Re: piratage box sfr

Jean-Christophe Énée Thu, 06 Nov 2025 14:36:47 -0800

On Thu, 2025-11-06 at 23:04 +0100, Jean-Christophe Énée wrote:
> salut,
> je constate une activité suspect sur mon ip
> que faire ?


[1;37m[ Lynis 3.1.4 ][0m

#######################################################################
#########
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are
  welcome to redistribute it under the terms of the GNU General Public
License.
  See the LICENSE file for details about using this software.

  2007-2024, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and
tools)
#######################################################################
#########


[+] [1;33mInitializing program[0m
------------------------------------
[2C- Detecting OS... [41C [ [1;32mDONE[0m ]
[2C- Checking profiles...[37C [ [1;32mDONE[0m ]

  ---------------------------------------------------
  Program version:           3.1.4
  Operating system:          Linux
  Operating system name:     Debian
  Operating system version:  13
  Kernel version:            6.12.48+deb13
  Hardware platform:         x86_64
  Hostname:                  blues-softwares
  ---------------------------------------------------
  Profiles:                  /etc/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          /etc/lynis/plugins
  ---------------------------------------------------
  Auditor:                   [Not Specified]
  Language:                  en
  Test category:             all
  Test group:                all
  ---------------------------------------------------
[2C- Program update status... [32C [ [1;32mNO UPDATE[0m ]

[+] [1;33mSystem tools[0m
------------------------------------
[2C- Scanning available tools...[30C
[2C- Checking system binaries...[30C

[+] [1;35mPlugins (phase 1)[0m
------------------------------------
[0CNote: plugins have more extensive tests and may take several
minutes to complete[0C
[0C [0C
[2C- [0;36mPlugin[0m: [1;37mdebian[0m[21C
    [
[+] [1;33mDebian Tests[0m
------------------------------------
[2C- Checking for system binaries that are required by Debian
Tests...[0C
[4C- Checking /bin... [38C [ [1;32mFOUND[0m ]
[4C- Checking /sbin... [37C [ [1;32mFOUND[0m ]
[4C- Checking /usr/bin... [34C [ [1;32mFOUND[0m ]
[4C- Checking /usr/sbin... [33C [ [1;32mFOUND[0m ]
[4C- Checking /usr/local/bin... [28C [ [1;32mFOUND[0m ]
[4C- Checking /usr/local/sbin... [27C [ [1;32mFOUND[0m ]
[2C- Authentication:[42C
[4C- PAM (Pluggable Authentication Modules):[16C

  [30;43m[WARNING][0m: Test DEB-0001 had a long execution: 20.900934
seconds[0m

[6C- libpam-tmpdir[40C [ [1;31mNot Installed[0m ]
[2C- File System Checks:[38C
[4C- DM-Crypt, Cryptsetup & Cryptmount:[21C
[6C- Checking / on /dev/mapper/sda3_crypt[17C [ [1;32mENCRYPTED
(Type: LUKS2)[0m ]
[6C- Checking /boot on /dev/sda2[26C [ [1;37mNOT ENCRYPTED[0m ]
[6C- Checking /tmp on /dev/mapper/sda3_crypt[14C [ [1;32mENCRYPTED
(Type: LUKS2)[0m ]
[6C- Checking /home on /dev/mapper/sda3_crypt[13C [ [1;32mENCRYPTED
(Type: LUKS2)[0m ]
[6C- Checking /var on /dev/mapper/sda3_crypt[14C [ [1;32mENCRYPTED
(Type: LUKS2)[0m ]
[6C- Checking /boot/efi on /dev/sda1[22C [ [1;37mNOT ENCRYPTED[0m ]
[2C- Software:[48C
[4C- apt-listbugs[43C [ [1;31mNot Installed[0m ]
[4C- apt-listchanges[40C [ [1;32mInstalled and enabled for apt[0m ]
[4C- needrestart[44C [ [1;31mNot Installed[0m ]
[4C- fail2ban[47C [ [1;31mNot Installed[0m ]
]

