13:39:53 Result: iptables filter -- FORWARD policy is KUBE. 2020-05-20 13:39:53 Result: KUBE 2020-05-20 13:39:53 Result: iptables filter -- SERVICES policy is NEW. 2020-05-20 13:39:53 Result: NEW 2020-05-20 13:39:53 Result: iptables filter -- DOCKER policy is ISOLATION. 2020-05-20 13:39:53 Result: ISOLATION 2020-05-20 13:39:53 Result: iptables filter -- STAGE policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- RELATED policy is ESTABLISHED. 2020-05-20 13:39:53 Result: ESTABLISHED 2020-05-20 13:39:53 Result: iptables filter -- DOCKER policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- OAM policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- RELATED policy is ESTABLISHED. 2020-05-20 13:39:53 Result: ESTABLISHED 2020-05-20 13:39:53 Result: iptables filter -- LOG policy is LOG. 2020-05-20 13:39:53 Result: LOG 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- OUTPUT policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- KUBE policy is SERVICES. 2020-05-20 13:39:53 Result: SERVICES 2020-05-20 13:39:53 Result: iptables filter -- NEW policy is KUBE. 2020-05-20 13:39:53 Result: KUBE 2020-05-20 13:39:53 Result: iptables filter -- FIREWALL policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- NEW policy is ESTABLISHED. 2020-05-20 13:39:53 Result: ESTABLISHED 2020-05-20 13:39:53 Result: iptables filter -- ACCEPT policy is DNS. 2020-05-20 13:39:53 Result: DNS 2020-05-20 13:39:53 Result: iptables filter -- NEW policy is ESTABLISHED. 2020-05-20 13:39:53 Result: ESTABLISHED 2020-05-20 13:39:53 Result: iptables filter -- DOCKER policy is DOCKER. 2020-05-20 13:39:53 Result: DOCKER 2020-05-20 13:39:53 Result: iptables filter -- ISOLATION policy is STAGE. 2020-05-20 13:39:53 Result: STAGE 2020-05-20 13:39:53 Result: iptables filter -- DOCKER policy is ISOLATION. 2020-05-20 13:39:53 Result: ISOLATION 2020-05-20 13:39:53 Result: iptables filter -- STAGE policy is RETURN. 2020-05-20 13:39:53 Result: RETURN 2020-05-20 13:39:53 Result: iptables filter -- DOCKER policy is ISOLATION. 2020-05-20 13:39:53 Result: ISOLATION 2020-05-20 13:39:53 Result: iptables filter -- STAGE policy is DROP. 2020-05-20 13:39:53 Result: DROP 2020-05-20 13:39:53 Result: iptables filter -- RETURN policy is KUBE. 2020-05-20 13:39:53 Result: KUBE 2020-05-20 13:39:53 Result: iptables filter -- EXTERNAL policy is SERVICES. 2020-05-20 13:39:53 Result: SERVICES 2020-05-20 13:39:53 Result: iptables filter -- KUBE policy is FIREWALL. 2020-05-20 13:39:53 Result: FIREWALL 2020-05-20 13:39:53 Result: iptables filter -- DROP policy is KUBE. 2020-05-20 13:39:53 Result: KUBE 2020-05-20 13:39:53 Result: iptables filter -- FORWARD policy is DROP. 2020-05-20 13:39:53 Result: DROP 2020-05-20 13:39:53 Result: iptables filter -- INVALID policy is ACCEPT. 2020-05-20 13:39:53 Result: ACCEPT 2020-05-20 13:39:53 Result: iptables filter -- KUBE policy is SERVICES. 2020-05-20 13:39:53 Result: SERVICES 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID FIRE-4512 (Check iptables for empty ruleset) 2020-05-20 13:39:53 Result: one or more rules are available (51 rules) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID FIRE-4513 (Check iptables for unused rules) 2020-05-20 13:39:53 Result: Found one or more possible unused rules 2020-05-20 13:39:53 Description: Unused rules can be a sign that the firewall rules aren't optimized or up-to-date 2020-05-20 13:39:53 Note: Sometimes rules aren't triggered but still in use. Keep this in mind before cleaning up rules. 2020-05-20 13:39:53 Output: iptables rule numbers: 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 4 5 6 7 9 10 11 12 3 1 1 2 1 1 2020-05-20 13:39:53 Suggestion: Check iptables rules to see which rules are currently not used [test:FIRE-4513] [details:-] [solution:-] 2020-05-20 13:39:53 Tip: iptables --list --numeric --line-numbers --verbose 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Skipped test FIRE-4518 (Check pf firewall components) 2020-05-20 13:39:53 Reason to skip: No /dev/pf device 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Skipped test FIRE-4520 (Check pf configuration consistency) 2020-05-20 13:39:53 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID FIRE-4524 (Check for CSF presence) 2020-05-20 13:39:53 Test: check /etc/csf/csf.conf 2020-05-20 13:39:53 Result: /etc/csf/csf.conf does NOT exist 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Skipped test FIRE-4526 (Check ipf status) 2020-05-20 13:39:53 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Skipped test FIRE-4530 (Check IPFW status) 2020-05-20 13:39:53 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Skipped test FIRE-4532 (Check macOS application firewall) 2020-05-20 13:39:53 Reason to skip: Incorrect guest OS (macOS only) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Skipped test FIRE-4534 (Check for presence of outbound firewalls on macOS) 2020-05-20 13:39:53 Reason to skip: Incorrect guest OS (macOS only) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Skipped test FIRE-4536 (Check nftables status) 2020-05-20 13:39:53 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Skipped test FIRE-4538 (Check nftables basic configuration) 2020-05-20 13:39:53 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Skipped test FIRE-4540 (Check for empty nftables configuration) 2020-05-20 13:39:53 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID FIRE-4586 (Check firewall logging) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID FIRE-4590 (Check firewall status) 2020-05-20 13:39:53 Result: host based firewall or packet filter is active 2020-05-20 13:39:53 Hardening: assigned maximum number of hardening points for this item (5). Currently having 177 points (out of 217) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID FIRE-4594 (Check for APF presence) 2020-05-20 13:39:53 Test: check /etc/apf/conf.apf 2020-05-20 13:39:53 Result: /etc/apf/conf.apf does NOT exist 2020-05-20 13:39:53 Security check: file is normal 2020-05-20 13:39:53 Checking permissions of /home/cloudadmin/lynis/include/tests_webservers 2020-05-20 13:39:53 File permissions are OK 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Action: Performing tests from category: Software: webserver 2020-05-20 13:39:53 Action: created temporary file /tmp/lynis.jAZYTPISCP 2020-05-20 13:39:53 Action: created temporary file /tmp/lynis.snj26Zf3u0 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID HTTP-6622 (Checking Apache presence) 2020-05-20 13:39:53 Test: Scanning for Apache binary 2020-05-20 13:39:53 Result: /usr/sbin/httpd seems to be Apache HTTP daemon 2020-05-20 13:39:53 Apache version: 2.4.6 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID HTTP-6624 (Testing main Apache configuration file) 2020-05-20 13:39:53 Result: Configuration file found (/etc/httpd/conf/httpd.conf) 2020-05-20 13:39:53 ==== 2020-05-20 13:39:53 Performing test ID HTTP-6626 (Testing other Apache configuration file) 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.d/autoindex.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.d/autoindex.conf (escaped: /etc/httpd/conf.d/autoindex.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.d/autoindex.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.d/userdir.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.d/userdir.conf (escaped: /etc/httpd/conf.d/userdir.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.d/userdir.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.d/welcome.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.d/welcome.conf (escaped: /etc/httpd/conf.d/welcome.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.d/welcome.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.modules.d/00-base.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.modules.d/00-base.conf (escaped: /etc/httpd/conf.modules.d/00-base.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.modules.d/00-base.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.modules.d/00-dav.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.modules.d/00-dav.conf (escaped: /etc/httpd/conf.modules.d/00-dav.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.modules.d/00-dav.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.modules.d/00-lua.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.modules.d/00-lua.conf (escaped: /etc/httpd/conf.modules.d/00-lua.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.modules.d/00-lua.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.modules.d/00-mpm.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.modules.d/00-mpm.conf (escaped: /etc/httpd/conf.modules.d/00-mpm.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.modules.d/00-mpm.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.modules.d/00-proxy.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.modules.d/00-proxy.conf (escaped: /etc/httpd/conf.modules.d/00-proxy.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.modules.d/00-proxy.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.modules.d/00-systemd.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.modules.d/00-systemd.conf (escaped: /etc/httpd/conf.modules.d/00-systemd.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.modules.d/00-systemd.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.modules.d/01-cgi.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.modules.d/01-cgi.conf (escaped: /etc/httpd/conf.modules.d/01-cgi.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.modules.d/01-cgi.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf.modules.d/10-wsgi.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf.modules.d/10-wsgi.conf (escaped: /etc/httpd/conf.modules.d/10-wsgi.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf.modules.d/10-wsgi.conf is readable (or directory accessible). 2020-05-20 13:39:53 Apache config file: /etc/httpd/conf/httpd.conf 2020-05-20 13:39:53 Test: check if we can access /etc/httpd/conf/httpd.conf (escaped: /etc/httpd/conf/httpd.conf) 2020-05-20 13:39:53 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:53 Result: file /etc/httpd/conf/httpd.conf is readable (or directory accessible). 2020-05-20 13:39:54 Result: found 0 virtual hosts 2020-05-20 13:39:54 ==== 2020-05-20 13:39:54 Performing test ID HTTP-6632 (Determining all available Apache modules) 2020-05-20 13:39:54 Test: searching available Apache modules 2020-05-20 13:39:54 Test: checking if directory /etc/httpd/modules exists 2020-05-20 13:39:54 Result: directory /etc/httpd/modules exists 2020-05-20 13:39:54 Test: checking if directory /opt/local/apache2/modules exists 2020-05-20 13:39:54 Result: directory /opt/local/apache2/modules NOT found 2020-05-20 13:39:54 Test: checking if directory /usr/lib/apache exists 2020-05-20 13:39:54 Result: directory /usr/lib/apache NOT found 2020-05-20 13:39:54 Test: checking if directory /usr/lib/apache2 exists 2020-05-20 13:39:54 Result: directory /usr/lib/apache2 NOT found 2020-05-20 13:39:54 Test: checking if directory /usr/lib/httpd/modules exists 2020-05-20 13:39:54 Result: directory /usr/lib/httpd/modules NOT found 2020-05-20 13:39:54 Test: checking if directory /usr/libexec/apache2 exists 2020-05-20 13:39:54 Result: directory /usr/libexec/apache2 NOT found 2020-05-20 13:39:54 Test: checking if directory /usr/lib64/apache2 exists 2020-05-20 13:39:54 Result: directory /usr/lib64/apache2 NOT found 2020-05-20 13:39:54 Test: checking if directory /usr/lib64/apache2/modules exists 2020-05-20 13:39:54 Result: directory /usr/lib64/apache2/modules NOT found 2020-05-20 13:39:54 Test: checking if directory /usr/lib64/httpd/modules exists 2020-05-20 13:39:54 Result: directory /usr/lib64/httpd/modules exists 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_access_compat.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_actions.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_alias.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_allowmethods.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_asis.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_auth_basic.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_auth_digest.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authn_anon.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authn_core.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authn_dbd.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authn_dbm.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authn_file.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authn_socache.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authz_core.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authz_dbd.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authz_dbm.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authz_groupfile.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authz_host.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authz_owner.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_authz_user.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_autoindex.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_buffer.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_cache.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_cache_disk.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_cache_socache.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_cgi.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_cgid.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_charset_lite.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_data.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_dav.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_dav_fs.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_dav_lock.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_dbd.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_deflate.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_dialup.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_dir.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_dumpio.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_echo.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_env.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_expires.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_ext_filter.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_file_cache.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_filter.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_headers.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_heartbeat.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_heartmonitor.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_include.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_info.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_lbmethod_bybusyness.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_lbmethod_byrequests.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_lbmethod_bytraffic.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_lbmethod_heartbeat.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_log_config.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_log_debug.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_log_forensic.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_logio.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_lua.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_macro.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_mime.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_mime_magic.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_mpm_event.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_mpm_prefork.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_mpm_worker.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_negotiation.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_ajp.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_balancer.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_connect.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_express.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_fcgi.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_fdpass.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_ftp.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_http.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_scgi.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_proxy_wstunnel.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_ratelimit.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_reflector.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_remoteip.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_reqtimeout.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_request.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_rewrite.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_sed.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_setenvif.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_slotmem_plain.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_slotmem_shm.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_socache_dbm.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_socache_memcache.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_socache_shmcb.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_speling.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_status.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_substitute.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_suexec.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_systemd.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_unique_id.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_unixd.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_userdir.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_usertrack.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_version.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_vhost_alias.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_watchdog.so 2020-05-20 13:39:54 Result: found Apache module /usr/lib64/httpd/modules/mod_wsgi.so 2020-05-20 13:39:54 Test: checking if directory /usr/local/libexec/apache exists 2020-05-20 13:39:54 Result: directory /usr/local/libexec/apache NOT found 2020-05-20 13:39:54 Test: checking if directory /usr/local/libexec/apache22 exists 2020-05-20 13:39:54 Result: directory /usr/local/libexec/apache22 NOT found 2020-05-20 13:39:54 Test: checking if directory /usr/local/libexec/apache24 exists 2020-05-20 13:39:54 Result: directory /usr/local/libexec/apache24 NOT found 2020-05-20 13:39:54 ==== 2020-05-20 13:39:54 Performing test ID HTTP-6640 (Determining existence of specific Apache modules) 2020-05-20 13:39:54 Test: search string /mod_evasive([0-9][0-9])?.so in earlier discovered results 2020-05-20 13:39:54 Result: search string NOT found 2020-05-20 13:39:54 Hardening: assigned partial number of hardening points (2 of 3). Currently having 179 points (out of 220) 2020-05-20 13:39:54 Suggestion: Install Apache mod_evasive to guard webserver against DoS/brute force attempts [test:HTTP-6640] [details:-] [solution:-] 2020-05-20 13:39:54 ==== 2020-05-20 13:39:54 Performing test ID HTTP-6641 (Determining existence of specific Apache modules) 2020-05-20 13:39:54 Test: search string /mod_(reqtimeout|qos).so in earlier discovered results 2020-05-20 13:39:54 Result: found search string (result: apache_module[]=/usr/lib64/httpd/modules/mod_reqtimeout.so) 2020-05-20 13:39:54 Hardening: assigned maximum number of hardening points for this item (3). Currently having 182 points (out of 223) 2020-05-20 13:39:54 ==== 2020-05-20 13:39:54 Performing test ID HTTP-6643 (Determining existence of specific Apache modules) 2020-05-20 13:39:54 Test: search string /mod_security2.so in earlier discovered results 2020-05-20 13:39:54 Result: search string NOT found 2020-05-20 13:39:54 Hardening: assigned partial number of hardening points (2 of 3). Currently having 184 points (out of 226) 2020-05-20 13:39:54 Suggestion: Install Apache modsecurity to guard webserver against web application attacks [test:HTTP-6643] [details:-] [solution:-] 2020-05-20 13:39:54 ==== 2020-05-20 13:39:54 Performing test ID HTTP-6702 (Check nginx process) 2020-05-20 13:39:54 Test: searching running nginx process 2020-05-20 13:39:54 Performing pgrep scan without uid 2020-05-20 13:39:54 IsRunning: process 'nginx' found (3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 9150 9673 9674 9675 9676 9677 9678 9679 9680 9681 9682 9683 9684 9685 9686 9687 9688 9689 9690 9691 9692 9693 9694 9695 9696 9697 9698 9699 9700 9701 9839 9840 9841 9935 9936 9937 9938 9939 9940 9941 9942 237194 237195 237196 237197 237198 237199 237200 237201 237202 237203 237204 237205 237206 237207 237208 237209 237210 237211 237212 237213 237214 237215 237216 237217 237218 237219 237220 237221 237222 237223 237224 237225 237226 ) 2020-05-20 13:39:54 Result: found running nginx process(es) 2020-05-20 13:39:54 ==== 2020-05-20 13:39:54 Performing test ID HTTP-6704 (Check nginx configuration file) 2020-05-20 13:39:54 Test: searching nginx configuration file 2020-05-20 13:39:54 Found file /etc/nginx/nginx.conf 2020-05-20 13:39:54 Result: found nginx configuration file 2020-05-20 13:39:54 ==== 2020-05-20 13:39:54 Performing test ID HTTP-6706 (Check for additional nginx configuration files) 2020-05-20 13:39:54 Action: created temporary file /tmp/lynis.SO7W97DXqG 2020-05-20 13:39:54 Result: found Nginx configuration file /etc/nginx/mime.types 2020-05-20 13:39:54 Test: check if we can access /etc/nginx/mime.types (escaped: /etc/nginx/mime.types) 2020-05-20 13:39:54 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:54 Result: file /etc/nginx/mime.types is readable (or directory accessible). 2020-05-20 13:39:54 Result: found Nginx configuration file /etc/nginx/conf.d/keystone-wsgi-admin.conf 2020-05-20 13:39:54 Test: check if we can access /etc/nginx/conf.d/keystone-wsgi-admin.conf (escaped: /etc/nginx/conf.d/keystone-wsgi-admin.conf) 2020-05-20 13:39:54 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:54 Result: file /etc/nginx/conf.d/keystone-wsgi-admin.conf is readable (or directory accessible). 2020-05-20 13:39:54 Result: found Nginx configuration file /etc/nginx/conf.d/keystone-wsgi-public.conf 2020-05-20 13:39:54 Test: check if we can access /etc/nginx/conf.d/keystone-wsgi-public.conf (escaped: /etc/nginx/conf.d/keystone-wsgi-public.conf) 2020-05-20 13:39:54 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:54 Result: file /etc/nginx/conf.d/keystone-wsgi-public.conf is readable (or directory accessible). 2020-05-20 13:39:54 ==== 2020-05-20 13:39:54 Performing test ID HTTP-6708 (Check discovered nginx configuration settings) 2020-05-20 13:39:54 Test: start parsing all discovered nginx options 2020-05-20 13:39:54 Test: check if we can access /etc/nginx/nginx.conf (escaped: /etc/nginx/nginx.conf) 2020-05-20 13:39:54 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:54 Result: file /etc/nginx/nginx.conf is readable (or directory accessible). 