backup1.int.autonlab.org daily security run output

punosevac72 at gmail.com punosevac72 at gmail.com
Sat Aug 29 03:50:53 EDT 2015 

Checking setuid files and devices:

backup1.int.autonlab.org setuid diffs:
--- /var/log/setuid.today	2015-08-22 03:27:55.000000000 -0400
+++ /tmp/security.ilFiGYGd	2015-08-29 03:24:34.352810111 -0400
@@ -4,51 +4,6 @@
  13133 -r-sr-xr-x  1 root  wheel      40184 Aug 21 14:26:00 2015 /sbin/ping6
  13135 -r-sr-xr--  2 root  operator   15240 Aug 21 14:26:00 2015 /sbin/poweroff
  13135 -r-sr-xr--  2 root  operator   15240 Aug 21 14:26:00 2015 /sbin/shutdown
- 12960 -r-sr-xr-x  1 root  wheel      19440 Nov 13 07:58:33 2014 /storage/jails/.warden-template-amd10.1/bin/rcp
-    57 -r-sr-xr--  1 root  operator    9520 Nov 13 07:58:55 2014 /storage/jails/.warden-template-amd10.1/sbin/mksnap_ffs
-    83 -r-sr-xr-x  1 root  wheel      27616 Nov 13 07:58:55 2014 /storage/jails/.warden-template-amd10.1/sbin/ping
-    76 -r-sr-xr-x  1 root  wheel      36520 Nov 13 07:58:55 2014 /storage/jails/.warden-template-amd10.1/sbin/ping6
-    93 -r-sr-xr--  2 root  operator   15240 Nov 13 07:58:56 2014 /storage/jails/.warden-template-amd10.1/sbin/poweroff
-    93 -r-sr-xr--  2 root  operator   15240 Nov 13 07:58:56 2014 /storage/jails/.warden-template-amd10.1/sbin/shutdown
-  1781 -r-sr-xr-x  4 root  wheel      27880 Nov 13 07:59:16 2014 /storage/jails/.warden-template-amd10.1/usr/bin/at
-  1781 -r-sr-xr-x  4 root  wheel      27880 Nov 13 07:59:16 2014 /storage/jails/.warden-template-amd10.1/usr/bin/atq
-  1781 -r-sr-xr-x  4 root  wheel      27880 Nov 13 07:59:16 2014 /storage/jails/.warden-template-amd10.1/usr/bin/atrm
-  1781 -r-sr-xr-x  4 root  wheel      27880 Nov 13 07:59:16 2014 /storage/jails/.warden-template-amd10.1/usr/bin/batch
-  2061 -r-xr-sr-x  1 root  kmem       12712 Nov 13 07:59:16 2014 /storage/jails/.warden-template-amd10.1/usr/bin/btsockstat
-  1833 -r-sr-xr-x  6 root  wheel      21768 Nov 13 07:59:18 2014 /storage/jails/.warden-template-amd10.1/usr/bin/chfn
-  1833 -r-sr-xr-x  6 root  wheel      21768 Nov 13 07:59:18 2014 /storage/jails/.warden-template-amd10.1/usr/bin/chpass
-  1833 -r-sr-xr-x  6 root  wheel      21768 Nov 13 07:59:18 2014 /storage/jails/.warden-template-amd10.1/usr/bin/chsh
-  2048 -r-sr-xr-x  1 root  wheel      32296 Nov 13 07:59:33 2014 /storage/jails/.warden-template-amd10.1/usr/bin/crontab
-  1792 -r-sr-xr-x  1 root  wheel      11032 Nov 13 07:59:21 2014 /storage/jails/.warden-template-amd10.1/usr/bin/lock
-  1963 -r-sr-xr-x  1 root  wheel      25256 Nov 13 07:59:21 2014 /storage/jails/.warden-template-amd10.1/usr/bin/login
-  2066 -r-sr-sr-x  1 root  daemon     32232 Nov 13 07:59:35 2014 /storage/jails/.warden-template-amd10.1/usr/bin/lpq
-  1967 -r-sr-sr-x  1 root  daemon     37736 Nov 13 07:59:35 2014 /storage/jails/.warden-template-amd10.1/usr/bin/lpr
-  2007 -r-sr-sr-x  1 root  daemon     31960 Nov 13 07:59:35 2014 /storage/jails/.warden-template-amd10.1/usr/bin/lprm
-  1697 -r-xr-sr-x  1 root  kmem      144312 Nov 13 07:59:22 2014 /storage/jails/.warden-template-amd10.1/usr/bin/netstat
