Code: Select all
[root@astra1615 ~]# wget -q -O - https://www.atomicorp.com/installers/asl |sh
Atomic Secured Linux Installer (v5.0.3)
Further Documentation is available at:
http://www.atomicorp.com/wiki/index.php/ASL_installation
Support: support@atomicorp.com
Hit any key to view the License agreement, or Ctrl-C to exit
Do you agree to these terms (yes/no) [Default: yes]
Checking for free space: Done
Checking for memory requirements: PASS
Checking sudo:PASS
WARNING: 3rd party yum repositories could conflict during ASL configuration.
The following repositories were detected:
percona plesk11-base plesk11-thirdparty plesk11-updates rpmforge
Recommendation: Temporarily disable these repositories before continuing the installation.
Do you wish to continue? (yes/no) [Default: no]
Exiting...
[root@astra1615 ~]# yum clean all
Loaded plugins: priorities
Cleaning repos: atomic base extras tortix tortix-kernel updates
Cleaning up Everything
[root@astra1615 ~]# wget -q -O - https://www.atomicorp.com/installers/asl |sh
Atomic Secured Linux Installer (v5.0.3)
Further Documentation is available at:
http://www.atomicorp.com/wiki/index.php/ASL_installation
Support: support@atomicorp.com
Hit any key to view the License agreement, or Ctrl-C to exit
Do you agree to these terms (yes/no) [Default: yes]
Checking for free space: Done
Checking for memory requirements: PASS
Checking sudo:PASS
Error: Cannot retrieve repository metadata (repomd.xml) for repository: atomic. Please verify its path and try again
Checking for core updates: OK
Performing Basic environment checks: Standard
Verifying account: Passed
Ensuring yum is up to date: Done
Checking for perl: Done
Installing the Atomic GPG key: OK
Loaded plugins: priorities
230 packages excluded due to repository priority protections
Setting up Install Process
Package 1:asl-4.0.3-14.el6.art.x86_64 already installed and latest version
Package psmon-1.39-5.el6.art.noarch already installed and latest version
Package 1:mod_security-2.8.0-24.el6.art.x86_64 already installed and latest version
Package mod_evasive-1.10.1-15.el6.art.x86_64 already installed and latest version
Package mod_sed-1.0.2-3.el6.art.x86_64 already installed and latest version
Nothing to do
The Atomic Secured Linux archive has now been installed and configured for your system
The following channels are available:
asl-4.0 - [ENABLED] - contains ASL 4.0 packages
asl-4.0-testing - [DISABLED] - contains ASL 4.0 packages currently in QA
Continue with ASL configuration? (yes/no) [Default: yes]
Configuring Atomic Secured Linux (ASL) 4.0.3-14 for astra1615.startdedicated.net.
Update Policy
Aum has the ability to download updates for rules and packages
installed on the system automatically. You can select from three
different types of automatic updates, or disable automatic updates completely.
All - Update both rules and ASL packages automatically
Rules-Only - update just WAF, HIDS, Geo-Map, and Malware rules
Exclude-kernel - Update all packages, excluding the ASL kernel
Off - Disable all automatic updates
Update Type? (all/rules-only/exclude-kernel/off) [Default: off]:
Update Frequency? (none/hourly/daily) [Default: none]:
Firewall Policy Settings
The ASL firewall consists of multiple advanced firewall capabilities
* Inbound TCP connections
* Inbound UDP connections
* Outbound TCP connections
* Outbound UDP connections
* Restricted SMTP Outbound connections by userid
* Dynamic Anti-Spam, and Anti-Malware blacklists
* Blocking Geographic regions
Configure ASL Console Access List (yes/no) [Default: yes] ?
Current Access list
58.27.227.106
146.185.181.25
Enter List of IPs to allow access to the ASL Console [Enter to exit]:
Configure Inbound TCP Firewall policy (yes/no) [Default: yes] ?
