I've been getting these for the past hour:
Code: Select all
Command executed: /sbin/service httpd restart
Exit value: 0
Signal number: 0
Dumped core?: 0
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Result of asl -s -f
Code: Select all
Starting Atomic Secured Linux scan, please be patient ...
Stopping ASL firewall: [ OK ]
Setting ASL firewall policy to ACCEPT: [ OK ]
Starting ASL firewall: [ OK ]
Checking Kernel security settings
ASL kernel: not detected [CRITICAL]
KERNEXEC protections: not detected [HIGH]
UDEREF protections: not detected [HIGH]
Runtime module loading: disabled [PASS]
GRsecurity administrative password: not set [INFO]
GRsecurity ACL database: not found [INFO]
Executable anonymous mapping: no [PASS]
Executable bss: no [PASS]
Executable data: no [PASS]
Executable heap: no [PASS]
Executable stack: no [PASS]
Executable anonymous mapping (mprotect): yes [HIGH]
Executable bss (mprotect): yes [HIGH]
Executable data (mprotect): yes [HIGH]
Executable heap (mprotect): yes [HIGH]
Executable shared library bss (mprotect): yes [HIGH]
Executable shared library data (mprotect): yes [HIGH]
Executable stack (mprotect): yes [HIGH]
Anonymous mapping randomisation test: no [PASS]
Heap randomisation test (ET_EXEC): no [PASS]
Heap randomisation test (ET_DYN): no [PASS]
Main executable randomisation (ET_EXEC): no [PASS]
Shared library randomisation test: no [PASS]
Stack randomisation test (SEGMEXEC): no [PASS]
Stack randomisation test (PAGEEXEC): no [PASS]
Executable shared library bss: no [PASS]
Executable shared library data: no [PASS]
Writable text segments: yes [HIGH]
Kernel Enforced Security Policies
Trusted Path Execution(TPE): not available [CRITICAL]
Deter Bruteforce: not available [LOW]
Consistent thread permissions : not available [LOW]
Disable Privileged I/O: not available [CRITICAL]
Audit mount() events: not available [INFO]
Audit chdir() events: not available [INFO]
Audit ptrace() events: not available [INFO]
Audit text relocation events: not available [INFO]
Restrict chroot() capabilities: not available [HIGH]
Chroot restrictions, deny chmod(): not available [MODERATE]
Chroot restrictions, deny chroot(): not available [MODERATE]
Chroot restrictions, deny fchdir(): not available [MODERATE]
Chroot restrictions, deny mknod(): not available [MODERATE]
Chroot restrictions, deny mount(): not available [MODERATE]
Chroot restrictions, deny pivot(): not available [MODERATE]
Chroot restrictions, deny external shmem access: not avai[MODERATE]
Chroot restrictions, deny sysctl: not available [MODERATE]
Chroot restrictions, deny unix domain sockets: not availa[MODERATE]
Chroot restrictions, set cwd to chroot dir: not available[MODERATE]
Chroot restrictions, process controls: not available [MODERATE]
Restrict dmesg: not available [LOW]
Enhanced FIFO restrictions: not available [LOW]
Fork() failure logging: not available [LOW]
Harden ptrace(): not available [MODERATE]
Network Stack, IP Blackhole policy: not available [LOW]
Linking Restrictions: not available [LOW]
Resource Logging: not available [INFO]
RWX map Logging: not available [INFO]
Signal Logging: not available [INFO]
Timechange Logging: not available [INFO]
Checking General security settings
Checking for unnecessary services
Service FreeWnn: disabled [PASS]
Service abrt: disabled [PASS]
Service abrtd: disabled [PASS]
Service annacron: disabled [PASS]
Service apmd: disabled [PASS]
Service autofs: disabled [PASS]
Service avahi-daemon: disabled [PASS]
Service avahi-dnsconfd: disabled [PASS]
Service bluetooth: disabled [PASS]
Service canna: disabled [PASS]
Service cups: disabled [PASS]
Service cups-config-daemon: disabled [PASS]
Service gpm: disabled [PASS]
Service haldaemon: disabled [PASS]
Service hidd: disabled [PASS]
Service hplip: disabled [PASS]
Service iiim: disabled [PASS]
Service isdn: disabled [PASS]
Service kdump: disabled [PASS]
Service mDNSResponder: disabled [PASS]
Service mcstrans: disabled [PASS]
Service nfs: disabled [PASS]
Service nfslock: disabled [PASS]
Service nifd: disabled [PASS]
Service pcscd: disabled [PASS]
Service portmap: disabled [PASS]
Service rpcidmapd: disabled [PASS]
Service sbadm: disabled [PASS]
Service xfs: disabled [PASS]
Service X11: disabled [PASS]
Checking for End of Life (EOL) operating systems
centos/6: Supported [PASS]
Checking for POSIX ACL support: detected [PASS]
Checking for updater: yum detected [PASS]