[+] [1;33mBoot and services[0m
------------------------------------
[2C- Service Manager[42C [ [1;32msystemd[0m ]
[2C- Checking UEFI boot[39C [ [1;32mENABLED[0m ]
[2C- Checking Secure Boot[37C [ [1;32mENABLED[0m ]
[2C- Checking presence GRUB2[34C [ [1;32mFOUND[0m ]
[4C- Checking for password protection[23C [ [1;31mNONE[0m ]
[2C- Check running services (systemctl)[23C [ [1;32mDONE[0m ]
[8CResult: found 31 running services[20C
[2C- Check enabled services at boot (systemctl)[15C [ [1;32mDONE[0m
]
[8CResult: found 36 enabled services[20C
[2C- Check startup files (permissions)[24C [ [1;32mOK[0m ]
[2C- Running 'systemd-analyze security'[23C
[6CUnit name (exposure value) and predicate[15C
[6C--------------------------------[23C
[4C- ModemManager.service (value=6.3)[23C [ [1;37mMEDIUM[0m ]
[4C- NetworkManager.service (value=7.8)[21C [ [1;33mEXPOSED[0m ]
[4C- accounts-daemon.service (value=5.5)[20C [ [1;37mMEDIUM[0m ]
[4C- alsa-state.service (value=9.6)[25C [ [1;33mUNSAFE[0m ]
[4C- anacron.service (value=9.6)[28C [ [1;33mUNSAFE[0m ]
[4C- avahi-daemon.service (value=9.6)[23C [ [1;33mUNSAFE[0m ]
[4C- bluetooth.service (value=6.0)[26C [ [1;37mMEDIUM[0m ]
[4C- colord.service (value=3.5)[29C [ [1;32mPROTECTED[0m ]
[4C- cron.service (value=9.6)[31C [ [1;33mUNSAFE[0m ]
[4C- cups-browsed.service (value=9.6)[23C [ [1;33mUNSAFE[0m ]
[4C- cups.service (value=9.6)[31C [ [1;33mUNSAFE[0m ]
[4C- dbus.service (value=9.3)[31C [ [1;33mUNSAFE[0m ]
[4C- dm-event.service (value=9.5)[27C [ [1;33mUNSAFE[0m ]
[4C- emergency.service (value=9.5)[26C [ [1;33mUNSAFE[0m ]
[4C- fwupd.service (value=4.5)[30C [ [1;32mPROTECTED[0m ]
[4C- gdm.service (value=9.8)[32C [ [1;33mUNSAFE[0m ]
[4C- [email protected] (value=9.6)[25C [ [1;33mUNSAFE[0m ]
[4C- iscsid.service (value=9.5)[29C [ [1;33mUNSAFE[0m ]
[4C- libvirtd.service (value=9.6)[27C [ [1;33mUNSAFE[0m ]
[4C- low-memory-monitor.service (value=6.3)[17C [ [1;37mMEDIUM[0m ]
[4C- lvm2-lvmpolld.service (value=9.5)[22C [ [1;33mUNSAFE[0m ]
[4C- lynis.service (value=9.6)[30C [ [1;33mUNSAFE[0m ]
[4C- packagekit.service (value=9.6)[25C [ [1;33mUNSAFE[0m ]
[4C- plymouth-halt.service (value=9.5)[22C [ [1;33mUNSAFE[0m ]
[4C- plymouth-kexec.service (value=9.5)[21C [ [1;33mUNSAFE[0m ]
[4C- plymouth-poweroff.service (value=9.5)[18C [ [1;33mUNSAFE[0m ]
[4C- plymouth-reboot.service (value=9.5)[20C [ [1;33mUNSAFE[0m ]
[4C- plymouth-start.service (value=9.5)[21C [ [1;33mUNSAFE[0m ]
[4C- polkit.service (value=1.2)[29C [ [1;32mPROTECTED[0m ]
[4C- power-profiles-daemon.service (value=1.0)[14C [
[1;32mPROTECTED[0m ]
[4C- rc-local.service (value=9.6)[27C [ [1;33mUNSAFE[0m ]
[4C- rescue.service (value=9.5)[29C [ [1;33mUNSAFE[0m ]
[4C- rtkit-daemon.service (value=7.2)[23C [ [1;37mMEDIUM[0m ]
[4C- ssh.service (value=9.6)[32C [ [1;33mUNSAFE[0m ]
[4C- [email protected] (value=9.6)[19C [ [1;33mUNSAFE[0m ]
[4C- switcheroo-control.service (value=7.6)[17C [ [1;33mEXPOSED[0m
]
[4C- systemd-ask-password-console.service (value=9.4)[7C [
[1;33mUNSAFE[0m ]
[4C- systemd-ask-password-plymouth.service (value=9.5)[6C [
[1;33mUNSAFE[0m ]
[4C- systemd-ask-password-wall.service (value=9.4)[10C [
[1;33mUNSAFE[0m ]
[4C- systemd-bsod.service (value=9.5)[23C [ [1;33mUNSAFE[0m ]
[4C- systemd-hostnamed.service (value=1.7)[18C [ [1;32mPROTECTED[0m
]
[4C- systemd-importd.service (value=5.0)[20C [ [1;37mMEDIUM[0m ]
[4C- systemd-initctl.service (value=9.4)[20C [ [1;33mUNSAFE[0m ]
[4C- systemd-journald.service (value=4.9)[19C [ [1;32mPROTECTED[0m
]
[4C- systemd-logind.service (value=2.8)[21C [ [1;32mPROTECTED[0m ]
[4C- systemd-machined.service (value=6.2)[19C [ [1;37mMEDIUM[0m ]
[4C- systemd-networkd.service (value=2.9)[19C [ [1;32mPROTECTED[0m
]
[4C- systemd-rfkill.service (value=9.4)[21C [ [1;33mUNSAFE[0m ]
[4C- systemd-timesyncd.service (value=2.1)[18C [ [1;32mPROTECTED[0m
]
[4C- systemd-udevd.service (value=7.1)[22C [ [1;37mMEDIUM[0m ]
[4C- udisks2.service (value=9.6)[28C [ [1;33mUNSAFE[0m ]
[4C- upower.service (value=2.4)[29C [ [1;32mPROTECTED[0m ]
[4C- [email protected] (value=9.4)[26C [ [1;33mUNSAFE[0m ]
[4C- virtlockd.service (value=9.6)[26C [ [1;33mUNSAFE[0m ]
[4C- virtlogd.service (value=2.2)[27C [ [1;32mPROTECTED[0m ]
[4C- wpa_supplicant.service (value=9.6)[21C [ [1;33mUNSAFE[0m ]

[+] [1;33mKernel[0m
------------------------------------
[2C- Checking default runlevel[32C [ [1;32mrunlevel 5[0m ]
[2C- Checking CPU support (NX/PAE)[28C
[4CCPU support: PAE and/or NoeXecute supported[14C [ [1;32mFOUND[0m
]
[2C- Checking kernel version and release[22C [ [1;32mDONE[0m ]
[2C- Checking kernel type[37C [ [1;32mDONE[0m ]
[2C- Checking loaded kernel modules[27C [ [1;32mDONE[0m ]
[6CFound 211 active modules[31C
[2C- Checking Linux kernel configuration file[17C [ [1;32mFOUND[0m
]
[2C- Checking default I/O kernel scheduler[20C [ [1;37mNOT FOUND[0m
]
[2C- Checking for available kernel update[21C [ [1;32mOK[0m ]
[2C- Checking core dumps configuration[24C
[4C- configuration in systemd conf files[20C [ [1;37mDEFAULT[0m ]
[4C- configuration in /etc/profile[26C [ [1;37mDEFAULT[0m ]
[4C- 'hard' configuration in /etc/security/limits.conf[6C [
[1;31mENABLED[0m ]
[4C- 'soft' configuration in /etc/security/limits.conf[6C [
[1;32mDISABLED[0m ]
[4C- Checking setuid core dumps configuration[15C [
[1;32mDISABLED[0m ]
[2C- Check if reboot is needed[32C [ [1;32mNO[0m ]

[+] [1;33mMemory and Processes[0m
------------------------------------
[2C- Checking /proc/meminfo[35C [ [1;32mFOUND[0m ]
[2C- Searching for dead/zombie processes[22C [ [1;32mNOT FOUND[0m ]
[2C- Searching for IO waiting processes[23C [ [1;32mNOT FOUND[0m ]
[2C- Search prelink tooling[35C [ [1;32mNOT FOUND[0m ]

[+] [1;33mUsers, Groups and Authentication[0m
------------------------------------
[2C- Administrator accounts[35C [ [1;32mOK[0m ]
[2C- Unique UIDs[46C [ [1;32mOK[0m ]
[2C- Consistency of group files (grpck)[23C [ [1;31mWARNING[0m ]
[2C- Unique group IDs[41C [ [1;32mOK[0m ]
[2C- Unique group names[39C [ [1;32mOK[0m ]
[2C- Password file consistency[32C [ [1;32mOK[0m ]
[2C- Password hashing methods[33C [ [1;32mOK[0m ]
[2C- Checking password hashing rounds[25C [ [1;33mDISABLED[0m ]
[2C- Query system users (non daemons)[25C [ [1;32mDONE[0m ]
[2C- NIS+ authentication support[30C [ [1;37mNOT ENABLED[0m ]
[2C- NIS authentication support[31C [ [1;37mNOT ENABLED[0m ]
[2C- Sudoers file(s)[42C [ [1;32mFOUND[0m ]
[4C- Permissions for directory: /etc/sudoers.d[14C [
[1;31mWARNING[0m ]
[4C- Permissions for: /etc/sudoers[26C [ [1;32mOK[0m ]
[4C- Permissions for: /etc/sudoers.d/README[17C [ [1;32mOK[0m ]
[2C- PAM password strength tools[30C [ [1;33mSUGGESTION[0m ]
[2C- PAM configuration files (pam.conf)[23C [ [1;32mFOUND[0m ]
[2C- PAM configuration files (pam.d)[26C [ [1;32mFOUND[0m ]
[2C- PAM modules[46C [ [1;32mFOUND[0m ]
[2C- LDAP module in PAM[39C [ [1;37mNOT FOUND[0m ]
[2C- Accounts without expire date[29C [ [1;33mSUGGESTION[0m ]
[2C- Accounts without password[32C [ [1;32mOK[0m ]
[2C- Locked accounts[42C [ [1;31mFOUND[0m ]
[2C- Checking user password aging (minimum)[19C [ [1;33mDISABLED[0m
]
[2C- User password aging (maximum)[28C [ [1;33mDISABLED[0m ]
[2C- Checking expired passwords[31C [ [1;32mOK[0m ]
[2C- Checking Linux single user mode authentication[11C [
[1;32mOK[0m ]
[2C- Determining default umask[32C
[4C- umask (/etc/profile)[35C [ [1;33mNOT FOUND[0m ]
[4C- umask (/etc/login.defs)[32C [ [1;33mSUGGESTION[0m ]
[2C- LDAP authentication support[30C [ [1;37mNOT ENABLED[0m ]
[2C- Logging failed login attempts[28C [ [1;33mDISABLED[0m ]

