You are here: Wiki-SL>HnTool Web>TestsHnTool (24 Mar 2010, RafaelGomes?)EditAttach

List of tests that are implemented on HnTool

The following tests are implemented on HnTool:

Apache config file

  • Check if Apache configurations files are not found
  • Checking if ServerTokens is using harmful conf
  • Checking if KeepAlive is set to On
  • Checking if ServerSignature is set to Off
  • Checking if LimitRequestBody is bigger than 0
  • Checking if LimitRequestFields is bigger than 0
  • Checking if LimitRequestFieldsize is equal 8190
  • Checking if LimitRequestLine is equal 8190
  • Checking Timeout less than 300
  • Checking .htpasswd files permission

Users, groups and authentications

  • Check if permissions on shadow file are correct
  • Check if permissions on passwd file are correct
  • Check if there are users (other than root) with UID 0
  • Search for harmful shells
  • Check permissions on home directories
  • Check if passwords expires on 90 days or more
  • Check if Single-User Mode does requires authentication

Checks filesystems for security problems

  • Check if the locate database can be found
  • Check if we find old files (+30 days) in /tmp
  • Check if we find old files (+30 days) in /var/db/locate.database

Checks security problems on php config file

  • Check if Register globals is on
  • Check if Safe mode is on (fake security)
  • Check if Display errors is on (stdout)
  • Check if Expose PHP is on

Checks for open ports

  • Check if we can find any device with executable rights
  • Check if we can find any open door

Check security problems on PostgreSQL? configuration files

  • Check if trusted local Unix authentication are allowed
  • Check if the server is running on default port
  • Check if the server is running with SSL

Checks for services with remote access allowed

  • Check if, by default, services are rejecting connections

Checks security problems on sshd config file

  • Check if root access is allowed
  • Check if SSH is using protocol v2
  • Check if empty passwords are allowed
  • Check if X11 forward is allowed
  • Check if TCP forwarding is allowed
  • Check if SSH is using the default port

Checks security problems on system-wide configuration

  • Check if Core dumps are disabled
  • Check if ExecShield is enabled
  • Check if GRUB asks for a password
  • Check permissions on /boot/grub/menu.lst
  • Check if Single-User mode requires authentication

DocumentationMetaData edit

Status in progress
Topic revision: r1 - 24 Mar 2010 - 01:49:04 - RafaelGomes?
 
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Wiki-SL? Send feedback