...
Vuls results (manual) Nexus URL: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt/r7/sdt-vuls/12/
Lynis results (manual) Nexus URL: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt/r7/sdt-lynis/2/
Kube-Hunter results Nexus URL: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt/r7/sdt-bluval/1/
Vuls
Nexus URL: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt/r7/sdt-vuls/12/
There are 6 4 CVEs with a CVSS score >= 9.0. These are exceptions requested here:
...
| CVE-ID | CVSS | NVD | Fix/Notes | ||||||
| CVE-2022-3643 | 10.0 | https://nvd.nist.gov/vuln/detail/CVE-2022-3643 | Fix not yet available | ||||||
| CVE-2016-1585 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-1585 | No fix available | ||||||
| CVE-2022-0318 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0318 | Fix not yet available | ||||||
| CVE-2022- | 322219.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32221 | TODO: Appears fixed | CVE-2022-3649 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3649 | Fix not yet available | CVE-2022-40674 | 9.8 |
Lynis
Nexus URL (manual run, with fixes): https://
...
...
...
...
TODO: Appears fixed
Lynis
Nexus URL (manual run, with fixes): https://nexus.akraino.org/content/content/sites/logs/fujitsu/job/sdt/r7/sdt-lynis/23/
The results compare with the Lynis Incubation: PASS/FAIL Criteria, v1.0 as follows.
...
| No. | Test | Result | Notes |
|---|---|---|---|
| 1 | Test: Checking PASS_MAX_DAYS option in /etc/login.defs | 2022-1012-11 1116 18:4845:22 05 Test: Checking PASS_MAX_DAYS option in /etc/login.defs | Required configuration |
| 2 | Performing test ID AUTH-9328 (Default umask values) | 2022-1012-11 1116 18:4845:22 05 Performing test ID AUTH-9328 (Default umask values) 2022-12-16 18:45:05 Test: Checking /etc/login.defs | Required configuration |
| 3 | Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups) | 2022-1012-11 1116 18:5145:21 14 Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups) | Required configuration |
| 4 | Test: checking for file /etc/network/if-up.d/ntpdate | 2022-1012-11 1116 18:5145:25 16 Test: checking for file /etc/network/if-up.d/ntpdate 2022-1012-11 1116 18:5145:25 16 Result: file /etc/network/if-up.d/ntpdate does not exist 2022-1012-11 1116 18:5145:25 16 Result: Found a time syncing daemon/client. 2022-1012-11 1116 18:5145:25 16 Hardening: assigned maximum number of hardening points for this item (3). Currently having 173 points (out of 249246) | |
| 5 | Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) : Following sub-tests required | N/A | |
| 5a | sysctl key fs.suid_dumpable contains equal expected and current value (0) | 2022-1012-11 1116 18:5145:37 27 Result: sysctl key fs.suid_dumpable contains equal expected and current value (0) | Required configuration |
| 5b | sysctl key kernel.dmesg_restrict contains equal expected and current value (1) | 2022-1012-11 1116 18:5145:37 27 Result: sysctl key kernel.dmesg_restrict contains equal expected and current value (1) | Required configuration |
| 5c | sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0) | 2022-1012-11 1116 18:5145:37 27 Result: sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0) | Required configuration |
| 6 | Test: Check if one or more compilers can be found on the system | 2022-0312-07 1516 18:5545:29 28 Performing test ID HRDN-7220 (Check if one or more compilers are installed) | Required removal of build-essential package and apt autoremove, and /bin/as |
...