[+] [1;33mKerberos[0m
------------------------------------
[2C- Check for Kerberos KDC and principals[20C [ [1;37mNOT FOUND[0m
]

[+] [1;33mShells[0m
------------------------------------
[2C- Checking shells from /etc/shells[25C
[4CResult: found 7 shells (valid shells: 7).[16C
[4C- Session timeout settings/tools[25C [ [1;33mNONE[0m ]
[2C- Checking default umask values[28C
[4C- Checking default umask in /etc/bash.bashrc[13C [ [1;33mNONE[0m
]
[4C- Checking default umask in /etc/profile[17C [ [1;33mNONE[0m ]

[+] [1;33mFile systems[0m
------------------------------------
[2C- Checking mount points[36C
[4C- Checking /home mount point[29C [ [1;32mOK[0m ]
[4C- Checking /tmp mount point[30C [ [1;32mOK[0m ]
[4C- Checking /var mount point[30C [ [1;32mOK[0m ]
[2C- Checking LVM volume groups[31C [ [1;32mFOUND[0m ]
[4C- Checking LVM volumes[35C [ [1;32mFOUND[0m ]
[2C- Query swap partitions (fstab)[28C [ [1;32mOK[0m ]
[2C- Testing swap partitions[34C [ [1;32mOK[0m ]
[2C- Testing /proc mount (hidepid)[28C [ [1;33mSUGGESTION[0m ]
[2C- Checking for old files in /tmp[27C [ [1;32mOK[0m ]
[2C- Checking /tmp sticky bit[33C [ [1;32mOK[0m ]
[2C- Checking /var/tmp sticky bit[29C [ [1;32mOK[0m ]
[2C- ACL support root file system[29C [ [1;32mENABLED[0m ]
[2C- Mount options of /[39C [ [1;33mNON DEFAULT[0m ]
[2C- Mount options of /boot[35C [ [1;33mDEFAULT[0m ]
[2C- Mount options of /dev[36C [ [1;33mPARTIALLY HARDENED[0m ]
[2C- Mount options of /dev/shm[32C [ [1;33mPARTIALLY HARDENED[0m ]
[2C- Mount options of /home[35C [ [1;33mDEFAULT[0m ]
[2C- Mount options of /run[36C [ [1;32mHARDENED[0m ]
[2C- Mount options of /tmp[36C [ [1;33mDEFAULT[0m ]
[2C- Mount options of /var[36C [ [1;33mDEFAULT[0m ]
[2C- Total without nodev:9 noexec:13 nosuid:7 ro or noexec (W^X): 13
of total 31[0C
[2C- Disable kernel support of some filesystems[15C

[+] [1;33mUSB Devices[0m
------------------------------------
[2C- Checking usb-storage driver (modprobe config)[12C [ [1;37mNOT
DISABLED[0m ]
[2C- Checking USB devices authorization[23C [ [1;33mENABLED[0m ]
[2C- Checking USBGuard[40C [ [1;37mNOT FOUND[0m ]

[+] [1;33mStorage[0m
------------------------------------
[2C- Checking firewire ohci driver (modprobe config)[10C [ [1;37mNOT
DISABLED[0m ]

[+] [1;33mNFS[0m
------------------------------------
[2C- Check running NFS daemon[33C [ [1;37mNOT FOUND[0m ]

[+] [1;33mName services[0m
------------------------------------
[2C- Searching DNS domain name[32C [ [1;32mFOUND[0m ]
[6CDomain name: net[39C
[2C- Checking /etc/hosts[38C
[4C- Duplicate entries in hosts file[24C [ [1;32mNONE[0m ]
[4C- Presence of configured hostname in /etc/hosts[10C [
[1;32mFOUND[0m ]
[4C- Hostname mapped to localhost[27C [ [1;32mNOT FOUND[0m ]
[4C- Localhost mapping to IP address[24C [ [1;32mOK[0m ]

[+] [1;33mPorts and packages[0m
------------------------------------
[2C- Searching package managers[31C
[4C- Searching dpkg package manager[25C [ [1;32mFOUND[0m ]
[6C- Querying package manager[29C

  [30;43m[WARNING][0m: Test PKGS-7345 had a long execution: 20.781955
seconds[0m

[4C- Query unpurged packages[32C [ [1;32mNONE[0m ]
[2C- Checking security repository in sources.list file[8C [
[1;32mOK[0m ]
[2C- Checking APT package database[28C [ [1;32mOK[0m ]
[2C- Checking vulnerable packages (apt-get only)[14C [
[1;32mDONE[0m ]
[2C- Checking upgradeable packages[28C [ [1;37mSKIPPED[0m ]
[2C- Checking package audit tool[30C [ [1;32mINSTALLED[0m ]
[4CFound: apt-get[43C
[2C- Toolkit for automatic upgrades[27C [ [1;33mNOT FOUND[0m ]

[+] [1;33mNetworking[0m
------------------------------------
[2C- Checking IPv6 configuration[30C [ [1;37mENABLED[0m ]
[6CConfiguration method[35C [ [1;37mAUTO[0m ]
[6CIPv6 only[46C [ [1;37mNO[0m ]
[2C- Checking configured nameservers[26C
[4C- Testing nameservers[36C
[8CNameserver: 192.168.1.1[30C [ [1;32mOK[0m ]
[8CNameserver: 2a02:842a:1016:ac01:b2b3:69ff:fe9c:c13e[2C [
[1;32mOK[0m ]
[4C- Minimal of 2 responsive nameservers[20C [ [1;32mOK[0m ]
[2C- Checking default gateway[33C [ [1;32mDONE[0m ]
[2C- Getting listening ports (TCP/UDP)[24C [ [1;32mDONE[0m ]
[2C- Checking promiscuous interfaces[26C [ [1;32mOK[0m ]
[2C- Checking waiting connections[29C [ [1;32mOK[0m ]
[2C- Checking status DHCP client[30C [ [1;37mNOT ACTIVE[0m ]
[2C- Checking for ARP monitoring software[21C [ [1;33mNOT FOUND[0m
]
[2C- Uncommon network protocols[31C [ [1;33m0[0m ]

