Server scanner to check servers

anon091 · 02-05-2013, 09:25 AM

I know for Windows servers, there are scanner programs that will scan a server to see if things are enabled that shouldn't be, if things are possibly misconfigured, etc based on what role you tell it the server will be.
For instance, if it's going to be a web server, it checks certain things, but if it's just supposed to be a file server, it checks for different things and reports back it's findings of what you may have configured wrong, didn't configure, or have running that you probably don't want/need (usually stuff enabled by default you didn't disable).

Are there any such tools like that for Linux? Still being a newbie as far as setting up servers from scratch, something like that could be a life saver for me.

NeoMetal · 02-05-2013, 10:12 AM

You can use nmap to scan ports and see which services are visible among other things

unSpawn · 02-05-2013, 12:40 PM

Comparing deployment of windows and Linux in server mode roles is going to be difficult. Linux itself doesn't have restrictive licensing schemes: a machine can have multiple roles and none of them are tied to you having bought a particular per-connection, per-seat or per-CPU license. That also makes it harder to make distinctions. Linux also doesn't come with an overarching, unified API or framework to query or base rules for role-based checks on. So while on a lower level I doubt you will find distro-agnostic local system check tools that start by classifying server by its role Tiger may be of use (SARA is kind of old) or LSAT (usat on Sourceforge, kind of old too nowadays) and you might want to add Lynis to that. On top of that there's CVE checking with OpenSCAP and obviously distro-specific tools that say Debian or SuSE would provide. And while Nmap shouldn't be underestimated (not wrt scanning but because of its scripting capabilities) IMO network-based checks are easier to do using say OpenVAS (or Nessus) as you would select the services you would want to check anyway. Sure it still isn't the Holy "one click classify server by role" Grail starting point you're looking for but using saved profiles may make it manageable.

anon091 · 02-18-2013, 12:48 PM

Thanks for the reply guys.

I guess my two main things would be for an ftp server and for just a straight up samba file server. Just looking for something to help aide me in my knowledge of what is enabled by default and what isn't. For instance, like I configured ntp on a server, then didn't realize for weeks that it wasn't set to run by default when a system is restarted, so that kinda scared me into thinking well what else is or isn't running on a server by default.

chrism01 · 02-18-2013, 10:22 PM

As you your profile says RHEL & Centos, you can use

Code:

chkconfig --list

to check what will be started at each runlevel boot.

anon091 · 02-19-2013, 07:40 AM

Cool, thanks Chris, I didn't realize you could do that to have it list everything. Now I just need to figure out what the ones I don't know are (which is most of them) and if they are truly needed, or if i turn them off what it will break.

Here's the output from that command from the server I just loaded, that will just be a samba file share server. If you guys notice anything that I obviously won't need that i could turn off, could you let me know, and also let me know why? Sadly I'm still way better at keeping existing servers running rather than loading new ones from scratch

Code:

abrt-ccpp       0:off   1:off   2:off   3:on    4:off   5:on    6:off
abrt-oops       0:off   1:off   2:off   3:on    4:off   5:on    6:off
abrtd           0:off   1:off   2:off   3:on    4:off   5:on    6:off
acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off
avahi-daemon    0:off   1:off   2:off   3:on    4:on    5:on    6:off
certmonger      0:off   1:off   2:off   3:on    4:on    5:on    6:off
cgconfig        0:off   1:off   2:off   3:off   4:off   5:off   6:off
cgred           0:off   1:off   2:off   3:off   4:off   5:off   6:off
cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
dataeng         0:off   1:off   2:off   3:on    4:on    5:on    6:off
dsm_om_connsvc  0:off   1:off   2:off   3:on    4:on    5:on    6:off
dsm_om_shrsvc   0:off   1:off   2:off   3:on    4:on    5:on    6:off
haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
irqbalance      0:off   1:off   2:off   3:on    4:on    5:on    6:off
iscsi           0:off   1:off   2:on    3:on    4:on    5:on    6:off
iscsid          0:off   1:off   2:off   3:on    4:on    5:on    6:off
kdump           0:off   1:off   2:off   3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
mcelogd         0:off   1:off   2:off   3:on    4:off   5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:on    3:on    4:on    5:on    6:off
multipathd      0:off   1:off   2:on    3:on    4:on    5:on    6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfs             0:off   1:off   2:off   3:off   4:off   5:off   6:off
nfslock         0:off   1:off   2:off   3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpdate         0:off   1:off   2:off   3:off   4:off   5:off   6:off
numad           0:off   1:off   2:off   3:off   4:off   5:off   6:off
oddjobd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
psacct          0:off   1:off   2:off   3:off   4:off   5:off   6:off
quota_nld       0:off   1:off   2:off   3:off   4:off   5:off   6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
restorecond     0:off   1:off   2:off   3:off   4:off   5:off   6:off
rhnsd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
rhsmcertd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
rngd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
rpcbind         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcgssd         0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcidmapd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcsvcgssd      0:off   1:off   2:off   3:off   4:off   5:off   6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
smartd          0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sssd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off
tgtd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
udev-post       0:off   1:on    2:on    3:on    4:on    5:on    6:off
webmin          0:off   1:off   2:on    3:on    4:off   5:on    6:off
ypbind          0:off   1:off   2:off   3:off   4:off   5:off   6:off

chrism01 · 02-19-2013, 11:01 PM

1. you can use awk to cut that down to just the relevant runlevel info; I just wanted you to be aware of what info is available.

2.

Quote:

just be a samba file share server

You need to be very sure what you mean by that eg how are you going to maintain it ie remotely means you'll need ssh ...

I definitely recommend you check each service through google/man pages eg http://linux.die.net/man/
That being said, here are a few likely options you probably won't need

cups - printer
ip6tables - if you only use ipv4, stop this one
kdump - kernel core dump analysis; are you really going to use this?
multipathd - multiple paths to disks
nfs, nfslock - a different kind of unix disk share
webmin - are you using this or adminning from cli
ypbind - NIS centralised auth system

Its really is up to you though; only you know (or should

) what this system needs.

anon091 · 02-20-2013, 08:39 AM

Thanks Chris. Yeah, the only ones that stuck out of me in that list that I probably wouldn't need are cups and ip6tables, but from your descriptions sounds like I wouldn't need the nfs and ypbind stuff either. and I hope I'd never have to use kdump haha

jsaravana87 · 02-20-2013, 12:58 PM

Quote:

I know for Windows servers, there are scanner programs that will scan a server to see if things are enabled that shouldn't be, if things are possibly misconfigured, etc based on what role you tell it the server will be.

Qualys Quad -->FreeScan will perform a comprehensive scan your server and gives you the vulnerability of your server with retification remedy to be perform to overcome risk.

anon091 · 02-20-2013, 01:53 PM

never heard of it, but i'll check it out. thanks.