Services added during this step will be INBOUND TCP services policy
The following external TCP services were detected:
TCP Port: 21 listens on 0.0.0.0 (xinetd)
TCP Port: 22 listens on 0.0.0.0 (sshd)
TCP Port: 25 listens on 0.0.0.0 (master)
TCP Port: 53 listens on 0.0.0.0 (named)
TCP Port: 53 listens on 85.25.195.168 (named)
TCP Port: 80 listens on 85.25.195.168 (nginx)
TCP Port: 106 listens on 0.0.0.0 (xinetd)
TCP Port: 110 listens on 0.0.0.0 (couriertcpd)
TCP Port: 143 listens on 0.0.0.0 (couriertcpd)
TCP Port: 443 listens on 85.25.195.168 (nginx)
TCP Port: 465 listens on 0.0.0.0 (master)
TCP Port: 587 listens on 0.0.0.0 (master)
TCP Port: 993 listens on 0.0.0.0 (couriertcpd)
TCP Port: 995 listens on 0.0.0.0 (couriertcpd)
TCP Port: 6308 listens on 0.0.0.0 (sw-cp-server)
TCP Port: 7080 listens on 0.0.0.0 (httpd)
TCP Port: 7081 listens on 0.0.0.0 (httpd)
TCP Port: 8443 listens on 0.0.0.0 (sw-cp-server)
TCP Port: 8880 listens on 0.0.0.0 (sw-cp-server)
TCP Port: 30000 listens on 0.0.0.0 (tortixd)
TCP Port: 30001 listens on 0.0.0.0 (tortixd)
Inbound TCP firewall policy [Default: 21,22,25,53,80,106,110,143,443,465,587,990,993,995,3306,5432,6308,7080,7081,8443,8447,8880,9080,30000,30001]:
ASL can configure Outbound TCP services that are allowed for the system
Services added during this step will be the OUTBOUND TCP services policy
selecting no at this step will disable outbound service filtering.
Configure Firewall Outbound policy (yes/no) [Default: yes] ?
Outbound TCP firewall policy [Default: no]:
ASL can restrict Inbound UDP traffic to specified ports
Configure Inbound UDP Firewall policy (yes/no) [Default: yes] ?
Services added during this step will be INBOUND UDP services policy
The following external UDP services were detected:
UDP Port: 53 listens on 85.25.195.168 (named)
UDP Port: 123 listens on 0.0.0.0 (ntpd)
UDP Port: 123 listens on 85.25.195.168 (ntpd)
Inbound UDP firewall policy [Default: 53,123]:
ASL can configure Outbound UDP services that are allowed for the system
Services added during this step will be the OUTBOUND UDP services policy
selecting no at this step will disable outbound service filtering.
Configure Firewall Outbound UDP policy (yes/no) [Default: yes] ?
Outbound UDP firewall policy [Default: no]:
Dynamic Blacklist Configuration
ASL blacklists are applied to both INPUT and OUTPUT filters.
All blacklists log by default if enabled
* AutoShun: AutoShun is a community sourced blacklist from the Snort IDS.
* C.I. Army: Collective Intelligence blacklist is a community blacklist of known malicious actors.
* Dshield: A community based firewall log correlation system.
* Emerging Threats: Russian Business Network (RBN) blacklist
* Lasso: Spamhaus DROP list for known spam controlled address space.
* ELasso: Extended Spamhaus DROP list for known spam controlled address space.
* OpenBL: OpenBL tracks multiple service abuse, including ssh, ftp, smtp, and http.
* OpenProxies: Known Open Proxy server blacklist.
* TOR: The Onion Router exit node list.
Enable AutoShun blacklist (yes/no) [Default: no] ?
Enable C.I. Army blacklist (yes/no) [Default: no] ?
Enable Dshield blacklist (yes/no) [Default: no] ?
Enable Emerging Threats blacklist (yes/no) [Default: no] ?
Enable Spamhaus LASSO blacklist (yes/no) [Default: no] ?
Enable Spamhaus Extended LASSO blacklist (yes/no) [Default: no] ?
