Facebook
Twitter
Enriko_Podehl
New Pleskian
hi,
this is my first post in this forum. i hope i didn't miss any important advice.
i have a debian root-server running with plesk 11.
i'm getting a watchdopg report, which tells me, that warnings were found. that is my first time with watchdog and i didn't know how to read the report and determine, which warning is a security risk...and which is not.
here is my log:
i needed to shorten it a bit...
hopefully somebody can explain this log to me.
kind regards,
jivita
this is my first post in this forum. i hope i didn't miss any important advice.
i have a debian root-server running with plesk 11.
i'm getting a watchdopg report, which tells me, that warnings were found. that is my first time with watchdog and i didn't know how to read the report and determine, which warning is a security risk...and which is not.
here is my log:
Code:
...
[01:00:09] Info: Found the 'diff' command: /usr/bin/diff
[01:00:09] Info: Found the 'file' command: /usr/bin/file
[01:00:09] Info: Found the 'find' command: /usr/bin/find
[01:00:09] Info: Found the 'ifconfig' command: /sbin/ifconfig
[01:00:09] Info: Found the 'ip' command: /bin/ip
[01:00:09] Info: Found the 'ldd' command: /usr/bin/ldd
[01:00:09] Info: Found the 'lsattr' command: /usr/bin/lsattr
[01:00:09] Info: Found the 'lsmod' command: /bin/lsmod
[01:00:09] Info: Found the 'lsof' command: /usr/bin/lsof
[01:00:09] Info: Found the 'mktemp' command: /bin/mktemp
[01:00:09] Info: Found the 'netstat' command: /bin/netstat
[01:00:09] Info: Found the 'perl' command: /usr/bin/perl
[01:00:09] Info: Found the 'ps' command: /bin/ps
[01:00:09] Info: Found the 'pwd' command: /bin/pwd
[01:00:09] Info: Found the 'readlink' command: /bin/readlink
[01:00:09] Info: Found the 'sort' command: /usr/bin/sort
[01:00:09] Info: Found the 'stat' command: /usr/bin/stat
[01:00:09] Info: Found the 'strings' command: /usr/bin/strings
[01:00:09] Info: Found the 'uniq' command: /usr/bin/uniq
[01:00:09] Info: System is not using prelinking
[01:00:09] Info: Using the '/usr/bin/sha1sum' command for the file hash checks
[01:00:09] Info: Stored hash values used hash function '/usr/bin/sha1sum'
[01:00:09] Info: Stored hash values used package manager 'DPKG' (md5 function)
[01:00:10] Info: The hash function field index is set to 1
[01:00:10] Info: Using package manager 'DPKG' to update the file hash values
[01:00:10] Info: Found the 'dpkg-query' command: /usr/bin/dpkg-query
[01:00:10] Info: Using package manager 'DPKG' for file property checks
[01:00:10] Info: Found the 'dpkg-query' command: /usr/bin/dpkg-query
[01:00:10] Info: Using MD5 hash function command '/usr/bin/md5sum' to assist package manager verification
[01:00:10] Info: Previous file attributes were stored
[01:00:10] Info: Current file attributes will be stored
[01:00:10] Info: Enabled tests are: all
[01:00:10] Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps
[01:00:10] Info: Found ksym file '/proc/kallsyms'
...
[01:00:38] Performing file properties checks
[01:00:38] Info: Starting test name 'properties'
[01:00:38] Checking for prerequisites [ OK ]
...
[01:00:58] Info: Found file '/usr/bin/passwd': it is whitelisted for the 'file immutable-bit' check.
...
[01:01:08] Info: Found file '/sbin/init': it is whitelisted for the 'file immutable-bit' check.
...
[01:02:00] Performing check for enabled xinetd services
[01:02:00] Info: Using xinetd configuration file '/etc/xinetd.conf'
[01:02:00] Checking '/etc/xinetd.conf' for enabled services [ None found ]
[01:02:00] Found 'includedir /etc/xinetd.d' directive
[01:02:00] Checking '/etc/xinetd.d/chargen' for enabled services [ None found ]
[01:02:00] Checking '/etc/xinetd.d/daytime' for enabled services [ None found ]
[01:02:00] Checking '/etc/xinetd.d/discard' for enabled services [ None found ]
[01:02:00] Checking '/etc/xinetd.d/echo' for enabled services [ None found ]
[01:02:00] Checking '/etc/xinetd.d/ftp_psa' for enabled services [ Warning ]
[01:02:01] Checking '/etc/xinetd.d/poppassd_psa' for enabled services [ Warning ]
[01:02:01] Checking '/etc/xinetd.d/time' for enabled services [ None found ]
[01:02:01] Checking for enabled xinetd services [ Warning ]
[01:02:01] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[01:02:01] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
[01:02:01] Checking for Apache backdoor [ Not found ]
...
[01:02:05] Performing system boot checks
[01:02:05] Info: Starting test name 'startup_files'
[01:02:05] Checking for local host name [ Found ]
[01:02:05] Info: Starting test name 'startup_malware'
[01:02:05] Checking for system startup files [ Found ]
[01:02:06] Checking system startup files for malware [ None found ]
[01:02:06]
[01:02:06] Performing group and account checks
[01:02:06] Info: Starting test name 'group_accounts'
[01:02:06] Checking for passwd file [ Found ]
[01:02:06] Info: Found password file: /etc/passwd
[01:02:06] Checking for root equivalent (UID 0) accounts [ None found ]
[01:02:06] Info: Found shadow file: /etc/shadow
[01:02:06] Checking for passwordless accounts [ None found ]
[01:02:07] Info: Starting test name 'passwd_changes'
[01:02:07] Checking for passwd file changes [ None found ]
[01:02:07] Info: Starting test name 'group_changes'
[01:02:07] Checking for group file changes [ None found ]
[01:02:07] Checking root account shell history files [ OK ]
...
[01:02:09] System checks summary
[01:02:09] =====================
[01:02:09]
[01:02:09] File properties checks...
[01:02:10] Files checked: 126
[01:02:10] Suspect files: 0
[01:02:10]
[01:02:10] Rootkit checks...
[01:02:10] Rootkits checked : 112
[01:02:10] Possible rootkits: 0
[01:02:10]
[01:02:10] Applications checks...
[01:02:10] Applications checked: 7
[01:02:10] Suspect applications: 0
[01:02:10]
[01:02:10] The system checks took: 1 minute and 36 secondsi needed to shorten it a bit...
hopefully somebody can explain this log to me.
kind regards,
jivita
