...
No. | Project Name | PTL | Main Committer | Self-Certification Page | Documentation Sub-Committee | Logs (Vuls, Lynis, KubeHunter) | Security Sub-Committee | ||
---|---|---|---|---|---|---|---|---|---|
1 | Maturity Review performed over e-mail on May 5th, 2021. Link to the overview: 2021 year | https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/4/result/ | |||||||
2 | IEC Type 2 for Integrated Edge Cloud (IEC) Blueprint Family | ||||||||
3 | |||||||||
4 | IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family | jin peng | Maturity Review Certification of SmartNIC | Documentation Review Meeting notes | socnoc - Akraino - Akraino Confluence | ||||
5 | IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family | Maturity Review Certification of Android Cloud | Documentation Review Meeting notes |
https://nexus.akraino.org/content/sites/logs/ysemi/job/v1/validation_results_v5/
https://nexus.akraino.org/content/sites/logs/ysemi/job/v1/validation_results_v6/
|
Lynis: Performing test ID BOOT-5122 (Check for GRUB boot password): FAILED 05-17 10: 21: 58 Result: file is owned by our current user ID (0), checking if it is readable 05-17 10: 21: 58 Result: file /etc/grub.d/05_debian_theme is readable (or directory accessible). 05-17 10: 21: 58 Result: did not find hashed password line in this file 05-17 10: 21: 58 Result: Didn't find hashed password line in GRUB configuration 05-17 10: 21: 58 Suggestion: Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password) [test:BOOT-5122] [details:-] [solution:-] Test: Checking presence /var/run/reboot-required.pkgs: FAILED 05-17 10: 22: 02 Result: file /var/run/reboot-required.pkgs exists 05-17 10: 22: 02 Result: reboot is needed, related to 4 packages 05-17 10: 22: 02 Result: found /boot/vmlinuz 05-17 10: 22: 02 Result: found a symlink, retrieving destination 05-17 10: 22: 02 Result: destination file is vmlinuz-4.15.0- 177-generic 05-17 10: 22: 02 Result: version derived from file name is '4.15.0- 177-generic' 05-17 10: 22: 02 Result: found version 4.15.0- 177-generic 05-17 10: 22: 02 Result: active kernel version 4.15. 0-166-generic 05-17 10: 22: 02 Result: reboot needed, as there is a difference between active kernel and the one on disk 05-17 10: 22: 02 Result: /var/cache/apt/archives/ does not exist 05-17 10: 22: 02 Warning: Reboot of system is most likely needed [test:KRNL-5830] [details:] [solution:text:reboot] Performing test ID AUTH-9229 (Check password hashing methods): FAILED 05-17 10: 22: 02 Result: poor password hashing methods found: sha256crypt/sha512crypt(default<=5000rounds) 05-17 10: 22: 02 Suggestion: Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values [test:AUTH-9229] [details:-] [solution:-] Test: Checking SHA_CRYPT_MIN_ROUNDS option in /etc/login.defs: FAILED 05-17 10: 22: 02 Result: low number of maximum encryption algorithm rounds found: 5000 Performing test ID USB-2000 (Check USB authorizations): FAILED 05-17 10: 22: 2022-04-17 23:44:09 Result: number of maximum rounds used by the encryption algorithm is not configured 2022-04-17 23:44:09 Suggestion: Configure maximum encryption algorithm rounds in /etc/login.defs [test:AUTH-9230] [details:-] [solution:-]Test: Checking PASS_MAX_DAYS option in /etc/login.defs: FAILED 2022-04-17 23:44:10 Result: password aging limits are not configured 2022-04-17 23:44:10 Suggestion: Configure maximum password age in /etc/login.defs [test:AUTH-9286] [details:-] [solution:-] 04 Result: Some USB devices are authorized by default (or temporary) to connect to the system Performing test ID USB-3000 (Check for presence of USBGuard): FAILED Performing test ID SSH-7408 (Check SSH specific defined options): FAILED 2022-04-17 23:44:10 Result: found umask 022, which could be improved 2022-04-17 23:44:10 Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328] [details:- ] [solution:-] 2022-05-17 10:22:39 Result: Option MaxSessions found 05-17 10: 22: Performing test ID USB-3000 (Check for presence of USBGuard): FAILED Performing test ID PKGS-7370 (Checking for debsums utility): FAILED 2022-04-17 23:44:50 Result: Option AllowTcpForwarding found 2022-04-17 23:44:50 Result: Option AllowTcpForwarding 39 Result: Option MaxSessions value is 4 05-17 10: 22: 39 Result: OpenSSH option PermitRootLogin is in a weak configuration state and should be fixed 05-17 10: 22: 39 