Enable OpenBL blacklist (yes/no) [Default: no] ?
Enable Open Proxies blacklist (yes/no) [Default: no] ?
Enable TOR blacklist (yes/no) [Default: no] ?
General Settings
ASL can be configured as a central Web management console,
log and event collection for the local and remote systems, or
as a client, reporting events to a remote ASL server.
ASL mode? (server/client) [Default: server]:
Advanced Database settings allow for configurating alternate
database names, Remote mysql servers, and user custom credentials.
If you do not know, select no
Advanced database configuration? (yes/no) [Default: no ]:
#############################################
ASL Database setup (v3.1)
#############################################
Testing login with defined credentials...success
ASL Database tortix was detected.
Would you like to re-install the ASL database? (y/n) [Default: n]: y
Warning: Using a password on the command line interface can be insecure.
Creating database tortix:Warning: Using a password on the command line interface can be insecure.
OK
Loading Tortix database schema: Warning: Using a password on the command line interface can be insecure.
OK
Warning: Using a password on the command line interface can be insecure.
Warning: Using a password on the command line interface can be insecure.
#############################################
Installation complete
#############################################
Notifications
ASL will send notifications to the users defined below. These notifications
include security incidents, anomalous behavior, changes to the system
and general diagnostic information
Email address for notifications [Default: imad.sani@bramerz.pk]:
Max Email notifications per hour? (1-9999) [Default: 1 ]:
Administration
Administrative users (other than root) will be permitted to SSH into
the system, and use privileged functions. Defining administrative users
will disable root logins, and disable password based authentication, if
those users have installed SSH keys.
Administrators (separated by whitespace) [Default: root]:
Active Response and Whitelisting
ASL has an active countermeasures system, attacks detected by ASL will be
blocked inline, and by firewall rules.
Whitelisted IP's will not be blocked by ASL active countermeasures.
Only use whitelists for monitoring, administrative, or key systems that you
always want to allow.
Enable ASL active response to attacks? (yes/no) [Default: yes ]:
Current Whitelist
127.0.0.1/8
58.27.227.106
85.25.128.10
85.25.195.168
85.25.255.10
85.25.128.10
85.25.255.10
IP Whitelist (separated by whitespace) [Default: none]:
Add your current IP (146.185.181.25) to whitelist? [Default: yes] (yes/no)
Kernel Update and Virtualization settings
The ASL kernel includes extensive advanced security features including
* Real-time malware detection
* Active kernel intrusion prevention
* Advanced firewall capabilities
Certain ASL settings need to be modified including firewall
functionality in Virtuozzo/Openvz, and compatiblity modifications
virtualization environments like xen.
Virtualization Type? (none/virtuozzo/xen) [Default: none]
Kernel Settings
ASL allows you to disable kernel module loading after the system
has booted. This prevents an intruder from loading kernel modules,
such as LKM (Loadable Kernel Module) rootkits, into the running system.
Loading kernel modules is disabled by default.
Allow run-time kernel module loading? (yes/no) [Default: no ]:
PHP Settings
ASL can check php configuration settings for high risk functions,
and other configuration settings.
Enable PHP checks (yes/no) [Default: no] ?
Checking versions ...
ASL version is current: [PASS]
Updating APPINV to 201402101531: updated [PASS]
Updating CLAMAV to 201406231206: updated [PASS]
Updating GEOMAP to 201406230921: updated [PASS]
Updating map data
(this may take several minutes)Warning: Using a password on the command line interface can be insecure.