[+] [1;33mPrinters and Spools[0m
------------------------------------
[2C- Checking cups daemon[37C [ [1;32mRUNNING[0m ]
[2C- Checking CUPS configuration file[25C [ [1;32mOK[0m ]
[4C- File permissions[39C [ [1;31mWARNING[0m ]
[2C- Checking CUPS addresses/sockets[26C [ [1;32mFOUND[0m ]
[2C- Checking lp daemon[39C [ [1;37mNOT RUNNING[0m ]

[+] [1;33mSoftware: e-mail and messaging[0m
------------------------------------

[+] [1;33mSoftware: firewalls[0m
------------------------------------
[2C- Checking iptables kernel module[26C [ [1;32mFOUND[0m ]
[4C- Checking iptables policies of chains[19C [ [1;32mFOUND[0m ]
[6C- Chain INPUT (table: filter, target: ACCEPT)[10C [
[1;33mACCEPT[0m ]
[6C- Chain INPUT (table: security, target: ACCEPT)[8C [
[1;33mACCEPT[0m ]
[4C- Checking for empty ruleset[29C [ [1;32mOK[0m ]
[4C- Checking for unused rules[30C [ [1;33mFOUND[0m ]
[2C- Checking host based firewall[29C [ [1;32mACTIVE[0m ]

[+] [1;33mSoftware: webserver[0m
------------------------------------
[2C- Checking Apache (binary /usr/sbin/apache2)[15C [
[1;32mFOUND[0m ]
[6C[Notice] possible directory/file parts found, but still unsure what
the real configuration file is. Skipping some Apache related tests[0C

=================================================================

  [1;31mException found![0m

  Function/test:  [HTTP-6624:1]
  Message:        [1;37mFound some unknown directory or file
references in Apache configuration[0m

  Help improving the Lynis community with your feedback!

  Steps:
  - Ensure you are running the latest version (/usr/sbin/lynis update
check)
  - If so, create a GitHub issue at https://github.com/CISOfy/lynis
  - Include relevant parts of the log file or configuration file

  Thanks!

=================================================================

[6CInfo: No virtual hosts found[27C
[4C* Loadable modules[39C [ [1;32mFOUND (119)[0m ]
[8C- Found 119 loadable modules[25C
[10Cmod_evasive: anti-DoS/brute force[18C [ [1;37mNOT FOUND[0m ]
[10Cmod_reqtimeout/mod_qos[29C [ [1;32mFOUND[0m ]
[10CModSecurity: web application firewall[14C [ [1;37mNOT FOUND[0m
]
[2C- Checking TraceEnable setting in:[25C
[4C  /etc/apache2/conf-available/javascript-common.conf[5C [
[1;37mNOT FOUND[0m ]
[4C  /etc/apache2/mods-available/dnssd.conf[17C [ [1;37mNOT
FOUND[0m ]
[2C- Checking nginx[43C [ [1;37mNOT FOUND[0m ]

[+] [1;33mSSH Support[0m
------------------------------------
[2C- Checking running SSH daemon[30C [ [1;32mFOUND[0m ]
[4C- Searching SSH configuration[28C [ [1;32mFOUND[0m ]
[4C- OpenSSH option: AllowTcpForwarding[21C [ [1;33mSUGGESTION[0m ]
[4C- OpenSSH option: ClientAliveCountMax[20C [ [1;33mSUGGESTION[0m
]
[4C- OpenSSH option: ClientAliveInterval[20C [ [1;32mOK[0m ]
[4C- OpenSSH option: FingerprintHash[24C [ [1;32mOK[0m ]
[4C- OpenSSH option: GatewayPorts[27C [ [1;32mOK[0m ]
[4C- OpenSSH option: IgnoreRhosts[27C [ [1;32mOK[0m ]
[4C- OpenSSH option: LoginGraceTime[25C [ [1;32mOK[0m ]
[4C- OpenSSH option: LogLevel[31C [ [1;33mSUGGESTION[0m ]
[4C- OpenSSH option: MaxAuthTries[27C [ [1;33mSUGGESTION[0m ]
[4C- OpenSSH option: MaxSessions[28C [ [1;33mSUGGESTION[0m ]
[4C- OpenSSH option: PermitRootLogin[24C [ [1;32mOK[0m ]
[4C- OpenSSH option: PermitUserEnvironment[18C [ [1;32mOK[0m ]
[4C- OpenSSH option: PermitTunnel[27C [ [1;32mOK[0m ]
[4C- OpenSSH option: Port[35C [ [1;33mSUGGESTION[0m ]
[4C- OpenSSH option: PrintLastLog[27C [ [1;32mOK[0m ]
[4C- OpenSSH option: StrictModes[28C [ [1;32mOK[0m ]
[4C- OpenSSH option: TCPKeepAlive[27C [ [1;33mSUGGESTION[0m ]
[4C- OpenSSH option: UseDNS[33C [ [1;32mOK[0m ]
[4C- OpenSSH option: X11Forwarding[26C [ [1;33mSUGGESTION[0m ]
[4C- OpenSSH option: AllowAgentForwarding[19C [ [1;33mSUGGESTION[0m
]
[4C- OpenSSH option: AllowUsers[29C [ [1;37mNOT FOUND[0m ]
[4C- OpenSSH option: AllowGroups[28C [ [1;37mNOT FOUND[0m ]

[+] [1;33mSNMP Support[0m
------------------------------------
[2C- Checking running SNMP daemon[29C [ [1;37mNOT FOUND[0m ]

[+] [1;33mDatabases[0m
------------------------------------
[4CNo database engines found[32C

[+] [1;33mLDAP Services[0m
------------------------------------
[2C- Checking OpenLDAP instance[31C [ [1;37mNOT FOUND[0m ]

[+] [1;33mPHP[0m
------------------------------------
[2C- Checking PHP[45C [ [1;37mNOT FOUND[0m ]

[+] [1;33mSquid Support[0m
------------------------------------
[2C- Checking running Squid daemon[28C [ [1;37mNOT FOUND[0m ]

