I was having trouble with a fresh server so just nuked it and started from scratch. Just got done installing ASL but in the panel it says Kernel Protection: Disabled
Any clues?
this is the result of asl -s -f
Code: Select all
Starting Atomic Secured Linux scan, please be patient...
Checking Kernel security settings
ASL kernel: detected [OK]
KERNEXEC protections: detected [OK]
UDEREF protections: detected [OK]
Runtime module loading: disabled [OK]
GRsecurity administrative password: not set [INFO]
GRsecurity ACL database: not found [INFO]
Executable anonymous mapping: no [OK]
Executable bss: no [OK]
Executable data: no [OK]
Executable heap: no [OK]
Executable stack: no [OK]
Executable anonymous mapping (mprotect): no [OK]
Executable bss (mprotect): no [OK]
Executable data (mprotect): no [OK]
Executable heap (mprotect): no [OK]
Executable shared library bss (mprotect): no [OK]
Executable shared library data (mprotect): no [OK]
Executable stack (mprotect): no [OK]
Anonymous mapping randomisation test: no [OK]
Heap randomisation test (ET_EXEC): no [OK]
Heap randomisation test (ET_DYN): no [OK]
Main executable randomisation (ET_EXEC): no [OK]
Shared library randomisation test: no [OK]
Stack randomisation test (SEGMEXEC): no [OK]
Stack randomisation test (PAGEEXEC): no [OK]
Executable shared library bss: no [OK]
Executable shared library data: no [OK]
Writable text segments: no [OK]
Kernel Enforced Security Policies
Trusted Path Execution(TPE): enforced [OK]
TPE Mode: Unless Deny, Allow [INFO]
Disable Privileged I/O: enforced [OK]
Audit mount() events: not enforced [INFO]
Audit chdir() events: not enforced [INFO]
Audit ptrace() events: enforced [OK]
Audit text relocation events: not enforced [INFO]
Restrict chroot() capabilities: enforced [OK]
Chroot restrictions, deny chmod(): enforced [OK]
Chroot restrictions, deny chroot(): enforced [OK]
Chroot restrictions, deny fchdir(): enforced [OK]
Chroot restrictions, deny mknod(): enforced [OK]
Chroot restrictions, deny mount(): enforced [OK]
Chroot restrictions, deny pivot(): enforced [OK]
Chroot restrictions, deny external shmem access: enforced[OK]
Chroot restrictions, deny sysctl: enforced [OK]
Chroot restrictions, deny unix domain sockets: enforced [OK]
Chroot restrictions, set cwd to chroot dir: enforced [OK]
Chroot restrictions, process controls: enforced [OK]
Restrict dmesg: enforced [OK]
Enhanced FIFO restrictions: enforced [OK]
Fork() failure logging: enforced [OK]
Harden ptrace(): not enforced [MODERATE]
Network Stack, IP Blackhole policy: enforced [OK]
Linking Restrictions: enforced [OK]
Resource Logging: enforced [OK]
RWX map Logging: enforced [OK]
Signal Logging: enforced [OK]
Timechange Logging: enforced [OK]
Checking General security settings
Checking for unnecessary services
Service FreeWnn: disabled [OK]
Service annacron: disabled [OK]
Service apmd: disabled [OK]
Service autofs: disabled [OK]
Service avahi-daemon: disabled [OK]
Service avahi-dnsconfd: disabled [OK]
Service bluetooth: disabled [OK]
Service canna: disabled [OK]
Service cups: disabled [OK]
Service cups-config-daemon: disabled [OK]
Service gpm: disabled [OK]
Service haldaemon: disabled [OK]
Service hidd: disabled [OK]
Service hplip: disabled [OK]
Service iiim: disabled [OK]
Service isdn: disabled [OK]
Service kdump: disabled [OK]
Service mDNSResponder: disabled [OK]
Service mcstrans: disabled [OK]
Service nfs: disabled [OK]
Service nfslock: disabled [OK]
Service nifd: disabled [OK]
Service pcscd: disabled [OK]
Service portmap: disabled [OK]
Service rpcidmapd: disabled [OK]
Service sbadm: disabled [OK]
Service xfs: disabled [OK]
Service X11: disabled [OK]
Checking for End of Life (EOL) operating systems
centos/6: Supported [OK]
Checking for POSIX ACL support: detected [OK]
Checking for updater: yum detected [OK]
Checking for updates: 9 found [CRITICAL]
Checking for Superuser accounts (UID0)
Checking for Suspicious cron jobs
Checking for non-secure services
Telnet: not detected [OK]
Rlogin: not detected [OK]
Rsh: not detected [OK]
Checking system logging
Rsyslogd: detected [OK]
Rsyslog imklog module: detected [OK]
/usr/bin/md5sum: /usr/local/psa/admin/plib/class.Session.php: No such file or directory
Checking General Plesk settings
