Code: Select all
[xxxxxx@xxxxxxxx ~]# asl -u
Checking for updates..
ASL version is current: 2.2.11 [OK]
APPINV rules are current: 201008021738 [OK]
CLAMAV rules are current: 201011111138 [OK]
GEOMAP rules are current: 201011110930 [OK]
MODSEC rules are current: 201011111332 [OK]
OSSEC rules are current: 201009211611 [OK]
[xxxxxx@xxxxxxxx ~]# asl -s -f
Starting Atomic Secured Linux scan, please be patient...
Checking Kernel security settings
ASL kernel: detected [OK]
Runtime module loading: disabled [OK]
GRsecurity administrative password: not set [INFO]
GRsecurity ACL database: not found [INFO]
Executable anonymous mapping: no [OK]
Executable bss: no [OK]
Executable data: no [OK]
Executable heap: no [OK]
Executable stack: no [OK]
Executable anonymous mapping (mprotect): no [OK]
Executable bss (mprotect): no [OK]
Executable data (mprotect): no [OK]
Executable heap (mprotect): no [OK]
Executable shared library bss (mprotect): no [OK]
Executable shared library data (mprotect): no [OK]
Executable stack (mprotect): no [OK]
Anonymous mapping randomisation test: no [OK]
Heap randomisation test (ET_EXEC): no [OK]
Heap randomisation test (ET_DYN): no [OK]
Main executable randomisation (ET_EXEC): no [OK]
Shared library randomisation test: no [OK]
Stack randomisation test (SEGMEXEC): no [OK]
Stack randomisation test (PAGEEXEC): no [OK]
Executable shared library bss: no [OK]
Executable shared library data: no [OK]
Writable text segments: no [OK]
Checking General security settings
Checking for unnecessary services
Service apmd: disabled [OK]
Service autofs: disabled [OK]
Service avahi-daemon: disabled [OK]
Service bluetooth: disabled [OK]
Service cups: disabled [OK]
Service gpm: disabled [OK]
Service haldaemon: disabled [OK]
Service hidd: disabled [OK]
Service hplip: disabled [OK]
Service isdn: disabled [OK]
Service kdump: disabled [OK]
Service mcstrans: disabled [OK]
Service messagebus: disabled [OK]
Service nfs: disabled [OK]
Service nfslock: disabled [OK]
Service pcscd: disabled [OK]
Service portmap: disabled [OK]
Service rpcidmapd: disabled [OK]
Service xfs: disabled [OK]
Service X11: disabled [OK]
Checking for End of Life (EOL) operating systems
centos/5: Supported [OK]
Checking for updater: yum detected [OK]
Checking for updates: system is up to date [OK]
Checking General Plesk settings
Plesk SQL Injection vulnerability SA26741: not detected [OK]
Horde Turba Vulnerability CVE-2008-0807: not detected [OK]
Horde Vulnerability SA28382: not detected [OK]
Horde Turba Vulnerability SA28382: not detected [OK]
Horde Mnemo Vulnerability SA28382: not detected [OK]
Horde Kronolith Vulnerability SA28382: not detected [OK]
Horde Vulnerability CVE-2007-6018: not detected [OK]
Horde Vulnerability CVE-2008-1284: not detected [OK]
Horde Kronolith Vulnerabilty BugtraqID 28898: not detecte[OK]
@Mail Vulnerability SA31279: not detected [OK]
Proftp Vulnerability SA33842: not detected [OK]
Verify TLS enabled in proftp: enabled [OK]
Verify ClamAV enabled in proftp: enabled [OK]
Set proftp scoreboard to default: yes [OK]
Checking for weak SMTP_AUTH passwords: 0 found [OK]
Verify SSLv2 disabled in Qmail: verified [OK]
Verify SSLv2 disabled in Courier IMAP: verified [OK]
Verify SSLv2 disabled in Courier POP3d: verified [OK]
Verify expose_php set to off: [OK]
Checking psmon settings
Checking for psmon installation: installed [OK]
psmon set to: enabled [OK]
Notifications to: xxxxxxx@xxxxxxxxxxxxxxxxxxxxx.com [OK]
From line set to: psmon@xxxxxxxx.xxxxxxxxxxx.com [OK]
Checking System services monitored by psmon
clamd: monitored [OK]
courier-imap: monitored [OK]
crond: monitored [OK]
mysqld: monitored [OK]
sshd: monitored [OK]
xinetd: monitored [OK]
ossec-dbd: monitored [OK]
Stopping psmon: [ OK ]
Starting psmon: [ OK ]
2010/11/12 07:56:57 ossec-testrule: INFO: Reading local decoder file.