: updated [PASS]
Updating MODSEC to 201406231346: updated [PASS]
Antievasion Ruleset: updated [PASS]
Slow Denial of Service Protection: updated [PASS]
Exclude Ruleset: updated [PASS]
Anti-Malware Ruleset: updated [PASS]
Generic Attack Ruleset: updated [PASS]
Advanced Attack Ruleset: updated [PASS]
Brute Force Protection Ruleset: updated [PASS]
Malicious Useragents Ruleset: updated [PASS]
Anti-Spam Ruleset: updated [PASS]
Rootkit Detection Ruleset: updated [PASS]
Reconnaissance Attacks Ruleset: updated [PASS]
Data Leak Prevention Ruleset: updated [PASS]
Just In Time Patches: updated [PASS]
Basic Malware Removal Ruleset: updated [PASS]
Malicious Output Detector: updated [PASS]
Web Malware Upload Scanner: updated [PASS]
Updating OSSEC to 201406190940: updated [PASS]
Updating Signature data
(this may take several minutes)Warning: Using a password on the command line interface can be insecure.
tortixd: Could not reliably determine the server's fully qualified domain name, using astra1615.startdedicated.net for ServerName
: complete [PASS]
Updating Self Healing modules: updated [PASS]
Updating Brute Force Protection: updated [PASS]
Updating Rootkit Protection: updated [PASS]
Restarting Apache ...
Generating report ...
Finished
The ASL kernel includes extensive advanced security features including
* Real-time malware detection
* Active kernel intrusion prevention
* Advanced firewall capabilities
Install the ASL kernel? (yes/no) [Default: yes]
Attempting ASL kernel installation
Disabling UPDATEDEFAULT in /etc/sysconfig/kernel temporarily
Attempting to install ASL kernel
Loaded plugins: priorities
230 packages excluded due to repository priority protections
Setting up Update Process
No Packages marked for Update
Loaded plugins: priorities
230 packages excluded due to repository priority protections
Setting up Install Process
Package xtables-addons-1.47.1-3.68.el6.art.x86_64 already installed and latest version
Package kmod-xtables-addons-1.47.1-3.68.el6.art.x86_64 already installed and latest version
Nothing to do
Configuring ASL kernel to boot in test mode.
Probing devices to guess BIOS drives. This may take a long time.
GNU GRUB version 0.97 (640K lower / 3072K upper memory)
[ Minimal BASH-like line editing is supported. For the first word, TAB
lists possible command completions. Anywhere else TAB lists the possible
completions of a device/filename.]
grub> savedefault --default=0 --once
grub>
Restoring UPDATEDEFAULT in /etc/sysconfig/kernel
Starting Atomic Secured Linux scan, please be patient ...
Stopping ASL firewall: [ OK ]
Setting ASL firewall policy to ACCEPT: [ OK ]
Starting ASL firewall: [ OK ]
Checking Kernel security settings
ASL kernel: detected [PASS]
KERNEXEC protections: detected [PASS]
UDEREF protections: detected [PASS]
Runtime module loading: disabled [PASS]
GRsecurity administrative password: not set [INFO]
GRsecurity ACL database: not found [INFO]
Executable anonymous mapping: no [PASS]
Executable bss: no [PASS]
Executable data: no [PASS]
Executable heap: no [PASS]
Executable stack: no [PASS]
Executable anonymous mapping (mprotect): no [PASS]
Executable bss (mprotect): no [PASS]
Executable data (mprotect): no [PASS]
Executable heap (mprotect): no [PASS]
Executable shared library bss (mprotect): no [PASS]
Executable shared library data (mprotect): no [PASS]
Executable stack (mprotect): no [PASS]
Anonymous mapping randomisation test: no [PASS]
Heap randomisation test (ET_EXEC): no [PASS]
Heap randomisation test (ET_DYN): no [PASS]
Main executable randomisation (ET_EXEC): no [PASS]
Shared library randomisation test: no [PASS]
