TIGER scan security report --FAIL--
I ran TIGER scan on my Ubuntu 11.04. Are any of the following --FAIL-- something to get concerned about?
This is an ordinary desktop home-PC connected to the Internet via DSL modem. The Ubuntu 11.04 configuration is mostly default. I just want to make it secure for banking online. The relevant parts of the explanation report is below.
sudo tiger -E
sudo grep FAIL /var/log/tiger/security.report.sandy.110905-00:47
--FAIL-- [lin016f] The system permits source routing from incoming packets
--FAIL-- [lin019f] The system does not have any local firewall rules
--FAIL-- [dev002f] /dev/fuse has world permissions
--FAIL-- [dev002f] /dev/rfkill has world permissions
--FAIL-- [logf007f] Log file /var/log/messages does not exist
--FAIL-- [ssh005w] Cannot find a configuration file for SSH.
--FAIL-- [netw020f] There is no /etc/ftpusers file.
sudo more /var/log/tiger/explain.report.sandy.110905-00:47
Message ID: dev002f
Devices that have improper (world) permissions might be accessed by any
system user. This might open security holes if these are shared devices
or hold binaries (disks for example). The administrator should properly
set device access (using group configuration to provide access to a
device to multiple users, for example).
Message ID: lin016f
Source routing might permit an attacker to send packets through your
host (if routing is enabled) to other hosts without following your
network topology setup. It should be enabled only under very special
circumstances or otherwise an attacker could try to bypass the traffic
filtering that is done on the network:
# sysctl -w net.ipv4.conf.all.accept_source_route = 0
# sysctl -w net.ipv4.conf.default.accept_source_route = 0
Message ID: lin019f
The system has no firewalling rules in place to limit access to network
services and protocols. Considering configuring a set of local firewall
rules adapted to your needs. There are multiple firewall generation
software you can use to generate these (such as Bastille, Shorewall,
Firestarter, or Knetfiler). Local firewall rules can be used to block
undesired incoming and outgoing traffic and can be useful to prevent
access to network services that are listening on all system interfaces,
only want to be used from specific hosts (or interfaces) and lack
capabilities to either restrict its use to specific local network
IP addresses or hosts. If the system is multi-home a local firewall
configuration will prevent spoofing attacks due to "weak end host" issues.
Message ID: logf007f
The log file "messages" should exist to show a trace of the system
logs (including reboots and kernel messages), it is also often used by
the syslog daemon to log information. The contents of the "messages"
logfile depends upon the configuration of the syslog.conf and varies by
distribution and/or system administrator preference. It might not exist
if you have configured your system to use a different file for logging
or if an intruder has tried to cover his tracks by removing it since
the messages file might contain bad login attempts from local users and
Message ID: netw020f
There is no ftpusers configuration file. In some systems this might
enable all administrative users (low UID) to access the local FTP server
if it is enabled (some other systems might deprecate its use). It is
recommended that administrative users are added into /etc/ftpusers if
you have a FTP server installed.
Message ID: ssh005w
Can not find explanation for message-id ssh005w
I have come the realization that Unix security is over my head. :( I just wanted secure on-line banking. I do appreciate you explaining so much.
In your opinion, which is more secure for on-line banking:
Security starts with the user. If you are not security conscious than both systems can be compromise at any time.
|All times are GMT -5. The time now is 02:36 PM.|