Checking ossec-hids settings
Checking for ossec-hids installation: installed [OK]
ossec-hids set to: enabled [OK]
OSSEC is configured in server mode.
Checking for server installation: installed [OK]
Enable email notification: enabled [OK]
Notifications to address: xxxxxxx@xxxxxxxxxxxxxxxxxxxxx[OK]
Notifications from address: ossec@xxxxxxxx.xxxxxxxxxxx.[OK]
SMTP server: localhost [OK]
Max email per hour setting: 60 [OK]
Active Response: enabled [OK]
Active Response timeout: 600 [OK]
Verifying OSSEC whitelists
checking: 10.202.11.32 [OK]
checking: 10.202.11.33 [OK]
checking: 10.202.11.34 [OK]
checking: 10.202.11.35 [OK]
checking: 10.202.11.36 [OK]
checking: 10.202.11.37 [OK]
checking: 10.202.11.38 [OK]
checking: 10.202.11.39 [OK]
checking: 10.202.11.40 [OK]
checking: 10.202.11.41 [OK]
checking: 10.202.11.42 [OK]
checking: 10.202.11.43 [OK]
checking: 10.202.11.44 [OK]
checking: 10.202.11.45 [OK]
checking: 10.202.11.46 [OK]
checking: 10.202.11.47 [OK]
checking: 10.202.11.48 [OK]
checking: 10.202.11.49 [OK]
checking: 10.202.11.50 [OK]
checking: 10.202.11.51 [OK]
checking: 10.202.11.52 [OK]
checking: 10.202.11.53 [OK]
checking: 10.202.11.54 [OK]
checking: 10.202.11.55 [OK]
checking: 10.202.11.56 [OK]
checking: 10.202.11.57 [OK]
checking: 10.202.11.58 [OK]
checking: 10.202.11.59 [OK]
checking: 10.202.11.60 [OK]
checking: 10.202.11.61 [OK]
checking: 10.202.11.62 [OK]
checking: 10.202.11.63 [OK]
checking: 10.202.11.64 [OK]
checking: 10.202.11.65 [OK]
checking: 10.202.11.66 [OK]
checking: 10.202.11.67 [OK]
checking: 10.202.11.68 [OK]
checking: 10.202.11.69 [OK]
checking: 10.202.11.70 [OK]
checking: 10.202.11.71 [OK]
checking: 10.202.11.72 [OK]
checking: 10.202.11.73 [OK]
checking: 10.202.11.74 [OK]
checking: 10.202.11.75 [OK]
checking: 10.202.11.76 [OK]
checking: 10.202.11.77 [OK]
checking: 10.202.11.78 [OK]
checking: 10.202.11.79 [OK]
checking: 127.0.0.1 [OK]
Whitelisted IP's exceed 32: 49 [LOW]
Checking for monitored log files
/var/log/messages: monitored [OK]
/var/log/secure: monitored [OK]
/var/log/maillog: monitored [OK]
/var/log/psa/maillog: monitored [OK]
/var/log/httpd/access_log: monitored [OK]
/var/log/httpd/audit_log: monitored [OK]
/var/log/httpd/error_log: monitored [OK]
/var/log/mysqld.log: monitored [OK]
Reloading ossec-hids: [ OK ]
Checking rkhunter settings
Checking for rkhunter installation: installed [OK]
rkhunter set to: enabled [OK]
Notifications sent to: xxxxx@xxxxxxxxxxxxxxxxxxxxxxx.com [OK]
Detected Plesk Environment
ftp_psa : enabled [OK]
poppassd_psa : enabled [OK]
smtp_psa : enabled [OK]
smtps_psa : enabled [OK]
submission_psa : enabled [OK]
Checking ssh settings
Enforce Protocol Version: 2 [OK]
Strict modes enabled: yes [OK]
Ignore .rhosts: yes [OK]
Enable Public Key authentication for users: yes [OK]
Checking Admin users
Valid Admin users detected: no [HIGH]
WARNING: SSH will not be reconfigured at this time.