Checking for updates: 16 found [CRITICAL]
Checking for Superuser accounts (UID0)
Password hashing algorithm: sha512 [PASS]
Checking for Suspicious cron jobs
Deny untrusted users access to cron
apache : denied [PASS]
adm : denied [PASS]
bin : denied [PASS]
daemon : denied [PASS]
nobody : denied [PASS]
Checking for non-secure services
Telnet: not detected [PASS]
Rlogin: not detected [PASS]
Rsh: not detected [PASS]
Checking system logging
Checking mod_security settings
Checking for mod_security installation: installed [PASS]
mod_security set to: enabled [PASS]
Server signature set to: Apache [PASS]
SecUploadDir set to: /var/asl/data/suspicious [PASS]
SecUploadKeepFiles set to: off [PASS]
Logfile set to: audit_log [PASS]
Logging set to: Concurrent [PASS]
Audit Logging to: /var/asl/data/audit [PASS]
Logging elements set to: ABIFHZ [PASS]
SecRequestBodyInMemoryLimit set to: 131072 [PASS]
SecRequestBodyLimit set to: 134217728 [PASS]
SecResponseBodyLimitAction set to: ProcessPartial [PASS]
SecDataDir set to: /var/asl/data/msa [PASS]
SecTmpDir set to: /tmp [PASS]
Checking for disabled rules
Checking for disabled domains
RBL Ruleset: off [LOW]
Bogus Search Engine Ruleset: off [HIGH]
Autowhitelist Search Engine Ruleset: off [LOW]
Antievasion Ruleset: on [PASS]
Strict Multiform Ruleset: off [MODERATE]
Threat Intelligence Ruleset: off [MODERATE]
Whitelist Ruleset: off [PASS]
Advanced Antievasion Ruleset: off [HIGH]
Custom Domain block Ruleset: off [PASS]
Slow Denial of Service Protection: on [PASS]
Exclude Ruleset: on [PASS]
Anti-Malware Ruleset: on [PASS]
Application Specific Rules: off [LOW]
Generic Attack Ruleset: on [PASS]
Advanced Attack Ruleset: on [PASS]
Data Loss Protection Ruleset: off [MODERATE]
Brute Force Protection Ruleset: on [PASS]
Malicious Useragents Ruleset: on [PASS]
Anti-Spam Ruleset: on [PASS]
Anti-Spam URI RBL Ruleset: off [LOW]
Rootkit Detection Ruleset: on [PASS]
Reconnaissance Attacks Ruleset: on [PASS]
Data Leak Prevention Ruleset: on [PASS]
Advanced Malware Removal Ruleset: off [MODERATE]
Just In Time Patches: on [PASS]
Basic Malware Removal Ruleset: on [PASS]
Malicious Output Detector: on [PASS]
Web Malware Upload Scanner: on [PASS]
Checking php settings
Checking for php installation: installed [PASS]
php set to: warn only [CRITICAL]
Enforce mail.add.xheader: enforced [PASS]
Disable URL fopen: not enforced [HIGH]
Disable URL include: not enforced [HIGH]
Disable expose_php: not enforced [HIGH]
Disable display_errors: not enforced [MODERATE]
Checking for High-Risk functions
Function curl_exec: enabled [HIGH]
Function curl_multi_exec: enabled [HIGH]
Function dl: enabled [HIGH]
Function exec: enabled [HIGH]
Function eval: enabled [HIGH]
Function fsockopen: enabled [HIGH]
Function ini_alter: enabled [HIGH]
Function ini_set: enabled [HIGH]
Function passthru: enabled [HIGH]
Function pcntl_exec: enabled [HIGH]
Function pfsockopen: enabled [HIGH]
Function popen: enabled [HIGH]
Function posix_kill: enabled [HIGH]
Function posix_mkfifo: enabled [HIGH]
Function posix_setuid: enabled [HIGH]
Function proc_close: enabled [HIGH]
Function proc_open: enabled [HIGH]
Function proc_terminate: enabled [HIGH]
Function shell_exec: enabled [HIGH]
Function system: enabled [HIGH]
Checking for Moderate-Risk functions
Function ftp_exec: enabled [MODERATE]
Function leak: enabled [MODERATE]
Function link: enabled [MODERATE]
Function posix_setpgid: enabled [MODERATE]
Function posix_setsid: enabled [MODERATE]
Function proc_get_status: enabled [MODERATE]
Function proc_nice: enabled [MODERATE]
Function show_source: enabled [MODERATE]
Function symlink: enabled [MODERATE]
Checking for Low-Risk functions
Function apache_child_terminate: enabled [LOW]
Function apache_setenv: enabled [LOW]
Function define_syslog_variables: enabled [LOW]
Function ftok: enabled [LOW]
Function escapeshellarg: allowed [LOW]
Function escapeshellcmd: enabled [LOW]
Function highlight_file: enabled [LOW]
Function ini_get_all: enabled [LOW]
Function openlog: enabled [LOW]
Function phpinfo: allowed [LOW]
Function posix_access: enabled [LOW]
Function posix_getpwuid: enabled [LOW]
Function posix_uname: enabled [LOW]
Function readlink: enabled [LOW]
Function syslog: enabled [LOW]
Checking executable stack flag on PHP extensions
Checking ossec-hids settings
Checking for ossec-hids installation: installed [PASS]
ossec-hids set to: enabled [PASS]
OSSEC is configured in server mode.