2020-05-20 13:39:54 Action: created temporary file /tmp/lynis.Ns3GtPMvEc 2020-05-20 13:39:54 Action: created temporary file /tmp/lynis.sAuyNpIx9M 2020-05-20 13:39:54 Action: parsing configuration file /etc/nginx/nginx.conf 2020-05-20 13:39:54 Result: found option user in /etc/nginx/nginx.conf with value 'root' 2020-05-20 13:39:54 Found unknown option user in nginx configuration 2020-05-20 13:39:54 Result: found option worker_processes in /etc/nginx/nginx.conf with value 'auto' 2020-05-20 13:39:54 Found unknown option worker_processes in nginx configuration 2020-05-20 13:39:54 Result: found option error_log in /etc/nginx/nginx.conf with value '/var/log/nginx/error.log' 2020-05-20 13:39:54 Result: found option pid in /etc/nginx/nginx.conf with value '/run/nginx.pid' 2020-05-20 13:39:54 Found unknown option pid in nginx configuration 2020-05-20 13:39:54 Result: found option load_module in /etc/nginx/nginx.conf with value '/usr/lib64/nginx/modules/ngx_stream_module.so' 2020-05-20 13:39:54 Found unknown option load_module in nginx configuration 2020-05-20 13:39:54 Result: found option events in /etc/nginx/nginx.conf with value '{' 2020-05-20 13:39:54 Result: found option worker_connections in /etc/nginx/nginx.conf with value '1024' 2020-05-20 13:39:54 Found unknown option worker_connections in nginx configuration 2020-05-20 13:39:54 Result: found option } in /etc/nginx/nginx.conf with value '}' 2020-05-20 13:39:54 Result: found option http in /etc/nginx/nginx.conf with value '{' 2020-05-20 13:39:54 Result: found option log_format in /etc/nginx/nginx.conf with value 'custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time'' 2020-05-20 13:39:54 Found unknown option log_format in nginx configuration 2020-05-20 13:39:54 Result: found option server_tokens in /etc/nginx/nginx.conf with value 'off' 2020-05-20 13:39:54 Found unknown option server_tokens in nginx configuration 2020-05-20 13:39:54 Result: found option log_format in /etc/nginx/nginx.conf with value 'main '$remote_addr - $remote_user [$time_local] "$request" '' 2020-05-20 13:39:54 Found unknown option log_format in nginx configuration 2020-05-20 13:39:54 Result: found option '$status in /etc/nginx/nginx.conf with value '$body_bytes_sent "$http_referer" '' 2020-05-20 13:39:54 Found unknown option '$status in nginx configuration 2020-05-20 13:39:54 Result: found option '"$http_user_agent" in /etc/nginx/nginx.conf with value '"$http_x_forwarded_for"'' 2020-05-20 13:39:54 Found unknown option '"$http_user_agent" in nginx configuration 2020-05-20 13:39:54 Result: found option add_header in /etc/nginx/nginx.conf with value 'X-XSS-Protection "1; mode=block"' 2020-05-20 13:39:54 Result: found header X-XSS-Protection with value "1; mode=block" 2020-05-20 13:39:54 Result: found option add_header in /etc/nginx/nginx.conf with value 'X-Content-Type-Options "nosniff"' 2020-05-20 13:39:54 Result: found header X-Content-Type-Options with value "nosniff" 2020-05-20 13:39:54 Result: found option proxy_cookie_path in /etc/nginx/nginx.conf with value '/ "/; HTTPOnly; Secure"' 2020-05-20 13:39:54 Found unknown option proxy_cookie_path in nginx configuration 2020-05-20 13:39:54 Result: found option access_log in /etc/nginx/nginx.conf with value '/var/log/nginx/access.log main' 2020-05-20 13:39:54 Result: found option sendfile in /etc/nginx/nginx.conf with value 'on' 2020-05-20 13:39:54 Found unknown option sendfile in nginx configuration 2020-05-20 13:39:54 Result: found option tcp_nopush in /etc/nginx/nginx.conf with value 'on' 2020-05-20 13:39:54 Found unknown option tcp_nopush in nginx configuration 2020-05-20 13:39:54 Result: found option tcp_nodelay in /etc/nginx/nginx.conf with value 'on' 2020-05-20 13:39:54 Found unknown option tcp_nodelay in nginx configuration 2020-05-20 13:39:54 Result: found option keepalive_timeout in /etc/nginx/nginx.conf with value '65' 2020-05-20 13:39:54 Result: found option types_hash_max_size in /etc/nginx/nginx.conf with value '2048' 2020-05-20 13:39:54 Found unknown option types_hash_max_size in nginx configuration 2020-05-20 13:39:54 Result: found option include in /etc/nginx/nginx.conf with value '/etc/nginx/mime.types' 2020-05-20 13:39:54 Found this file already in our configuration files array, not adding to queue 2020-05-20 13:39:54 Result: found option default_type in /etc/nginx/nginx.conf with value 'application/octet-stream' 2020-05-20 13:39:54 Found unknown option default_type in nginx configuration 2020-05-20 13:39:54 Result: found option include in /etc/nginx/nginx.conf with value '/etc/nginx/conf.d/keystone-wsgi-admin.conf /etc/nginx/conf.d/keystone-wsgi-public.conf' 2020-05-20 13:39:54 Result: this include does not point to a file 2020-05-20 13:39:54 Result: found option } in /etc/nginx/nginx.conf with value '}' 2020-05-20 13:39:54 Result: found option stream in /etc/nginx/nginx.conf with value '{' 2020-05-20 13:39:54 Found unknown option stream in nginx configuration 2020-05-20 13:39:54 Result: found option log_format in /etc/nginx/nginx.conf with value 'custom '$time_iso8601 $remote_addr $protocol $status $bytes_sent $bytes_received $session_time'' 2020-05-20 13:39:54 Found unknown option log_format in nginx configuration 2020-05-20 13:39:54 Result: found option '$upstream_addr in /etc/nginx/nginx.conf with value '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"'' 2020-05-20 13:39:54 Found unknown option '$upstream_addr in nginx configuration 2020-05-20 13:39:54 Result: found option access_log in /etc/nginx/nginx.conf with value '/var/log/nginx/stream.log custom' 2020-05-20 13:39:54 Result: found option include in /etc/nginx/nginx.conf with value '/etc/nginx/conf.d/stream/*.conf' 2020-05-20 13:39:54 Result: found option } in /etc/nginx/nginx.conf with value '}' 2020-05-20 13:39:54 Result: this configuration file is skipped, as it contains usually no interesting details 2020-05-20 13:39:54 Test: check if we can access /etc/nginx/conf.d/keystone-wsgi-admin.conf (escaped: /etc/nginx/conf.d/keystone-wsgi-admin.conf) 2020-05-20 13:39:54 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:54 Result: file /etc/nginx/conf.d/keystone-wsgi-admin.conf is readable (or directory accessible). 2020-05-20 13:39:54 Action: created temporary file /tmp/lynis.Jc1jGFyDKz 2020-05-20 13:39:54 Action: created temporary file /tmp/lynis.GFL9HW0W2N 2020-05-20 13:39:54 Action: parsing configuration file /etc/nginx/conf.d/keystone-wsgi-admin.conf 2020-05-20 13:39:54 Result: found option limit_req_zone in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '$binary_remote_addr zone=mylimit:10m rate=10r/s' 2020-05-20 13:39:54 Found unknown option limit_req_zone in nginx configuration 2020-05-20 13:39:54 Result: found option server in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '{' 2020-05-20 13:39:54 Result: found option listen in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '172.29.16.201:35357' 2020-05-20 13:39:54 Result: found option keepalive_timeout in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '70' 2020-05-20 13:39:54 Result: found option access_log in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '/var/log/nginx/keystone-wsgi-admin-access.log custom' 2020-05-20 13:39:54 Result: found option error_log in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '/var/log/nginx/keystone-wsgi-admin-error.log info' 2020-05-20 13:39:54 Result: found option add_header in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value 'X-Content-Type-Options nosniff' 2020-05-20 13:39:54 Result: found header X-Content-Type-Options with value nosniff 2020-05-20 13:39:54 Result: found option add_header in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value 'X-XSS-Protection "1; mode=block"' 2020-05-20 13:39:54 Result: found header X-XSS-Protection with value "1; mode=block" 2020-05-20 13:39:54 Result: found option add_header in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value 'Content-Security-Policy "default-src 'self' https: wss:;"' 2020-05-20 13:39:54 Result: found header Content-Security-Policy with value "default-src 'self' https: wss:;" 2020-05-20 13:39:54 Result: found option add_header in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value 'X-Frame-Options DENY' 2020-05-20 13:39:54 Result: found header X-Frame-Options with value DENY 2020-05-20 13:39:54 Result: found option client_body_timeout in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '5s' 2020-05-20 13:39:54 Found unknown option client_body_timeout in nginx configuration 2020-05-20 13:39:54 Result: found option client_header_timeout in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '5s' 2020-05-20 13:39:54 Found unknown option client_header_timeout in nginx configuration 2020-05-20 13:39:54 Result: found option location in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '/login/ {' 2020-05-20 13:39:54 Result: found option limit_req in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value 'zone=mylimit burst=20 nodelay' 2020-05-20 13:39:54 Found unknown option limit_req in nginx configuration 2020-05-20 13:39:54 Result: found option } in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '}' 2020-05-20 13:39:54 Result: found option location in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '/ {' 2020-05-20 13:39:54 Result: found option autoindex in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value 'off' 2020-05-20 13:39:54 Result: found option try_files in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '$uri @yourapplication' 2020-05-20 13:39:54 Found unknown option try_files in nginx configuration 2020-05-20 13:39:54 Result: found option } in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '}' 2020-05-20 13:39:54 Result: found option location in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '@yourapplication {' 2020-05-20 13:39:54 Result: found option include in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value 'uwsgi_params' 2020-05-20 13:39:54 Result: this include does not point to a file 2020-05-20 13:39:54 Result: found option uwsgi_pass in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '127.0.0.1:5001' 2020-05-20 13:39:54 Found unknown option uwsgi_pass in nginx configuration 2020-05-20 13:39:54 Result: found option uwsgi_param in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value 'SCRIPT_NAME ''' 2020-05-20 13:39:54 Found unknown option uwsgi_param in nginx configuration 2020-05-20 13:39:54 Result: found option } in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '}' 2020-05-20 13:39:54 Result: found option } in /etc/nginx/conf.d/keystone-wsgi-admin.conf with value '}' 2020-05-20 13:39:54 Test: check if we can access /etc/nginx/conf.d/keystone-wsgi-public.conf (escaped: /etc/nginx/conf.d/keystone-wsgi-public.conf) 2020-05-20 13:39:54 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:54 Result: file /etc/nginx/conf.d/keystone-wsgi-public.conf is readable (or directory accessible). 2020-05-20 13:39:54 Action: created temporary file /tmp/lynis.zRbLq8Vq1r 2020-05-20 13:39:54 Action: created temporary file /tmp/lynis.arvlxjs0pC 2020-05-20 13:39:54 Action: parsing configuration file /etc/nginx/conf.d/keystone-wsgi-public.conf 2020-05-20 13:39:54 Result: found option limit_req_zone in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '$binary_remote_addr zone=mylimit2:10m rate=10r/s' 2020-05-20 13:39:54 Found unknown option limit_req_zone in nginx configuration 2020-05-20 13:39:54 Result: found option server in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '{' 2020-05-20 13:39:54 Result: found option listen in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '172.29.16.201:5000' 2020-05-20 13:39:54 Result: found option keepalive_timeout in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '70' 2020-05-20 13:39:54 Result: found option access_log in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '/var/log/nginx/keystone-wsgi-public-access.log custom' 2020-05-20 13:39:55 Result: found option error_log in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '/var/log/nginx/keystone-wsgi-public-error.log info' 2020-05-20 13:39:55 Result: found option add_header in /etc/nginx/conf.d/keystone-wsgi-public.conf with value 'X-Content-Type-Options nosniff' 2020-05-20 13:39:55 Result: found header X-Content-Type-Options with value nosniff 2020-05-20 13:39:55 Result: found option add_header in /etc/nginx/conf.d/keystone-wsgi-public.conf with value 'X-XSS-Protection "1; mode=block"' 2020-05-20 13:39:55 Result: found header X-XSS-Protection with value "1; mode=block" 2020-05-20 13:39:55 Result: found option add_header in /etc/nginx/conf.d/keystone-wsgi-public.conf with value 'Content-Security-Policy "default-src 'self' https: wss:;"' 2020-05-20 13:39:55 Result: found header Content-Security-Policy with value "default-src 'self' https: wss:;" 2020-05-20 13:39:55 Result: found option add_header in /etc/nginx/conf.d/keystone-wsgi-public.conf with value 'X-Frame-Options DENY' 2020-05-20 13:39:55 Result: found header X-Frame-Options with value DENY 2020-05-20 13:39:55 Result: found option client_body_timeout in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '5s' 2020-05-20 13:39:55 Found unknown option client_body_timeout in nginx configuration 2020-05-20 13:39:55 Result: found option client_header_timeout in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '5s' 2020-05-20 13:39:55 Found unknown option client_header_timeout in nginx configuration 2020-05-20 13:39:55 Result: found option location in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '/login/ {' 2020-05-20 13:39:55 Result: found option limit_req in /etc/nginx/conf.d/keystone-wsgi-public.conf with value 'zone=mylimit2 burst=20 nodelay' 2020-05-20 13:39:55 Found unknown option limit_req in nginx configuration 2020-05-20 13:39:55 Result: found option } in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '}' 2020-05-20 13:39:55 Result: found option location in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '/ {' 2020-05-20 13:39:55 Result: found option autoindex in /etc/nginx/conf.d/keystone-wsgi-public.conf with value 'off' 2020-05-20 13:39:55 Result: found option try_files in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '$uri @yourapplication' 2020-05-20 13:39:55 Found unknown option try_files in nginx configuration 2020-05-20 13:39:55 Result: found option } in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '}' 2020-05-20 13:39:55 Result: found option location in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '@yourapplication {' 2020-05-20 13:39:55 Result: found option include in /etc/nginx/conf.d/keystone-wsgi-public.conf with value 'uwsgi_params' 2020-05-20 13:39:55 Result: this include does not point to a file 2020-05-20 13:39:55 Result: found option uwsgi_pass in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '127.0.0.1:25358' 2020-05-20 13:39:55 Found unknown option uwsgi_pass in nginx configuration 2020-05-20 13:39:55 Result: found option uwsgi_param in /etc/nginx/conf.d/keystone-wsgi-public.conf with value 'SCRIPT_NAME ''' 2020-05-20 13:39:55 Found unknown option uwsgi_param in nginx configuration 2020-05-20 13:39:55 Result: found option } in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '}' 2020-05-20 13:39:55 Result: found option } in /etc/nginx/conf.d/keystone-wsgi-public.conf with value '}' 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID HTTP-6710 (Check nginx SSL configuration settings) 2020-05-20 13:39:55 Result: No SSL configuration found 2020-05-20 13:39:55 Suggestion: Add HTTPS to nginx virtual hosts for enhanced protection of sensitive data and privacy [test:HTTP-6710] [details:-] [solution:-] 2020-05-20 13:39:55 Hardening: assigned partial number of hardening points (1 of 5). Currently having 185 points (out of 231) 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID HTTP-6712 (Check nginx access logging) 2020-05-20 13:39:55 Result: no virtual hosts found which have their access log disabled 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 188 points (out of 234) 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID HTTP-6714 (Check for missing error logs in nginx) 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID HTTP-6716 (Check for debug mode on error log in nginx) 2020-05-20 13:39:55 Result: no virtual hosts found which have their error log in debug mode 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 191 points (out of 237) 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID HTTP-6720 (Check Nginx log files) 2020-05-20 13:39:55 Test: Checking directories for files with log file definitions 2020-05-20 13:39:55 Test: Checking /etc/nginx 2020-05-20 13:39:55 Result: Directory /etc/nginx exists, so will be used as search path 2020-05-20 13:39:55 Result: found one or more log files 2020-05-20 13:39:55 Found log file: /var/log/nginx/access.log 2020-05-20 13:39:55 Found log file: /var/log/nginx/keystone-wsgi-admin-access.log 2020-05-20 13:39:55 Found log file: /var/log/nginx/keystone-wsgi-public-access.log 2020-05-20 13:39:55 Found log file: /var/log/nginx/stream.log 2020-05-20 13:39:55 Test: Checking /usr/local/etc/nginx 2020-05-20 13:39:55 Result: directory /usr/local/etc/nginx not found, skipping search in this directory. 2020-05-20 13:39:55 Test: Checking /usr/local/nginx/conf 2020-05-20 13:39:55 Result: directory /usr/local/nginx/conf not found, skipping search in this directory. 2020-05-20 13:39:55 Security check: file is normal 2020-05-20 13:39:55 Checking permissions of /home/cloudadmin/lynis/include/tests_ssh 2020-05-20 13:39:55 File permissions are OK 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Action: Performing tests from category: SSH Support 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID SSH-7402 (Check for running SSH daemon) 2020-05-20 13:39:55 Test: Searching for a SSH daemon 2020-05-20 13:39:55 Performing pgrep scan without uid 2020-05-20 13:39:55 IsRunning: process 'sshd' found (3048 554910 554914 557061 557066 ) 2020-05-20 13:39:55 Action: created temporary file /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID SSH-7404 (Check SSH daemon file location) 2020-05-20 13:39:55 Test: searching for sshd_config file 2020-05-20 13:39:55 Result: /etc/ssh/sshd_config exists 2020-05-20 13:39:55 Test: check if we can access /etc/ssh/sshd_config (escaped: /etc/ssh/sshd_config) 2020-05-20 13:39:55 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:39:55 Result: file /etc/ssh/sshd_config is readable (or directory accessible). 2020-05-20 13:39:55 Result: using last found configuration file: /etc/ssh/sshd_config 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID SSH-7406 (Determine OpenSSH version) 2020-05-20 13:39:55 Result: discovered OpenSSH version is 7.4 2020-05-20 13:39:55 Result: OpenSSH major version: 7 2020-05-20 13:39:55 Result: OpenSSH minor version: 4 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID SSH-7408 (Check SSH specific defined options) 2020-05-20 13:39:55 Test: Checking specific defined options in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: added additional options for OpenSSH < 7.5 2020-05-20 13:39:55 Test: Checking AllowTcpForwarding in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option AllowTcpForwarding found 2020-05-20 13:39:55 Result: Option AllowTcpForwarding value is YES 2020-05-20 13:39:55 Result: OpenSSH option AllowTcpForwarding is in a weak configuration state and should be fixed 2020-05-20 13:39:55 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:AllowTcpForwarding (set YES to NO)] [solution:-] 2020-05-20 13:39:55 Hardening: assigned partial number of hardening points (0 of 3). Currently having 191 points (out of 240) 2020-05-20 13:39:55 Test: Checking ClientAliveCountMax in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option ClientAliveCountMax found 2020-05-20 13:39:55 Result: Option ClientAliveCountMax value is 0 2020-05-20 13:39:55 Result: OpenSSH option ClientAliveCountMax is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 194 points (out of 243) 2020-05-20 13:39:55 Test: Checking ClientAliveInterval in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option ClientAliveInterval found 2020-05-20 13:39:55 Result: Option ClientAliveInterval value is 900 2020-05-20 13:39:55 Result: OpenSSH option ClientAliveInterval is in a weak configuration state and should be fixed 2020-05-20 13:39:55 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:ClientAliveInterval (set 900 to 300)] [solution:-] 2020-05-20 13:39:55 Hardening: assigned partial number of hardening points (0 of 3). Currently having 194 points (out of 246) 2020-05-20 13:39:55 Test: Checking Compression in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option Compression found 2020-05-20 13:39:55 Result: Option Compression value is NO 2020-05-20 13:39:55 Result: OpenSSH option Compression is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 197 points (out of 249) 2020-05-20 13:39:55 Test: Checking FingerprintHash in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option FingerprintHash found 2020-05-20 13:39:55 Result: Option FingerprintHash value is SHA256 2020-05-20 13:39:55 Result: OpenSSH option FingerprintHash is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 200 points (out of 252) 2020-05-20 13:39:55 Test: Checking GatewayPorts in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option GatewayPorts found 2020-05-20 13:39:55 Result: Option GatewayPorts value is NO 2020-05-20 13:39:55 Result: OpenSSH option GatewayPorts is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 203 points (out of 255) 2020-05-20 13:39:55 Test: Checking IgnoreRhosts in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option IgnoreRhosts found 2020-05-20 13:39:55 Result: Option IgnoreRhosts value is YES 2020-05-20 13:39:55 Result: OpenSSH option IgnoreRhosts is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 206 points (out of 258) 2020-05-20 13:39:55 Test: Checking LoginGraceTime in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option LoginGraceTime found 2020-05-20 13:39:55 Result: Option LoginGraceTime value is 60 2020-05-20 13:39:55 Result: OpenSSH option LoginGraceTime is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 209 points (out of 261) 2020-05-20 13:39:55 Test: Checking LogLevel in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option LogLevel found 2020-05-20 13:39:55 Result: Option LogLevel value is INFO 2020-05-20 13:39:55 Result: OpenSSH option LogLevel is configured reasonably 2020-05-20 13:39:55 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:LogLevel (set INFO to VERBOSE)] [solution:-] 2020-05-20 13:39:55 Hardening: assigned partial number of hardening points (1 of 3). Currently having 210 points (out of 264) 2020-05-20 13:39:55 Test: Checking MaxAuthTries in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option MaxAuthTries found 2020-05-20 13:39:55 Result: Option MaxAuthTries value is 6 2020-05-20 13:39:55 Result: OpenSSH option MaxAuthTries is configured reasonably 2020-05-20 13:39:55 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxAuthTries (set 6 to 3)] [solution:-] 2020-05-20 13:39:55 Hardening: assigned partial number of hardening points (1 of 3). Currently having 211 points (out of 267) 2020-05-20 13:39:55 Test: Checking MaxSessions in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option MaxSessions found 2020-05-20 13:39:55 Result: Option MaxSessions value is 10 2020-05-20 13:39:55 Result: OpenSSH option MaxSessions is in a weak configuration state and should be fixed 2020-05-20 13:39:55 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxSessions (set 10 to 2)] [solution:-] 2020-05-20 13:39:55 Hardening: assigned partial number of hardening points (0 of 3). Currently having 211 points (out of 270) 2020-05-20 13:39:55 Test: Checking PermitRootLogin in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option PermitRootLogin found 2020-05-20 13:39:55 Result: Option PermitRootLogin value is NO 2020-05-20 13:39:55 Expected value has multiple values, testing if active value is in list ((FORCED-COMMANDS-ONLY|NO|PROHIBIT-PASSWORD|WITHOUT-PASSWORD)) 2020-05-20 13:39:55 Result: found 2020-05-20 13:39:55 Result: OpenSSH option PermitRootLogin is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 214 points (out of 273) 2020-05-20 13:39:55 Test: Checking PermitUserEnvironment in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option PermitUserEnvironment found 2020-05-20 13:39:55 Result: Option PermitUserEnvironment value is NO 2020-05-20 13:39:55 Result: OpenSSH option PermitUserEnvironment is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 217 points (out of 276) 2020-05-20 13:39:55 Test: Checking PermitTunnel in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option PermitTunnel found 2020-05-20 13:39:55 Result: Option PermitTunnel value is NO 2020-05-20 13:39:55 Result: OpenSSH option PermitTunnel is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 220 points (out of 279) 2020-05-20 13:39:55 Test: Checking Port in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option Port found 2020-05-20 13:39:55 Result: Option Port value is 22 2020-05-20 13:39:55 Result: OpenSSH option Port is in a weak configuration state and should be fixed 2020-05-20 13:39:55 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:Port (set 22 to )] [solution:-] 2020-05-20 13:39:55 Hardening: assigned partial number of hardening points (0 of 3). Currently having 220 points (out of 282) 2020-05-20 13:39:55 Test: Checking PrintLastLog in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option PrintLastLog found 2020-05-20 13:39:55 Result: Option PrintLastLog value is YES 2020-05-20 13:39:55 Result: OpenSSH option PrintLastLog is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 223 points (out of 285) 2020-05-20 13:39:55 Test: Checking StrictModes in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option StrictModes found 2020-05-20 13:39:55 Result: Option StrictModes value is YES 2020-05-20 13:39:55 Result: OpenSSH option StrictModes is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 226 points (out of 288) 2020-05-20 13:39:55 Test: Checking TCPKeepAlive in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option TCPKeepAlive found 2020-05-20 13:39:55 Result: Option TCPKeepAlive value is YES 2020-05-20 13:39:55 Result: OpenSSH option TCPKeepAlive is in a weak configuration state and should be fixed 2020-05-20 13:39:55 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:TCPKeepAlive (set YES to NO)] [solution:-] 2020-05-20 13:39:55 Hardening: assigned partial number of hardening points (0 of 3). Currently having 226 points (out of 291) 2020-05-20 13:39:55 Test: Checking UseDNS in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option UseDNS found 2020-05-20 13:39:55 Result: Option UseDNS value is NO 2020-05-20 13:39:55 Result: OpenSSH option UseDNS is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 229 points (out of 294) 2020-05-20 13:39:55 Test: Checking X11Forwarding in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option X11Forwarding found 2020-05-20 13:39:55 Result: Option X11Forwarding value is NO 2020-05-20 13:39:55 Result: OpenSSH option X11Forwarding is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 232 points (out of 297) 2020-05-20 13:39:55 Test: Checking AllowAgentForwarding in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option