[+] [1;33mLogging and files[0m
------------------------------------
[2C- Checking for a running log daemon[24C [ [1;32mOK[0m ]
[4C- Checking Syslog-NG status[30C [ [1;37mNOT FOUND[0m ]
[4C- Checking systemd journal status[24C [ [1;32mFOUND[0m ]
[4C- Checking Metalog status[32C [ [1;37mNOT FOUND[0m ]
[4C- Checking RSyslog status[32C [ [1;37mNOT FOUND[0m ]
[4C- Checking RFC 3195 daemon status[24C [ [1;37mNOT FOUND[0m ]
[4C- Checking minilogd instances[28C [ [1;37mNOT FOUND[0m ]
[4C- Checking wazuh-agent daemon status[21C [ [1;37mNOT FOUND[0m ]
[2C- Checking logrotate presence[30C [ [1;32mOK[0m ]
[2C- Checking remote logging[34C [ [1;33mNOT ENABLED[0m ]
[2C- Checking log directories (static list)[19C [ [1;32mDONE[0m ]
[2C- Checking open log files[34C [ [1;32mDONE[0m ]
[2C- Checking deleted files in use[28C [ [1;33mFILES FOUND[0m ]

[+] [1;33mInsecure services[0m
------------------------------------
[2C- Installed inetd package[34C [ [1;32mNOT FOUND[0m ]
[2C- Installed xinetd package[33C [ [1;32mOK[0m ]
[4C- xinetd status[42C [ [1;32mNOT ACTIVE[0m ]
[2C- Installed rsh client package[29C [ [1;32mOK[0m ]
[2C- Installed rsh server package[29C [ [1;32mOK[0m ]
[2C- Installed telnet client package[26C [ [1;32mOK[0m ]
[2C- Installed telnet server package[26C [ [1;32mNOT FOUND[0m ]
[2C- Checking NIS client installation[25C [ [1;32mOK[0m ]
[2C- Checking NIS server installation[25C [ [1;32mOK[0m ]
[2C- Checking TFTP client installation[24C [ [1;32mOK[0m ]
[2C- Checking TFTP server installation[24C [ [1;32mOK[0m ]

[+] [1;33mBanners and identification[0m
------------------------------------
[2C- /etc/issue[47C [ [1;32mFOUND[0m ]
[4C- /etc/issue contents[36C [ [1;33mWEAK[0m ]
[2C- /etc/issue.net[43C [ [1;32mFOUND[0m ]
[4C- /etc/issue.net contents[32C [ [1;33mWEAK[0m ]

[+] [1;33mScheduled tasks[0m
------------------------------------
[2C- Checking crontab and cronjob files[23C [ [1;32mDONE[0m ]

[+] [1;33mAccounting[0m
------------------------------------
[2C- Checking accounting information[26C [ [1;33mNOT FOUND[0m ]
[2C- Checking sysstat accounting data[25C [ [1;33mNOT FOUND[0m ]
[2C- Checking auditd[42C [ [1;37mNOT FOUND[0m ]

[+] [1;33mTime and Synchronization[0m
------------------------------------
[2C- NTP daemon found: systemd (timesyncd)[20C [ [1;32mFOUND[0m ]
[2C- Checking for a running NTP daemon or client[14C [ [1;32mOK[0m
]
[2C- Last time synchronization[32C [ [1;32m461s[0m ]

[+] [1;33mCryptography[0m
------------------------------------
[2C- Checking for expired SSL certificates [0/154][12C [
[1;32mNONE[0m ]

  [30;43m[WARNING][0m: Test CRYP-7902 had a long execution: 28.958525
seconds[0m

[2C- Found 1 LUKS encrypted block devices.[20C [ [1;37mOK[0m ]
[2C- Found 0 encrypted and 1 unencrypted swap devices in use.[1C [
[1;37mOK[0m ]
[2C- Kernel entropy is sufficient[29C [ [1;32mYES[0m ]
[2C- HW RNG & rngd[44C [ [1;33mNO[0m ]
[2C- SW prng[50C [ [1;33mNO[0m ]
[2CMOR-bit set[48C [ [1;32mYES[0m ]

[+] [1;33mVirtualization[0m
------------------------------------

[+] [1;33mContainers[0m
------------------------------------

[+] [1;33mSecurity frameworks[0m
------------------------------------
[2C- Checking presence AppArmor[31C [ [1;32mFOUND[0m ]
[4C- Checking AppArmor status[31C [ [1;32mENABLED[0m ]
[8CFound 122 unconfined processes[23C
[2C- Checking presence SELinux[32C [ [1;37mNOT FOUND[0m ]
[2C- Checking presence TOMOYO Linux[27C [ [1;37mNOT FOUND[0m ]
[2C- Checking presence grsecurity[29C [ [1;37mNOT FOUND[0m ]
[2C- Checking for implemented MAC framework[19C [ [1;32mOK[0m ]

[+] [1;33mSoftware: file integrity[0m
------------------------------------
[2C- Checking file integrity tools[28C
[2C- dm-integrity (status)[36C [ [1;37mDISABLED[0m ]
[2C- dm-verity (status)[39C [ [1;37mDISABLED[0m ]
[2C- Checking presence integrity tool[25C [ [1;33mNOT FOUND[0m ]

[+] [1;33mSoftware: System tooling[0m
------------------------------------
[2C- Checking automation tooling[30C
[2C- Automation tooling[39C [ [1;33mNOT FOUND[0m ]
[2C- Checking for IDS/IPS tooling[29C [ [1;33mNONE[0m ]

[+] [1;33mSoftware: Malware[0m
------------------------------------
[2C- Malware software components[30C [ [1;33mNOT FOUND[0m ]

[+] [1;33mFile Permissions[0m
------------------------------------
[2C- Starting file permissions check[26C
[4CFile: /boot/grub/grub.cfg[32C [ [1;32mOK[0m ]
[4CFile: /etc/crontab[39C [ [1;33mSUGGESTION[0m ]
[4CFile: /etc/group[41C [ [1;32mOK[0m ]
[4CFile: /etc/group-[40C [ [1;32mOK[0m ]
[4CFile: /etc/hosts.allow[35C [ [1;32mOK[0m ]
[4CFile: /etc/hosts.deny[36C [ [1;32mOK[0m ]
[4CFile: /etc/issue[41C [ [1;32mOK[0m ]
[4CFile: /etc/issue.net[37C [ [1;32mOK[0m ]
[4CFile: /etc/motd[42C [ [1;32mOK[0m ]
[4CFile: /etc/passwd[40C [ [1;32mOK[0m ]
[4CFile: /etc/passwd-[39C [ [1;32mOK[0m ]
[4CFile: /etc/ssh/sshd_config[31C [ [1;33mSUGGESTION[0m ]
[4CDirectory: /root/.ssh[36C [ [1;32mOK[0m ]
[4CDirectory: /etc/cron.d[35C [ [1;33mSUGGESTION[0m ]
[4CDirectory: /etc/cron.daily[31C [ [1;33mSUGGESTION[0m ]
[4CDirectory: /etc/cron.hourly[30C [ [1;33mSUGGESTION[0m ]
[4CDirectory: /etc/cron.weekly[30C [ [1;33mSUGGESTION[0m ]
[4CDirectory: /etc/cron.monthly[29C [ [1;33mSUGGESTION[0m ]

[+] [1;33mHome directories[0m
------------------------------------
[2C- Permissions of home directories[26C [ [1;32mOK[0m ]
[2C- Ownership of home directories[28C [ [1;32mOK[0m ]
[2C- Checking shell history files[29C [ [1;32mOK[0m ]