Stack randomisation test (SEGMEXEC): no [PASS]
Stack randomisation test (PAGEEXEC): no [PASS]
Executable shared library bss: no [PASS]
Executable shared library data: no [PASS]
Writable text segments: no [PASS]
Kernel Enforced Security Policies
Trusted Path Execution(TPE): enforced [PASS]
TPE Mode: Unless Deny, Allow [INFO]
Deter Bruteforce: not enforced [LOW]
Consistent thread permissions : enforced [PASS]
Disable Privileged I/O: enforced [PASS]
Audit mount() events: not enforced [INFO]
Audit chdir() events: not enforced [INFO]
Audit ptrace() events: enforced [PASS]
Audit text relocation events: not enforced [INFO]
Restrict chroot() capabilities: enforced [PASS]
Chroot restrictions, deny chmod(): enforced [PASS]
Chroot restrictions, deny chroot(): enforced [PASS]
Chroot restrictions, deny fchdir(): enforced [PASS]
Chroot restrictions, deny mknod(): enforced [PASS]
Chroot restrictions, deny mount(): enforced [PASS]
Chroot restrictions, deny pivot(): enforced [PASS]
Chroot restrictions, deny external shmem access: enforced[PASS]
Chroot restrictions, deny sysctl: enforced [PASS]
Chroot restrictions, deny unix domain sockets: enforced [PASS]
Chroot restrictions, set cwd to chroot dir: enforced [PASS]
Chroot restrictions, process controls: enforced [PASS]
Restrict dmesg: enforced [PASS]
Enhanced FIFO restrictions: enforced [PASS]
Fork() failure logging: enforced [PASS]
Harden ptrace(): not enforced [MODERATE]
Network Stack, IP Blackhole policy: enforced [PASS]
Linking Restrictions: enforced [PASS]
Resource Logging: enforced [PASS]
RWX map Logging: enforced [PASS]
Signal Logging: enforced [PASS]
Timechange Logging: enforced [PASS]
Checking General security settings
Checking for unnecessary services
Service FreeWnn: disabled [PASS]
Service annacron: disabled [PASS]
Service apmd: disabled [PASS]
Service autofs: disabled [PASS]
Service avahi-daemon: disabled [PASS]
Service avahi-dnsconfd: disabled [PASS]
Service bluetooth: disabled [PASS]
Service canna: disabled [PASS]
Service cups: disabled [PASS]
Service cups-config-daemon: disabled [PASS]
Service gpm: disabled [PASS]
Service haldaemon: disabled [PASS]
Service hidd: disabled [PASS]
Service hplip: disabled [PASS]
Service iiim: disabled [PASS]
Service isdn: disabled [PASS]
Service kdump: disabled [PASS]
Service mDNSResponder: disabled [PASS]
Service mcstrans: disabled [PASS]
Service nfs: disabled [PASS]
Service nfslock: disabled [PASS]
Service nifd: disabled [PASS]
Service pcscd: disabled [PASS]
Service portmap: disabled [PASS]
Service rpcidmapd: disabled [PASS]
Service sbadm: disabled [PASS]
Service xfs: disabled [PASS]
Service X11: disabled [PASS]
Checking for End of Life (EOL) operating systems
centos/6: Supported [PASS]
Checking for POSIX ACL support: detected [PASS]
Checking for updater: yum detected [PASS]
Checking for updates: 13 found [CRITICAL]
Checking for Superuser accounts (UID0)
Password hashing algorithm: sha512 [PASS]
Checking for Suspicious cron jobs
Deny untrusted users access to cron
apache : denied [PASS]
adm : denied [PASS]
bin : denied [PASS]
daemon : denied [PASS]
nobody : denied [PASS]
Checking for non-secure services
Telnet: not detected [PASS]
Rlogin: not detected [PASS]
Rsh: not detected [PASS]
Checking system logging
Checking General Plesk settings
Plesk SQL Injection vulnerability SA26741: not detected [PASS]
Plesk SQL Injection vulnerability CVE-2011-4734: not dete[PASS]
Horde Turba Vulnerability CVE-2008-0807: not detected [PASS]
Horde Vulnerability SA28382: not detected [PASS]
Horde Turba Vulnerability SA28382: not detected [PASS]
Horde Mnemo Vulnerability SA28382: not detected [PASS]
