Operating System
Hostname | database1 |
Operating System | Linux |
Linux version | Red Hat Enterprise Linux 6 |
Risk rating | Low / Medium / High |
Scan details: This system has been analyzed at 9 November with Lynis version 1.6.4.
Main priorities
Hardening
Intrusion detection
✘ No intrusion detection software detected.
Linux Audit
✓ Audit daemon is active
✓ 16 rules loaded
✓ Critical files are properly monitored
File permissions
✓ All files have an owner and group
✓ No world writable files found
✓ SetUID files are all on whitelist
Malware detection
Malicious software is a serious threat to the availability and integrity of data. Prevention and detection measures for this threat are therefore strongly advised.
✓ This system is running ClamAV to detect malware.
✓ Virus definitions: OK (not older than 2 days)
Network Basics
Discovered IP address: 192.168.1.35
✓ This system has no IP aliases configured
✓ DNS is properly configured
DNS
✓ Two name servers are configured
✓ DNS caching is properly configured
✓ System makes use of locally installed BIND instance
BIND
BIND daemon is running
Version 9.9.1
✓ Files and permissions are OK
✓ Zones are protected with DNSSEC
Database
Database software MySQL has been discovered
Database software PostgreSQL has been discovered
✓ Postfix has been found to handle outgoing e-mail
✓ Files and permissions are OK
Monitoring
✓ Zabbix agent has been found to monitor the system
✓ Files and permissions are OK
MySQL
✓ MySQL daemon is running
✓ Files and permissions are OK
Nginx
Detected Nginx version: nginx/1.1.19
✓ IPv6 support
Finding: a security update is available for this software package
Performance
✓ Kernel is tuned
✓ No IO wait
PostgreSQL
✗ PostgreSQL daemon is NOT running
✓ Files and permissions are OK
This package might be unused on this particular system.
Proxy service
Some systems allow proxying of data for other systems. One common solution is to act as a gateway for internet browsing for normal and functional user accounts.
✓ No proxy daemon detected on this system
Programming
✓ Perl is installed
✓ Python is installed
✓ Ruby is installed
Shells
✓ All shells are whitelisted and properly installed
✓ Files and permissions are OK
Software
Packages
- nginx
- openssl
- openssh-server
Finding: One or more packages on this system contain vulnerabilities.
This issue is considered to be a serious risk if the machine is accessible via the network and contains network related services.
SSH
SSH a secure protocol for remote system administration. As it is a common gateway to the system, its configuration should be properly be protected against several threats. Commom threats include name guessing and brute-force password cracking.
Finding: a security update is available for this software package
OpenSSH version 5.9p1 has been discovered on this system
✓ SSH daemon is running
Stability
✓ System is running for 49 days
✓ No application crashes detected
Web server
The Nginx daemon was discovered on this host.
Finding: the current version of Nginx contains a vulnerability and should be updated.