AllowAgentForwarding found 2020-05-20 13:39:55 Result: Option AllowAgentForwarding value is NO 2020-05-20 13:39:55 Result: OpenSSH option AllowAgentForwarding is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 235 points (out of 300) 2020-05-20 13:39:55 Test: Checking UsePrivilegeSeparation in /tmp/lynis.GtxmnodNJX 2020-05-20 13:39:55 Result: Option UsePrivilegeSeparation found 2020-05-20 13:39:55 Result: Option UsePrivilegeSeparation value is SANDBOX 2020-05-20 13:39:55 Result: OpenSSH option UsePrivilegeSeparation is configured very well 2020-05-20 13:39:55 Hardening: assigned maximum number of hardening points for this item (3). Currently having 238 points (out of 303) 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups) 2020-05-20 13:39:55 Result: AllowUsers is not set 2020-05-20 13:39:55 Result: AllowGroups is not set 2020-05-20 13:39:55 Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine. 2020-05-20 13:39:55 Hardening: assigned partial number of hardening points (0 of 1). Currently having 238 points (out of 304) 2020-05-20 13:39:55 Security check: file is normal 2020-05-20 13:39:55 Checking permissions of /home/cloudadmin/lynis/include/tests_snmp 2020-05-20 13:39:55 File permissions are OK 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Action: Performing tests from category: SNMP Support 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID SNMP-3302 (Check for running SNMP daemon) 2020-05-20 13:39:55 Test: Searching for a SNMP daemon 2020-05-20 13:39:55 Performing pgrep scan without uid 2020-05-20 13:39:55 IsRunning: process 'snmpd' not found 2020-05-20 13:39:55 Result: No running SNMP daemon found 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Skipped test SNMP-3304 (Check SNMP daemon file location) 2020-05-20 13:39:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Skipped test SNMP-3306 (Check SNMP communities) 2020-05-20 13:39:55 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:55 Security check: file is normal 2020-05-20 13:39:55 Checking permissions of /home/cloudadmin/lynis/include/tests_databases 2020-05-20 13:39:55 File permissions are OK 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Action: Performing tests from category: Databases 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID DBS-1804 (Checking active MySQL process) 2020-05-20 13:39:55 Result: MySQL process not active 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Skipped test DBS-1816 (Checking MySQL root password) 2020-05-20 13:39:55 Reason to skip: MySQL not installed, or not running 2020-05-20 13:39:55 Test skipped, MySQL daemon not running or no MySQL client available 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID DBS-1818 (Check status of MongoDB server) 2020-05-20 13:39:55 Performing pgrep scan without uid 2020-05-20 13:39:55 IsRunning: process 'mongod' not found 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID DBS-1820 (Check for authorization in MongoDB) 2020-05-20 13:39:55 ==== 2020-05-20 13:39:55 Performing test ID DBS-1826 (Checking active PostgreSQL processes) 2020-05-20 13:39:55 Performing pgrep scan without uid 2020-05-20 13:39:56 IsRunning: process 'postgres:' not found 2020-05-20 13:39:56 Result: PostgreSQL process not active 2020-05-20 13:39:56 ==== 2020-05-20 13:39:56 Skipped test DBS-1828 (Test PostgreSQL configuration) 2020-05-20 13:39:56 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:39:56 ==== 2020-05-20 13:39:56 Performing test ID DBS-1840 (Checking active Oracle processes) 2020-05-20 13:39:56 Result: Oracle process(es) not active 2020-05-20 13:39:56 ==== 2020-05-20 13:39:56 Performing test ID DBS-1860 (Checking active DB2 instances) 2020-05-20 13:39:56 Performing pgrep scan without uid 2020-05-20 13:39:56 IsRunning: process 'db2sysc' not found 2020-05-20 13:39:56 Result: No DB2 instances are running 2020-05-20 13:39:56 ==== 2020-05-20 13:39:56 Performing test ID DBS-1880 (Check for active Redis server) 2020-05-20 13:39:56 Performing pgrep scan without uid 2020-05-20 13:39:56 IsRunning: process 'redis-server' found (2914 ) 2020-05-20 13:39:56 Result: Redis is running 2020-05-20 13:39:56 ==== 2020-05-20 13:39:56 Performing test ID DBS-1882 (Redis configuration file) 2020-05-20 13:39:56 Action: scanning directory (/etc/redis) for Redis configuration files 2020-05-20 13:39:56 Result: no configuration files found in this directory 2020-05-20 13:39:56 Action: scanning directory (/usr/local/etc/redis) for Redis configuration files 2020-05-20 13:39:56 Result: no configuration files found in this directory 2020-05-20 13:39:56 Action: scanning directory (/usr/local/redis/etc) for Redis configuration files 2020-05-20 13:39:56 Result: no configuration files found in this directory 2020-05-20 13:39:56 Test: check if we can access /etc/redis.conf (escaped: /etc/redis.conf) 2020-05-20 13:39:56 Result: file is not owned by current user ID (0), but UID 986 2020-05-20 13:39:56 Result: file /etc/redis.conf is readable (or directory accessible). 2020-05-20 13:39:56 Action: checking if /etc/redis.conf is a Sentinel configuration file 2020-05-20 13:39:56 Result: file is NOT a Sentinel configuration file. Now scanning if it is a Redis configuration file 2020-05-20 13:39:56 Result: this file does not look like a Redis file (/etc/redis.conf) 2020-05-20 13:39:56 Exception: test has an exceptional event (DBS-1882) with text Found Redis, but no configuration file. Report this if you know where it is located on your system. 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test DBS-1884 (Redis: requirepass option configured) 2020-05-20 13:40:01 Reason to skip: Redis not running, or no configuration file found 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test DBS-1886 (Redis: rename-command CONFIG used) 2020-05-20 13:40:01 Reason to skip: Redis not running, or no configuration found 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test DBS-1888 (Redis: bind on localhost) 2020-05-20 13:40:01 Reason to skip: Redis not running, or no configuration found 2020-05-20 13:40:01 Security check: file is normal 2020-05-20 13:40:01 Checking permissions of /home/cloudadmin/lynis/include/tests_ldap 2020-05-20 13:40:01 File permissions are OK 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Action: Performing tests from category: LDAP Services 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Performing test ID LDAP-2219 (Check running OpenLDAP instance) 2020-05-20 13:40:01 Performing pgrep scan without uid 2020-05-20 13:40:01 IsRunning: process 'slapd' not found 2020-05-20 13:40:01 Result: No running slapd process found. 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test LDAP-2224 (Check presence slapd.conf) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 Security check: file is normal 2020-05-20 13:40:01 Checking permissions of /home/cloudadmin/lynis/include/tests_php 2020-05-20 13:40:01 File permissions are OK 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Action: Performing tests from category: PHP 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Performing test ID PHP-2211 (Check php.ini presence) 2020-05-20 13:40:01 Test: Checking for presence php.ini 2020-05-20 13:40:01 Test: checking presence /etc/php.ini 2020-05-20 13:40:01 Result: file /etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php.ini.default 2020-05-20 13:40:01 Result: file /etc/php.ini.default not found 2020-05-20 13:40:01 Test: checking presence /etc/php/php.ini 2020-05-20 13:40:01 Result: file /etc/php/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php5.5/php.ini 2020-05-20 13:40:01 Result: file /etc/php5.5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php5.6/php.ini 2020-05-20 13:40:01 Result: file /etc/php5.6/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php7.0/php.ini 2020-05-20 13:40:01 Result: file /etc/php7.0/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php7.1/php.ini 2020-05-20 13:40:01 Result: file /etc/php7.1/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php7.2/php.ini 2020-05-20 13:40:01 Result: file /etc/php7.2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php7.3/php.ini 2020-05-20 13:40:01 Result: file /etc/php7.3/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cgi-php5/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cgi-php5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cli-php5/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cli-php5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/apache2-php5/php.ini 2020-05-20 13:40:01 Result: file /etc/php/apache2-php5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/apache2-php5.5/php.ini 2020-05-20 13:40:01 Result: file /etc/php/apache2-php5.5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/apache2-php5.6/php.ini 2020-05-20 13:40:01 Result: file /etc/php/apache2-php5.6/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/apache2-php7.0/php.ini 2020-05-20 13:40:01 Result: file /etc/php/apache2-php7.0/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/apache2-php7.1/php.ini 2020-05-20 13:40:01 Result: file /etc/php/apache2-php7.1/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/apache2-php7.2/php.ini 2020-05-20 13:40:01 Result: file /etc/php/apache2-php7.2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/apache2-php7.3/php.ini 2020-05-20 13:40:01 Result: file /etc/php/apache2-php7.3/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cgi-php5.5/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cgi-php5.5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cgi-php5.6/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cgi-php5.6/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cgi-php7.0/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cgi-php7.0/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cgi-php7.1/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cgi-php7.1/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cgi-php7.2/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cgi-php7.2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cgi-php7.3/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cgi-php7.3/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cli-php5.5/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cli-php5.5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cli-php5.6/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cli-php5.6/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cli-php7.0/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cli-php7.0/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cli-php7.1/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cli-php7.1/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cli-php7.2/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cli-php7.2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/cli-php7.3/php.ini 2020-05-20 13:40:01 Result: file /etc/php/cli-php7.3/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/embed-php5.5/php.ini 2020-05-20 13:40:01 Result: file /etc/php/embed-php5.5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/embed-php5.6/php.ini 2020-05-20 13:40:01 Result: file /etc/php/embed-php5.6/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/embed-php7.0/php.ini 2020-05-20 13:40:01 Result: file /etc/php/embed-php7.0/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/embed-php7.1/php.ini 2020-05-20 13:40:01 Result: file /etc/php/embed-php7.1/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/embed-php7.2/php.ini 2020-05-20 13:40:01 Result: file /etc/php/embed-php7.2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/embed-php7.3/php.ini 2020-05-20 13:40:01 Result: file /etc/php/embed-php7.3/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/fpm-php7.3/php.ini 2020-05-20 13:40:01 Result: file /etc/php/fpm-php7.3/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/fpm-php7.2/php.ini 2020-05-20 13:40:01 Result: file /etc/php/fpm-php7.2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/fpm-php7.1/php.ini 2020-05-20 13:40:01 Result: file /etc/php/fpm-php7.1/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/fpm-php7.0/php.ini 2020-05-20 13:40:01 Result: file /etc/php/fpm-php7.0/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/fpm-php5.5/php.ini 2020-05-20 13:40:01 Result: file /etc/php/fpm-php5.5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/fpm-php5.6/php.ini 2020-05-20 13:40:01 Result: file /etc/php/fpm-php5.6/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php5/cgi/php.ini 2020-05-20 13:40:01 Result: file /etc/php5/cgi/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php5/cli/php.ini 2020-05-20 13:40:01 Result: file /etc/php5/cli/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php5/cli-php5.4/php.ini 2020-05-20 13:40:01 Result: file /etc/php5/cli-php5.4/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php5/cli-php5.5/php.ini 2020-05-20 13:40:01 Result: file /etc/php5/cli-php5.5/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php5/cli-php5.6/php.ini 2020-05-20 13:40:01 Result: file /etc/php5/cli-php5.6/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php5/apache2/php.ini 2020-05-20 13:40:01 Result: file /etc/php5/apache2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php5/fpm/php.ini 2020-05-20 13:40:01 Result: file /etc/php5/fpm/php.ini not found 2020-05-20 13:40:01 Test: checking presence /private/etc/php.ini 2020-05-20 13:40:01 Result: file /private/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.0/apache2/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.0/apache2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.1/apache2/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.1/apache2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.2/apache2/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.2/apache2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.3/apache2/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.3/apache2/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.0/cli/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.0/cli/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.0/fpm/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.0/fpm/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.1/cli/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.1/cli/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.1/fpm/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.1/fpm/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.2/cli/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.2/cli/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.2/fpm/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.2/fpm/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.3/cli/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.3/cli/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php/7.3/fpm/php.ini 2020-05-20 13:40:01 Result: file /etc/php/7.3/fpm/php.ini not found 2020-05-20 13:40:01 Test: checking presence /var/www/conf/php.ini 2020-05-20 13:40:01 Result: file /var/www/conf/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/etc/php.ini 2020-05-20 13:40:01 Result: file /usr/local/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/lib/php.ini 2020-05-20 13:40:01 Result: file /usr/local/lib/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/etc/php5/cgi/php.ini 2020-05-20 13:40:01 Result: file /usr/local/etc/php5/cgi/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/php54/lib/php.ini 2020-05-20 13:40:01 Result: file /usr/local/php54/lib/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/php56/lib/php.ini 2020-05-20 13:40:01 Result: file /usr/local/php56/lib/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/php70/lib/php.ini 2020-05-20 13:40:01 Result: file /usr/local/php70/lib/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/php71/lib/php.ini 2020-05-20 13:40:01 Result: file /usr/local/php71/lib/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/php72/lib/php.ini 2020-05-20 13:40:01 Result: file /usr/local/php72/lib/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/php73/lib/php.ini 2020-05-20 13:40:01 Result: file /usr/local/php73/lib/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/local/zend/etc/php.ini 2020-05-20 13:40:01 Result: file /usr/local/zend/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /usr/pkg/etc/php.ini 2020-05-20 13:40:01 Result: file /usr/pkg/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/cpanel/ea-php54/root/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/cpanel/ea-php54/root/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/cpanel/ea-php55/root/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/cpanel/ea-php55/root/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/cpanel/ea-php56/root/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/cpanel/ea-php56/root/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/cpanel/ea-php70/root/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/cpanel/ea-php70/root/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/cpanel/ea-php71/root/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/cpanel/ea-php71/root/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/cpanel/ea-php72/root/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/cpanel/ea-php72/root/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/cpanel/ea-php73/root/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/cpanel/ea-php73/root/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php44/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php44/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php51/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php51/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php52/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php52/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php53/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php53/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php54/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php54/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php55/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php55/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php56/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php56/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php70/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php70/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php71/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php71/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php72/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php72/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /opt/alt/php73/etc/php.ini 2020-05-20 13:40:01 Result: file /opt/alt/php73/etc/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/opt/remi/php56/php.ini 2020-05-20 13:40:01 Result: file /etc/opt/remi/php56/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/opt/remi/php70/php.ini 2020-05-20 13:40:01 Result: file /etc/opt/remi/php70/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/opt/remi/php71/php.ini 2020-05-20 13:40:01 Result: file /etc/opt/remi/php71/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/opt/remi/php72/php.ini 2020-05-20 13:40:01 Result: file /etc/opt/remi/php72/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/opt/remi/php73/php.ini 2020-05-20 13:40:01 Result: file /etc/opt/remi/php73/php.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php-5.6.ini 2020-05-20 13:40:01 Result: file /etc/php-5.6.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php-7.0.ini 2020-05-20 13:40:01 Result: file /etc/php-7.0.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php-7.1.ini 2020-05-20 13:40:01 Result: file /etc/php-7.1.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php-7.2.ini 2020-05-20 13:40:01 Result: file /etc/php-7.2.ini not found 2020-05-20 13:40:01 Test: checking presence /etc/php-7.3.ini 2020-05-20 13:40:01 Result: file /etc/php-7.3.ini not found 2020-05-20 13:40:01 Result: no files found for /etc/php5/conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php/7.0/cli/conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php/7.1/cli/conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php/7.2/cli/conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php/7.3/cli/conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php/7.0/fpm/conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php/7.1/fpm/conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php/7.2/fpm/conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php/7.3/fpm/conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php.d 2020-05-20 13:40:01 Result: no files found for /opt/cpanel/ea-php54/root/etc/php.d 2020-05-20 13:40:01 Result: no files found for /opt/cpanel/ea-php55/root/etc/php.d 2020-05-20 13:40:01 Result: no files found for /opt/cpanel/ea-php56/root/etc/php.d 2020-05-20 13:40:01 Result: no files found for /opt/cpanel/ea-php70/root/etc/php.d 2020-05-20 13:40:01 Result: no files found for /opt/cpanel/ea-php71/root/etc/php.d 2020-05-20 13:40:01 Result: no files found for /opt/cpanel/ea-php72/root/etc/php.d 2020-05-20 13:40:01 Result: no files found for /opt/cpanel/ea-php73/root/etc/php.d 2020-05-20 13:40:01 Result: no files found for /opt/alt/php44/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php51/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php52/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php53/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php54/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php55/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php56/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php70/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php71/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php72/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /opt/alt/php73/etc/php.d.all 2020-05-20 13:40:01 Result: no files found for /usr/local/lib/php.conf.d 2020-05-20 13:40:01 Result: no files found for /usr/local/php70/lib/php.conf.d 2020-05-20 13:40:01 Result: no files found for /usr/local/php71/lib/php.conf.d 2020-05-20 13:40:01 Result: no files found for /usr/local/php72/lib/php.conf.d 2020-05-20 13:40:01 Result: no files found for /usr/local/php73/lib/php.conf.d 2020-05-20 13:40:01 Result: no files found for /etc/php-5.6 2020-05-20 13:40:01 Result: no files found for /etc/php-7.0 2020-05-20 13:40:01 Result: no files found for /etc/php-7.1 2020-05-20 13:40:01 Result: no files found for /etc/php-7.2 2020-05-20 13:40:01 Result: no files found for /etc/php-7.3 2020-05-20 13:40:01 Result: no php.ini file found 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test PHP-2320 (Check PHP disabled functions) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test PHP-2368 (Check PHP register_globals option) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test PHP-2372 (Check PHP expose_php option) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test PHP-2374 (Check PHP enable_dl option) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test PHP-2376 (Check PHP allow_url_fopen option) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test PHP-2378 (Check PHP allow_url_include option) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test PHP-2382 (Check PHP expose_php option) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 Security check: file is normal 2020-05-20 13:40:01 Checking permissions of /home/cloudadmin/lynis/include/tests_squid 2020-05-20 13:40:01 File permissions are OK 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Action: Performing tests from category: Squid Support 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Performing test ID SQD-3602 (Check for running Squid daemon) 2020-05-20 13:40:01 Test: Searching for a Squid daemon 2020-05-20 13:40:01 Result: No running Squid daemon found 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3604 (Check Squid daemon file location) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3606 (Check Squid version) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3610 (Gather Squid settings) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3613 (Check Squid file permissions) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3614 (Check Squid authentication methods) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3616 (Check external Squid authentication) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3620 (Check Squid access control lists) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3624 (Check Squid safe ports) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3630 (Check Squid reply_body_max_size option) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test SQD-3680 (Check Squid version suppression) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 Security check: file is normal 2020-05-20 13:40:01 Checking permissions of /home/cloudadmin/lynis/include/tests_logging 2020-05-20 13:40:01 File permissions are OK 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Action: Performing tests from category: Logging and files 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Performing test ID LOGG-2130 (Check for running syslog daemon) 2020-05-20 13:40:01 Test: Searching for a logging daemon 2020-05-20 13:40:01 Result: Found a logging daemon 2020-05-20 13:40:01 Hardening: assigned maximum number of hardening points for this item (3). Currently having 241 points (out of 307) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Performing test ID LOGG-2132 (Check for running syslog-ng daemon) 2020-05-20 13:40:01 Test: Searching for syslog-ng daemon in process list 2020-05-20 13:40:01 Performing pgrep scan without uid 2020-05-20 13:40:01 IsRunning: process 'syslog-ng' not found 2020-05-20 13:40:01 Result: Syslog-ng NOT found in process list 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Skipped test LOGG-2134 (Checking Syslog-NG configuration file consistency) 2020-05-20 13:40:01 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:01 ==== 2020-05-20 13:40:01 Performing test ID LOGG-2136 (Check for running systemd journal daemon) 2020-05-20 13:40:01 Test: Searching for systemd journal daemon in process list 2020-05-20 13:40:01 Performing pgrep scan without uid 2020-05-20 13:40:02 IsRunning: process 'systemd-journal' found (1108 ) 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2210 (Check for running metalog daemon) 2020-05-20 13:40:02 Test: Searching for metalog daemon in process list 2020-05-20 13:40:02 Performing pgrep scan without uid 2020-05-20 13:40:02 IsRunning: process 'metalog' not found 2020-05-20 13:40:02 Result: metalog NOT found in process list 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2230 (Check for running RSyslog daemon) 2020-05-20 13:40:02 Test: Searching for RSyslog daemon in process list 2020-05-20 13:40:02 Performing pgrep scan without uid 2020-05-20 13:40:02 IsRunning: process 'rsyslogd' not found 2020-05-20 13:40:02 Result: rsyslogd NOT found in process list 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2240 (Check for running RFC 3195 compliant daemon) 2020-05-20 13:40:02 Test: Searching for RFC 3195 daemon (alias syslog reliable) in process list 2020-05-20 13:40:02 Performing pgrep scan without uid 2020-05-20 13:40:02 IsRunning: process 'rfc3195d' not found 2020-05-20 13:40:02 Result: rfc3195d NOT found in process list 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2138 (Checking kernel logger daemon on Linux) 2020-05-20 13:40:02 Test: Searching kernel logger daemon (klogd) 2020-05-20 13:40:02 Result: test skipped, because other facility is being used to log kernel messages 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2142 (Checking minilog daemon) 2020-05-20 13:40:02 Result: Checking for unkilled minilogd instances 2020-05-20 13:40:02 Performing pgrep scan without uid 2020-05-20 13:40:02 IsRunning: process 'minilogd' not found 2020-05-20 13:40:02 Result: No minilogd is running 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2146 (Checking logrotate.conf and logrotate.d) 2020-05-20 13:40:02 Test: Checking for /etc/logrotate.conf 2020-05-20 13:40:02 Result: /etc/logrotate.conf found (file) 2020-05-20 13:40:02 Test: Checking for /etc/logrotate.d (directory) 2020-05-20 13:40:02 Result: /etc/logrotate.d found 2020-05-20 13:40:02 Result: logrotate configuration found 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2148 (Checking logrotated files) 2020-05-20 13:40:02 Test: Checking which files are rotated with logrotate and if they exist 2020-05-20 13:40:02 Result: found one or more files which are rotated via logrotate 2020-05-20 13:40:02 Output: File:/var/log/haproxy.log:does_not_exist 2020-05-20 13:40:02 Output: File:/var/log/iscsiuio.log:does_not_exist 2020-05-20 13:40:02 Output: File:/var/log/plugin.log:does_not_exist 2020-05-20 13:40:02 Output: File:does:does_not_exist 2020-05-20 13:40:02 Output: File:does:does_not_exist 2020-05-20 13:40:02 Output: File:does:does_not_exist 2020-05-20 13:40:02 Output: File:does:does_not_exist 2020-05-20 13:40:02 Output: File:/var/log/boot.log:exists 2020-05-20 13:40:02 Output: File:/var/log/btmp:exists 2020-05-20 13:40:02 Output: File:/var/log/ceph/ceph-mgr.controller-1.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ceph/ceph-mon.controller-1.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ceph/ceph-osd.0.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ceph/ceph-osd.3.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ceph/ceph-osd.admin.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ceph/ceph.audit.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ceph/ceph.log:exists 2020-05-20 13:40:02 Output: File:/var/log/cron:exists 2020-05-20 13:40:02 Output: File:/var/log/danm.log:exists 2020-05-20 13:40:02 Output: File:/var/log/haproxy.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ironic/ironic-api-wsgi.wsgi.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ironic/ironic-api.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ironic/ironic-conductor.log:exists 2020-05-20 13:40:02 Output: File:/var/log/ironic/ironic-dbsync.log:exists 2020-05-20 13:40:02 Output: File:/var/log/iscsiuio.log:exists 2020-05-20 13:40:02 Output: File:/var/log/keystone/keystone-wsgi-admin.log:exists 2020-05-20 13:40:02 Output: File:/var/log/keystone/keystone-wsgi-public.log:exists 2020-05-20 13:40:02 Output: File:/var/log/keystone/keystone.log:exists 2020-05-20 13:40:02 Output: File:/var/log/maillog:exists 2020-05-20 13:40:02 Output: File:/var/log/messages:exists 2020-05-20 13:40:02 Output: File:/var/log/nginx/access.log:exists 2020-05-20 13:40:02 Output: File:/var/log/nginx/keystone-wsgi-admin-error.log:exists 2020-05-20 13:40:02 Output: File:/var/log/nginx/keystone-wsgi-public-error.log:exists 2020-05-20 13:40:02 Output: File:/var/log/openvswitch/ovs-vswitchd.log:exists 2020-05-20 13:40:02 Output: File:/var/log/openvswitch/ovsdb-server.log:exists 2020-05-20 13:40:02 Output: File:/var/log/plugin.log:exists 2020-05-20 13:40:02 Output: File:/var/log/rabbitmq/rabbit@controller-1-sasl.log:exists 2020-05-20 13:40:02 Output: File:/var/log/rabbitmq/rabbit@controller-1.log:exists 2020-05-20 13:40:02 Output: File:/var/log/redis/redis.log:exists 2020-05-20 13:40:02 Output: File:/var/log/secure:exists 2020-05-20 13:40:02 Output: File:/var/log/spooler:exists 2020-05-20 13:40:02 Output: File:/var/log/wtmp:exists 2020-05-20 13:40:02 Output: File:/var/log/yum.log:exists 2020-05-20 13:40:02 Output: File:/var/log/cron-20200520:does_not_exist 2020-05-20 13:40:02 Output: File:/var/log/messages-20200520:does_not_exist 2020-05-20 13:40:02 Output: File:/var/log/secure-20200520:does_not_exist 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2150 (Checking directories in logrotate configuration) 2020-05-20 13:40:02 Test: Checking which directories can be found in logrotate configuration 2020-05-20 13:40:02 Result: found one or more directories (via logrotate configuration) 2020-05-20 13:40:02 Directory found: /var/log 2020-05-20 13:40:02 Directory found: /var/log/ceph 2020-05-20 13:40:02 Directory found: /var/log/ironic 2020-05-20 13:40:02 Directory found: /var/log/keystone 2020-05-20 13:40:02 Directory found: /var/log/nginx 2020-05-20 13:40:02 Directory found: /var/log/openvswitch 2020-05-20 13:40:02 Directory found: /var/log/rabbitmq 2020-05-20 13:40:02 Directory found: /var/log/redis 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Skipped test LOGG-2152 (Checking loghost) 2020-05-20 13:40:02 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2154 (Checking syslog configuration file) 2020-05-20 13:40:02 Result: no remote logging found 2020-05-20 13:40:02 Suggestion: Enable logging to an external logging host for archiving purposes and additional protection [test:LOGG-2154] [details:-] [solution:-] 2020-05-20 13:40:02 Hardening: assigned partial number of hardening points (1 of 3). Currently having 242 points (out of 310) 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Skipped test LOGG-2160 (Checking /etc/newsyslog.conf) 2020-05-20 13:40:02 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Skipped test LOGG-2162 (Checking directories in /etc/newsyslog.conf) 2020-05-20 13:40:02 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Skipped test LOGG-2164 (Checking files specified /etc/newsyslog.conf) 2020-05-20 13:40:02 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2170 (Checking log paths) 2020-05-20 13:40:02 Test: Searching log paths 2020-05-20 13:40:02 Result: directory /var/log exists 2020-05-20 13:40:02 Result: directory /var/adm exists 2020-05-20 13:40:02 ==== 2020-05-20 13:40:02 Performing test ID LOGG-2180 (Checking open log files) 2020-05-20 13:40:02 Test: checking open log files with lsof 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/34i008ElQPeVzYz5IYoW0g/0/translog/translog-5.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/34i008ElQPeVzYz5IYoW0g/0/translog/translog-6.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/34i008ElQPeVzYz5IYoW0g/0/translog/translog-7.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/AnPd_v9cTGuoLZDLMAlOIQ/0/translog/translog-14.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/AnPd_v9cTGuoLZDLMAlOIQ/0/translog/translog-15.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-15.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-16.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-17.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-18.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-19.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-20.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-21.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-22.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-23.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-24.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-25.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-26.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-27.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-28.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-29.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-30.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-31.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Igb3MlaCTueM1EAq-Sg1Kg/0/translog/translog-32.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-10.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-11.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-12.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-13.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-14.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-15.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-16.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-17.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-6.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-7.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-8.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/TODaqai7TUmf7uHJmndGYg/0/translog/translog-9.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-10.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-11.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-12.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-13.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-14.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-15.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-16.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-17.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-18.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-19.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-20.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/Vzt1DSu6TcuIfTeCtUDh5g/0/translog/translog-21.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-10.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-11.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-12.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-13.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-14.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-15.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-16.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-17.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-6.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-7.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-8.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/W_Gi8XvvQjW4kZVuENv5pw/0/translog/translog-9.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-16.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-17.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-18.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-19.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-20.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-21.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-22.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-23.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-24.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-25.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-26.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-27.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-28.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-29.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-30.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-31.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/_OtJwXDVRrWx1w4cJvhvpw/0/translog/translog-32.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-15.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-16.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-17.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-18.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-19.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-20.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-21.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-22.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-23.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-24.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-25.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-26.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-27.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-28.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-29.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-30.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-31.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-32.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-33.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/cGR2pEdqS7maLfDCh2YZvA/0/translog/translog-34.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/dscqace_SvW5W4ZnbL9OLA/0/translog/translog-10.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/dscqace_SvW5W4ZnbL9OLA/0/translog/translog-11.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/dscqace_SvW5W4ZnbL9OLA/0/translog/translog-12.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/dscqace_SvW5W4ZnbL9OLA/0/translog/translog-5.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/dscqace_SvW5W4ZnbL9OLA/0/translog/translog-6.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/dscqace_SvW5W4ZnbL9OLA/0/translog/translog-7.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/dscqace_SvW5W4ZnbL9OLA/0/translog/translog-8.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/dscqace_SvW5W4ZnbL9OLA/0/translog/translog-9.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/fNWyWkQOTN2SLmxwYtuWIw/0/translog/translog-10.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/fNWyWkQOTN2SLmxwYtuWIw/0/translog/translog-11.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/fNWyWkQOTN2SLmxwYtuWIw/0/translog/translog-12.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/fNWyWkQOTN2SLmxwYtuWIw/0/translog/translog-5.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/fNWyWkQOTN2SLmxwYtuWIw/0/translog/translog-6.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/fNWyWkQOTN2SLmxwYtuWIw/0/translog/translog-7.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/fNWyWkQOTN2SLmxwYtuWIw/0/translog/translog-8.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/fNWyWkQOTN2SLmxwYtuWIw/0/translog/translog-9.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-13.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-14.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-15.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-16.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-17.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-18.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-19.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-20.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-21.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-22.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-23.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-24.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-25.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-26.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-27.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/jF6fZ1A0RqKUaHZOHYQXCA/0/translog/translog-28.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/m13xrVJUSZ26HVmCP6PhEg/0/translog/translog-25.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/m13xrVJUSZ26HVmCP6PhEg/0/translog/translog-26.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/m13xrVJUSZ26HVmCP6PhEg/0/translog/translog-27.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/m13xrVJUSZ26HVmCP6PhEg/0/translog/translog-28.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/m13xrVJUSZ26HVmCP6PhEg/0/translog/translog-29.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/m13xrVJUSZ26HVmCP6PhEg/0/translog/translog-30.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/m13xrVJUSZ26HVmCP6PhEg/0/translog/translog-31.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/m13xrVJUSZ26HVmCP6PhEg/0/translog/translog-32.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-23.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-24.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-25.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-26.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-27.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-28.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-29.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-30.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-31.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-32.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-33.tlog 2020-05-20 13:40:06 Found logfile: /usr/share/elasticsearch/data/nodes/0/indices/pepYJIwhRXKhOGKwO-o7Fg/0/translog/translog-34.tlog 2020-05-20 13:40:06 Found logfile: /var/lib/ceph/mon/ceph-controller-1/store.db/011202.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/031e0c2a1e0ac676964aab8bcfca94793b05a9b8433e90eb0b075d9b8ffc4787/031e0c2a1e0ac676964aab8bcfca94793b05a9b8433e90eb0b075d9b8ffc4787-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/0e2f3f0a23c9f88d3a90ae3fa67a69a2b66635f00ec813330343f350e4b5147f/0e2f3f0a23c9f88d3a90ae3fa67a69a2b66635f00ec813330343f350e4b5147f-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/0e46df8f7423c0aa9aa795feabcc058809982d3c74c95eec92988f5d1561cbb7/0e46df8f7423c0aa9aa795feabcc058809982d3c74c95eec92988f5d1561cbb7-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/119384270c7a96313044e759f47643f1f0358cb9e405ba4cc2fb35e9e54345da/119384270c7a96313044e759f47643f1f0358cb9e405ba4cc2fb35e9e54345da-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/13c68f466338fcbdd173b9543058f2c727ddf5dd7a17a76f4a131788ed4cddb3/13c68f466338fcbdd173b9543058f2c727ddf5dd7a17a76f4a131788ed4cddb3-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/1c5ce3bdb527d2d5a9f2501429ef6a93230e1aeb96fd85d0113d426b7a2969f3/1c5ce3bdb527d2d5a9f2501429ef6a93230e1aeb96fd85d0113d426b7a2969f3-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/1c9f233081f4d77af56f7827ac516a01586d6d2b4ae2ceaa92be0dc86823d4be/1c9f233081f4d77af56f7827ac516a01586d6d2b4ae2ceaa92be0dc86823d4be-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/2336984eaeac272aa16933dcef29a451bca3016053c5c1114a03762d36ca8518/2336984eaeac272aa16933dcef29a451bca3016053c5c1114a03762d36ca8518-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/378d0c3c604b4e8f3fbba90af48f3c1eb640d1cde0157b530be79c8ac782facc/378d0c3c604b4e8f3fbba90af48f3c1eb640d1cde0157b530be79c8ac782facc-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/39d9021fd51fdee3a23176ad0239d98e3b500848a5d8d0c96f6fa1f217d430f9/39d9021fd51fdee3a23176ad0239d98e3b500848a5d8d0c96f6fa1f217d430f9-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/3afa3709fb3d733ab951a300d5f1597f8cb5f7df1fb1bf40be10de8cb086f3bb/3afa3709fb3d733ab951a300d5f1597f8cb5f7df1fb1bf40be10de8cb086f3bb-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/3b89cced2f8d5b95e3f54fdb6571c8f3905ba9e4b810b25cbb35f7c88de13aea/3b89cced2f8d5b95e3f54fdb6571c8f3905ba9e4b810b25cbb35f7c88de13aea-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/3d9d71e3082587844425ea6213c3513b562ebf26cd5ef10635f9ff4bd7e93094/3d9d71e3082587844425ea6213c3513b562ebf26cd5ef10635f9ff4bd7e93094-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/3eed1203d22e88736dfe64798c10870d21a484369641610dffaf8a4a026227b4/3eed1203d22e88736dfe64798c10870d21a484369641610dffaf8a4a026227b4-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/41b9342a3cf6939c46798e303d7f6ccf2cb79d06c90df21603c4986f8fc8b224/41b9342a3cf6939c46798e303d7f6ccf2cb79d06c90df21603c4986f8fc8b224-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/426bd7688032461dae5e678363270c95a7b73c5e5c24de1abe5c981287c76b69/426bd7688032461dae5e678363270c95a7b73c5e5c24de1abe5c981287c76b69-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/518e4fc950e3f340bacb0b8a6efaf7d1d139ffc2a4d81d46d212da228e48c5b2/518e4fc950e3f340bacb0b8a6efaf7d1d139ffc2a4d81d46d212da228e48c5b2-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/54dfece5ca9755778d7ea04a1a9d2200beeb2a483dc12b1e8705b2b572bbedbd/54dfece5ca9755778d7ea04a1a9d2200beeb2a483dc12b1e8705b2b572bbedbd-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/55d0c185adb82990fb495c28f9dfadc55234a35d68b822474494cb477dc47c40/55d0c185adb82990fb495c28f9dfadc55234a35d68b822474494cb477dc47c40-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/5b4fbf663810cc8d3dc019ebf28b0474925b1e387307b00dd238dd0b59c5ffd9/5b4fbf663810cc8d3dc019ebf28b0474925b1e387307b00dd238dd0b59c5ffd9-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/5f93c6fa771e8e6a7f0889b16996ac62caa8b742faa711c4c47dfde21e72c44f/5f93c6fa771e8e6a7f0889b16996ac62caa8b742faa711c4c47dfde21e72c44f-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/60e12bf02bb64306935359d65520257e44cc036920aa28e6c4f4a7c51e2c7ba1/60e12bf02bb64306935359d65520257e44cc036920aa28e6c4f4a7c51e2c7ba1-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/629b4087d92225d425c20096b94dda9d4b7f917da1797a3678086dfa64f4bb2b/629b4087d92225d425c20096b94dda9d4b7f917da1797a3678086dfa64f4bb2b-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/63c5499dfd8ab3195b77d722775d3d902a83d35f2e9fbe661d19e962b58bdf65/63c5499dfd8ab3195b77d722775d3d902a83d35f2e9fbe661d19e962b58bdf65-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/67515db16be72e049967bdecbd2df8f9b201b3375f3d21643bd2700151b0f809/67515db16be72e049967bdecbd2df8f9b201b3375f3d21643bd2700151b0f809-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/6e6d35f420fcfb6be477028791029dea9991dd854f831672353c139f36845014/6e6d35f420fcfb6be477028791029dea9991dd854f831672353c139f36845014-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/7582bbb108a80733f2d3b47e6ec8be37d1dbd23e081d84883060bdf565d81936/7582bbb108a80733f2d3b47e6ec8be37d1dbd23e081d84883060bdf565d81936-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/759b1e7c2c4c463751113ce1255ec2285968f45c1029b39450fcce3b8f2aae48/759b1e7c2c4c463751113ce1255ec2285968f45c1029b39450fcce3b8f2aae48-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/77d909334a56e2327a88df59fd3308fc8daab47b31f05476b94ebda0deedc256/77d909334a56e2327a88df59fd3308fc8daab47b31f05476b94ebda0deedc256-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/8047db82c22d49637f7ab722f6b752d0dce1910b1ed843601406faa64e0a2ced/8047db82c22d49637f7ab722f6b752d0dce1910b1ed843601406faa64e0a2ced-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/848b5b846c7f59f48b65cd581d3d311178a976eedc1d7416b54e159a1863b1f6/848b5b846c7f59f48b65cd581d3d311178a976eedc1d7416b54e159a1863b1f6-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/870ce133876763b5b753f1580cd492e736c603dfabb42be5ba117027a97bb5cc/870ce133876763b5b753f1580cd492e736c603dfabb42be5ba117027a97bb5cc-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/8b01268b21e304133dbda3db17feceb0b775bd3ef5e25762e120a9932d3d9855/8b01268b21e304133dbda3db17feceb0b775bd3ef5e25762e120a9932d3d9855-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/95994a5751c0b5760d12b5b96e297c7ce0e1a3e536bc2903f9971adf0ffaf469/95994a5751c0b5760d12b5b96e297c7ce0e1a3e536bc2903f9971adf0ffaf469-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/985a092b79c622242d6b336606daad764091c728649434db83c9fc3fed4a1cd2/985a092b79c622242d6b336606daad764091c728649434db83c9fc3fed4a1cd2-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/99da0c8bd6accb2124c68f2ee710be83c4b13b635ba84b8227eabb48c4bb7ff0/99da0c8bd6accb2124c68f2ee710