Horde Kronolith Vulnerability SA28382: not detected [PASS]
Horde Vulnerability CVE-2007-6018: not detected [PASS]
Horde Vulnerability CVE-2008-1284: not detected [PASS]
Horde Kronolith Vulnerabilty BugtraqID 28898: not detecte[PASS]
Proftp Vulnerability SA33842: not detected [PASS]
Proftp Vulnerability SA42052: not detected [PASS]
Verify SSLv2 disabled in Plesk Daemon: verified [PASS]
Verify TLS enabled in proftp: enabled [PASS]
Verify ClamAV enabled in proftp: enabled [PASS]
Set proftp scoreboard to default: yes [PASS]
Checking for weak SMTP_AUTH passwords: 0 found [PASS]
Verify expose_php set to off: enforced [PASS]
Checking mod_security settings
Checking for mod_security installation: installed [PASS]
mod_security set to: enabled [PASS]
Server signature set to: Apache [PASS]
SecUploadDir set to: /var/asl/data/suspicious [PASS]
SecUploadKeepFiles set to: off [PASS]
Logfile set to: audit_log [PASS]
Logging set to: Concurrent [PASS]
Audit Logging to: /var/asl/data/audit [PASS]
Logging elements set to: ABIFHZ [PASS]
SecRequestBodyInMemoryLimit set to: 131072 [PASS]
SecRequestBodyLimit set to: 134217728 [PASS]
SecResponseBodyLimitAction set to: ProcessPartial [PASS]
SecDataDir set to: /var/asl/data/msa [PASS]
SecTmpDir set to: /tmp [PASS]
Checking rule class settings
RBL Ruleset: off [LOW]
Bogus Search Engine Ruleset: off [HIGH]
Autowhitelist Search Engine Ruleset: off [LOW]
Antievasion Ruleset: on [PASS]
Strict Multiform Ruleset: off [MODERATE]
Whitelist Ruleset: off [PASS]
Advanced Antievasion Ruleset: off [HIGH]
Custom Domain block Ruleset: off [PASS]
Slow Denial of Service Protection: on [PASS]
Exclude Ruleset: on [PASS]
Anti-Malware Ruleset: on [PASS]
Application Specific Rules: off [LOW]
Generic Attack Ruleset: on [PASS]
Advanced Attack Ruleset: on [PASS]
Data Loss Protection Ruleset: off [MODERATE]
Brute Force Protection Ruleset: on [PASS]
Malicious Useragents Ruleset: on [PASS]
Anti-Spam Ruleset: on [PASS]
Anti-Spam URI RBL Ruleset: off [LOW]
Rootkit Detection Ruleset: on [PASS]
Reconnaissance Attacks Ruleset: on [PASS]
Data Leak Prevention Ruleset: on [PASS]
Advanced Malware Removal Ruleset: off [MODERATE]
Just In Time Patches: on [PASS]
Basic Malware Removal Ruleset: on [PASS]
Malicious Output Detector: on [PASS]
Web Malware Upload Scanner: on [PASS]
Checking for disabled rules
Antievasion Ruleset: updated [PASS]
Slow Denial of Service Protection: updated [PASS]
Exclude Ruleset: updated [PASS]
Anti-Malware Ruleset: updated [PASS]
Generic Attack Ruleset: updated [PASS]
Advanced Attack Ruleset: updated [PASS]
Brute Force Protection Ruleset: updated [PASS]
Malicious Useragents Ruleset: updated [PASS]
Anti-Spam Ruleset: updated [PASS]
Rootkit Detection Ruleset: updated [PASS]
Reconnaissance Attacks Ruleset: updated [PASS]
Data Leak Prevention Ruleset: updated [PASS]
Just In Time Patches: updated [PASS]
Basic Malware Removal Ruleset: updated [PASS]
Malicious Output Detector: updated [PASS]
Web Malware Upload Scanner: updated [PASS]
Checking php settings
Checking for php installation: installed [PASS]
php set to: warn only [CRITICAL]
Enforce mail.add.xheader: enforced [PASS]
Disable URL fopen: not enforced [HIGH]
Disable URL include: not enforced [HIGH]
Disable expose_php: enforced [PASS]
Disable display_errors: not enforced [MODERATE]
Checking for High-Risk functions
Function curl_exec: enabled [HIGH]
Function curl_multi_exec: enabled [HIGH]
Function dl: enabled [HIGH]
Function exec: enabled [HIGH]
Function eval: enabled [HIGH]
Function fsockopen: enabled [HIGH]
Function ini_alter: enabled [HIGH]
Function ini_set: enabled [HIGH]