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details: PermitRootLogin (set YES to (FORCED-COMMANDS-ONLY|NO|PROHIBIT-PASSWORD|WITHOUT-PASSWORD))] [solution:-] 05-17 10: 22: 39 Result: Option Port found 05-17 10: 22: 39 Result: Option Port value is 22 05-17 10: 22: 39 Result: OpenSSH option Port is in a weak configuration state and should be fixed 05-17 10: 22: 39 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details: Port (set 22 to )] [solution:-] 05-17 10: 22: 40 Result: Option X11Forwarding found 05-17 10: 22: 40 Result: Option X11Forwarding value is YES 05-17 10: 22: 40 Result: OpenSSH option X11Forwarding is in a weak configuration state and should be fixed 05-17 10: 22: 40 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details: X11Forwarding (set YES to NO)] [solution:-] Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile): FAILED 05-17 10:23: 32 Result: key hw.kbd.keymap_restrict_change does not exist on this machine 05-17 10:23: 32 Result: key kern.sugid_coredump does not exist on this machine 05-17 10:23: 32 Result: key kernel.core_setuid_ok does not exist on this machine 05-17 10:23 2022-04-17 23:44:50 Result: Option MaxAuthTries found 2022-04-17 23:44:50 Result: Option MaxAuthTries value is 6 2022-04-17 23:44:50 Result: OpenSSH option MaxAuthTries is configured reasonably 2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxAuthTries (set 6 to 3)] [solution:-] 2022-04-17 23:44:50 Result: Option MaxSessions found 2022-04-17 23:44:50 Result: Option MaxSessions value is 10 2022-04-17 23:44:50 Result: OpenSSH option MaxSessions is in a weak configuration state and should be fixed 2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxSessions (set 10 to 2)] [solution:-] 2022-04-17 23:44:50 Result: Option PermitRootLogin found 2022-04-17 23:44:50 Result: Option PermitRootLogin value is YES 2022-04-17 23:44:50 Result: OpenSSH option PermitRootLogin is in a weak configuration state and should be fixed 2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:PermitRootLogin (set YES to (FORCED-COMMANDS-ONLY|NO|PROHIBIT-PASSWORD|WITHOUT-PASSWORD))] [solution:-] 2022-04-17 23:44:50 Result: Option Port found 2022-04-17 23:44:50 Result: Option Port value is 22 2022-04-17 23:44:50 Result: OpenSSH option Port is in a weak configuration state and should be fixed 2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:Port (set 22 to )] [solution:-] 2022-04-17 23:44:50 Result: Option TCPKeepAlive found 2022-04-17 23:44:50 Result: Option TCPKeepAlive value is YES 2022-04-17 23:44:50 Result: OpenSSH option TCPKeepAlive is in a weak configuration state and should be fixed 2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:TCPKeepAlive (set YES to NO)] [solution:-] 2022-04-17 23:44:50 Result: Option X11Forwarding found 2022-04-17 23:44:50 Result: Option X11Forwarding value is YES 2022-04-17 23:44:50 Result: OpenSSH option X11Forwarding is in a weak configuration state and should be fixed 2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:X11Forwarding (set YES to NO)] [solution:-] 2022-04-17 23:44:50 Result: Option AllowAgentForwarding found 2022-04-17 23:44:50 Result: Option AllowAgentForwarding value is YES 2022-04-17 23:44:50 Result: OpenSSH option AllowAgentForwarding is in a weak configuration state and should be fixed 2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:AllowAgentForwarding (set YES to NO)] [solution:-] Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile): FAILED 2022-04-17 23:45:42 Result: found installed compiler. See top of logfile which compilers have been found or use /bin/grep to filter on 'compiler' 2022-04-17 23:37:28 Found known binary: as (compiler) - /usr/bin/as 2022-04-17 23:37:28 Found known binary: cc (compiler) - /usr/bin/cc 2022-04-17 23:37:28 Found known binary: g++ (compiler) - /usr/bin/g++ 2022-04-17 23:37:28 Found known binary: gcc (compiler) - /usr/bin/gcc 2022-04-17 23:44:13 Found package: device-tree-compiler (version: 1.4.5-3) 2022-04-17 23:44:21 Found package: protobuf-compiler (version: 3.0.0-9.1ubuntu1) :32 Result: sysctl key kernel.core_uses_pid has a different value than expected in scan profile. Expected=1, Real=0 |
Approved by Process Sub-Commitee. | Tina Tsou | ||
6 | Smart Cities | https://nexus.akraino.org/content/sites/logs/myais/bluval/3/ | Lynis: Performing test ID AUTH-9228 (Check password file consistency with pwck): FAILED
|
...