be83c4b13b635ba84b8227eabb48c4bb7ff0-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/9c607495d29da50444a68b804007234747e75d1d7ed8b823e83e370ce53a453d/9c607495d29da50444a68b804007234747e75d1d7ed8b823e83e370ce53a453d-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/aa3566570148177e9806d6080d073be92c4875c4b934f96762e87746902212ea/aa3566570148177e9806d6080d073be92c4875c4b934f96762e87746902212ea-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/aa52cdfebf564ec1cc9a5ce2c090d170fe445bda9951a716d486408d081dc423/aa52cdfebf564ec1cc9a5ce2c090d170fe445bda9951a716d486408d081dc423-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/aaa63d115227a79673ca5a173b4536b90aa3b9fbb491aa7a936d95faf8495dda/aaa63d115227a79673ca5a173b4536b90aa3b9fbb491aa7a936d95faf8495dda-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/aba654b76ec60520f1e94fab8665f6031150b5acfe4d9fa333f5f8d2bd57f3e6/aba654b76ec60520f1e94fab8665f6031150b5acfe4d9fa333f5f8d2bd57f3e6-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/b1b29e89809b9f43d9daf5c4029083d98c5661aa1d33d660ebe6f5f8093cfd9d/b1b29e89809b9f43d9daf5c4029083d98c5661aa1d33d660ebe6f5f8093cfd9d-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/b1bba48aed1c4c09b7643791e8bc9a0a487a5da37263ef436a31aba1df6d1181/b1bba48aed1c4c09b7643791e8bc9a0a487a5da37263ef436a31aba1df6d1181-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/b49604e0673de31e53852a3299b5854d74a5169a1aee0d661764c7edef72abf1/b49604e0673de31e53852a3299b5854d74a5169a1aee0d661764c7edef72abf1-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/b93f1c7d54e50b64d32e4e44d6f5c8e50423d36a992da453710dcfcd365495d9/b93f1c7d54e50b64d32e4e44d6f5c8e50423d36a992da453710dcfcd365495d9-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/ba15be81ff7dc1f0581fc01c27291c3b6199b50475bbe886514ff6bab449f0ec/ba15be81ff7dc1f0581fc01c27291c3b6199b50475bbe886514ff6bab449f0ec-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/c27af67fe75d2caac9f340758dcbfe1d197b6cccd8ced49ffb2bc1d3225270c3/c27af67fe75d2caac9f340758dcbfe1d197b6cccd8ced49ffb2bc1d3225270c3-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/c34fb1cdbe2ec64708c4dcff5c2d8c0756d2e61023fc9f03406076f8d3c4563c/c34fb1cdbe2ec64708c4dcff5c2d8c0756d2e61023fc9f03406076f8d3c4563c-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/c60938ed4893d5c2d5ddc9ec6bdc216d98ac08550f4888320da9da26c1cf989d/c60938ed4893d5c2d5ddc9ec6bdc216d98ac08550f4888320da9da26c1cf989d-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/ca192b6c63932262c960ff31accc6efc86ff94cf7fb040eb5740e6bbc237ba35/ca192b6c63932262c960ff31accc6efc86ff94cf7fb040eb5740e6bbc237ba35-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/cb61bd59edb864b91058205e8cee5db2a34f38f1ac018e916b72b278442e8615/cb61bd59edb864b91058205e8cee5db2a34f38f1ac018e916b72b278442e8615-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/cff76ce595bd6350b06bf15c27095fd8027aa59098c4cbc0f72023b507db0172/cff76ce595bd6350b06bf15c27095fd8027aa59098c4cbc0f72023b507db0172-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/d5c345c2acc146c66a6f2a6d4e068a2e0439069973c8c0b7db74ff2dd6c12ad3/d5c345c2acc146c66a6f2a6d4e068a2e0439069973c8c0b7db74ff2dd6c12ad3-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/e037ece50fbed5ef21c1d9604b41d43cd9a10db83b119eafa00b9efd90438a6b/e037ece50fbed5ef21c1d9604b41d43cd9a10db83b119eafa00b9efd90438a6b-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/e48d3803524c39f6e41bbfc8399d0e2b64127f870eb6a2a3652f8d5b3fa9a749/e48d3803524c39f6e41bbfc8399d0e2b64127f870eb6a2a3652f8d5b3fa9a749-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/ec7dd7c4297cae4895394481e8376cec548e9c580881a575a910e5fb3a7d4289/ec7dd7c4297cae4895394481e8376cec548e9c580881a575a910e5fb3a7d4289-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/f37eeb0130ea1cb3d97016f0741ef9703cc9dc290fe5cf68373873bdebfa09c0/f37eeb0130ea1cb3d97016f0741ef9703cc9dc290fe5cf68373873bdebfa09c0-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/f6ba50d67201d22f075571f4a2df66669fd4f27c47acac5b9786c3c0b5379679/f6ba50d67201d22f075571f4a2df66669fd4f27c47acac5b9786c3c0b5379679-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/f80b5b5508410468d324131ef3a3e1fda54e22c73198c6a71367ee43537035b5/f80b5b5508410468d324131ef3a3e1fda54e22c73198c6a71367ee43537035b5-json.log 2020-05-20 13:40:06 Found logfile: /var/lib/docker/containers/fc46d7aa2dfca78bf3dfc350d602c811bc2a139616aabdc9b59dcf0fd6b10a4c/fc46d7aa2dfca78bf3dfc350d602c811bc2a139616aabdc9b59dcf0fd6b10a4c-json.log 2020-05-20 13:40:06 Found logfile: /var/log/access_management/am.log 2020-05-20 13:40:06 Found logfile: /var/log/audit/audit.log 2020-05-20 13:40:06 Found logfile: /var/log/audit/kube_apiserver/kube-apiserver-audit.log 2020-05-20 13:40:06 Found logfile: /var/log/ceph/ceph-mgr.controller-1.log 2020-05-20 13:40:06 Found logfile: /var/log/ceph/ceph-mon.controller-1.log 2020-05-20 13:40:06 Found logfile: /var/log/ceph/ceph-osd.0.log 2020-05-20 13:40:06 Found logfile: /var/log/ceph/ceph-osd.3.log 2020-05-20 13:40:06 Found logfile: /var/log/ironic/ironic-api-wsgi.wsgi.log 2020-05-20 13:40:06 Found logfile: /var/log/ironic/ironic-api.log 2020-05-20 13:40:06 Found logfile: /var/log/keystone/keystone-wsgi-admin.log 2020-05-20 13:40:06 Found logfile: /var/log/keystone/keystone-wsgi-public.log 2020-05-20 13:40:06 Found logfile: /var/log/keystone/keystone.log 2020-05-20 13:40:06 Found logfile: /var/log/nginx/access.log 2020-05-20 13:40:06 Found logfile: /var/log/nginx/error.log 2020-05-20 13:40:06 Found logfile: /var/log/nginx/keystone-wsgi-admin-access.log 2020-05-20 13:40:06 Found logfile: /var/log/nginx/keystone-wsgi-admin-error.log 2020-05-20 13:40:06 Found logfile: /var/log/nginx/keystone-wsgi-public-access.log 2020-05-20 13:40:06 Found logfile: /var/log/nginx/keystone-wsgi-public-error.log 2020-05-20 13:40:06 Found logfile: /var/log/nginx/stream.log 2020-05-20 13:40:06 Found logfile: /var/log/openvswitch/ovs-vswitchd.log 2020-05-20 13:40:06 Found logfile: /var/log/openvswitch/ovsdb-server.log 2020-05-20 13:40:06 Found logfile: /var/log/rabbitmq/rabbit@controller-1-sasl.log 2020-05-20 13:40:06 Found logfile: /var/log/rabbitmq/rabbit@controller-1.log 2020-05-20 13:40:06 Found logfile: /var/log/tuned/tuned.log 2020-05-20 13:40:06 ==== 2020-05-20 13:40:06 Performing test ID LOGG-2190 (Checking for deleted files in use) 2020-05-20 13:40:06 Test: checking deleted files that are still in use 2020-05-20 13:40:06 Result: found one or more files which are deleted, but still in use 2020-05-20 13:40:06 Found deleted file: /tmp/#12591602(tuned) 2020-05-20 13:40:06 Found deleted file: /tmp/tmpfyFIpaK(ovsdb-ser) 2020-05-20 13:40:06 Suggestion: Check what deleted files are still in use and why. [test:LOGG-2190] [details:-] [solution:-] 2020-05-20 13:40:06 ==== 2020-05-20 13:40:06 Performing test ID LOGG-2192 (Checking for open log files that are empty) 2020-05-20 13:40:10 Found an opened logfile that is empty: beam.smp,/var/log/rabbitmq/rabbit@controller-1-sasl.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/13c68f466338fcbdd173b9543058f2c727ddf5dd7a17a76f4a131788ed4cddb3/13c68f466338fcbdd173b9543058f2c727ddf5dd7a17a76f4a131788ed4cddb3-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/1c5ce3bdb527d2d5a9f2501429ef6a93230e1aeb96fd85d0113d426b7a2969f3/1c5ce3bdb527d2d5a9f2501429ef6a93230e1aeb96fd85d0113d426b7a2969f3-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/2336984eaeac272aa16933dcef29a451bca3016053c5c1114a03762d36ca8518/2336984eaeac272aa16933dcef29a451bca3016053c5c1114a03762d36ca8518-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/3d9d71e3082587844425ea6213c3513b562ebf26cd5ef10635f9ff4bd7e93094/3d9d71e3082587844425ea6213c3513b562ebf26cd5ef10635f9ff4bd7e93094-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/41b9342a3cf6939c46798e303d7f6ccf2cb79d06c90df21603c4986f8fc8b224/41b9342a3cf6939c46798e303d7f6ccf2cb79d06c90df21603c4986f8fc8b224-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/5f93c6fa771e8e6a7f0889b16996ac62caa8b742faa711c4c47dfde21e72c44f/5f93c6fa771e8e6a7f0889b16996ac62caa8b742faa711c4c47dfde21e72c44f-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/60e12bf02bb64306935359d65520257e44cc036920aa28e6c4f4a7c51e2c7ba1/60e12bf02bb64306935359d65520257e44cc036920aa28e6c4f4a7c51e2c7ba1-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/63c5499dfd8ab3195b77d722775d3d902a83d35f2e9fbe661d19e962b58bdf65/63c5499dfd8ab3195b77d722775d3d902a83d35f2e9fbe661d19e962b58bdf65-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/6e6d35f420fcfb6be477028791029dea9991dd854f831672353c139f36845014/6e6d35f420fcfb6be477028791029dea9991dd854f831672353c139f36845014-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/8047db82c22d49637f7ab722f6b752d0dce1910b1ed843601406faa64e0a2ced/8047db82c22d49637f7ab722f6b752d0dce1910b1ed843601406faa64e0a2ced-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/870ce133876763b5b753f1580cd492e736c603dfabb42be5ba117027a97bb5cc/870ce133876763b5b753f1580cd492e736c603dfabb42be5ba117027a97bb5cc-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/9c607495d29da50444a68b804007234747e75d1d7ed8b823e83e370ce53a453d/9c607495d29da50444a68b804007234747e75d1d7ed8b823e83e370ce53a453d-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/b1bba48aed1c4c09b7643791e8bc9a0a487a5da37263ef436a31aba1df6d1181/b1bba48aed1c4c09b7643791e8bc9a0a487a5da37263ef436a31aba1df6d1181-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/c34fb1cdbe2ec64708c4dcff5c2d8c0756d2e61023fc9f03406076f8d3c4563c/c34fb1cdbe2ec64708c4dcff5c2d8c0756d2e61023fc9f03406076f8d3c4563c-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/c60938ed4893d5c2d5ddc9ec6bdc216d98ac08550f4888320da9da26c1cf989d/c60938ed4893d5c2d5ddc9ec6bdc216d98ac08550f4888320da9da26c1cf989d-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/cff76ce595bd6350b06bf15c27095fd8027aa59098c4cbc0f72023b507db0172/cff76ce595bd6350b06bf15c27095fd8027aa59098c4cbc0f72023b507db0172-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/ec7dd7c4297cae4895394481e8376cec548e9c580881a575a910e5fb3a7d4289/ec7dd7c4297cae4895394481e8376cec548e9c580881a575a910e5fb3a7d4289-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/f37eeb0130ea1cb3d97016f0741ef9703cc9dc290fe5cf68373873bdebfa09c0/f37eeb0130ea1cb3d97016f0741ef9703cc9dc290fe5cf68373873bdebfa09c0-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/f6ba50d67201d22f075571f4a2df66669fd4f27c47acac5b9786c3c0b5379679/f6ba50d67201d22f075571f4a2df66669fd4f27c47acac5b9786c3c0b5379679-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: dockerd,/var/lib/docker/containers/fc46d7aa2dfca78bf3dfc350d602c811bc2a139616aabdc9b59dcf0fd6b10a4c/fc46d7aa2dfca78bf3dfc350d602c811bc2a139616aabdc9b59dcf0fd6b10a4c-json.log 2020-05-20 13:40:10 Found an opened logfile that is empty: nginx,/var/log/nginx/access.log 2020-05-20 13:40:10 Found an opened logfile that is empty: nginx,/var/log/nginx/error.log 2020-05-20 13:40:10 Found an opened logfile that is empty: nginx,/var/log/nginx/keystone-wsgi-admin-error.log 2020-05-20 13:40:10 Found an opened logfile that is empty: nginx,/var/log/nginx/keystone-wsgi-public-error.log 2020-05-20 13:40:10 Found an opened logfile that is empty: nginx,/var/log/nginx/stream.log 2020-05-20 13:40:10 Security check: file is normal 2020-05-20 13:40:10 Checking permissions of /home/cloudadmin/lynis/include/tests_insecure_services 2020-05-20 13:40:10 File permissions are OK 2020-05-20 13:40:10 ==== 2020-05-20 13:40:10 Action: Performing tests from category: Insecure services 2020-05-20 13:40:10 ==== 2020-05-20 13:40:10 Performing test ID INSE-8000 (Installed inetd package) 2020-05-20 13:40:10 Test: Checking if inetd is installed 2020-05-20 13:40:10 Result: inetd is NOT installed 2020-05-20 13:40:10 ==== 2020-05-20 13:40:10 Skipped test INSE-8002 (Check for enabled inet daemon) 2020-05-20 13:40:10 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:10 ==== 2020-05-20 13:40:10 Skipped test INSE-8004 (Presence of inetd configuration file) 2020-05-20 13:40:10 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:10 ==== 2020-05-20 13:40:10 Skipped test INSE-8006 (Check configuration of inetd when disabled) 2020-05-20 13:40:10 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:10 ==== 2020-05-20 13:40:10 Skipped test INSE-8016 (Check for telnet via inetd) 2020-05-20 13:40:10 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:10 ==== 2020-05-20 13:40:10 Performing test ID INSE-8100 (Check for installed xinetd daemon) 2020-05-20 13:40:10 Test: Checking for installed xinetd daemon 2020-05-20 13:40:11 Result: xinetd is installed 2020-05-20 13:40:11 Suggestion: If there are no xinetd services required, it is recommended that the daemon be removed [test:INSE-8100] [details:-] [solution:-] 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8102 (Check for active xinet daemon) 2020-05-20 13:40:11 Test: Searching for active extended internet services daemon (xinetd) 2020-05-20 13:40:11 Performing pgrep scan without uid 2020-05-20 13:40:11 IsRunning: process 'xinetd' found (2931 ) 2020-05-20 13:40:11 Result: xinetd is running 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8104 (Check for enabled xinet daemon) 2020-05-20 13:40:11 Test: Searching for file /etc/xinetd.conf 2020-05-20 13:40:11 Result: /etc/xinetd.conf exists 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Skipped test INSE-8106 (Check configuration of xinetd when disabled) 2020-05-20 13:40:11 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8116 (Insecure services enabled via xinetd) 2020-05-20 13:40:11 Test: checking service chargen 2020-05-20 13:40:11 Test: checking service chargen-dgram 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/chargen-dgram) 2020-05-20 13:40:11 Test: checking service chargen-stream 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/chargen-stream) 2020-05-20 13:40:11 Test: checking service daytime 2020-05-20 13:40:11 Test: checking service daytime-dgram 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/daytime-dgram) 2020-05-20 13:40:11 Test: checking service daytime-stream 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/daytime-stream) 2020-05-20 13:40:11 Test: checking service discard 2020-05-20 13:40:11 Test: checking service discard-dgram 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/discard-dgram) 2020-05-20 13:40:11 Test: checking service discard-stream 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/discard-stream) 2020-05-20 13:40:11 Test: checking service echo 2020-05-20 13:40:11 Test: checking service echo-dgram 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/echo-dgram) 2020-05-20 13:40:11 Test: checking service echo-stream 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/echo-stream) 2020-05-20 13:40:11 Test: checking service time 2020-05-20 13:40:11 Test: checking service time-dgram 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/time-dgram) 2020-05-20 13:40:11 Test: checking service time-stream 2020-05-20 13:40:11 Test: checking status in xinetd configuration file (/etc/xinetd.d/time-stream) 2020-05-20 13:40:11 Test: checking service ntalk 2020-05-20 13:40:11 Test: checking service rexec 2020-05-20 13:40:11 Test: checking service rlogin 2020-05-20 13:40:11 Test: checking service rsh 2020-05-20 13:40:11 Test: checking service rsync 2020-05-20 13:40:11 Test: checking service talk 2020-05-20 13:40:11 Test: checking service telnet 2020-05-20 13:40:11 Test: checking service tftp 2020-05-20 13:40:11 Result: no insecure services found in xinetd configuration 2020-05-20 13:40:11 Hardening: assigned maximum number of hardening points for this item (3). Currently having 245 points (out of 313) 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8200 (Check if tcp_wrappers is installed when inetd/xinetd is active) 2020-05-20 13:40:11 Test: Checking if tcp_wrappers is installed 2020-05-20 13:40:11 Package 'tcp_wrappers' is installed 2020-05-20 13:40:11 Result: tcp_wrappers is installed 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8300 (Check if rsh client is installed) 2020-05-20 13:40:11 Test: Checking if rsh client is installed 2020-05-20 13:40:11 Result: rsh client is NOT installed 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8304 (Check if rsh server is installed) 2020-05-20 13:40:11 Test: Checking if rsh server is installed 2020-05-20 13:40:11 Result: rsh server is NOT installed 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8310 (Check if telnet client is installed) 2020-05-20 13:40:11 Test: Checking if telnet client is installed 2020-05-20 13:40:11 Result: telnet client is NOT installed 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8322 (Check if telnet server is installed) 2020-05-20 13:40:11 Test: Checking if telnet server is installed 2020-05-20 13:40:11 Result: telnet server is NOT installed 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8314 (Check if NIS client is installed) 2020-05-20 13:40:11 Test: Checking if NIS client is installed 2020-05-20 13:40:11 Result: NIS client is NOT installed 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8316 (Check if NIS server is installed) 2020-05-20 13:40:11 Test: Checking if NIS server is installed 2020-05-20 13:40:11 Result: NIS server is NOT installed 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8318 (Check if TFTP client is installed) 2020-05-20 13:40:11 Test: Checking if TFTP client is installed 2020-05-20 13:40:11 Result: TFTP client is NOT installed 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID INSE-8320 (Check if TFTP server is installed) 2020-05-20 13:40:11 Test: Checking if TFTP server is installed 2020-05-20 13:40:11 Result: TFTP server is NOT installed 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Skipped test INSE-8050 (Check for insecure services on macOS) 2020-05-20 13:40:11 Reason to skip: Incorrect guest OS (macOS only) 2020-05-20 13:40:11 Security check: file is normal 2020-05-20 13:40:11 Checking permissions of /home/cloudadmin/lynis/include/tests_banners 2020-05-20 13:40:11 File permissions are OK 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Action: Performing tests from category: Banners and identification 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Skipped test BANN-7113 (Check COPYRIGHT banner file) 2020-05-20 13:40:11 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID BANN-7124 (Check issue banner file) 2020-05-20 13:40:11 Test: Checking file /etc/issue 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID BANN-7126 (Check issue banner file contents) 2020-05-20 13:40:11 Test: Checking file /etc/issue contents for legal key words 2020-05-20 13:40:11 Result: Found only 0 key words (5 or more suggested), to warn unauthorized users and could be increased 2020-05-20 13:40:11 Suggestion: Add a legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126] [details:-] [solution:-] 2020-05-20 13:40:11 Hardening: assigned partial number of hardening points (0 of 1). Currently having 245 points (out of 314) 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID BANN-7128 (Check issue.net banner file) 2020-05-20 13:40:11 Test: Checking file /etc/issue.net 2020-05-20 13:40:11 Result: file /etc/issue.net exists 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID BANN-7130 (Check issue.net banner file contents) 2020-05-20 13:40:11 Test: Checking file /etc/issue.net contents for legal key words 2020-05-20 13:40:11 Result: Found only 0 key words, to warn unauthorized users and could be increased 2020-05-20 13:40:11 Suggestion: Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130] [details:-] [solution:-] 2020-05-20 13:40:11 Hardening: assigned partial number of hardening points (0 of 1). Currently having 245 points (out of 315) 2020-05-20 13:40:11 Security check: file is normal 2020-05-20 13:40:11 Checking permissions of /home/cloudadmin/lynis/include/tests_scheduling 2020-05-20 13:40:11 File permissions are OK 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Action: Performing tests from category: Scheduled tasks 2020-05-20 13:40:11 ==== 2020-05-20 13:40:11 Performing test ID SCHD-7702 (Check status of cron daemon) 2020-05-20 13:40:12 Result: cron daemon running 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID SCHD-7704 (Check crontab/cronjobs) 2020-05-20 13:40:12 Test: checking directory /etc/cron.d 2020-05-20 13:40:12 Test: check if we can access /etc/cron.d (escaped: /etc/cron.d) 2020-05-20 13:40:12 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:12 Result: file /etc/cron.d is readable (or directory accessible). 2020-05-20 13:40:12 Result: found directory /etc/cron.d 2020-05-20 13:40:12 Test: searching files in /etc/cron.d 2020-05-20 13:40:12 Result: found one or more files in /etc/cron.d. Analyzing files.. 2020-05-20 13:40:12 Result: Found cronjob (/etc/cron.d/0hourly): 01,*,*,*,*,root,run-parts,/etc/cron.hourly 2020-05-20 13:40:12 Result: done with analyzing files in /etc/cron.d 2020-05-20 13:40:12 Test: checking directory /etc/cron.hourly 2020-05-20 13:40:12 Result: found directory /etc/cron.hourly 2020-05-20 13:40:12 Test: check if we can access /etc/cron.hourly (escaped: /etc/cron.hourly) 2020-05-20 13:40:12 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:12 Result: file /etc/cron.hourly is readable (or directory accessible). 2020-05-20 13:40:12 Test: searching files in /etc/cron.hourly 2020-05-20 13:40:12 Result: found one or more files in /etc/cron.hourly. Analyzing files.. 2020-05-20 13:40:12 Result: Found cronjob (/etc/cron.hourly): /etc/cron.hourly/0anacron 2020-05-20 13:40:12 Result: done with analyzing files in /etc/cron.hourly 2020-05-20 13:40:12 Test: checking directory /etc/cron.daily 2020-05-20 13:40:12 Result: found directory /etc/cron.daily 2020-05-20 13:40:12 Test: check if we can access /etc/cron.daily (escaped: /etc/cron.daily) 2020-05-20 13:40:12 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:12 Result: file /etc/cron.daily is readable (or directory accessible). 2020-05-20 13:40:12 Test: searching files in /etc/cron.daily 2020-05-20 13:40:12 Result: found one or more files in /etc/cron.daily. Analyzing files.. 2020-05-20 13:40:12 Result: Found cronjob (/etc/cron.daily): /etc/cron.daily/man-db.cron 2020-05-20 13:40:12 Result: Found cronjob (/etc/cron.daily): /etc/cron.daily/logrotate 2020-05-20 13:40:12 Result: done with analyzing files in /etc/cron.daily 2020-05-20 13:40:12 Test: checking directory /etc/cron.weekly 2020-05-20 13:40:12 Result: found directory /etc/cron.weekly 2020-05-20 13:40:12 Test: check if we can access /etc/cron.weekly (escaped: /etc/cron.weekly) 2020-05-20 13:40:12 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:12 Result: file /etc/cron.weekly is readable (or directory accessible). 2020-05-20 13:40:12 Test: searching files in /etc/cron.weekly 2020-05-20 13:40:12 Result: no files found in /etc/cron.weekly 2020-05-20 13:40:12 Test: checking directory /etc/cron.monthly 2020-05-20 13:40:12 Result: found directory /etc/cron.monthly 2020-05-20 13:40:12 Test: check if we can access /etc/cron.monthly (escaped: /etc/cron.monthly) 2020-05-20 13:40:12 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:12 Result: file /etc/cron.monthly is readable (or directory accessible). 2020-05-20 13:40:12 Test: searching files in /etc/cron.monthly 2020-05-20 13:40:12 Result: no files found in /etc/cron.monthly 2020-05-20 13:40:12 Test: checking anacrontab 2020-05-20 13:40:12 Found anacron job (/etc/anacrontab): 1,5,cron.daily,nice,run-parts,/etc/cron.daily 2020-05-20 13:40:12 Found anacron job (/etc/anacrontab): 7,25,cron.weekly,nice,run-parts,/etc/cron.weekly 2020-05-20 13:40:12 Found anacron job (/etc/anacrontab): @monthly,45,cron.monthly,nice,run-parts,/etc/cron.monthly 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID SCHD-7718 (Check at users) 2020-05-20 13:40:12 Test: Checking atd status 2020-05-20 13:40:12 Result: at daemon not active 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test SCHD-7720 (Check at users) 2020-05-20 13:40:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test SCHD-7724 (Check at jobs) 2020-05-20 13:40:12 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:12 Result: no scheduled Lynis execution found (e.g. crontab, cronjob) 2020-05-20 13:40:12 Security check: file is normal 2020-05-20 13:40:12 Checking permissions of /home/cloudadmin/lynis/include/tests_accounting 2020-05-20 13:40:12 File permissions are OK 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Action: Performing tests from category: Accounting 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test ACCT-2754 (Check for available FreeBSD accounting information) 2020-05-20 13:40:12 Reason to skip: Incorrect guest OS (FreeBSD only) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test ACCT-2760 (Check for available OpenBSD accounting information) 2020-05-20 13:40:12 Reason to skip: Incorrect guest OS (OpenBSD only) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID ACCT-9622 (Check for available Linux accounting information) 2020-05-20 13:40:12 Test: Check accounting information 2020-05-20 13:40:12 Result: No accounting information available (/var/account/pacct, /var/log/account/pact nor /var/log/pact exist) 2020-05-20 13:40:12 Remark: Possibly there is another location where the accounting data is stored 2020-05-20 13:40:12 Suggestion: Enable process accounting [test:ACCT-9622] [details:-] [solution:-] 2020-05-20 13:40:12 Hardening: assigned partial number of hardening points (2 of 3). Currently having 247 points (out of 318) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID ACCT-9626 (Check for sysstat accounting data) 2020-05-20 13:40:12 Test: check /etc/default/sysstat presence 2020-05-20 13:40:12 Result: sysstat not found via /etc/default/sysstat or /etc/cron.d/sysstat 2020-05-20 13:40:12 Suggestion: Enable sysstat to collect accounting (no results) [test:ACCT-9626] [details:-] [solution:-] 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID ACCT-9628 (Check for auditd) 2020-05-20 13:40:12 Test: Check auditd status 2020-05-20 13:40:12 Performing pgrep scan without uid 2020-05-20 13:40:12 IsRunning: process 'auditd' found (1626 ) 2020-05-20 13:40:12 Result: auditd running 2020-05-20 13:40:12 Hardening: assigned maximum number of hardening points for this item (4). Currently having 251 points (out of 322) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID ACCT-9630 (Check for auditd rules) 2020-05-20 13:40:12 Test: Checking auditd rules 2020-05-20 13:40:12 Result: found auditd rules 2020-05-20 13:40:12 Output: -a never,exit -S all -F auid=-1 2020-05-20 13:40:12 Output: -a never,exit -S all -F auid!