Valid Admin users detected: [HIGH]
FAILED: Password authentication is enabled: [HIGH]
Enable Privilege separation: yes [OK]
Allow GSSAPIAuthentication: no [OK]
Allow GSSAPICleanupCredentials: no [OK]
SSH Banner: /etc/asl/banner [OK]
Checking httpd settings
Verify HTTP TRACE disabled: verified [OK]
Verify SSLv2 disabled: verified [OK]
Checking mod_evasive settings
Checking for mod_evasive installation: installed [OK]
mod_evasive set to: enabled [OK]
DOSHashTableSize set to: 4096 [OK]
DOSPageCount set to: 5 [OK]
DOSSiteCount set to: 200 [OK]
DOSPageInterval set to: 2 [OK]
DOSSiteInterval set to: 2 [OK]
DOSBlockingPeriod set to: 25 [OK]
[Fri Nov 12 07:57:03 2010] [warn] module ssl_module is already loaded, skipping
Checking mod_security settings
Checking for mod_security installation: installed [OK]
mod_security set to: enabled [OK]
Server Signature set to: Apache [OK]
SecUploadDir set to: /var/asl/data/suspicious [OK]
SecUploadKeepFiles set to: on [OK]
Logfile set to: audit_log [OK]
Logging set to: Concurrent [OK]
Audit Logging to: /var/asl/data/audit [OK]
Logging elements set to: ABIFHZ [OK]
SecRequestBodyInMemoryLimit set to: 131072 [OK]
SecRequestBodyLimit set to: 134217728 [OK]
SecResponseBodyLimit set to: 2621440 [OK]
SecResponseBodyLimitAction set to: ProcessPartial [OK]
Enable debug log: no [OK]
SecDataDir set to: /var/asl/data/msa [OK]
SecTmpDir set to: /tmp [OK]
Checking rule class settings
RBL Checks: on [OK]
Upload Scanner ruleset: on [OK]
Anti-Malware ruleset: on [OK]
Generic Attack ruleset: on [OK]
Malicious Useragents ruleset: on [OK]
Anti-Spam ruleset: on [OK]
Rootkit ruleset: on [OK]
Recon ruleset: on [OK]
Just In Time Patches: on [OK]
Redactor: on [OK]
Whitelist: on [HIGH]
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Checking php settings
Checking for php installation: installed [OK]
PHP Safe Mode: yes [OK]
Register Globals: no [OK]
Allow URL fopen: no [OK]
Checking for High-Risk functions
Function dl: not allowed [OK]
Function exec: not allowed [OK]
Function passthru: not allowed [OK]
Function pcntl_exec: not allowed [OK]
Function pfsockopen: not allowed [OK]
Function popen: not allowed [OK]
Function posix_kill: not allowed [OK]
Function posix_mkfifo: not allowed [OK]
Function posix_setuid: not allowed [OK]
Function proc_close: not allowed [OK]
Function proc_open: not allowed [OK]
Function proc_terminate: not allowed [OK]
Function shell_exec: not allowed [OK]
Function system: not allowed [OK]
Checking for Moderate-Risk functions
Function leak: not allowed [OK]
Function posix_setpgid: not allowed [OK]
Function posix_setsid: not allowed [OK]
Function proc_get_status: not allowed [OK]
Function proc_nice: not allowed [OK]
Function show_source: not allowed [OK]
Checking for Low-Risk functions
Function escapeshellcmd: not allowed [OK]
Function phpinfo: allowed [LOW]
Checking executable stack flag on PHP extensions
/usr/lib/php/ioncube/ioncube_loader_lin_5.2.so : [OK]
/usr/lib/php/zend/ZendOptimizer-5.2.so : [OK]
Restarting clamav, this could take a moment...
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
Checking clamav settings
Checking for clamav installation: installed [OK]
ClamAV set to: enabled [OK]
Clamd listen address: 127.0.0.1 [OK]
Clamd log to syslog: yes [OK]
Clamav is in: application-only mode
Stopping Clam AntiVirus Daemon: [ OK ]
Starting Clam AntiVirus Daemon: [ OK ]
Generating Report: Complete
[xxxxxx@xxxxxxxx ~]# freshclam
ClamAV update process started at Fri Nov 12 07:58:34 2010
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
daily.cld is up to date (version: 12239, sigs: 146312, f-level: 53, builder: ccordes)
safebrowsing.cld is up to date (version: 25090, sigs: 607109, f-level: 53, builder: google)
bytecode.cld is up to date (version: 90, sigs: 10, f-level: 53, builder: edwin)
[xxxxxx@xxxxxxxx ~]#