[+] [1;33mKernel Hardening[0m
------------------------------------
[2C- Comparing sysctl key pairs with scan profile[13C
[4C- dev.tty.ldisc_autoload (exp: 0)[24C [ [1;31mDIFFERENT[0m ]
[4C- fs.protected_fifos (exp: 2)[28C [ [1;31mDIFFERENT[0m ]
[4C- fs.protected_hardlinks (exp: 1)[24C [ [1;32mOK[0m ]
[4C- fs.protected_regular (exp: 2)[26C [ [1;32mOK[0m ]
[4C- fs.protected_symlinks (exp: 1)[25C [ [1;32mOK[0m ]
[4C- fs.suid_dumpable (exp: 0)[30C [ [1;32mOK[0m ]
[4C- kernel.core_uses_pid (exp: 1)[26C [ [1;32mOK[0m ]
[4C- kernel.ctrl-alt-del (exp: 0)[27C [ [1;32mOK[0m ]
[4C- kernel.dmesg_restrict (exp: 1)[25C [ [1;32mOK[0m ]
[4C- kernel.kptr_restrict (exp: 2)[26C [ [1;31mDIFFERENT[0m ]
[4C- kernel.modules_disabled (exp: 1)[23C [ [1;31mDIFFERENT[0m ]
[4C- kernel.perf_event_paranoid (exp: 2 3 4)[16C [ [1;32mOK[0m ]
[4C- kernel.randomize_va_space (exp: 2)[21C [ [1;32mOK[0m ]
[4C- kernel.sysrq (exp: 0)[34C [ [1;31mDIFFERENT[0m ]
[4C- kernel.unprivileged_bpf_disabled (exp: 1)[14C [
[1;31mDIFFERENT[0m ]
[4C- kernel.yama.ptrace_scope (exp: 1 2 3)[18C [ [1;31mDIFFERENT[0m
]
[4C- net.core.bpf_jit_harden (exp: 2)[23C [ [1;31mDIFFERENT[0m ]
[4C- net.ipv4.conf.all.accept_redirects (exp: 0)[12C [ [1;32mOK[0m
]
[4C- net.ipv4.conf.all.accept_source_route (exp: 0)[9C [
[1;32mOK[0m ]
[4C- net.ipv4.conf.all.bootp_relay (exp: 0)[17C [ [1;32mOK[0m ]
[4C- net.ipv4.conf.all.forwarding (exp: 0)[18C [ [1;31mDIFFERENT[0m
]
[4C- net.ipv4.conf.all.log_martians (exp: 1)[16C [
[1;31mDIFFERENT[0m ]
[4C- net.ipv4.conf.all.mc_forwarding (exp: 0)[15C [ [1;32mOK[0m ]
[4C- net.ipv4.conf.all.proxy_arp (exp: 0)[19C [ [1;32mOK[0m ]
[4C- net.ipv4.conf.all.rp_filter (exp: 1)[19C [ [1;31mDIFFERENT[0m
]
[4C- net.ipv4.conf.all.send_redirects (exp: 0)[14C [
[1;31mDIFFERENT[0m ]
[4C- net.ipv4.conf.default.accept_redirects (exp: 0)[8C [
[1;31mDIFFERENT[0m ]
[4C- net.ipv4.conf.default.accept_source_route (exp: 0)[5C [
[1;32mOK[0m ]
[4C- net.ipv4.conf.default.log_martians (exp: 1)[12C [
[1;31mDIFFERENT[0m ]
[4C- net.ipv4.icmp_echo_ignore_broadcasts (exp: 1)[10C [
[1;32mOK[0m ]
[4C- net.ipv4.icmp_ignore_bogus_error_responses (exp: 1)[4C [
[1;32mOK[0m ]
[4C- net.ipv4.tcp_syncookies (exp: 1)[23C [ [1;32mOK[0m ]
[4C- net.ipv4.tcp_timestamps (exp: 0 1)[21C [ [1;32mOK[0m ]
[4C- net.ipv6.conf.all.accept_redirects (exp: 0)[12C [
[1;31mDIFFERENT[0m ]
[4C- net.ipv6.conf.all.accept_source_route (exp: 0)[9C [
[1;32mOK[0m ]
[4C- net.ipv6.conf.default.accept_redirects (exp: 0)[8C [
[1;31mDIFFERENT[0m ]
[4C- net.ipv6.conf.default.accept_source_route (exp: 0)[5C [
[1;32mOK[0m ]

[+] [1;33mHardening[0m
------------------------------------
[4C- Installed compiler(s)[34C [ [1;31mFOUND[0m ]
[4C- Installed malware scanner[30C [ [1;31mNOT FOUND[0m ]
[4C- Non-native binary formats[30C [ [1;31mFOUND[0m ]

[+] [1;33mCustom tests[0m
------------------------------------
[2C- Running custom tests... [33C [ [1;37mNONE[0m ]

[+] [1;35mPlugins (phase 2)[0m
------------------------------------

=======================================================================
=========

  -[ [1;37mLynis 3.1.4 Results[0m ]-

  [1;31mWarnings[0m (1):
  [1;37m----------------------------[0m
  [1;31m![0m grpck binary found errors in one or more group files
[AUTH-9216] 
      https://cisofy.com/lynis/controls/AUTH-9216/

  [1;33mSuggestions[0m (50):
  [1;37m----------------------------[0m
  [1;33m*[0m This release is more than 4 months old. Check the
website or GitHub to see if there is an update available. [LYNIS] 
    - Related resources
      * Website: [0;37mhttps://cisofy.com/lynis/controls/LYNIS/[0m

  [1;33m*[0m Install libpam-tmpdir to set $TMP and $TMPDIR for PAM
sessions [DEB-0280] 
    - Related resources
      * Website: [0;37mhttps://cisofy.com/lynis/controls/DEB-0280/[0m

  [1;33m*[0m Install apt-listbugs to display a list of critical bugs
prior to each APT installation. [DEB-0810] 
    - Related resources
      * Website: [0;37mhttps://cisofy.com/lynis/controls/DEB-0810/[0m

  [1;33m*[0m Install needrestart, alternatively to debian-goodies, so
that you can run needrestart after upgrades to determine which daemons
are using old versions of libraries and need restarting. [DEB-0831] 
    - Related resources
      * Website: [0;37mhttps://cisofy.com/lynis/controls/DEB-0831/[0m

  [1;33m*[0m Install fail2ban to automatically ban hosts that commit
multiple authentication errors. [DEB-0880] 
    - Related resources
      * Website: [0;37mhttps://cisofy.com/lynis/controls/DEB-0880/[0m

  [1;33m*[0m Set a password on GRUB boot loader to prevent altering
boot configuration (e.g. boot in single user mode without password)
[BOOT-5122] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/BOOT-5122/[0m

  [1;33m*[0m Determine runlevel and services at startup [BOOT-5180] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/BOOT-5180/[0m