Plesk SQL Injection vulnerability SA26741: not detected [OK]
Plesk SQL Injection vulnerability CVE-2011-4734: not dete[OK]
Horde Turba Vulnerability CVE-2008-0807: not detected [OK]
Horde Vulnerability SA28382: not detected [OK]
Horde Turba Vulnerability SA28382: not detected [OK]
Horde Mnemo Vulnerability SA28382: not detected [OK]
Horde Kronolith Vulnerability SA28382: not detected [OK]
Horde Vulnerability CVE-2007-6018: not detected [OK]
Horde Vulnerability CVE-2008-1284: not detected [OK]
Horde Kronolith Vulnerabilty BugtraqID 28898: not detecte[OK]
Proftp Vulnerability SA33842: not detected [OK]
Proftp Vulnerability SA42052: not detected [OK]
Verify SSLv2 disabled in Plesk Daemon: verified [OK]
Verify TLS enabled in proftp: enabled [OK]
Verify ClamAV enabled in proftp: enabled [OK]
Set proftp scoreboard to default: yes [OK]
Checking for weak SMTP_AUTH passwords: 0 found [OK]
Verify expose_php set to off: enforced [OK]
Checking mod_security settings
Checking for mod_security installation: installed [OK]
mod_security set to: enabled [OK]
Server signature set to: Apache [OK]
SecUploadDir set to: /var/asl/data/suspicious [OK]
SecUploadKeepFiles set to: off [OK]
Logfile set to: audit_log [OK]
Logging set to: Concurrent [OK]
Audit Logging to: /var/asl/data/audit [OK]
Logging elements set to: ABIFHZ [OK]
SecRequestBodyInMemoryLimit set to: 131072 [OK]
SecRequestBodyLimit set to: 134217728 [OK]
SecResponseBodyLimitAction set to: ProcessPartial [OK]
SecDataDir set to: /var/asl/data/msa [OK]
SecTmpDir set to: /tmp [OK]
Checking rule class settings
RBL Ruleset: off [LOW]
Bogus Search Engine Ruleset: off [HIGH]
Autowhitelist Search Engine Ruleset: off [LOW]
Antievasion Ruleset: on [OK]
Strict Multiform Ruleset: off [MODERATE]
Whitelist Ruleset: off [OK]
Advanced Antievasion Ruleset: off [HIGH]
Slow Denial of Service Protection: on [OK]
Exclude Ruleset: on [OK]
Anti-Malware Ruleset: on [OK]
Application Specific Rules: off [LOW]
Generic Attack Ruleset: on [OK]
Advanced Attack Ruleset: on [OK]
Data Loss Protection Ruleset: off [MODERATE]
Brute Force Protection Ruleset: on [OK]
Malicious Useragents Ruleset: on [OK]
Anti-Spam Ruleset: on [OK]
Anti-Spam URI RBL Ruleset: off [LOW]
Rootkit Detection Ruleset: on [OK]
Reconnaissance Attacks Ruleset: on [OK]
Data Leak Prevention Ruleset: on [OK]
Advanced Malware Removal Ruleset: off [MODERATE]
Just In Time Patches: on [OK]
Basic Malware Removal Ruleset: on [OK]
Malicious Output Detector: on [OK]
Web Malware Upload Scanner: on [OK]
Checking for disabled rules
tortixd: Could not reliably determine the server's fully qualified domain name, using astra1690.server4you.net for ServerName
Checking php settings
Checking for php installation: installed [OK]
php set to: warn only [CRITICAL]
Disable URL fopen: not enforced [HIGH]
Disable URL include: not enforced [HIGH]
Disable expose_php: enforced [OK]
Disable display_errors: not enforced [MODERATE]
Checking for High-Risk functions
Function curl_exec: enabled [HIGH]
Function curl_multi_exec: enabled [HIGH]
Function dl: enabled [HIGH]
Function exec: enabled [HIGH]
Function fsockopen: enabled [HIGH]
Function passthru: enabled [HIGH]
Function pcntl_exec: enabled [HIGH]
Function pfsockopen: enabled [HIGH]
Function popen: enabled [HIGH]
Function posix_kill: enabled [HIGH]
Function posix_mkfifo: enabled [HIGH]
Function posix_setuid: enabled [HIGH]
Function proc_close: enabled [HIGH]
Function proc_open: enabled [HIGH]
Function proc_terminate: enabled [HIGH]
Function shell_exec: enabled [HIGH]
Function system: enabled [HIGH]
Checking for Moderate-Risk functions
Function ftp_exec: enabled [MODERATE]
Function leak: enabled [MODERATE]
Function posix_setpgid: enabled [MODERATE]
Function posix_setsid: enabled [MODERATE]
Function proc_get_status: enabled [MODERATE]
Function proc_nice: enabled [MODERATE]
Function show_source: enabled [MODERATE]
Checking for Low-Risk functions
Function escapeshellcmd: enabled [LOW]
Function phpinfo: allowed [LOW]
Checking executable stack flag on PHP extensions
/usr/lib64/php/modules/ioncube_loader_lin_5.4.so : [OK]
Checking ossec-hids settings
Checking for ossec-hids installation: installed [OK]
ossec-hids set to: enabled [OK]
OSSEC is configured in server mode.