=0 -F auid<1000 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=time-change 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S stime,settimeofday,adjtimex -F key=time-change 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change 2020-05-20 13:40:12 Output: -w /etc/localtime -p wa -k time-change 2020-05-20 13:40:12 Output: -w /etc/group -p wa -k identity 2020-05-20 13:40:12 Output: -w /etc/passwd -p wa -k identity 2020-05-20 13:40:12 Output: -w /etc/gshadow -p wa -k identity 2020-05-20 13:40:12 Output: -w /etc/shadow -p wa -k identity 2020-05-20 13:40:12 Output: -w /etc/security/opasswd -p wa -k identity 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S setuid -F key=32bit_setuid 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S setuid -F key=64bit_setuid 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S setgid -F key=32bit_setgid 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S setgid -F key=64bit_setgid 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S sethostname,setdomainname -F key=system-locale 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S sethostname,setdomainname -F key=system-locale 2020-05-20 13:40:12 Output: -w /etc/issue -p wa -k system-locale 2020-05-20 13:40:12 Output: -w /etc/issue.net -p wa -k system-locale 2020-05-20 13:40:12 Output: -w /etc/hosts -p wa -k system-locale 2020-05-20 13:40:12 Output: -w /etc/sysconfig/network -p wa -k system-locale 2020-05-20 13:40:12 Output: -w /etc/sysconfig/network-scripts -p wa -k system-locale 2020-05-20 13:40:12 Output: -w /etc/NetworkManager/ -p wa -k system-locale 2020-05-20 13:40:12 Output: -w /etc/selinux/ -p wa -k MAC-policy 2020-05-20 13:40:12 Output: -w /usr/share/selinux/ -p wa -k MAC-policy 2020-05-20 13:40:12 Output: -w /var/log/tallylog -p wa -k logins 2020-05-20 13:40:12 Output: -w /var/run/faillock -p wa -k logins 2020-05-20 13:40:12 Output: -w /var/log/lastlog -p wa -k logins 2020-05-20 13:40:12 Output: -w /var/log/faillog -p wa -k logins 2020-05-20 13:40:12 Output: -w /etc/login.defs -p wa -k logins 2020-05-20 13:40:12 Output: -w /var/run/utmp -p wa -k session 2020-05-20 13:40:12 Output: -w /var/log/btmp -p wa -k session 2020-05-20 13:40:12 Output: -w /var/log/wtmp -p wa -k session 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S chmod,fchmod,chown,fchown,lchown,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr,fchownat,fchmodat -F key=perm_mod 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S chmod,lchown,fchmod,fchown,chown,setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr,fchownat,fchmodat -F key=perm_mod 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EACCES -F key=access 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -F key=access 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EPERM -F key=access 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -F key=access 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S mount -F key=mounts 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S mount -F key=mounts 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S rename,rmdir,unlink,unlinkat,renameat -F key=delete 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S unlink,rename,rmdir,unlinkat,renameat -F key=delete 2020-05-20 13:40:12 Output: -w /etc/sudoers -p wa -k actions 2020-05-20 13:40:12 Output: -w /etc/sudoers.d -p wa -k actions 2020-05-20 13:40:12 Output: -w /usr/bin/chage -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/gpasswd -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/newgrp -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/mount -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/su -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/sudo -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/umount -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/at -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/chfn -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/chsh -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/passwd -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/pkexec -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/crontab -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/fusermount -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/sbin/pam_timestamp_check -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/sbin/unix_chkpwd -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/sbin/mount.nfs -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/sbin/usernetctl -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/bin/userhelper -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/sbin/semanage -p x -k privileged-priv_change 2020-05-20 13:40:12 Output: -w /usr/sbin/setsebool -p x -k privileged-priv_change 2020-05-20 13:40:12 Output: -w /usr/bin/chcon -p x -k privileged-priv_change 2020-05-20 13:40:12 Output: -w /usr/sbin/restorecon -p x -k privileged-priv_change 2020-05-20 13:40:12 Output: -w /usr/bin/sudoedit -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/sbin/postdrop -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/sbin/postqueue -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/libexec/qemu-bridge-helper -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/libexec/dbus-1/dbus-daemon-launch-helper -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/lib/polkit-1/polkit-agent-helper-1 -p x -k privileged 2020-05-20 13:40:12 Output: -w /usr/libexec/openssh/ssh-keysign -p x -k privileged 2020-05-20 13:40:12 Output: -a always,exit -S all -F dir=/home -F uid=0 -C auid!=obj_uid -F key=admin-abuse 2020-05-20 13:40:12 Output: -a never,exit -F arch=b32 -S setsockopt 2020-05-20 13:40:12 Output: -a never,exit -F arch=b64 -S setsockopt 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S all -F exit=-EPERM -F key=access_denied 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S all -F exit=-EACCES -F key=access_denied 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S all -F exit=-EPERM -F key=access_denied 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S all -F exit=-EACCES -F key=access_denied 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S umount -F key=32bit_umount 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S umount2 -F key=32bit_umount2 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S umount2 -F key=64bit_umount2 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S modify_ldt -F key=32bit_modify_ldt 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S modify_ldt -F key=64bit_modify_ldt 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S move_pages -F key=32bit_move_pages 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S move_pages -F key=64bit_move_pages 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S set_mempolicy -F key=32bit_set_mempolicy 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S set_mempolicy -F key=64bit_set_mempolicy 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S swapoff -F key=32bit_swapoff 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S swapoff -F key=64bit_swapoff 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S reboot -F key=32bit_reboot 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S reboot -F key=64bit_reboot 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S capset -F key=32bit_capset 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S capset -F key=64bit_capset 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S clone -F a0&0x7C020000 -F key=container-create 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S clone -F a0&0x7C020000 -F key=container-create 2020-05-20 13:40:12 Output: -w /etc/docker -p wa -k docker 2020-05-20 13:40:12 Output: -w /etc/sysconfig/docker-registries -p wa -k docker 2020-05-20 13:40:12 Output: -w /etc/sysconfig/docker-storage -p wa -k docker 2020-05-20 13:40:12 Output: -w /etc/sysconfig/docker-proxy -p wa -k docker 2020-05-20 13:40:12 Output: -w /usr/bin/docker -p rwxa -k docker 2020-05-20 13:40:12 Output: -w /usr/lib/systemd/system/docker.service -p wa -k docker 2020-05-20 13:40:12 Output: -w /var/run/docker.sock -p wa -k docker 2020-05-20 13:40:12 Output: -w /usr/lib/systemd/system/kubelet.service -p wa -k kubelet 2020-05-20 13:40:12 Output: -w /etc/kubernetes -p wa -k kubelet 2020-05-20 13:40:12 Output: -w /var/log/audit/kube_apiserver -p rwxa -k container-audit 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S unshare,setns -F key=container-config 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S unshare,setns -F key=container-config 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S ptrace -F a0=0x4 -F key=code-injection 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S ptrace -F a0=0x4 -F key=code-injection 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S ptrace -F a0=0x5 -F key=data-injection 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S ptrace -F a0=0x5 -F key=data-injection 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S ptrace -F a0=0x6 -F key=register-injection 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S ptrace -F a0=0x6 -F key=register-injection 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S ptrace -F key=64bit_ptrace 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S ptrace -F key=32bit_ptrace 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S tgkill -F key=32bit_tgkill 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S tgkill -F key=64bit_tgkill 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S tkill -F key=32bit_tkill 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S tkill -F key=64bit_tkill 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S kill -F key=32bit_kill 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S kill -F key=64bit_kill 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S prlimit64 -F key=32bit_prlimit64 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S prlimit64 -F key=64bit_prlimit64 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S unshare -F key=32bit_unshare 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S unshare -F key=64bit_unshare 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S set_thread_area -F key=32bit_set_thread_area 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S set_thread_area -F key=64bit_set_thread_area 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S sched_setattr -F key=32bit_sched_setattr 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S sched_setattr -F key=64bit_sched_setattr 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S pivot_root -F key=32bit_pivot_root 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S pivot_root -F key=64bit_pivot_root 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S setns -F key=32bit_setns 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S setns -F key=64bit_setns 2020-05-20 13:40:12 Output: -w /usr/sbin/insmod -p x -k modules 2020-05-20 13:40:12 Output: -w /usr/sbin/rmmod -p x -k modules 2020-05-20 13:40:12 Output: -w /usr/sbin/modprobe -p x -k modules 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S create_module,init_module,delete_module,kexec_load,finit_module,kexec_file_load -F key=modules 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S create_module,init_module,delete_module,finit_module -F key=modules 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S add_key -F key=32bit_add_key 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S add_key -F key=64bit_add_key 2020-05-20 13:40:12 Output: -w /usr/local/bin/hostcli -p wa -k hostcli 2020-05-20 13:40:12 Output: -w /usr/bin/openstack -p wa -k openstackcli 2020-05-20 13:40:12 Output: -w /boot -p rwxa -k dir_boot 2020-05-20 13:40:12 Output: -w /opt -p wa -k dir_opt 2020-05-20 13:40:12 Output: -w /etc -p rwa -k dir_etc 2020-05-20 13:40:12 Output: -w /usr/bin -p rwxa -k usr-bin 2020-05-20 13:40:12 Output: -w /usr/sbin -p rwxa -k usr-sbin 2020-05-20 13:40:12 Output: -w /usr/libexec -p wa -k usr-libexex 2020-05-20 13:40:12 Output: -w /usr/local -p wxa -k usr-local 2020-05-20 13:40:12 Output: -w /mnt/symptomreport -p rwa -k symptomreport 2020-05-20 13:40:12 Output: -w /usr/lib -p wa -k usr-lib 2020-05-20 13:40:12 Output: -w /usr/lib64 -p wa -k usr-lib64 2020-05-20 13:40:12 Output: -w /var/log/audit -p rwxa -k audit-logs 2020-05-20 13:40:12 Output: -w /var/log/sudo.log -p wa -k actions 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S epoll_wait_old -F key=64bit_epoll_wait_old 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S inotify_add_watch -F key=32bit_inotify_add_watch 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S inotify_add_watch -F key=64bit_inotify_add_watch 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S inotify_init -F key=32bit_inotify_init 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S inotify_init -F key=64bit_inotify_init 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S inotify_init1 -F key=32bit_inotify_init1 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S inotify_init1 -F key=64bit_inotify_init1 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S inotify_rm_watch -F key=32bit_inotify_rm_watch 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S inotify_rm_watch -F key=64bit_inotify_rm_watch 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S mq_open -F key=32bit_mq_open 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S mq_open -F key=64bit_mq_open 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S mq_unlink -F key=32bit_mq_unlink 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S mq_unlink -F key=64bit_mq_unlink 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S bpf -F key=32bit_bpf 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S bpf -F key=64bit_bpf 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S vmsplice -F key=32bit_vmsplice 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S vmsplice -F key=64bit_vmsplice 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S seccomp -F key=32bit_seccomp 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S seccomp -F key=64bit_seccomp 2020-05-20 13:40:12 Output: -a always,exit -F arch=b32 -S _sysctl -F key=32bit__sysctl 2020-05-20 13:40:12 Output: -a always,exit -F arch=b64 -S _sysctl -F key=64bit__sysctl 2020-05-20 13:40:12 Output: -a always,exclude -F msgtype=NETFILTER_CFG 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID ACCT-9632 (Check for auditd configuration file) 2020-05-20 13:40:12 Test: Checking auditd configuration file 2020-05-20 13:40:12 Result: /etc/auditd.conf not found 2020-05-20 13:40:12 Result: Found /etc/audit/auditd.conf 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID ACCT-9634 (Check for auditd log file) 2020-05-20 13:40:12 Test: Checking auditd log file 2020-05-20 13:40:12 Result: log file is defined 2020-05-20 13:40:12 Defined value: /var/log/audit/audit.log 2020-05-20 13:40:12 Result: log file /var/log/audit/audit.log exists on disk 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID ACCT-9636 (Check for Snoopy wrapper and logger) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test ACCT-9650 (Check Solaris audit daemon) 2020-05-20 13:40:12 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test ACCT-9652 (Check auditd SMF status) 2020-05-20 13:40:12 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test ACCT-9654 (Check BSM auditing in /etc/system) 2020-05-20 13:40:12 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test ACCT-9656 (Check BSM auditing in module list) 2020-05-20 13:40:12 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test ACCT-9660 (Check location of audit events) 2020-05-20 13:40:12 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Skipped test ACCT-9662 (Check Solaris auditing stats) 2020-05-20 13:40:12 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:40:12 Security check: file is normal 2020-05-20 13:40:12 Checking permissions of /home/cloudadmin/lynis/include/tests_time 2020-05-20 13:40:12 File permissions are OK 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Action: Performing tests from category: Time and Synchronization 2020-05-20 13:40:12 ==== 2020-05-20 13:40:12 Performing test ID TIME-3104 (Check for running NTP daemon or client) 2020-05-20 13:40:12 Test: Searching for a running NTP daemon or available client 2020-05-20 13:40:12 Result: no chrony configuration found 2020-05-20 13:40:12 Performing pgrep scan without uid 2020-05-20 13:40:12 IsRunning: process 'dntpd' not found 2020-05-20 13:40:13 Result: found running NTP daemon in process list 2020-05-20 13:40:13 Performing pgrep scan without uid 2020-05-20 13:40:13 IsRunning: process 'timed' not found 2020-05-20 13:40:13 Result: /etc/systemd/timesyncd.conf does not exist 2020-05-20 13:40:13 Test: checking for ntpdate or rdate in crontab file /etc/anacrontab 2020-05-20 13:40:13 Result: no ntpdate or rdate reference found in crontab file /etc/anacrontab 2020-05-20 13:40:13 Test: checking for ntpdate or rdate in crontab file /etc/crontab 2020-05-20 13:40:13 Result: no ntpdate or rdate reference found in crontab file /etc/crontab 2020-05-20 13:40:13 Test: check if we can access /etc/cron.d (escaped: /etc/cron.d) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.d is readable (or directory accessible). 2020-05-20 13:40:13 Test: checking for ntpdate or rdate in /etc/cron.d/0hourly 2020-05-20 13:40:13 Test: check if we can access /etc/cron.d/0hourly (escaped: /etc/cron.d/0hourly) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.d/0hourly is readable (or directory accessible). 2020-05-20 13:40:13 Test: checking for ntpdate or rdate in /etc/cron.d/keystone-fernet-rotate 2020-05-20 13:40:13 Test: check if we can access /etc/cron.d/keystone-fernet-rotate (escaped: /etc/cron.d/keystone-fernet-rotate) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.d/keystone-fernet-rotate is readable (or directory accessible). 2020-05-20 13:40:13 Test: checking for ntpdate or rdate in /etc/cron.d/keystone-credential-rotate 2020-05-20 13:40:13 Test: check if we can access /etc/cron.d/keystone-credential-rotate (escaped: /etc/cron.d/keystone-credential-rotate) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.d/keystone-credential-rotate is readable (or directory accessible). 2020-05-20 13:40:13 Test: check if we can access /etc/cron.hourly (escaped: /etc/cron.hourly) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.hourly is readable (or directory accessible). 2020-05-20 13:40:13 Test: checking for ntpdate or rdate in /etc/cron.hourly/0anacron 2020-05-20 13:40:13 Test: check if we can access /etc/cron.hourly/0anacron (escaped: /etc/cron.hourly/0anacron) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.hourly/0anacron is readable (or directory accessible). 2020-05-20 13:40:13 Test: check if we can access /etc/cron.daily (escaped: /etc/cron.daily) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.daily is readable (or directory accessible). 2020-05-20 13:40:13 Test: checking for ntpdate or rdate in /etc/cron.daily/man-db.cron 2020-05-20 13:40:13 Test: check if we can access /etc/cron.daily/man-db.cron (escaped: /etc/cron.daily/man-db.cron) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.daily/man-db.cron is readable (or directory accessible). 2020-05-20 13:40:13 Test: checking for ntpdate or rdate in /etc/cron.daily/logrotate 2020-05-20 13:40:13 Test: check if we can access /etc/cron.daily/logrotate (escaped: /etc/cron.daily/logrotate) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.daily/logrotate is readable (or directory accessible). 2020-05-20 13:40:13 Test: check if we can access /etc/cron.weekly (escaped: /etc/cron.weekly) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.weekly is readable (or directory accessible). 2020-05-20 13:40:13 Result: /etc/cron.weekly is empty, skipping search in directory 2020-05-20 13:40:13 Test: check if we can access /etc/cron.monthly (escaped: /etc/cron.monthly) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/cron.monthly is readable (or directory accessible). 2020-05-20 13:40:13 Result: /etc/cron.monthly is empty, skipping search in directory 2020-05-20 13:40:13 Result: no ntpdate or rdate found in cron directories 2020-05-20 13:40:13 Test: checking for file /etc/network/if-up.d/ntpdate 2020-05-20 13:40:13 Result: file /etc/network/if-up.d/ntpdate does not exist 2020-05-20 13:40:13 Result: Found a time syncing daemon/client. 2020-05-20 13:40:13 Hardening: assigned maximum number of hardening points for this item (3). Currently having 254 points (out of 325) 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Skipped test TIME-3106 (Check systemd NTP time synchronization status) 2020-05-20 13:40:13 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3112 (Check active NTP associations ID's) 2020-05-20 13:40:13 Test: Checking for NTP association ID's from ntpq peers list 2020-05-20 13:40:13 Result: Found one or more association ID's 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3116 (Check peers with stratum value of 16) 2020-05-20 13:40:13 Test: Checking stratum 16 sources from ntpq peers list 2020-05-20 13:40:13 Result: All peers are lower than stratum 16 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3120 (Check unreliable NTP peers) 2020-05-20 13:40:13 Test: Checking unreliable ntp peers 2020-05-20 13:40:13 Result: No unreliable peers found 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3124 (Check selected time source) 2020-05-20 13:40:13 Test: Checking selected time source 2020-05-20 13:40:13 Result: Found selected time source (value: 204.127.189.11) 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3128 (Check preferred time source) 2020-05-20 13:40:13 Test: Checking preferred time source 2020-05-20 13:40:13 Result: No other time source candidates found 2020-05-20 13:40:13 Suggestion: Check ntpq peers output for time source candidates [test:TIME-3128] [details:-] [solution:-] 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3132 (Check NTP falsetickers) 2020-05-20 13:40:13 Test: Checking preferred time source 2020-05-20 13:40:13 Result: No falsetickers found (items preceding with an 'x') 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3136 (Check NTP protocol version) 2020-05-20 13:40:13 Test: Checking NTP protocol version (ntpq -c ntpversion) 2020-05-20 13:40:13 Result: Found NTP version 2 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3148 (Check TZ variable) 2020-05-20 13:40:13 Test: testing for TZ variable 2020-05-20 13:40:13 Result: found TZ variable with value notset 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3160 (Check empty NTP step-tickers) 2020-05-20 13:40:13 Result: /etc/ntp/step-tickers exists and it is empty. On RedHat the initial time synchronization will be done with the servers listed in ntp.conf. 2020-05-20 13:40:13 Information: step-tickers is used by ntpdate where as ntp.conf is the configuration file for the ntpd daemon. ntpdate is initially run to set the clock before ntpd to make sure time is within 1000 sec. 2020-05-20 13:40:13 Risk: ntp will not run at boot if the time difference between the server and client by more then 1000 sec. 