  [1;33m*[0m Consider hardening system services [BOOT-5264] 
    - Details  : [0;36mRun '/usr/bin/systemd-analyze security SERVICE'
for each service[0m
    - Related resources
      * Article: [0;36mSystemd features to secure service files[0m:
https://linux-audit.com/systemd/systemd-features-to-secure-units-and-services/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/BOOT-5264/[0m

  [1;33m*[0m Configure password hashing rounds in /etc/login.defs
[AUTH-9230] 
    - Related resources
      * Article: [0;36mLinux password security: hashing rounds[0m:
https://linux-audit.com/authentication/configure-the-minimum-password-length-on-linux-systems/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/AUTH-9230/[0m

  [1;33m*[0m Install a PAM module for password strength testing like
pam_cracklib or pam_passwdqc or libpam-passwdqc [AUTH-9262] 
    - Related resources
      * Article: [0;36mConfigure minimum password length for Linux
systems[0m:
https://linux-audit.com/configure-the-minimum-password-length-on-linux-systems/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/AUTH-9262/[0m

  [1;33m*[0m When possible set expire dates for all password
protected accounts [AUTH-9282] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/AUTH-9282/[0m

  [1;33m*[0m Look at the locked accounts and consider removing them
[AUTH-9284] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/AUTH-9284/[0m

  [1;33m*[0m Configure minimum password age in /etc/login.defs [AUTH-
9286] 
    - Related resources
      * Article: [0;36mConfigure minimum password length for Linux
systems[0m:
https://linux-audit.com/configure-the-minimum-password-length-on-linux-systems/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/AUTH-9286/[0m

  [1;33m*[0m Configure maximum password age in /etc/login.defs [AUTH-
9286] 
    - Related resources
      * Article: [0;36mConfigure minimum password length for Linux
systems[0m:
https://linux-audit.com/configure-the-minimum-password-length-on-linux-systems/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/AUTH-9286/[0m

  [1;33m*[0m Default umask in /etc/login.defs could not be found and
defaults usually to 022, which could be more strict like 027 [AUTH-
9328] 
    - Related resources
      * Article: [0;36mSet default file permissions on Linux with
umask[0m:
https://linux-audit.com/filesystems/file-permissions/set-default-file-permissions-with-umask/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/AUTH-9328/[0m

  [1;33m*[0m Disable drivers like USB storage when not used, to
prevent unauthorized storage or data theft [USB-1000] 
    - Related resources
      * Website: [0;37mhttps://cisofy.com/lynis/controls/USB-1000/[0m

  [1;33m*[0m Disable drivers like firewire storage when not used, to
prevent unauthorized storage or data theft [STRG-1846] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/STRG-1846/[0m

  [1;33m*[0m Install debsums utility for the verification of packages
with known good database. [PKGS-7370] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/PKGS-7370/[0m

  [1;33m*[0m Install package apt-show-versions for patch management
purposes [PKGS-7394] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/PKGS-7394/[0m

  [1;33m*[0m Consider using a tool to automatically apply upgrades
[PKGS-7420] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/PKGS-7420/[0m

  [1;33m*[0m Determine if protocol 'dccp' is really needed on this
system [NETW-3200] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/NETW-3200/[0m

  [1;33m*[0m Determine if protocol 'sctp' is really needed on this
system [NETW-3200] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/NETW-3200/[0m

  [1;33m*[0m Determine if protocol 'rds' is really needed on this
system [NETW-3200] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/NETW-3200/[0m

  [1;33m*[0m Determine if protocol 'tipc' is really needed on this
system [NETW-3200] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/NETW-3200/[0m

  [1;33m*[0m Access to CUPS configuration could be more strict.
[PRNT-2307] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/PRNT-2307/[0m

  [1;33m*[0m Check iptables rules to see which rules are currently
not used [FIRE-4513] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/FIRE-4513/[0m

  [1;33m*[0m Install Apache mod_evasive to guard webserver against
DoS/brute force attempts [HTTP-6640] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/HTTP-6640/[0m

  [1;33m*[0m Install Apache modsecurity to guard webserver against
web application attacks [HTTP-6643] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/HTTP-6643/[0m

  [1;33m*[0m Consider hardening SSH configuration [SSH-7408] 
    - Details  : [0;36mAllowTcpForwarding (set YES to NO)[0m
    - Related resources
      * Article: [0;36mOpenSSH security and hardening[0m:
https://linux-audit.com/ssh/audit-and-harden-your-ssh-configuration/
      * Website: [0;37mhttps://cisofy.com/lynis/controls/SSH-7408/[0m

  [1;33m*[0m Consider hardening SSH configuration [SSH-7408] 
    - Details  : [0;36mClientAliveCountMax (set 3 to 2)[0m
    - Related resources
      * Article: [0;36mOpenSSH security and hardening[0m:
https://linux-audit.com/ssh/audit-and-harden-your-ssh-configuration/
      * Website: [0;37mhttps://cisofy.com/lynis/controls/SSH-7408/[0m

  [1;33m*[0m Consider hardening SSH configuration [SSH-7408] 
    - Details  : [0;36mLogLevel (set INFO to VERBOSE)[0m
    - Related resources
      * Article: [0;36mOpenSSH security and hardening[0m:
https://linux-audit.com/ssh/audit-and-harden-your-ssh-configuration/
      * Website: [0;37mhttps://cisofy.com/lynis/controls/SSH-7408/[0m

  [1;33m*[0m Consider hardening SSH configuration [SSH-7408] 
    - Details  : [0;36mMaxAuthTries (set 6 to 3)[0m
    - Related resources
      * Article: [0;36mOpenSSH security and hardening[0m:
https://linux-audit.com/ssh/audit-and-harden-your-ssh-configuration/
      * Website: [0;37mhttps://cisofy.com/lynis/controls/SSH-7408/[0m

  [1;33m*[0m Consider hardening SSH configuration [SSH-7408] 
    - Details  : [0;36mMaxSessions (set 10 to 2)[0m
    - Related resources
      * Article: [0;36mOpenSSH security and hardening[0m:
https://linux-audit.com/ssh/audit-and-harden-your-ssh-configuration/
      * Website: [0;37mhttps://cisofy.com/lynis/controls/SSH-7408/[0m

  [1;33m*[0m Consider hardening SSH configuration [SSH-7408] 
    - Details  : [0;36mPort (set 22 to )[0m
    - Related resources
      * Article: [0;36mOpenSSH security and hardening[0m:
https://linux-audit.com/ssh/audit-and-harden-your-ssh-configuration/
      * Website: [0;37mhttps://cisofy.com/lynis/controls/SSH-7408/[0m

  [1;33m*[0m Consider hardening SSH configuration [SSH-7408] 
    - Details  : [0;36mTCPKeepAlive (set YES to NO)[0m
    - Related resources
      * Article: [0;36mOpenSSH security and hardening[0m:
https://linux-audit.com/ssh/audit-and-harden-your-ssh-configuration/
      * Website: [0;37mhttps://cisofy.com/lynis/controls/SSH-7408/[0m