-  1951 -r-sr-xr-x  1 root  wheel       6776 Nov 13 07:59:22 2014 /storage/jails/.warden-template-amd10.1/usr/bin/opieinfo
-  1731 -r-sr-xr-x  1 root  wheel      13400 Nov 13 07:59:22 2014 /storage/jails/.warden-template-amd10.1/usr/bin/opiepasswd
-  1917 -r-sr-xr-x  2 root  wheel       7928 Nov 13 07:59:23 2014 /storage/jails/.warden-template-amd10.1/usr/bin/passwd
-  1886 -r-sr-xr-x  1 root  wheel      15240 Nov 13 07:59:23 2014 /storage/jails/.warden-template-amd10.1/usr/bin/quota
-  1704 -r-sr-xr-x  1 root  wheel      15192 Nov 13 07:59:23 2014 /storage/jails/.warden-template-amd10.1/usr/bin/rlogin
-  1729 -r-sr-xr-x  1 root  wheel      11168 Nov 13 07:59:23 2014 /storage/jails/.warden-template-amd10.1/usr/bin/rsh
-  1741 -r-sr-xr-x  1 root  wheel      17200 Nov 13 07:59:24 2014 /storage/jails/.warden-template-amd10.1/usr/bin/su
-  1829 -r-xr-sr-x  1 root  tty        15600 Nov 13 07:59:27 2014 /storage/jails/.warden-template-amd10.1/usr/bin/wall
-  1915 -r-xr-sr-x  1 root  tty        11608 Nov 13 07:59:27 2014 /storage/jails/.warden-template-amd10.1/usr/bin/write
-  1833 -r-sr-xr-x  6 root  wheel      21768 Nov 13 07:59:18 2014 /storage/jails/.warden-template-amd10.1/usr/bin/ypchfn
-  1833 -r-sr-xr-x  6 root  wheel      21768 Nov 13 07:59:18 2014 /storage/jails/.warden-template-amd10.1/usr/bin/ypchpass
-  1833 -r-sr-xr-x  6 root  wheel      21768 Nov 13 07:59:18 2014 /storage/jails/.warden-template-amd10.1/usr/bin/ypchsh
-  1917 -r-sr-xr-x  2 root  wheel       7928 Nov 13 07:59:23 2014 /storage/jails/.warden-template-amd10.1/usr/bin/yppasswd
-  4260 -r-xr-sr-x  1 root  smmsp     696232 Nov 13 07:59:38 2014 /storage/jails/.warden-template-amd10.1/usr/libexec/sendmail/sendmail
-  4061 -r-sr-xr-x  1 root  wheel      38568 Nov 13 07:58:59 2014 /storage/jails/.warden-template-amd10.1/usr/libexec/ssh-keysign
-  4056 -r-sr-xr-x  1 root  wheel       5592 Nov 13 07:58:32 2014 /storage/jails/.warden-template-amd10.1/usr/libexec/ulog-helper
-  4335 -r-sr-sr-x  2 root  authpf     23744 Nov 13 07:59:30 2014 /storage/jails/.warden-template-amd10.1/usr/sbin/authpf
-  4335 -r-sr-sr-x  2 root  authpf     23744 Nov 13 07:59:30 2014 /storage/jails/.warden-template-amd10.1/usr/sbin/authpf-noip
-  4398 -r-xr-sr-x  1 root  daemon     54656 Nov 13 07:59:35 2014 /storage/jails/.warden-template-amd10.1/usr/sbin/lpc
-  4302 -r-sr-xr--  1 root  network   415680 Nov 13 07:59:37 2014 /storage/jails/.warden-template-amd10.1/usr/sbin/ppp
-  4334 -r-sr-xr-x  1 root  wheel      20560 Nov 13 07:59:39 2014 /storage/jails/.warden-template-amd10.1/usr/sbin/timedc
-  4483 -r-sr-xr-x  1 root  wheel      28032 Nov 13 07:59:39 2014 /storage/jails/.warden-template-amd10.1/usr/sbin/traceroute
-  4515 -r-sr-xr-x  1 root  wheel      23592 Nov 13 07:59:39 2014 /storage/jails/.warden-template-amd10.1/usr/sbin/traceroute6
-  4410 -r-xr-sr-x  1 root  kmem       11144 Nov 13 07:59:39 2014 /storage/jails/.warden-template-amd10.1/usr/sbin/trpt
  13191 -r-sr-xr-x  4 root  wheel      27880 Aug 21 14:26:01 2015 /usr/bin/at
  13191 -r-sr-xr-x  4 root  wheel      27880 Aug 21 14:26:01 2015 /usr/bin/atq
  13191 -r-sr-xr-x  4 root  wheel      27880 Aug 21 14:26:01 2015 /usr/bin/atrm