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID TIME-3170 (Check configuration files) 2020-05-20 13:40:13 Result: found /etc/ntp.conf 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Skipped test TIME-3180 (Report if ntpctl cannot communicate with OpenNTPD) 2020-05-20 13:40:13 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Skipped test TIME-3181 (Check status of OpenNTPD time synchronisation) 2020-05-20 13:40:13 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Skipped test TIME-3182 (Check OpenNTPD has working peers) 2020-05-20 13:40:13 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:13 Security check: file is normal 2020-05-20 13:40:13 Checking permissions of /home/cloudadmin/lynis/include/tests_crypto 2020-05-20 13:40:13 File permissions are OK 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Action: Performing tests from category: Cryptography 2020-05-20 13:40:13 ==== 2020-05-20 13:40:13 Performing test ID CRYP-7902 (Check expire date of SSL certificates) 2020-05-20 13:40:13 Paths to scan: /etc/apache2 /etc/dovecot /etc/httpd /etc/letsencrypt /etc/pki /etc/postfix /etc/ssl /opt/psa/var/certificates /usr/local/psa/var/certificates /usr/local/share/ca-certificates /usr/share/ca-certificates /usr/share/gnupg /var/www /srv/www 2020-05-20 13:40:13 Paths to ignore: /etc/letsencrypt/archive 2020-05-20 13:40:13 Result: SSL path /etc/apache2 does not exist 2020-05-20 13:40:13 Result: SSL path /etc/dovecot does not exist 2020-05-20 13:40:13 Test: check if we can access /etc/httpd (escaped: /etc/httpd) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/httpd is readable (or directory accessible). 2020-05-20 13:40:13 Result: found directory /etc/httpd 2020-05-20 13:40:13 Result: found 0 certificates in /etc/httpd 2020-05-20 13:40:13 Result: SSL path /etc/letsencrypt does not exist 2020-05-20 13:40:13 Test: check if we can access /etc/pki (escaped: /etc/pki) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/pki is readable (or directory accessible). 2020-05-20 13:40:13 Result: found directory /etc/pki 2020-05-20 13:40:13 Test: check if we can access /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt (escaped: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt is readable (or directory accessible). 2020-05-20 13:40:13 Result: file '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt' belongs to package (ca) 2020-05-20 13:40:13 Test: check if we can access /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem (escaped: /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem is readable (or directory accessible). 2020-05-20 13:40:13 Result: file '/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem' belongs to package (ca) 2020-05-20 13:40:13 Test: check if we can access /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem (escaped: /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem is readable (or directory accessible). 2020-05-20 13:40:13 Result: file '/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem' belongs to package (ca) 2020-05-20 13:40:13 Test: check if we can access /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (escaped: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem is readable (or directory accessible). 2020-05-20 13:40:13 Result: file '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem' belongs to package (ca) 2020-05-20 13:40:13 Test: check if we can access /etc/pki/ca-trust/source/anchors/ca.pem (escaped: /etc/pki/ca-trust/source/anchors/ca.pem) 2020-05-20 13:40:13 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:13 Result: file /etc/pki/ca-trust/source/anchors/ca.pem is readable (or directory accessible). 2020-05-20 13:40:14 Result: file '/etc/pki/ca-trust/source/anchors/ca.pem' belongs to package (file /etc/pki/ca) 2020-05-20 13:40:14 Result: found 5 certificates in /etc/pki 2020-05-20 13:40:14 Result: SSL path /etc/postfix does not exist 2020-05-20 13:40:14 Test: check if we can access /etc/ssl (escaped: /etc/ssl) 2020-05-20 13:40:14 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:14 Result: file /etc/ssl is readable (or directory accessible). 2020-05-20 13:40:14 Result: found directory /etc/ssl 2020-05-20 13:40:14 Test: check if we can access /etc/ssl/private/certificate.pem (escaped: /etc/ssl/private/certificate.pem) 2020-05-20 13:40:14 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:14 Result: file /etc/ssl/private/certificate.pem is readable (or directory accessible). 2020-05-20 13:40:14 Result: file '/etc/ssl/private/certificate.pem' belongs to package (file /etc/ssl/private/certificate.pem is not owned by any package) 2020-05-20 13:40:14 Result: found 1 certificates in /etc/ssl 2020-05-20 13:40:14 Result: SSL path /opt/psa/var/certificates does not exist 2020-05-20 13:40:14 Result: SSL path /usr/local/psa/var/certificates does not exist 2020-05-20 13:40:14 Result: SSL path /usr/local/share/ca-certificates does not exist 2020-05-20 13:40:14 Result: SSL path /usr/share/ca-certificates does not exist 2020-05-20 13:40:14 Test: check if we can access /usr/share/gnupg (escaped: /usr/share/gnupg) 2020-05-20 13:40:14 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:14 Result: file /usr/share/gnupg is readable (or directory accessible). 2020-05-20 13:40:14 Result: found directory /usr/share/gnupg 2020-05-20 13:40:14 Result: found 0 certificates in /usr/share/gnupg 2020-05-20 13:40:14 Test: check if we can access /var/www (escaped: /var/www) 2020-05-20 13:40:14 Result: file is owned by our current user ID (0), checking if it is readable 2020-05-20 13:40:14 Result: file /var/www is readable (or directory accessible). 2020-05-20 13:40:14 Result: found directory /var/www 2020-05-20 13:40:14 Result: found 0 certificates in /var/www 2020-05-20 13:40:14 Result: SSL path /srv/www does not exist 2020-05-20 13:40:14 Result: found a total of 6 certificates 2020-05-20 13:40:14 ==== 2020-05-20 13:40:14 Performing test ID CRYP-7930 (Determine if system uses LUKS block device encryption) 2020-05-20 13:40:14 Result: block device rbd0 is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sdd is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sdd2 is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sdd1 is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sdb is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sr0 is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sdc is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sdc2 is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sdc1 is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sda is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sda2 is not LUKS encrypted 2020-05-20 13:40:14 Result: block device VG-swift is not LUKS encrypted 2020-05-20 13:40:14 Result: block device VG-audit is not LUKS encrypted 2020-05-20 13:40:14 Result: block device VG-docker is not LUKS encrypted 2020-05-20 13:40:14 Result: block device VG-cephmgr is not LUKS encrypted 2020-05-20 13:40:14 Result: block device VG-home is not LUKS encrypted 2020-05-20 13:40:14 Result: block device VG-log is not LUKS encrypted 2020-05-20 13:40:14 Result: block device VG-cephmon is not LUKS encrypted 2020-05-20 13:40:14 Result: block device sda1 is not LUKS encrypted 2020-05-20 13:40:14 ==== 2020-05-20 13:40:14 Performing test ID CRYP-7931 (Determine if system uses encrypted swap) 2020-05-20 13:40:14 ==== 2020-05-20 13:40:14 Performing test ID CRYP-8002 (Gather available kernel entropy) 2020-05-20 13:40:14 Result: found kernel entropy value of 3754 2020-05-20 13:40:14 ==== 2020-05-20 13:40:14 Performing test ID CRYP-8004 (Presence of hardware random number generators) 2020-05-20 13:40:14 Test: looking for /sys/class/misc/hw_random/rng_current 2020-05-20 13:40:14 Result: no HW RNG available 2020-05-20 13:40:14 ==== 2020-05-20 13:40:14 Performing test ID CRYP-8005 (Presence of software pseudo random number generators) 2020-05-20 13:40:14 Test: looking for software pseudo random number generators 2020-05-20 13:40:14 Performing pgrep scan without uid 2020-05-20 13:40:14 IsRunning: process 'audio-entropyd' not found 2020-05-20 13:40:14 Performing pgrep scan without uid 2020-05-20 13:40:15 IsRunning: process 'haveged' not found 2020-05-20 13:40:15 Performing pgrep scan without uid 2020-05-20 13:40:15 IsRunning: process 'jitterentropy-rngd' not found 2020-05-20 13:40:15 Suggestion: Utilize software pseudo random number generators [test:CRYP-8005] [details:-] [solution:-] 2020-05-20 13:40:15 Security check: file is normal 2020-05-20 13:40:15 Checking permissions of /home/cloudadmin/lynis/include/tests_virtualization 2020-05-20 13:40:15 File permissions are OK 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Action: Performing tests from category: Virtualization 2020-05-20 13:40:15 Security check: file is normal 2020-05-20 13:40:15 Checking permissions of /home/cloudadmin/lynis/include/tests_containers 2020-05-20 13:40:15 File permissions are OK 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Action: Performing tests from category: Containers 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Skipped test CONT-8004 (Query running Solaris zones) 2020-05-20 13:40:15 Reason to skip: Incorrect guest OS (Solaris only) 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Performing test ID CONT-8102 (Checking Docker status and information) 2020-05-20 13:40:15 Performing pgrep scan without uid 2020-05-20 13:40:15 IsRunning: process 'dockerd' found (2903 ) 2020-05-20 13:40:15 Result: found Docker daemon running 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Performing test ID CONT-8104 (Checking Docker info for any warnings) 2020-05-20 13:40:15 Test: Check for any warnings 2020-05-20 13:40:15 Result: no warnings found from 'docker info' output 2020-05-20 13:40:15 Hardening: assigned maximum number of hardening points for this item (1). Currently having 255 points (out of 326) 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Performing test ID CONT-8106 (Gather basic stats from Docker) 2020-05-20 13:40:15 Test: checking total amount of Docker containers 2020-05-20 13:40:15 Result: docker info shows 88 containers 2020-05-20 13:40:15 Result: docker ps -a shows 88 containers 2020-05-20 13:40:15 Result: 41 containers are currently active 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Performing test ID CONT-8107 (Check number of Docker containers) 2020-05-20 13:40:15 Suggestion: More than 10 unused containers found on the system. Clean up old containers by using output of 'docker ps -a' command [test:CONT-8107] [details:-] [solution:-] 2020-05-20 13:40:15 Hardening: assigned partial number of hardening points (0 of 2). Currently having 255 points (out of 328) 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Performing test ID CONT-8108 (Check file permissions for Docker files) 2020-05-20 13:40:15 Test: Check /var/run/docker.sock 2020-05-20 13:40:15 Hardening: assigned maximum number of hardening points for this item (5). Currently having 260 points (out of 333) 2020-05-20 13:40:15 Security check: file is normal 2020-05-20 13:40:15 Checking permissions of /home/cloudadmin/lynis/include/tests_mac_frameworks 2020-05-20 13:40:15 File permissions are OK 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Action: Performing tests from category: Security frameworks 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Performing test ID MACF-6204 (Check AppArmor presence) 2020-05-20 13:40:15 Result: aa-status binary not found, AppArmor not installed 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Skipped test MACF-6208 (Check if AppArmor is enabled) 2020-05-20 13:40:15 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Performing test ID MACF-6232 (Check SELINUX presence) 2020-05-20 13:40:15 Test: checking if we have sestatus binary 2020-05-20 13:40:15 Result: found sestatus binary (/usr/sbin/sestatus) 2020-05-20 13:40:15 ==== 2020-05-20 13:40:15 Performing test ID MACF-6234 (Check SELINUX status) 2020-05-20 13:40:15 Result: SELinux framework is enabled 2020-05-20 13:40:15 Result: current SELinux mode is permissive 2020-05-20 13:40:15 Result: mode configured in config file is permissive 2020-05-20 13:40:15 Result: Current SELinux mode is the same as in config file. 2020-05-20 13:40:20 Permissive SELinux object types: ceph_t 2020-05-20 13:40:21 Unconfined processes: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 554914 sshd: cloudadmin@pts/0 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 554915 -bash unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 557066 sshd: cloudadmin@pts/1 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 557067 -bash unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 557108 /usr/libexec/openssh/sftp-server unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 557147 bash -c cd lynis && sudo ./lynis audit system --quick unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 557160 sudo ./lynis audit system --quick unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 557163 /bin/sh ./lynis audit system --quick unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 610443 /bin/sh ./lynis audit system --quick unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 610444 /usr/bin/ps -eo label,pid,command unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 610445 /usr/bin/grep [u]nconfined_t unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 610446 /usr/bin/tr \n 2020-05-20 13:40:21 Processes with initrc_t type: system_u:system_r:initrc_t:s0 2911 /usr/bin/etcd --name=controller-1 --data-dir=/var/lib/etcd/default.etcd --listen-client-urls=http://172.29.16.201:2379 system_u:system_r:initrc_t:s0 4737 inet_gethost 4 system_u:system_r:initrc_t:s0 4738 inet_gethost 4 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID MACF-6240 (Check TOMOYO Linux presence) 2020-05-20 13:40:21 Test: checking if we have tomoyo-init binary 2020-05-20 13:40:21 Result: tomoyo-init binary not found 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test MACF-6242 (Check TOMOYO Linux status) 2020-05-20 13:40:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID RBAC-6272 (Check grsecurity presence) 2020-05-20 13:40:21 Result: no grsecurity found in kernel config 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID MACF-6290 (Check for implemented MAC framework) 2020-05-20 13:40:21 Hardening: assigned maximum number of hardening points for this item (3). Currently having 263 points (out of 336) 2020-05-20 13:40:21 Result: found implemented MAC framework 2020-05-20 13:40:21 Security check: file is normal 2020-05-20 13:40:21 Checking permissions of /home/cloudadmin/lynis/include/tests_file_integrity 2020-05-20 13:40:21 File permissions are OK 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Action: Performing tests from category: Software: file integrity 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID FINT-4310 (AFICK availability) 2020-05-20 13:40:21 Test: Checking AFICK binary 2020-05-20 13:40:21 Result: AFICK is not installed 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID FINT-4314 (AIDE availability) 2020-05-20 13:40:21 Test: Checking AIDE binary 2020-05-20 13:40:21 Result: AIDE is not installed 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test FINT-4315 (Check AIDE configuration file) 2020-05-20 13:40:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test FINT-4316 (Presence of AIDE database and size check) 2020-05-20 13:40:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID FINT-4318 (Osiris availability) 2020-05-20 13:40:21 Test: Checking Osiris binary 2020-05-20 13:40:21 Result: Osiris is not installed 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID FINT-4322 (Samhain availability) 2020-05-20 13:40:21 Test: Checking Samhain binary 2020-05-20 13:40:21 Result: Samhain is not installed 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID FINT-4326 (Tripwire availability) 2020-05-20 13:40:21 Test: Checking Tripwire binary 2020-05-20 13:40:21 Result: Tripwire is not installed 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID FINT-4328 (OSSEC syscheck daemon running) 2020-05-20 13:40:21 Test: Checking if OSSEC syscheck daemon is running 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'ossec-syscheckd' not found 2020-05-20 13:40:21 Result: syscheck (OSSEC) is not active 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID FINT-4330 (mtree availability) 2020-05-20 13:40:21 Test: Checking mtree binary 2020-05-20 13:40:21 Result: mtree is not installed 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test FINT-4334 (Check lfd daemon status) 2020-05-20 13:40:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test FINT-4336 (Check lfd configuration status) 2020-05-20 13:40:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID FINT-4338 (osqueryd syscheck daemon running) 2020-05-20 13:40:21 Test: Checking if osqueryd syscheck daemon is running 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'osqueryd' not found 2020-05-20 13:40:21 Result: syscheck (osquery) not installed 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test FINT-4339 (Check IMA/EVM status) 2020-05-20 13:40:21 Reason to skip: No evmctl binary found 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test FINT-4340 (Check dm-integrity status) 2020-05-20 13:40:21 Reason to skip: No integritysetup binary found 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test FINT-4341 (Check dm-verity status) 2020-05-20 13:40:21 Reason to skip: No veritysetup binary found 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test FINT-4402 (AIDE configuration: Checksums (SHA256 or SHA512)) 2020-05-20 13:40:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID FINT-4350 (File integrity software installed) 2020-05-20 13:40:21 Test: Check if at least on file integrity tool is available/installed 2020-05-20 13:40:21 Result: No file integrity tools found 2020-05-20 13:40:21 Suggestion: Install a file integrity tool to monitor changes to critical and sensitive files [test:FINT-4350] [details:-] [solution:-] 2020-05-20 13:40:21 Hardening: assigned partial number of hardening points (0 of 5). Currently having 263 points (out of 341) 2020-05-20 13:40:21 Security check: file is normal 2020-05-20 13:40:21 Checking permissions of /home/cloudadmin/lynis/include/tests_tooling 2020-05-20 13:40:21 File permissions are OK 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Action: Performing tests from category: Software: System tooling 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID TOOL-5002 (Checking for automation tools) 2020-05-20 13:40:21 Test: checking if directory /root/.ansible exists 2020-05-20 13:40:21 Result: directory /root/.ansible exists 2020-05-20 13:40:21 Result: found a possible trace of Ansible 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'puppet master' not found 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID TOOL-5102 (Check for presence of Fail2ban) 2020-05-20 13:40:21 Result: Fail2ban not present (fail2ban-server not found) 2020-05-20 13:40:21 Checking Fail2ban configuration file 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Skipped test TOOL-5104 (Enabled tests in Fail2ban) 2020-05-20 13:40:21 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID TOOL-5120 (Check for presence of Snort) 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'snort' not found 2020-05-20 13:40:21 Result: Snort not present (Snort not running) 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID TOOL-5122 (Check Snort configuration file) 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID TOOL-5126 (Check for active OSSEC daemon) 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'ossec-analysisd' not found 2020-05-20 13:40:21 Result: OSSEC analysis daemon not active 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'ossec-agentd' not found 2020-05-20 13:40:21 Result: OSSEC agent daemon not active 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID TOOL-5190 (Check presence of IDS/IPS tool) 2020-05-20 13:40:21 Hardening: assigned partial number of hardening points (0 of 2). Currently having 263 points (out of 343) 2020-05-20 13:40:21 Security check: file is normal 2020-05-20 13:40:21 Checking permissions of /home/cloudadmin/lynis/include/tests_malware 2020-05-20 13:40:21 File permissions are OK 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Action: Performing tests from category: Software: Malware 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID MALW-3275 (Check for chkrootkit) 2020-05-20 13:40:21 Test: checking presence chkrootkit 2020-05-20 13:40:21 Result: chkrootkit not found 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID MALW-3276 (Check for Rootkit Hunter) 2020-05-20 13:40:21 Test: checking presence Rootkit Hunter 2020-05-20 13:40:21 Result: Rootkit Hunter not found 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID MALW-3278 (Check for LMD) 2020-05-20 13:40:21 Test: checking presence LMD 2020-05-20 13:40:21 Result: LMD not found 2020-05-20 13:40:21 ==== 2020-05-20 13:40:21 Performing test ID MALW-3280 (Check if anti-virus tool is installed) 2020-05-20 13:40:21 Test: checking process esets_daemon 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'esets_daemon' not found 2020-05-20 13:40:21 Test: checking process epagd 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'epagd' not found 2020-05-20 13:40:21 Test: checking process com.avast.daemon 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'com.avast.daemon' not found 2020-05-20 13:40:21 Test: checking process Avira daemon 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'avqmd' not found 2020-05-20 13:40:21 Test: checking process falcon-sensor (CrowdStrike) 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'falcon-sensor' not found 2020-05-20 13:40:21 Test: checking process CylanceSvc 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'CylanceSvc' not found 2020-05-20 13:40:21 Test: checking process wdserver or klnagent (Kaspersky) 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'klnagent' not found 2020-05-20 13:40:21 Test: checking process cma or cmdagent (McAfee) 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'cmdagent' not found 2020-05-20 13:40:21 Test: checking process savscand 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'savscand' not found 2020-05-20 13:40:21 Test: checking process SophosScanD 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'SophosScanD' not found 2020-05-20 13:40:21 Test: checking process rtvscand 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'rtvscand' not found 2020-05-20 13:40:21 Test: checking process Symantec management client service 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'smcd' not found 2020-05-20 13:40:21 Test: checking process Symantec Endpoint Protection configuration service 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:21 IsRunning: process 'symcfgd' not found 2020-05-20 13:40:21 Test: checking process TmccMac to test for Trend Micro anti-virus (macOS) 2020-05-20 13:40:21 Performing pgrep scan without uid 2020-05-20 13:40:22 IsRunning: process 'TmccMac' not found 2020-05-20 13:40:22 Result: no commercial anti-virus tools found 2020-05-20 13:40:22 Hardening: assigned partial number of hardening points (0 of 3). Currently having 263 points (out of 346) 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Performing test ID MALW-3282 (Check for clamscan) 2020-05-20 13:40:22 Test: checking presence clamscan 2020-05-20 13:40:22 Result: clamscan couldn't be found 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Performing test ID MALW-3284 (Check for clamd) 2020-05-20 13:40:22 Test: checking running ClamAV daemon (clamd) 2020-05-20 13:40:22 Performing pgrep scan without uid 2020-05-20 13:40:22 IsRunning: process 'clamd' not found 2020-05-20 13:40:22 Result: clamd not running 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Skipped test MALW-3286 (Check for freshclam) 2020-05-20 13:40:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Skipped test MALW-3288 (Check for ClamXav) 2020-05-20 13:40:22 Reason to skip: Prerequisites not met (ie missing tool, other type of Linux distribution) 2020-05-20 13:40:22 Security check: file is normal 2020-05-20 13:40:22 Checking permissions of /home/cloudadmin/lynis/include/tests_file_permissions 2020-05-20 13:40:22 File permissions are OK 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Action: Performing tests from category: File Permissions 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Performing test ID FILE-7524 (Perform file permissions check) 2020-05-20 13:40:22 Test: Checking file permissions 2020-05-20 13:40:22 Using profile /home/cloudadmin/lynis/default.prf for baseline. 