  [1;33m*[0m Consider hardening SSH configuration [SSH-7408] 
    - Details  : [0;36mX11Forwarding (set YES to NO)[0m
    - Related resources
      * Article: [0;36mOpenSSH security and hardening[0m:
https://linux-audit.com/ssh/audit-and-harden-your-ssh-configuration/
      * Website: [0;37mhttps://cisofy.com/lynis/controls/SSH-7408/[0m

  [1;33m*[0m Consider hardening SSH configuration [SSH-7408] 
    - Details  : [0;36mAllowAgentForwarding (set YES to NO)[0m
    - Related resources
      * Article: [0;36mOpenSSH security and hardening[0m:
https://linux-audit.com/ssh/audit-and-harden-your-ssh-configuration/
      * Website: [0;37mhttps://cisofy.com/lynis/controls/SSH-7408/[0m

  [1;33m*[0m Enable logging to an external logging host for archiving
purposes and additional protection [LOGG-2154] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/LOGG-2154/[0m

  [1;33m*[0m Check what deleted files are still in use and why.
[LOGG-2190] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/LOGG-2190/[0m

  [1;33m*[0m Add a legal banner to /etc/issue, to warn unauthorized
users [BANN-7126] 
    - Related resources
      * Article: [0;36mThe real purpose of login banners[0m:
https://linux-audit.com/the-real-purpose-of-login-banners-on-linux/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/BANN-7126/[0m

  [1;33m*[0m Add legal banner to /etc/issue.net, to warn unauthorized
users [BANN-7130] 
    - Related resources
      * Article: [0;36mThe real purpose of login banners[0m:
https://linux-audit.com/the-real-purpose-of-login-banners-on-linux/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/BANN-7130/[0m

  [1;33m*[0m Enable process accounting [ACCT-9622] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/ACCT-9622/[0m

  [1;33m*[0m Enable sysstat to collect accounting (no results) [ACCT-
9626] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/ACCT-9626/[0m

  [1;33m*[0m Enable auditd to collect audit information [ACCT-9628] 
    - Related resources
      * Article: [0;36mLinux audit framework 101: basic rules for
configuration[0m:
https://linux-audit.com/linux-audit-framework/linux-audit-framework-101-basic-rules-for-configuration/
      * Article: [0;36mMonitoring Linux file access, changes and data
modifications[0m:
https://linux-audit.com/monitoring-linux-file-access-changes-and-modifications/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/ACCT-9628/[0m

  [1;33m*[0m Install a file integrity tool to monitor changes to
critical and sensitive files [FINT-4350] 
    - Related resources
      * Article: [0;36mMonitoring Linux file access, changes and data
modifications[0m:
https://linux-audit.com/monitoring-linux-file-access-changes-and-modifications/
      * Article: [0;36mMonitor for file changes on Linux[0m:
https://linux-audit.com/monitor-for-file-system-changes-on-linux/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/FINT-4350/[0m

  [1;33m*[0m Determine if automation tools are present for system
management [TOOL-5002] 
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/TOOL-5002/[0m

  [1;33m*[0m Consider restricting file permissions [FILE-7524] 
    - Details  : [0;36mSee screen output or log file[0m
    - Solution : Use chmod to change file permissions
    - Related resources
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/FILE-7524/[0m

  [1;33m*[0m One or more sysctl values differ from the scan profile
and could be tweaked [KRNL-6000] 
    - Solution : Change sysctl value or disable test (skip-test=KRNL-
6000:<sysctl-key>)
    - Related resources
      * Article: [0;36mLinux hardening with sysctl settings[0m:
https://linux-audit.com/linux-hardening-with-sysctl/
      * Article: [0;36mOverview of sysctl options and values[0m:
https://linux-audit.com/kernel/sysctl/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/KRNL-6000/[0m

  [1;33m*[0m Harden compilers like restricting access to root user
only [HRDN-7222] 
    - Related resources
      * Article: [0;36mWhy remove compilers from your system?[0m:
https://linux-audit.com/software/why-remove-compilers-from-your-system/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/HRDN-7222/[0m

  [1;33m*[0m Harden the system by installing at least one malware
scanner, to perform periodic file system scans [HRDN-7230] 
    - Solution : Install a tool like rkhunter, chkrootkit, OSSEC, Wazuh
    - Related resources
      * Article: [0;36mAntivirus for Linux: is it really needed?[0m:
https://linux-audit.com/malware/antivirus-for-linux-really-needed/
      * Article: [0;36mMonitoring Linux Systems for Rootkits[0m:
https://linux-audit.com/monitoring-linux-systems-for-rootkits/
      * Website:
[0;37mhttps://cisofy.com/lynis/controls/HRDN-7230/[0m

  [0;36mFollow-up[0m:
  [1;37m----------------------------[0m
  [1;37m-[0m Show details of a test (lynis show details TEST-ID)
  [1;37m-[0m Check the logfile for all details (less
/var/log/lynis.log)
  [1;37m-[0m Read security controls texts (https://cisofy.com)
  [1;37m-[0m Use --upload to upload data to central system (Lynis
Enterprise users)

=======================================================================
=========

  [1;37mLynis security scan details[0m:

  [0;36mHardening index[0m : [1;37m64[0m [[1;33m############[0m 
]
  [0;36mTests performed[0m : [1;37m273[0m
  [0;36mPlugins enabled[0m : [1;37m1[0m

  [1;37mComponents[0m:
  - Firewall               [[1;32mV[0m]
  - Malware scanner        [[1;31mX[0m]

  [1;33mScan mode[0m:
  Normal [V]  Forensics [ ]  Integration [ ]  Pentest [ ]

  [1;33mLynis modules[0m:
  - Compliance status      [[1;33m?[0m]
  - Security audit         [[1;32mV[0m]
  - Vulnerability scan     [[1;32mV[0m]

  [1;33mFiles[0m:
  - Test and debug information      : [1;37m/var/log/lynis.log[0m
  - Report data                     : [1;37m/var/log/lynis-
report.dat[0m

=======================================================================
=========

  [1;31mExceptions found[0m
  [1;37mSome exceptional events or information was found![0m

  [0;36mWhat to do:[0m
  You can help by providing your log file (/var/log/lynis.log).
  Go to https://cisofy.com/contact/ and send your file to the e-mail
address listed

=======================================================================
=========

  [1;37mLynis[0m 3.1.4

  Auditing, system hardening, and compliance for UNIX-based systems
  (Linux, macOS, BSD, and others)

  2007-2024, CISOfy - https://cisofy.com/lynis/
  [1;37mEnterprise support available (compliance, plugins, interface
and tools)[0m

=======================================================================
=========

  [0;44m[TIP][0m: [0;94mEnhance Lynis audits by adding your settings
to custom.prf (see /etc/lynis/default.prf for all settings)[0m

Re: piratage box sfr

Répondre à