Versions Compared

Old Version 32

changes.mady.by.user Colin Peters

Saved on

compared with

New Version Current

changes.mady.by.user Colin Peters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Nexus URL (manual run, with fixes): https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt/r7/sdt-lynis/23/

The results compare with the Lynis Incubation: PASS/FAIL Criteria, v1.0 as follows.

...

No.TestResultNotes
1

Test: Checking PASS_MAX_DAYS option in /etc/login.defs

2022-1012-11 1116 18:4845:22 05 Test: Checking PASS_MAX_DAYS option in /etc/login.defs
2022-1012-11 1116 18:4845:22 05 Result: max password age is 180 days
2022-1012-11 1116 18:4845:22 05 Hardening: assigned maximum number of hardening points for this item (3). Currently having 21 points (out of 35)

Required configuration
2

Performing test ID AUTH-9328 (Default umask values)

2022-1012-11 1116 18:4845:22 05 Performing test ID AUTH-9328 (Default umask values)
...

2022-1012-11 1116 18:4845:22 05 Test: Checking umask value in /etc/login.defs
2022-1012-11 1116 18:4845:22 Result: umask is 02705 Result: file /etc/login.defs exists
2022-12-16 18:45:05 Test: Checking umask value in /etc/login.defs
2022-12-16 18:45:05 Result: umask is 027, which is fine
2022-1012-11 1116 18:4845:22 05 Hardening: assigned maximum number of hardening points for this item (2). Currently having 35 points (out of 49)

Required configuration
3

Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups)

2022-1012-11 1116 18:5145:21 14 Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups)
2022-1012-11 1116 18:5145:21 14 Result: AllowUsers set, with value sdt-admin
2022-1012-11 1116 18:5145:21 14 Result: AllowGroups is not set
2022-1012-11 1116 18:5145:21 14 Result: SSH is limited to a specific set of users, which is good
2022-1012-11 1116 18:5145:21 14 Hardening: assigned maximum number of hardening points for this item (2). Currently having 164 points (out of 234231)

Required configuration
4

Test: checking for file /etc/network/if-up.d/ntpdate

2022-1012-11 1116 18:5145:25 16 Test: checking for file /etc/network/if-up.d/ntpdate
2022-1012-11 1116 18:5145:25 16 Result: file /etc/network/if-up.d/ntpdate does not exist
2022-1012-11 1116 18:5145:25 16 Result: Found a time syncing daemon/client.
2022-1012-11 1116 18:5145:25 16 Hardening: assigned maximum number of hardening points for this item (3). Currently having 173 points (out of 249246)
5Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) :  Following sub-tests requiredN/A
5asysctl key fs.suid_dumpable contains equal expected and current value (0)

2022-1012-11 1116 18:5145:37 27 Result: sysctl key fs.suid_dumpable contains equal expected and current value (0)

Required configuration
5bsysctl key kernel.dmesg_restrict contains equal expected and current value (1)

2022-1012-11 1116 18:5145:37 27 Result: sysctl key kernel.dmesg_restrict contains equal expected and current value (1)

Required configuration
5csysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0)2022-1012-11 1116 18:5145:37 27 Result: sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0)Required configuration
6Test: Check if one or more compilers can be found on the system

2022-0312-07 1516 18:5545:29 28 Performing test ID HRDN-7220 (Check if one or more compilers are installed)
2022-0312-07 1516 18:5545:29 28 Test: Check if one or more compilers can be found on the system
2022-0312-07 1516 18:5545:29 28 Result: no compilers found
2022-0312-07 1516 18:5545:29 28 Hardening: assigned maximum number of hardening points for this item (3). Currently having 216 212 points (out of 325312)

Required removal of build-essential package and apt autoremove, and /bin/as

...