Atomicorp

Critical Risk: Un-Applied updates for your system were detected. A full list of available updates is available in /var/asl/data/updates_pending.log
Critical Risk: ASL is in warn-only mode for detecting and disabling dangerous PHP functions.
High Risk: Kernel check, Main executable randomization (ET_EXEC) failed
High Risk: Allow URL Include is enabled. This allows an attacker to remotely include files into PHP scripts through urls.
High Risk: PHP function exec() allows an attacker to execute shell commands through php.
High Risk: PHP Function popen() allows attacker to execute commands on a system.
High Risk: SSH No Administrative users are defined: Administrative users are the users that maintain this system, that should su or sudo to root. This test verifies that administrative users are defined. It is not recommended to manage the system by directly logging in as root.
High Risk: SSH setting: Password Authentication is allowed. Passwords are easily compromised, lost, and are a poor security model. Implement two factor authentication with SSH keys.
High Risk: SSH setting: The system allows remote root logins

[root@plesk2 ~]# cat /var/asl/data/updates_pending.log
dbus-python.x86_64 0.70-9.el5_4 updates
httpd.x86_64 2.2.3-31.el5.centos.2 updates
httpd-devel.x86_64 2.2.3-31.el5.centos.2 updates
httpd-manual.x86_64 2.2.3-31.el5.centos.2 updates
libvorbis.i386 1:1.1.2-3.el5_4.4 updates
libvorbis.x86_64 1:1.1.2-3.el5_4.4 updates
libvorbis-devel.i386 1:1.1.2-3.el5_4.4 updates
libvorbis-devel.x86_64 1:1.1.2-3.el5_4.4 updates
mod_ssl.x86_64 1:2.2.3-31.el5.centos.2 updates
[root@plesk2 ~]#

coolemail wrote:Thanks Biggles,
Physical, dedicated server with Plesk 9.2, ASL 2.2, CentOS 5.2

Critical Risk: Un-Applied updates for your system were detected. A full list of available updates is available in /var/asl/data/updates_pending.log

Critical Risk: ASL is in warn-only mode for detecting and disabling dangerous PHP functions.

High Risk: Kernel check, Main executable randomization (ET_EXEC) failed

High Risk: Allow URL Include is enabled. This allows an attacker to remotely include files into PHP scripts through urls.

High Risk: PHP function exec() allows an attacker to execute shell commands through php.

High Risk: PHP Function popen() allows attacker to execute commands on a system.

High Risk: SSH No Administrative users are defined: Administrative users are the users that maintain this system, that should su or sudo to root. This test verifies that administrative users are defined. It is not recommended to manage the system by directly logging in as root.

High Risk: SSH setting: Password Authentication is allowed. Passwords are easily compromised, lost, and are a poor security model. Implement two factor authentication with SSH keys.

High Risk: SSH setting: The system allows remote root logins

[root@plesk2 ~]# grep -i disable_functions /etc/php.ini
disable_functions =  , dl  , passthru , pfsockopen , posix_kill , posix_mkfifo , posix_setuid , proc_close , proc_open , proc_terminate , shell_exec , system , leak , posix_setpgid , posix_setsid , proc_get_status , proc_nice , show_source , escapeshellcmd
[root@plesk2 ~]# 

