CXL Securing your mid-range systems.

CXL - Securing your mid-range systems.

Unix tests

These are the tests which AZScan performs on the Unix system you are reviewing.

Code

Description

Risk

UPWDS

User Passwords

1 1.1

DUPPWD

Duplicate names in password file

Low

2 1.2

NOPWD

Users without passwords

High

3 1.3

DISPWD

Disabled accounts

Low

4 1.4

BADFIELD

Incorrect number of fields

Medium

5 1.5

UNMATCH

Unmatched password file entries

Medium

6 1.6

PWDLIFE

Password lifetimes

Medium

7 1.7

ACCTINFO

Account information

Low

UUIDS

User UIDs

8 2.1

ZEROUID

UID=0

Medium

9 2.2

NOUID

No UID

High

10 2.3

BADUID

Invalid UIDs

High

11 2.4

DUPUID

Duplicate UIDs in the password file

Medium

UGIDS

User GIDs

12 3.1

ZEROGID

Users with GID=0

Low

13 3.2

NOGID

Users with no GID

Medium

14 3.3

BADGID

Users with an invalid GID

Medium

15 3.4

DUPGID

Duplicate GIDs in the password file

Low

16 3.5

EXSTGID

Non-existent GIDs

Low

UHDIRS.

User Home dirs.

17 4.1

NOHDIR

No home directory

Low

18 4.2

INVHDIR

Invalid home directory

Medium

19 4.3

SHAREHDIR

Shared home directory

Low

20 4.4

STKYHDIR

Non-Sticky home directory

Low

21 4.5

WRITEHDIR

Writeable home directory

Medium

22 4.6

SUSHDIR

Home directory contains suspicious files

High

USHELLS

User Shells

23 5.1

NOSHELL

No shell shown

Low

24 5.2

INVSHELL

Invalid shells

Low

25 5.3

SHARESHELL

Shared shells

Low

26 5.4

SUIDSHELL

Shells which are SUID/SGID

Medium

27 5.5

WRITESHELL

Shells which are writeable

Medium

GRPS

Groups

28 6.1

DUPGRPNAME

Duplicate group names

Low

29 6.2

PWDGROUP

Password protected

Low

30 6.3

BADFIELDS

Improper number of fields

Low

31 6.4

NOUSERGRP

No users

Low

32 6.5

BADUSER

Non-existent users

Low

33 6.6

DUPUSER

Duplicate users

Low

34 6.7

USRSGRP

Users in each group

Low

GRPGIDS

Group GIDs

35 7.1

ZEROGID

GID=0

Low

36 7.2

NOGID

No GID

Low

37 7.3

BADGID

Invalid GIDs

Low

38 7.4

DUPGID

Duplicate GIDs

Low

FILES

Files

39 8.1

UKNOWNR

Files - Unknown owners

Low

40 8.2

UKNGRPS

Files - Unknown groups

Low

41 8.3

WLDWRITE

Files - WORLD writeable

Medium

42 8.4

WLDEXEC

Files - WORLD executable

Medium

43 8.5

GRPWRIT

Files - GROUP writeable

Low

44 8.6

GRPEXEC

Files - GROUP executable

Low

45 8.7

BADPRIV

Files - Uneven privileges

Medium

46 8.8

SUID

Files - SUID

Low

47 8.9

SGID

Files - SGID

Low

48 8.10

STICKY

Files - Sticky

Low

49 8.11

SUID+WW

Files - SUID/SGID and WORLD executable/writeable

Medium

50 8.12

HOSTINFO

Files likely to contain host information

Medium

51 8.13

SUWW

Startup files which are world writeable

High

52 8.14

FILUS

File has an unusual name

Low

DIRS

Directories

53 9.1

UNKOWN

Dir - Unknown owners

Medium

54 9.2

UNKGRP

Dir - Unknown groups

Low

55 9.3

WRLDWRT

Dir - WORLD writeable

Medium

56 9.4

WRLDEXE

Dir - WORLD executable

Medium

57 9.5

GRPWRT

Dir - GROUP writeable

Medium

58 9.6

GRPEXE

Dir - GROUP executable

Medium

59 9.7

BADPRIV

Dir - Uneven privileges

Medium

60 9.8

SGID

Dir - SGID

Low

61 9.9

NSTICKY

Dir - Not Sticky

Low

FTP

62 10.1

FTPOWNBIN

Anonymous FTP bin directory has wrong owner

Low

63 10.2

FTPOWNETC

Anonymous FTP etc directory has wrong owner

Medium

64 10.3

FTPHDIROWN

Anonymous FTP home directory has wrong owner

Medium

/ETC

/etc

65 11.1

ETCWW

Directories under /etc has world write access

Medium

66 11.2

ETCPWD

File /etc/default/passwd has insecure permissions

Medium

67 11.3

ETCPROF

File /etc/profile has insecure permissions

Medium

LOG FILES

Log files

68 12.1

LOGLOGEX

The login log file does not exist

Medium

69 12.2

LOGLOGOWN

Medium

TCB

70 13.1

PARAMS

Trusted Computing Base parameters

Low

71 13.2

USERLIST

TCB User list - owners and audit flags

Low

72 13.3

TCBLOGIN

TCB User login details

Low

NIS

73 14.1

NISUSED

Is NIS being used

Low

	OSA
www.cxlsecure.com