Checking for server installation: installed [OK]
Enable email notification: enabled [OK]
Notifications to address: imad.sani@bramerz.pk [OK]
Notifications from address: asl@astra1690.server4you.ne[OK]
SMTP server: 127.0.0.1 [OK]
Max email per hour setting: 1 [OK]
Active Response: enabled [OK]
Active Response timeout: 600 [OK]
Verifying OSSEC whitelists
checking: 85.25.194.35 [OK]
checking: 127.0.0.1 [OK]
Excessive whitelists not detected: 2 [OK]
Checking for monitored log files
/var/log/messages: monitored [OK]
/var/log/secure: monitored [OK]
/var/log/maillog: monitored [OK]
/usr/local/psa/var/log/maillog: monitored [OK]
/var/log/httpd/access_log: monitored [OK]
/usr/local/psa/admin/logs/httpsd_access_log: monitore[OK]
/var/log/httpd/audit_log: monitored [OK]
/var/log/tortixd/audit_log: monitored [OK]
/var/log/psa-horde/psa-horde.log: monitored [OK]
/var/log/httpd/error_log: monitored [OK]
/var/log/httpd/suexec_log: monitored [OK]
/var/log/mysqld.log: monitored [OK]
Reloading ossec-hids: [ OK ]
Checking rkhunter settings
Checking for rkhunter installation: installed [OK]
rkhunter set to: enabled [OK]
Notifications sent to: imad.sani@bramerz.pk [OK]
SSH root login check: enabled [OK]
Detected Plesk Environment
ftp_psa : enabled [OK]
poppassd_psa : enabled [OK]
Checking ssh settings
Enforce Protocol Version 2: enforced [OK]
Strict modes enabled: enforced [OK]
Ignore .rhosts: enforced [OK]
Enforce Public Key authentication for users: enforced [OK]
Checking Admin users
Valid Admin users detected: no [HIGH]
WARNING: SSH authentication will not be reconfigured at this time.
Disable Root Logins: no [HIGH]
Disable Password Authentication: no [HIGH]
Enable Privilege separation: enabled [OK]
Disallow GSSAPIAuthentication: enforced [OK]
Disallow GSSAPICleanupCredentials: enforced [OK]
SSH Banner: /etc/asl/banner [OK]
Enable UseDNS: enforced [OK]
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
Checking httpd settings
Verify HTTP TRACE disabled: verified [OK]
Verify SSLv2 disabled: verified [OK]
Checking mod_evasive settings
Checking for mod_evasive installation: installed [OK]
mod_evasive set to: enabled [OK]
DOSHashTableSize set to: 4096 [OK]
DOSPageCount set to: 5 [OK]
DOSSiteCount set to: 200 [OK]
DOSPageInterval set to: 2 [OK]
DOSSiteInterval set to: 2 [OK]
DOSBlockingPeriod set to: 25 [OK]
checking: 85.25.194.35 [OK]
checking: 127.0.0.1 [OK]
Checking Mysql security settings
mysql security policy set to: enforced [OK]
Mysql Local LOAD DATA: disabled [OK]
Mysql Log Errors: enabled [OK]
Mysql Log authentication failures: enabled [OK]
Mysql symbolic links : disabled [OK]
Mysql query caching: enabled [OK]
Restarting clamav, this could take a moment...
Checking clamav settings
Checking for clamav installation: installed [OK]
ClamAV set to: enabled [OK]
Clamd listen address: 127.0.0.1 [OK]
Clamd log to syslog: yes [OK]
Clamav is in: application-only mode
Stopping Clam AntiVirus Daemon: [ OK ]
Starting Clam AntiVirus Daemon: [ OK ]
Checking psmon settings
Checking for psmon installation: installed [OK]
psmon set to: enabled [OK]
Notifications to: imad.sani@bramerz.pk [OK]
From line set to: psmon@astra1690.server4you.net [OK]
Checking System services monitored by psmon
clamd: monitored [OK]
crond: monitored [OK]
mysqld: monitored [OK]
spamassassin: monitored [OK]
sshd: monitored [OK]
xinetd: monitored [OK]
tortixd: monitored [OK]
memcached: monitored [OK]
ossec-dbd: monitored [OK]
Stopping psmon: [ OK ]
Starting psmon: [ OK ]
Generating Report: Complete