Checking negative group permissions:

backup1.int.autonlab.org changes in mounted filesystems:
--- /var/log/mount.today	2015-08-22 03:54:52.000000000 -0400
+++ /tmp/security.tTNUtQNA	2015-08-29 03:50:53.166701511 -0400
@@ -2,8 +2,6 @@
 storage			/storage		zfs	rw,nfsv4acls 	0 0
 storage/attic		/storage/attic		zfs	rw,nfsv4acls 	0 0
 storage/backups		/storage/backups	zfs	rw,nfsv4acls 	0 0
-storage/jails		/storage/jails		zfs	rw,nfsv4acls 	0 0
-storage/jails/.warden-template-amd10.1 /storage/jails/.warden-template-amd10.1 zfs	rw,nfsv4acls 	0 0
 tank/ROOT/10.2-RELEASE-up-20150821_180424 /			zfs	rw,nfsv4acls 	0 0
 tank/root		/root			zfs	rw,nfsv4acls 	0 0
 tank/tmp		/tmp			zfs	rw,nfsv4acls 	0 0

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

Checking login.conf permissions:

backup1.int.autonlab.org ipfw denied packets:

backup1.int.autonlab.org pf denied packets:
+++ /tmp/security.rbiEY40E	2015-08-29 03:50:53.280701579 -0400
+block return in all [ Evaluations: 44097 Packets: 22400 Bytes: 12779260 States: 0 ]
+block return quick from <bruteforce> to any [ Evaluations: 44097 Packets: 0 Bytes: 0 States: 0 ]
+block return in quick on egress proto tcp from <sshguard> to any port = ssh label "ssh bruteforce" [ Evaluations: 44097 Packets: 0 Bytes: 0 States: 0 ]
+block drop in quick on ! lo0 inet from 127.0.0.0/8 to any [ Evaluations: 44097 Packets: 0 Bytes: 0 States: 0 ]
+block drop in quick from urpf-failed to any [ Evaluations: 42032 Packets: 0 Bytes: 0 States: 0 ]
+block return in on ! lo0 proto tcp from any to any port 6000:6010 [ Evaluations: 42032 Packets: 0 Bytes: 0 States: 0 ]

backup1.int.autonlab.org kernel log messages:
+++ /tmp/security.gVWblPun	2015-08-29 03:50:53.309700941 -0400
+CPU: Intel(R) Xeon(R) CPU           E5620  @ 2.40GHz (2400.13-MHz K8-class CPU)
+Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
+cd0 at ahcich0 bus 0 scbus1 target 0 lun 0
+cd0: <TEAC DV-28S-W 1.2A> Removable CD-ROM SCSI device
+cd0: Serial Number 10102921100333
+cd0: 150.000MB/s transfers (SATA 1.x, UDMA5, ATAPI 12bytes, PIO 8192bytes)
+cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed
+SMP: AP CPU #8 Launched!
+SMP: AP CPU #2 Launched!
+SMP: AP CPU #15 Launched!
+SMP: AP CPU #5 Launched!
+SMP: AP CPU #11 Launched!
+SMP: AP CPU #14 Launched!
+SMP: AP CPU #10 Launched!
+SMP: AP CPU #4 Launched!
+SMP: AP CPU #13 Launched!
+Timecounter "TSC-low" frequency 1200066360 Hz quality 1000

backup1.int.autonlab.org login failures:

backup1.int.autonlab.org refused connections:

Checking for packages with security vulnerabilities:
Database fetched: Thu Aug 27 04:55:28 EDT 2015
pcre-8.37_2
ruby-2.0.0.645,1
go-1.4.2,1

-- End of security output --

More information about the Autonlab-sysinfo mailing list