[Debian]:system absichern...

[Thomas Prätzlich <thomas@praetzlich.de>]

Hi!

ich hab' mir die Nessus Packages von Woody geholt.(sonst hab ich überall potato, ausser helix-gnome)
Ein Scann meines System hat einige Sicherheitslücken an den Tag gebracht.

Jetzt hätt ich da mal einige Fragen... (ich schicke die Ausgabe vom Scann als HTML mit!)

Wozu brauche ich den "auth" Service??

Wie kann ich meinen X-Server mit xauth absichern und was muss ich beachten wenn ich xdm benutze???

Wozu brauche ich RPC?

Wozu brauche ich daytime?

Wozu brauche ich den nlockmgr RPC-Service??

Ich muss zugeben, dass ich mich mit dem Zeugs nich so gut auskenne...

Gruß
Thomas
-- 
    \\|||//   Thomas Prätzlich   
    |     |   @: thomas@praetzlich.de    
    (.) (.)   www: thomas.praetzlich.de    
=oOO==(_)==OOo==========================

Title: Nessus Scan Report

Nessus Scan Report

---

Number of hosts which were alive during the test : 1
Number of security holes found : 3
Number of security warnings found : 6
Number of security notes found : 3

List of the tested hosts :

• 127.0.0.1(Security holes found)

---

[ Back to the top ]

127.0.0.1 :

List of open ports :

• daytime (13/tcp) (Security warnings found)
• discard (9/tcp)
• time (37/tcp)
• smtp (25/tcp) (Security hole found)
• www (80/tcp) (Security notes found)
• auth (113/tcp) (Security warnings found)
• sunrpc (111/tcp)
• saft (487/tcp)
• printer (515/tcp)
• kpasswd (761/tcp)
• moira_db (775/tcp)
• unknown (3001/tcp) (Security warnings found)
• unknown (4000/tcp)
• unknown (5865/tcp) (Security warnings found)
• unknown (6000/tcp) (Security hole found)
• general/udp (Security notes found)
• unknown (772/udp) (Security warnings found)
• unknown (759/udp) (Security hole found)
• unknown (1024/udp) (Security warnings found)

[ back to the list of ports ]

Warning found on port daytime (13/tcp)

The daytime service is running.
The date format issued by this service
may sometimes help an attacker to guess
the operating system type.

In addition to that, when the UDP version of
daytime is running, an attacker may link it
to the echo port using spoofing, thus creating
a possible denial of service.

Solution : disable this service in /etc/inetd.conf.

Risk factor : Low
CVE : CVE-1999-0103

[ back to the list of ports ]

Vulnerability found on port smtp (25/tcp)

It was possible to crash the remote SMTP server
by opening a great amount of sockets on it.


This problem allows crackers to make your
SMTP server crash, thus preventing you
from sending or receiving e-mails, which
will affect your work.

Solution :
If your SMTP server is contrained to a maximum
number of processes, i.e. it's not running as
root and as a ulimit 'max user processes' of
256, you may consider upping the limit with 'ulimit -u'.

If your server has the ability to protect itself from
SYN floods, you should turn on that features, i.e. Linux's CONFIG_SYN_COOKIES

The best solution may be cisco's 'TCP intercept' feature.


Risk factor : Serious
CVE : CAN-1999-0846

[ back to the list of ports ]

Information found on port smtp (25/tcp)

Remote SMTP server banner :
T-Rex ESMTP Exim 3.12 #1 Fri, 15 Sep 2000 22:07:08 +0200
214-Commands supported:214- HELO EHLO MAIL RCPT DATA AUTH

214 NOOP QUIT RSET HELP

[ back to the list of ports ]

Information found on port www (80/tcp)

The remote web server type is :
Apache/1.3.9 (Unix) Debian/GNU


We recommend that you configure your web server to return
bogus versions, so that it makes the cracker job more difficult

[ back to the list of ports ]

Warning found on port auth (113/tcp)

The 'ident' service provides sensitives informations
to the intruders : it mainly says which accounts are running which
services. This helps attackers to focus on valuable services [those
owned by root]. If you don't use this service, disable it.

Risk factor : Low.

Solution : comment out the 'auth' line in /etc/inetd.conf
CVE : CAN-1999-0629

[ back to the list of ports ]

Warning found on port unknown (3001/tcp)

Nessus Daemon open on port TCP:3001, NessusD version: NTP/1.2

[ back to the list of ports ]

Warning found on port unknown (5865/tcp)

a web server is running on this port

[ back to the list of ports ]

Vulnerability found on port unknown (6000/tcp)

This X server accepts clients from anywhere. This
allows a cracker to connect to it and record any of your keystrokes
Here is the server type :

The XFree86 Project, Inc

Solution : use xauth or MIT cookies to restrict the access to this server
Risk factor : High
CVE : CVE-1999-0526

[ back to the list of ports ]

Information found on port general/udp

For your information, here is the traceroute to 127.0.0.1 :
127.0.0.1

[ back to the list of ports ]

Warning found on port unknown (772/udp)

The ypbind RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.

Risk factor : Low
CVE : CVE-1999-0312

[ back to the list of ports ]

Vulnerability found on port unknown (759/udp)

The statd RPC service is running.
This service has a long history of
security holes, so you should really
know what you are doing if you decide
to let it run.

* NO SECURITY HOLE REGARDING THIS
PROGRAM HAVE BEEN TESTED, SO
THIS MIGHT BE A FALSE POSITIVE *

We suggest you to disable this
service.


Risk factor : High
CVE : CVE-1999-0018

[ back to the list of ports ]

Warning found on port unknown (1024/udp)

The nlockmgr RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.

Risk factor : Low
CVE : CAN-2000-0508

---

This file was generated by Nessus, the open-sourced security scanner.