Function passthru: enabled [HIGH]
Function pcntl_exec: enabled [HIGH]
Function pfsockopen: enabled [HIGH]
Function popen: enabled [HIGH]
Function posix_kill: enabled [HIGH]
Function posix_mkfifo: enabled [HIGH]
Function posix_setuid: enabled [HIGH]
Function proc_close: enabled [HIGH]
Function proc_open: enabled [HIGH]
Function proc_terminate: enabled [HIGH]
Function shell_exec: enabled [HIGH]
Function system: enabled [HIGH]
Checking for Moderate-Risk functions
Function ftp_exec: enabled [MODERATE]
Function leak: enabled [MODERATE]
Function link: enabled [MODERATE]
Function posix_setpgid: enabled [MODERATE]
Function posix_setsid: enabled [MODERATE]
Function proc_get_status: enabled [MODERATE]
Function proc_nice: enabled [MODERATE]
Function show_source: enabled [MODERATE]
Function symlink: enabled [MODERATE]
Checking for Low-Risk functions
Function apache_child_terminate: enabled [LOW]
Function apache_setenv: enabled [LOW]
Function define_syslog_variables: enabled [LOW]
Function ftok: enabled [LOW]
Function escapeshellarg: allowed [LOW]
Function escapeshellcmd: enabled [LOW]
Function highlight_file: enabled [LOW]
Function ini_get_all: enabled [LOW]
Function openlog: enabled [LOW]
Function phpinfo: allowed [LOW]
Function posix_access: enabled [LOW]
Function posix_getpwuid: enabled [LOW]
Function posix_uname: enabled [LOW]
Function readlink: enabled [LOW]
Function syslog: enabled [LOW]
Checking executable stack flag on PHP extensions
/usr/lib64/php/ioncube/ioncube_loader_lin_5.4.so : [PASS]
Checking ossec-hids settings
Checking for ossec-hids installation: installed [PASS]
ossec-hids set to: enabled [PASS]
OSSEC is configured in server mode.
Checking for server installation: installed [PASS]
Enable email notification: enabled [PASS]
Notifications to address: imad.sani@bramerz.pk [PASS]
Notifications from address: asl@astra1615.startdedicate[PASS]
SMTP server: 127.0.0.1 [PASS]
Max email per hour setting: 1 [PASS]
Active Response: enabled [PASS]
Active Response timeout: 600 [PASS]
Verifying OSSEC whitelists
checking: 58.27.227.106 [PASS]
checking: 85.25.128.10 [PASS]
checking: 85.25.195.168 [PASS]
checking: 85.25.255.10 [PASS]
checking: 127.0.0.1/8 [PASS]
checking: 146.185.181.25 [PASS]
Excessive whitelists not detected: 4 [PASS]
Checking for monitored log files
/var/log/messages: monitored [PASS]
/var/log/secure: monitored [PASS]
/var/log/maillog: monitored [PASS]
/var/log/sw-cp-server/error_log: monitored [PASS]
/usr/local/psa/var/log/maillog: monitored [PASS]
/usr/local/psa/admin/logs/httpsd_access_log: monitore[PASS]
/var/log/tortixd/audit_log: monitored [PASS]
/var/log/httpd/audit_log: monitored [PASS]
/var/log/psa-horde/psa-horde.log: monitored [PASS]
/var/log/httpd/error_log: monitored [PASS]
/var/log/tortixd/asl_error_log: monitored [PASS]
/var/log/mysqld.log: monitored [PASS]
tortixd: Could not reliably determine the server's fully qualified domain name, using astra1615.startdedicated.net for ServerName
Reloading ossec-hids: [ OK ]
Checking rkhunter settings
Checking for rkhunter installation: installed [PASS]
rkhunter set to: enabled [PASS]
Notifications sent to: imad.sani@bramerz.pk [PASS]
SSH root login check: enabled [PASS]
Detected Plesk Environment
ftp_psa : enabled [PASS]
poppassd_psa : enabled [PASS]
Checking ssh settings
Enforce Protocol Version 2: enforced [PASS]
Strict modes enabled: enforced [PASS]
Ignore .rhosts: enforced [PASS]
Enforce Public Key authentication for users: enforced [PASS]
Checking Admin users
Valid Admin users detected: no [HIGH]
WARNING: SSH authentication will not be reconfigured at this time.