Checking for server installation: installed [PASS]
Enable email notification: enabled [PASS]
Notifications to address: imad.sani@bramerz.pk [PASS]
Notifications from address: asl@malta2120.startdedicate[PASS]
SMTP server: 127.0.0.1 [PASS]
Max email per hour setting: 1 [PASS]
Active Response: enabled [PASS]
Active Response timeout: 600 [PASS]
Verifying OSSEC whitelists
checking: 85.25.128.10 [PASS]
checking: 85.25.185.91 [PASS]
checking: 85.25.210.14 [PASS]
checking: 85.25.255.10 [PASS]
checking: 116.58.11.106 [PASS]
checking: 127.0.0.1/8 [PASS]
checking: 146.185.181.25 [PASS]
Excessive whitelists not detected: 5 [PASS]
Checking for monitored log files
/var/log/messages: monitored [PASS]
/var/log/secure: monitored [PASS]
/var/log/maillog: monitored [PASS]
/var/log/tortixd/audit_log: monitored [PASS]
/var/log/httpd/audit_log: monitored [PASS]
/var/log/httpd/error_log: monitored [PASS]
/var/log/tortixd/asl_error_log: monitored [PASS]
/var/log/mysqld.log: monitored [PASS]
Reloading ossec-hids: [ OK ]
Checking rkhunter settings
Checking for rkhunter installation: installed [PASS]
rkhunter set to: enabled [PASS]
Notifications sent to: imad.sani@bramerz.pk [PASS]
SSH root login check: enabled [PASS]
Checking ssh settings
Enforce Protocol Version 2: enforced [PASS]
Strict modes enabled: enforced [PASS]
Ignore .rhosts: enforced [PASS]
Enforce Public Key authentication for users: enforced [PASS]
Administrative users are: not defined [HIGH]
WARNING: SSH authentication will not be reconfigured at this time.
Disable Root Logins: no [HIGH]
Disable Password Authentication: no [HIGH]
Enable Privilege separation: enabled [PASS]
Disallow GSSAPIAuthentication: enforced [PASS]
Disallow GSSAPICleanupCredentials: enforced [PASS]
SSH Banner: /etc/asl/banner [PASS]
Enable UseDNS: enforced [PASS]
Allow empty passwords: allowed [PASS]
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
Checking httpd settings
Verify HTTP TRACE disabled: verified [PASS]
Checking mod_evasive settings
Checking for mod_evasive installation: installed [PASS]
mod_evasive set to: enabled [PASS]
DOSHashTableSize set to: 4096 [PASS]
DOSPageCount set to: 10 [PASS]
DOSSiteCount set to: 400 [PASS]
DOSPageInterval set to: 4 [PASS]
DOSSiteInterval set to: 4 [PASS]
DOSBlockingPeriod set to: 25 [PASS]
checking: 85.25.128.10 [PASS]
checking: 85.25.185.91 [PASS]
checking: 85.25.210.14 [PASS]
checking: 85.25.255.10 [PASS]
checking: 116.58.11.106 [PASS]
checking: 127.*.*.* [PASS]
checking: 146.185.181.25 [PASS]
Checking mod_qos settings
Checking for mod_qos installation: installed [PASS]
mod_qos set to: not enabled [INFO]
Checking Mysql security settings
Mysql security policy set to: enforced [PASS]
Mysql Local LOAD DATA: disabled [PASS]
Mysql Log Errors: enabled [PASS]
Mysql Log authentication failures: enabled [PASS]
Mysql symbolic links : enabled [PASS]
Mysql query caching: enabled [PASS]
Restarting clamav, this could take a moment ...
Checking clamav settings
Checking for clamav installation: installed [PASS]
ClamAV set to: enabled [PASS]
Clamd listen address: 127.0.0.1 [PASS]
Clamd log to syslog: yes [PASS]
Clamav is in: application-only mode
Stopping Clam AntiVirus Daemon: [ OK ]
Starting Clam AntiVirus Daemon: [ OK ]
Checking psmon settings
Checking for psmon installation: installed [PASS]
psmon set to: enabled [PASS]
Notifications to: imad.sani@bramerz.pk [PASS]
From line set to: psmon@malta2120.startdedicated.net [PASS]
Checking System services monitored by psmon
clamd: monitored [PASS]
crond: monitored [PASS]
httpd: monitored [PASS]
mysqld: monitored [PASS]
rsyslog: monitored [PASS]
sshd: monitored [PASS]
tortixd: monitored [PASS]
ossec-dbd: monitored [PASS]
Stopping psmon: [ OK ]
Starting psmon: [ OK ]
Generating Report ...
complete
help?