Versions Compared

Old Version 35

changes.mady.by.user Colin Peters

Saved on

compared with

New Version 36

changes.mady.by.user Colin Peters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following list of tests MUST complete as passing
No.TestResultFix
1Test: Checking PASS_MAX_DAYS option in /etc/login.defs

Result: password minimum age is not configured

Suggestion: Configure minimum password age in /etc/login.defs [test:AUTH-9286]


2Performing test ID AUTH-9328 (Default umask values)

Result: found umask 022, which could be improved

Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328]

Set UMASK 027 in /etc/login.defs
3Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups)

Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine.

Hardening: assigned partial number of hardening points (0 of 1).


4Test: checking for file /etc/network/if-up.d/ntpdate

Test: checking for file /etc/network/if-up.d/ntpdate

Result: file /etc/network/if-up.d/ntpdate does not exist

...

Hardening: assigned maximum number of hardening points for this item (3).

OK
5Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) :  Following sub-tests requiredN/AN/A
5asysctl key fs.suid_dumpable contains equal expected and current value (0)Result: sysctl key fs.suid_dumpable has a different value than expected in scan profile. Expected=0, Real=2
5bsysctl key kernel.dmesg_restrict contains equal expected and current value (1)Result: sysctl key kernel.dmesg_restrict has a different value than expected in scan profile. Expected=1, Real=0
5csysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0)

Result: key net.inet.ip.sourceroute does not exist on this machine

...

Hardening: assigned maximum number of hardening points for this item (1)

OK
6Test: Check if one or more compilers can be found on the system

Result: found installed compiler. See top of logfile which compilers have been found or use /usr/bin/grep to filter on 'compiler'

Hardening: assigned partial number of hardening points (1 of 3).


 

Kube-Hunter

There are 5 Vulnerabilities.

...