2020-05-20 13:40:22 Test: checking file/directory /boot/grub/grub.cfg 2020-05-20 13:40:22 Skipping file/directory /boot/grub/grub.cfg as it does not exist on this system 2020-05-20 13:40:22 Test: checking file/directory /boot/grub2/grub.cfg 2020-05-20 13:40:22 Test: checking if file /boot/grub2/grub.cfg has the permissions set to 600 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (600) 2020-05-20 13:40:22 Test: checking file/directory /boot/grub2/user.cfg 2020-05-20 13:40:22 Skipping file/directory /boot/grub2/user.cfg as it does not exist on this system 2020-05-20 13:40:22 Test: checking file/directory /etc/at.allow 2020-05-20 13:40:22 Skipping file/directory /etc/at.allow as it does not exist on this system 2020-05-20 13:40:22 Test: checking file/directory /etc/at.deny 2020-05-20 13:40:22 Skipping file/directory /etc/at.deny as it does not exist on this system 2020-05-20 13:40:22 Test: checking file/directory /etc/cron.allow 2020-05-20 13:40:22 Test: checking if file /etc/cron.allow has the permissions set to 600 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (600) 2020-05-20 13:40:22 Test: checking file/directory /etc/cron.deny 2020-05-20 13:40:22 Test: checking if file /etc/cron.deny has the permissions set to 600 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (600) 2020-05-20 13:40:22 Test: checking file/directory /etc/crontab 2020-05-20 13:40:22 Test: checking if file /etc/crontab has the permissions set to 600 or more restrictive 2020-05-20 13:40:22 Outcome: permissions of file /etc/crontab are not matching expected value (644 != rw-------) 2020-05-20 13:40:22 Test: checking file/directory /etc/group 2020-05-20 13:40:22 Test: checking if file /etc/group has the permissions set to 644 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (644) 2020-05-20 13:40:22 Test: checking file/directory /etc/group- 2020-05-20 13:40:22 Test: checking if file /etc/group- has the permissions set to 644 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (644) 2020-05-20 13:40:22 Test: checking file/directory /etc/hosts.allow 2020-05-20 13:40:22 Test: checking if file /etc/hosts.allow has the permissions set to 644 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (644) 2020-05-20 13:40:22 Test: checking file/directory /etc/hosts.deny 2020-05-20 13:40:22 Test: checking if file /etc/hosts.deny has the permissions set to 644 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (644) 2020-05-20 13:40:22 Test: checking file/directory /etc/issue 2020-05-20 13:40:22 Test: checking if file /etc/issue has the permissions set to 644 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (644) 2020-05-20 13:40:22 Test: checking file/directory /etc/issue.net 2020-05-20 13:40:22 Test: checking if file /etc/issue.net has the permissions set to 644 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (644) 2020-05-20 13:40:22 Test: checking file/directory /etc/lilo.conf 2020-05-20 13:40:22 Skipping file/directory /etc/lilo.conf as it does not exist on this system 2020-05-20 13:40:22 Test: checking file/directory /etc/motd 2020-05-20 13:40:22 Test: checking if file /etc/motd has the permissions set to 644 or more restrictive 2020-05-20 13:40:22 Outcome: permissions of file /etc/motd are not matching expected value (1204 != rw-r--r--) 2020-05-20 13:40:22 Test: checking file/directory /etc/passwd 2020-05-20 13:40:22 Test: checking if file /etc/passwd has the permissions set to 644 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (644) 2020-05-20 13:40:22 Test: checking file/directory /etc/passwd- 2020-05-20 13:40:22 Test: checking if file /etc/passwd- has the permissions set to 644 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (644) 2020-05-20 13:40:22 Test: checking file/directory /etc/ssh/sshd_config 2020-05-20 13:40:22 Test: checking if file /etc/ssh/sshd_config has the permissions set to 600 or more restrictive 2020-05-20 13:40:22 Outcome: correct permissions (600) 2020-05-20 13:40:22 Test: checking file/directory /root/.ssh 2020-05-20 13:40:22 Skipping file/directory /root/.ssh as it does not exist on this system 2020-05-20 13:40:22 Test: checking file/directory /etc/cron.d 2020-05-20 13:40:22 Test: checking if file /etc/cron.d has the permissions set to 700 or more restrictive 2020-05-20 13:40:22 Outcome: permissions of file /etc/cron.d are not matching expected value (755 != rwx------) 2020-05-20 13:40:22 Test: checking file/directory /etc/cron.daily 2020-05-20 13:40:22 Test: checking if file /etc/cron.daily has the permissions set to 700 or more restrictive 2020-05-20 13:40:22 Outcome: permissions of file /etc/cron.daily are not matching expected value (755 != rwx------) 2020-05-20 13:40:22 Test: checking file/directory /etc/cron.hourly 2020-05-20 13:40:22 Test: checking if file /etc/cron.hourly has the permissions set to 700 or more restrictive 2020-05-20 13:40:22 Outcome: permissions of file /etc/cron.hourly are not matching expected value (755 != rwx------) 2020-05-20 13:40:22 Test: checking file/directory /etc/cron.weekly 2020-05-20 13:40:22 Test: checking if file /etc/cron.weekly has the permissions set to 700 or more restrictive 2020-05-20 13:40:22 Outcome: permissions of file /etc/cron.weekly are not matching expected value (755 != rwx------) 2020-05-20 13:40:22 Test: checking file/directory /etc/cron.monthly 2020-05-20 13:40:22 Test: checking if file /etc/cron.monthly has the permissions set to 700 or more restrictive 2020-05-20 13:40:22 Outcome: permissions of file /etc/cron.monthly are not matching expected value (755 != rwx------) 2020-05-20 13:40:22 Suggestion: Consider restricting file permissions [test:FILE-7524] [details:See screen output or log file] [solution:text:Use chmod to change file permissions] 2020-05-20 13:40:22 Security check: file is normal 2020-05-20 13:40:22 Checking permissions of /home/cloudadmin/lynis/include/tests_homedirs 2020-05-20 13:40:22 File permissions are OK 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Action: Performing tests from category: Home directories 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Performing test ID HOME-9302 (Create list with home directories) 2020-05-20 13:40:22 Test: query /etc/passwd to obtain home directories 2020-05-20 13:40:22 Result: found home directory: / (directory exists) 2020-05-20 13:40:22 Result: found home directory: /dev/null (directory does not exist) 2020-05-20 13:40:22 Result: found home directory: /etc/ntp (directory exists) 2020-05-20 13:40:22 Result: found home directory: /etc/unbound (directory exists) 2020-05-20 13:40:22 Result: found home directory: /home/access-manager (directory does not exist) 2020-05-20 13:40:22 Result: found home directory: /home/cloudadmin (directory exists) 2020-05-20 13:40:22 Result: found home directory: /home/elasticsearch (directory exists) 2020-05-20 13:40:22 Result: found home directory: /home/flannel (directory exists) 2020-05-20 13:40:22 Result: found home directory: /home/restapi (directory does not exist) 2020-05-20 13:40:22 Result: found home directory: /root (directory exists) 2020-05-20 13:40:22 Result: found home directory: /run/gluster (directory does not exist) 2020-05-20 13:40:22 Result: found home directory: /run/memcached (directory does not exist) 2020-05-20 13:40:22 Result: found home directory: /run/saslauthd (directory does not exist) 2020-05-20 13:40:22 Result: found home directory: /run/uwsgi (directory exists) 2020-05-20 13:40:22 Result: found home directory: /usr/share/httpd (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/adm (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/empty/sshd (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/ceph (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/chrony (directory does not exist) 2020-05-20 13:40:22 Result: found home directory: /var/lib/docker (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/etcd (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/haproxy (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/ironic (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/ironic-inspector (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/keystone (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/kubedns (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/mysql (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/nginx (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/rabbitmq (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/redis (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/rpcbind (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/lib/swift (directory exists) 2020-05-20 13:40:22 Result: found home directory: /var/spool/postfix (directory exists) 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Performing test ID HOME-9304 (Check if users' home directories permissions are 750 or more restrictive) 2020-05-20 13:40:22 Test: checking directory '/var/lib/ironic' for user 'ironic' 2020-05-20 13:40:22 Result: permissions of home directory /var/lib/ironic of user ironic are not strict enough. Should be 750 or more restrictive. Change with: chmod 750 /var/lib/ironic 2020-05-20 13:40:22 Test: checking directory '/var/lib/keystone' for user 'keystone' 2020-05-20 13:40:22 Result: permissions of home directory /var/lib/keystone of user keystone are not strict enough. Should be 750 or more restrictive. Change with: chmod 750 /var/lib/keystone 2020-05-20 13:40:22 Test: checking directory '/home/access-manager' for user 'access-manager' 2020-05-20 13:40:22 Test: checking directory '/home/cloudadmin' for user 'cloudadmin' 2020-05-20 13:40:22 Result: permissions of home directory /home/cloudadmin of user cloudadmin are fine 2020-05-20 13:40:22 Test: checking directory '' for user 'nobody' 2020-05-20 13:40:22 Test: checking directory '' for user 'bin' 2020-05-20 13:40:22 Suggestion: Double check the permissions of home directories as some might be not strict enough. [test:HOME-9304] [details:-] [solution:-] 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Performing test ID HOME-9306 (Check if users own their home directories) 2020-05-20 13:40:22 Test: checking directory '/var/lib/ironic' for user 'ironic' 2020-05-20 13:40:22 Result: ownership of home directory /var/lib/ironic for user ironic looks to be correct 2020-05-20 13:40:22 Test: checking directory '/var/lib/keystone' for user 'keystone' 2020-05-20 13:40:22 Result: ownership of home directory /var/lib/keystone for user keystone looks to be correct 2020-05-20 13:40:22 Test: checking directory '/home/access-manager' for user 'access-manager' 2020-05-20 13:40:22 Test: checking directory '/home/cloudadmin' for user 'cloudadmin' 2020-05-20 13:40:22 Result: ownership of home directory /home/cloudadmin for user cloudadmin looks to be correct 2020-05-20 13:40:22 Test: checking directory '' for user 'nobody' 2020-05-20 13:40:22 Test: checking directory '' for user 'bin' 2020-05-20 13:40:22 Result: OK, all users own their home directories 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Performing test ID HOME-9310 (Checking for suspicious shell history files) 2020-05-20 13:40:22 Result: Ok, history files are type 'file'. 2020-05-20 13:40:22 Remark: History files are normally of the type 'file'. Symbolic links and other types are suspicious. 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Performing test ID HOME-9350 (Collecting information from home directories) 2020-05-20 13:40:22 Result: IGNORE_HOME_DIRS empty, no paths excluded 2020-05-20 13:40:22 Security check: file is normal 2020-05-20 13:40:22 Checking permissions of /home/cloudadmin/lynis/include/tests_kernel_hardening 2020-05-20 13:40:22 File permissions are OK 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Action: Performing tests from category: Kernel Hardening 2020-05-20 13:40:22 ==== 2020-05-20 13:40:22 Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) 2020-05-20 13:40:22 Result: sysctl key fs.protected_hardlinks contains equal expected and current value (1) 2020-05-20 13:40:22 Hardening: assigned maximum number of hardening points for this item (1). Currently having 264 points (out of 347) 2020-05-20 13:40:22 Result: sysctl key fs.protected_symlinks contains equal expected and current value (1) 2020-05-20 13:40:22 Hardening: assigned maximum number of hardening points for this item (1). Currently having 265 points (out of 348) 2020-05-20 13:40:22 Result: sysctl key fs.suid_dumpable contains equal expected and current value (0) 2020-05-20 13:40:22 Hardening: assigned maximum number of hardening points for this item (1). Currently having 266 points (out of 349) 2020-05-20 13:40:22 Result: key hw.kbd.keymap_restrict_change does not exist on this machine 2020-05-20 13:40:22 Result: key kern.sugid_coredump does not exist on this machine 2020-05-20 13:40:22 Result: key kernel.core_setuid_ok does not exist on this machine 2020-05-20 13:40:22 Result: sysctl key kernel.core_uses_pid contains equal expected and current value (1) 2020-05-20 13:40:22 Hardening: assigned maximum number of hardening points for this item (1). Currently having 267 points (out of 350) 2020-05-20 13:40:22 Result: sysctl key kernel.ctrl-alt-del contains equal expected and current value (0) 2020-05-20 13:40:22 Hardening: assigned maximum number of hardening points for this item (1). Currently having 268 points (out of 351) 2020-05-20 13:40:22 Result: sysctl key kernel.dmesg_restrict contains equal expected and current value (1) 2020-05-20 13:40:22 Hardening: assigned maximum number of hardening points for this item (1). Currently having 269 points (out of 352) 2020-05-20 13:40:22 Result: key kernel.exec-shield-randomize does not exist on this machine 2020-05-20 13:40:22 Result: key kernel.exec-shield does not exist on this machine 2020-05-20 13:40:23 Result: sysctl key kernel.kptr_restrict has a different value than expected in scan profile. Expected=2, Real=0 2020-05-20 13:40:23 Hardening: assigned partial number of hardening points (0 of 1). Currently having 269 points (out of 353) 2020-05-20 13:40:23 Result: key kernel.maps_protect does not exist on this machine 2020-05-20 13:40:23 Result: sysctl key kernel.randomize_va_space contains equal expected and current value (2) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 270 points (out of 354) 2020-05-20 13:40:23 Result: key kernel.suid_dumpable does not exist on this machine 2020-05-20 13:40:23 Result: sysctl key kernel.sysrq has a different value than expected in scan profile. Expected=0, Real=16 2020-05-20 13:40:23 Hardening: assigned partial number of hardening points (0 of 1). Currently having 270 points (out of 355) 2020-05-20 13:40:23 Result: key kernel.use-nx does not exist on this machine 2020-05-20 13:40:23 Result: sysctl key kernel.yama.ptrace_scope has a different value than expected in scan profile. Expected=1 2 3, Real=0 2020-05-20 13:40:23 Hardening: assigned partial number of hardening points (0 of 1). Currently having 270 points (out of 356) 2020-05-20 13:40:23 Result: key net.inet.icmp.bmcastecho does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.icmp.drop_redirect does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.icmp.rediraccept does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.icmp.timestamp does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.ip.accept_sourceroute does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.ip.check_interface does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.ip.forwarding does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.ip.linklocal.in.allowbadttl does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.ip.process_options does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.ip.random_id does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.ip.redirect does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.ip.sourceroute does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.ip6.redirect does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.tcp.always_keepalive does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.tcp.blackhole does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.tcp.drop_synfin does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.tcp.icmp_may_rst does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.tcp.nolocaltimewait does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.tcp.path_mtu_discovery does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet.udp.blackhole does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet6.icmp6.rediraccept does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet6.ip6.forwarding does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet6.ip6.fw.enable does not exist on this machine 2020-05-20 13:40:23 Result: key net.inet6.ip6.redirect does not exist on this machine 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.all.accept_redirects contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 271 points (out of 357) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.all.accept_source_route contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 272 points (out of 358) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.all.bootp_relay contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 273 points (out of 359) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.all.forwarding has a different value than expected in scan profile. Expected=0, Real=1 2020-05-20 13:40:23 Hardening: assigned partial number of hardening points (0 of 1). Currently having 273 points (out of 360) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.all.log_martians contains equal expected and current value (1) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 274 points (out of 361) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.all.mc_forwarding contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 275 points (out of 362) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.all.proxy_arp contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 276 points (out of 363) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.all.rp_filter contains equal expected and current value (1) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 277 points (out of 364) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.all.send_redirects contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 278 points (out of 365) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.default.accept_redirects contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 279 points (out of 366) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 280 points (out of 367) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.conf.default.log_martians contains equal expected and current value (1) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 281 points (out of 368) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.icmp_echo_ignore_broadcasts contains equal expected and current value (1) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 282 points (out of 369) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.icmp_ignore_bogus_error_responses contains equal expected and current value (1) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 283 points (out of 370) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.tcp_syncookies contains equal expected and current value (1) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 284 points (out of 371) 2020-05-20 13:40:23 Result: sysctl key net.ipv4.tcp_timestamps contains equal expected and current value (0 1) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 285 points (out of 372) 2020-05-20 13:40:23 Result: sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1 2020-05-20 13:40:23 Hardening: assigned partial number of hardening points (0 of 1). Currently having 285 points (out of 373) 2020-05-20 13:40:23 Result: sysctl key net.ipv6.conf.all.accept_source_route contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 286 points (out of 374) 2020-05-20 13:40:23 Result: key net.ipv6.conf.all.send_redirects does not exist on this machine 2020-05-20 13:40:23 Result: sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1 2020-05-20 13:40:23 Hardening: assigned partial number of hardening points (0 of 1). Currently having 286 points (out of 375) 2020-05-20 13:40:23 Result: sysctl key net.ipv6.conf.default.accept_source_route contains equal expected and current value (0) 2020-05-20 13:40:23 Hardening: assigned maximum number of hardening points for this item (1). Currently having 287 points (out of 376) 2020-05-20 13:40:23 Result: key security.bsd.hardlink_check_gid does not exist on this machine 2020-05-20 13:40:23 Result: key security.bsd.hardlink_check_uid does not exist on this machine 2020-05-20 13:40:23 Result: key security.bsd.see_other_gids does not exist on this machine 2020-05-20 13:40:23 Result: key security.bsd.see_other_uids does not exist on this machine 2020-05-20 13:40:23 Result: key security.bsd.stack_guard_page does not exist on this machine 2020-05-20 13:40:23 Result: key security.bsd.unprivileged_proc_debug does not exist on this machine 2020-05-20 13:40:23 Result: key security.bsd.unprivileged_read_msgbuf does not exist on this machine 2020-05-20 13:40:23 Result: found 6 keys that can use tuning, according scan profile 2020-05-20 13:40:23 Suggestion: One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000] [details:] [solution:Change sysctl value or disable test (skip-test=KRNL-6000:)] 2020-05-20 13:40:23 Security check: file is normal 2020-05-20 13:40:23 Checking permissions of /home/cloudadmin/lynis/include/tests_hardening 2020-05-20 13:40:23 File permissions are OK 2020-05-20 13:40:23 ==== 2020-05-20 13:40:23 Action: Performing tests from category: Hardening 2020-05-20 13:40:23 ==== 2020-05-20 13:40:23 Performing test ID HRDN-7220 (Check if one or more compilers are installed) 2020-05-20 13:40:23 Test: Check if one or more compilers can be found on the system 2020-05-20 13:40:23 Result: found installed compiler. See top of logfile which compilers have been found or use /usr/bin/grep to filter on 'compiler' 2020-05-20 13:40:23 Hardening: assigned partial number of hardening points (1 of 3). Currently having 288 points (out of 379) 2020-05-20 13:40:23 ==== 2020-05-20 13:40:23 Performing test ID HRDN-7222 (Check compiler permissions) 2020-05-20 13:40:23 Test: Check if one or more compilers can be found on the system 2020-05-20 13:40:23 Test: Check file permissions for /usr/bin/as 2020-05-20 13:40:23 Action: checking symlink for file /usr/bin/as 2020-05-20 13:40:23 Result: file /usr/bin/as is not a symlink 2020-05-20 13:40:23 Binary: found /usr/bin/as (world executable) 2020-05-20 13:40:23 Hardening: assigned partial number of hardening points (2 of 3). Currently having 290 points (out of 382) 2020-05-20 13:40:23 Result: at least one compiler could be better hardened by restricting executable access to root or group only 2020-05-20 13:40:23 Suggestion: Harden compilers like restricting access to root user only [test:HRDN-7222] [details:-] [solution:-] 2020-05-20 13:40:23 ==== 2020-05-20 13:40:23 Performing test ID HRDN-7230 (Check for malware scanner) 2020-05-20 13:40:23 Test: Check if a malware scanner is installed 2020-05-20 13:40:23 Result: no malware scanner found 2020-05-20 13:40:23 Suggestion: Harden the system by installing at least one malware scanner, to perform periodic file system scans [test:HRDN-7230] [details:-] [solution:Install a tool like rkhunter, chkrootkit, OSSEC] 2020-05-20 13:40:23 Hardening: assigned partial number of hardening points (1 of 3). Currently having 291 points (out of 385) 2020-05-20 13:40:23 Result: no malware scanner found 2020-05-20 13:40:23 ==== 2020-05-20 13:40:23 Action: Performing tests from category: Custom tests 2020-05-20 13:40:23 Test: Checking for tests_custom file 2020-05-20 13:40:23 ==== 2020-05-20 13:40:23 Action: Performing plugin tests 2020-05-20 13:40:23 Result: Found 2 plugins of which 2 are enabled 2020-05-20 13:40:23 Result: Plugins phase 2 finished 2020-05-20 13:40:23 Checking permissions of /home/cloudadmin/lynis/include/report 2020-05-20 13:40:23 File permissions are OK 2020-05-20 13:40:23 Hardening index : [75] [############### ] 2020-05-20 13:40:23 Hardening strength: System has been hardened, but could use additional hardening 2020-05-20 13:40:23 ==== 2020-05-20 13:40:24 Checking permissions of /home/cloudadmin/lynis/include/tool_tips 2020-05-20 13:40:24 File permissions are OK 2020-05-20 13:40:24 Tool tips: enabled 2020-05-20 13:40:24 ================================================================================ 2020-05-20 13:40:24 Tests performed: 287 2020-05-20 13:40:24 Total tests: 449 2020-05-20 13:40:24 Active plugins: 2 2020-05-20 13:40:24 Total plugins: 2 2020-05-20 13:40:24 ================================================================================ 2020-05-20 13:40:24 Lynis 3.0.0 2020-05-20 13:40:24 2007-2020, CISOfy - https://cisofy.com/lynis/ 2020-05-20 13:40:24 Enterprise support available (compliance, plugins, interface and tools) 2020-05-20 13:40:24 Program ended successfully 2020-05-20 13:40:24 ================================================================================ 2020-05-20 13:40:24 PID file removed (/var/run/lynis.pid) 2020-05-20 13:40:24 Temporary files: /tmp/lynis.a3J6CiTck4 /tmp/lynis.jAZYTPISCP /tmp/lynis.snj26Zf3u0 /tmp/lynis.SO7W97DXqG /tmp/lynis.Ns3GtPMvEc /tmp/lynis.sAuyNpIx9M /tmp/lynis.Jc1jGFyDKz /tmp/lynis.GFL9HW0W2N /tmp/lynis.zRbLq8Vq1r /tmp/lynis.arvlxjs0pC /tmp/lynis.GtxmnodNJX 2020-05-20 13:40:24 Action: removing temporary file /tmp/lynis.a3J6CiTck4 2020-05-20 13:40:24 Info: temporary file /tmp/lynis.jAZYTPISCP was already removed 2020-05-20 13:40:24 Info: temporary file /tmp/lynis.snj26Zf3u0 was already removed 2020-05-20 13:40:24 Info: temporary file /tmp/lynis.SO7W97DXqG was already removed 2020-05-20 13:40:24 Action: removing temporary file /tmp/lynis.Ns3GtPMvEc 2020-05-20 13:40:24 Action: removing temporary file /tmp/lynis.sAuyNpIx9M 2020-05-20 13:40:24 Action: removing temporary file /tmp/lynis.Jc1jGFyDKz 2020-05-20 13:40:24 Action: removing temporary file /tmp/lynis.GFL9HW0W2N 2020-05-20 13:40:24 Action: removing temporary file /tmp/lynis.zRbLq8Vq1r 2020-05-20 13:40:24 Action: removing temporary file /tmp/lynis.arvlxjs0pC 2020-05-20 13:40:24 Action: removing temporary file /tmp/lynis.GtxmnodNJX 2020-05-20 13:40:24 Lynis ended successfully.