neill-backup.int.autonlab.org daily security run output

punosevac72 at gmail.com punosevac72 at gmail.com
Sat Jul 18 04:53:23 EDT 2015 

Checking setuid files and devices:

neill-backup.int.autonlab.org setuid diffs:
--- /var/log/setuid.today	2015-01-28 03:41:32.000000000 -0500
+++ /tmp/security.X05gksCA	2015-07-18 03:33:32.000000000 -0400
@@ -36,6 +36,8 @@
 85644406 -r-sr-xr-x  1 root  wheel      39040 Nov 11 16:03:22 2014 /usr/libexec/ssh-keysign
 85644410 -r-sr-xr-x  1 root  wheel       6072 Nov 11 16:03:12 2014 /usr/libexec/ulog-helper
 86536329 -r-sr-xr-x  1 root  wheel      32632 Oct  3 13:18:25 2014 /usr/local/bin/tcptraceroute
+85894152 -r-xr-sr-x  1 root  mail       61664 Jul  2 07:52:28 2015 /usr/local/libexec/dma
+85894153 -r-sr-xr-x  1 root  mail        7672 Jul  2 07:52:28 2015 /usr/local/libexec/dma-mbox-create
 85974411 -rwsr-x--x  1 root  wheel       7312 Nov  6 03:21:54 2014 /usr/local/sbin/jailme
 85974428 -rwxr-sr-x  1 root  kmem      126136 Oct 23 05:08:33 2014 /usr/local/sbin/lsof
 85633173 -r-sr-sr-x  2 root  authpf     24216 Nov 11 16:03:36 2014 /usr/sbin/authpf

Checking negative group permissions:

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

Checking login.conf permissions:

neill-backup.int.autonlab.org pf denied packets:
+++ /tmp/security.e3xgZMX9	2015-07-18 03:55:27.000000000 -0400
+block return in all [ Evaluations: 7900847 Packets: 5198846 Bytes: 2960558838 States: 0 ]
+block return quick from <bruteforce> to any [ Evaluations: 7900853 Packets: 0 Bytes: 0 States: 0 ]
+block return in quick on egress proto tcp from <sshguard> to any port = ssh label "ssh bruteforce" [ Evaluations: 7900854 Packets: 0 Bytes: 0 States: 0 ]
+block drop in quick on ! lo0 inet from 127.0.0.0/8 to any [ Evaluations: 7900854 Packets: 0 Bytes: 0 States: 0 ]
+block drop in quick from urpf-failed to any [ Evaluations: 7391526 Packets: 0 Bytes: 0 States: 0 ]
+block return in on ! lo0 proto tcp from any to any port 6000:6010 [ Evaluations: 7391526 Packets: 0 Bytes: 0 States: 0 ]

neill-backup.int.autonlab.org login failures:

neill-backup.int.autonlab.org refused connections:

Checking for packages with security vulnerabilities:
libxml2-2.9.2_2
png-1.5.19
curl-7.38.0_2
freetype2-2.5.3_2
pcre-8.35_1
libevent2-2.0.21_3

-- End of security output --

More information about the Autonlab-sysinfo mailing list