Starting Atomic Secured Linux scan, please be patient...
Checking Kernel security settings
ASL kernel detected
ASL kernel Ok
Runtime module loading Ok
GRsecurity administrative password Info
GRsecurity ACL database Info
Executable anonymous mapping Ok
Executable bss Ok
Executable data Ok
Executable heap Ok
Executable stack Ok
Executable anonymous mapping (mprotect) Ok
Executable bss (mprotect) Ok
Executable data (mprotect) Ok
Executable heap (mprotect) Ok
Executable shared library bss (mprotect) Ok
Executable shared library data (mprotect) Ok
Executable stack (mprotect) Ok
Anonymous mapping randomisation test Ok
Heap randomisation test (ET_EXEC) Ok
Heap randomisation test (ET_DYN) Ok
Main executable randomisation (ET_EXEC) High
Shared library randomisation test Ok
Stack randomisation test (SEGMEXEC) Ok
Stack randomisation test (PAGEEXEC) Ok
Executable shared library bss Ok
Executable shared library data Ok
Writable text segments Ok
Checking General security settings
Checking for unnecessary services
Service portmap Ok
Service nfs Ok
Service nfslock Ok
Service rpcidmapd Ok
Service cups Ok
Service gpm Ok
Service xfs Ok
Service pcscd Ok
Service mcstrans Ok
Service kdump Ok
Service isdn Ok
Service hplip Ok
Service hidd Ok
Service messagebus Ok
Service haldaemon Ok
Service gpm Ok
Service bluetooth Ok
Service avahi-daemon Ok
Service autofs Ok
Service apmd Ok
Service X11 Ok
Checking for End of Life (EOL) operating systems
centos/5 Ok
Checking for updater Ok
Checking for updates Ok
Checking General Plesk settings
Plesk SQL Injection vulnerability SA26741 Ok
Horde Turba Vulnerability CVE-2008-0807 Ok
Horde Vulnerability SA28382 Ok
Horde Turba Vulnerability SA28382 Ok
Horde Mnemo Vulnerability SA28382 Ok
Horde Kronolith Vulnerability SA28382 Ok
Horde Vulnerability CVE-2007-6018 Ok
Horde Vulnerability CVE-2008-1284 Ok
Horde Kronolith Vulnerabilty BugtraqID 28898 Ok
Proftp Vulnerability SA33842 Ok
Verify TLS enabled in proftp Ok
Verify ClamAV enabled in proftp Ok
Checking for weak SMTP_AUTH passwords Moderate
See/var/asl/reports/password.report for more details
Verify SSLv2 disabled in Qmail Ok
Verify expose_php set to off Ok
Checking psmon settings
Checking for psmon installation Ok
psmon set to Ok
Regenerating configuration from template Ok
Process monitoring enabled Ok
Notifications to Fixed
From line set to Fixed
Checking System services monitored by psmon
clamd Fixed
courier-imap Fixed
crond Fixed
ossec-hids Fixed
sshd Fixed
xinetd Fixed
ossec-dbd Fixed
Checking ossec-hids settings
Checking for ossec-hids installation Ok
ossec-hids set to Ok
OSSEC is configured in server mode.
Checking for server installation Ok
Enable email notification Ok
Notifications to Ok
Notifications from Ok
SMTP server set to Ok
Max emails per hour set to Ok
Verifying Active Response set to Ok
Verifying Active Response set to Ok
Verifying OSSEC whitelists
checking Ok
Excessive whitelists not detected Ok
Monitoring mod_security log Ok
[ OK ] Shutting down ossec-hids
[ OK ] Starting ossec-hids
Checking rkhunter settings
Checking for rkhunter installation Ok
rkhunter set to Ok
Notifications sent to Ok
Allow SSH root logins Ok
Allow SSH Protocol 1 Ok
ftp_psa Ok
poppassd_psa Ok
smtp_psa Ok
smtps_psa Ok
submission_psa Ok
Checking denyhosts settings
Checking for denyhosts installation Ok
denyhosts set to Ok
Notifications sent to Ok
Notifications sent from Ok
Logging set to Ok
Shun period set to Ok
Verifying DenyHosts whitelists
checking Ok
Failed Root login threshold Ok
sent DenyHosts SIGTERM
/usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf Starting denyhosts
Checking ssh settings
Enforce Protocol Version Ok
Strict modes enabled Ok
Ignore .rhosts Ok
Enable Public Key authentication for users Ok
Checking Admin users
Valid Admin users detected High
SSH will not be reconfigured at this time. warning
Valid Admin users detected High
FAILED High
Enable Privilege separation Ok
Allow GSSAPIAuthentication Ok
Allow GSSAPICleanupCredentials Ok
SSH Banner Ok
Checking httpd settings
Verify HTTP TRACE disabled Ok
Verify SSLv2 disabled Ok
Checking mod_evasive settings
Checking for mod_evasive installation Ok
mod_evasive set to Ok
DOSHashTableSize set to Ok
DOSPageCount set to Ok
DOSSiteCount set to Ok
DOSPageInterval set to Ok
DOSSiteInterval set to Ok
DOSBlockingPeriod set to Ok
Checking mod_security settings
Checking for mod_security installation Ok
mod_security set to Ok
Server Signature set to Fixed
SecUploadDir set to Ok
SecUploadKeepFiles set to Ok
Logfile set to Ok
Logging set to Ok
Audit Logging to Ok
Logging elements set to Ok
SecRequestBodyInMemoryLimit set to Ok
SecResponseBodyLimit set to Ok
Enable debug log Ok
SecDataDir set to Fixed
SecTmpDir set to Ok
Checking rule class settings
RBL Checks Low
Upload Scanner ruleset Ok
Anti-Malware ruleset Ok
Generic Attack ruleset Ok
Malicious Useragents ruleset Ok
Anti-Spam ruleset Ok
Apache2 Generic ruleset Ok
Rootkit ruleset Ok
Recon ruleset Ok
Just In Time Patches Ok
Whitelist Ok
[ OK ] Stopping httpd
[ OK ] Starting httpd
Checking php settings
Checking for php installation Ok
php set to Critical
PHP Safe Mode Ok
Register Globals Ok
Allow URL fopen Ok
Allow URL include Ok
Checking for High-Risk functions
Function dl Ok
Function exec High
Function passthru Ok
Function pfsockopen Ok
Function popen High
Function posix_kill Ok
Function posix_mkfifo Ok
Function posix_setuid Ok
Function proc_close Ok
Function proc_open Ok
Function proc_terminate Ok
Function shell_exec Ok
Function system Ok
Checking for Moderate-Risk functions
Function leak Ok
Function posix_setpgid Ok
Function posix_setsid Ok
Function proc_get_status Ok
Function proc_nice Ok
Function show_source Ok
Checking for Low-Risk functions
Function escapeshellcmd Ok
Function phpinfo Low
Checking executable stack flag on PHP extensions
Complete Generating report