Disable Root Logins: no [HIGH]
Disable Password Authentication: no [HIGH]
Enable Privilege separation: enabled [PASS]
Disallow GSSAPIAuthentication: enforced [PASS]
Disallow GSSAPICleanupCredentials: enforced [PASS]
SSH Banner: /etc/asl/banner [PASS]
Enable UseDNS: enforced [PASS]
Allow empty passwords: allowed [PASS]
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
Checking httpd settings
Verify HTTP TRACE disabled: verified [PASS]
Verify SSLv2 disabled: verified [PASS]
SSL Heartbleed on 85.25.195.168: not detected [PASS]
Checking mod_evasive settings
Checking for mod_evasive installation: installed [PASS]
mod_evasive set to: enabled [PASS]
DOSHashTableSize set to: 4096 [PASS]
DOSPageCount set to: 10 [PASS]
DOSSiteCount set to: 400 [PASS]
DOSPageInterval set to: 4 [PASS]
DOSSiteInterval set to: 4 [PASS]
DOSBlockingPeriod set to: 25 [PASS]
checking: 58.27.227.106 [PASS]
checking: 85.25.128.10 [PASS]
checking: 85.25.195.168 [PASS]
checking: 85.25.255.10 [PASS]
checking: 127.*.*.* [PASS]
checking: 146.185.181.25 [FIXED]
Checking Mysql security settings
Mysql security policy set to: enforced [PASS]
Mysql Local LOAD DATA: disabled [PASS]
Mysql Log Errors: enabled [PASS]
Mysql Log authentication failures: enabled [PASS]
Mysql symbolic links : enabled [PASS]
Mysql query caching: enabled [PASS]
Restarting clamav, this could take a moment ...
Checking clamav settings
Checking for clamav installation: installed [PASS]
ClamAV set to: enabled [PASS]
Clamd listen address: 127.0.0.1 [PASS]
Clamd log to syslog: yes [PASS]
Clamav is in: application-only mode
Stopping Clam AntiVirus Daemon: [ OK ]
Starting Clam AntiVirus Daemon: [ OK ]
Checking psmon settings
Checking for psmon installation: installed [PASS]
psmon set to: enabled [PASS]
Notifications to: imad.sani@bramerz.pk [PASS]
From line set to: psmon@astra1615.startdedicated.net [PASS]
Checking System services monitored by psmon
clamd: monitored [PASS]
crond: monitored [PASS]
mysqld: monitored [PASS]
spamassassin: monitored [PASS]
sshd: monitored [PASS]
xinetd: monitored [PASS]
tortixd: monitored [PASS]
nginx: monitored [PASS]
ossec-dbd: monitored [PASS]
Stopping psmon: [ OK ]
Starting psmon: [ OK ]
Generating Report ...
complete
Updating rkhunter file properties databases...
[ Rootkit Hunter version 1.4.2 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ No update ]
Checking file i18n/tr.utf8 [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
[ Rootkit Hunter version 1.4.2 ]
File updated: searched for 169 files, found 141
Would you like to scan the system for malware now? (yes/no): [Default: yes] no
ASL Web installation is complete.
To access ASL Web, point your browser to https://85.25.195.168:30000 to log in.
Hit any key to continue
Please reboot your server to complete the installation process.