Odd Gnome desktop login behavior

[houseworkshy]

Part one

Security scripts *** 3.2.2, 2007.08.28.00.00 ***

Sun Jan 31 12:26:23 GMT 2010

12:26> Beginning security report for desktop (x86_64 Linux 2.6.28-17-generic).



# Performing check of passwd files...

# Checking entries from /etc/passwd.

--WARN-- [pass014w] Login (backup) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (bin) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (daemon) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (games) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (gnats) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (myusername) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (irc) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (libuuid) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (list) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (lp) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (mail) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (man) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (news) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (nobody) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (proxy) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (root) is disabled, but has a valid shell.

--WARN-- [pass015w] Login ID sync does not have a valid shell (/bin/sync).

--WARN-- [pass014w] Login (sys) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (uucp) is disabled, but has a valid shell.

--WARN-- [pass014w] Login (www-data) is disabled, but has a valid shell.

--WARN-- [pass006w] Integrity of password files questionable (/usr/sbin/pwck

-r).



# Performing check of group files...



# Performing check of user accounts...

# Checking accounts from /etc/passwd.

--WARN-- [acc021w] Login ID avahi-autoipd appears to be a dormant account.

--WARN-- [acc006w] Login ID gdm's home directory (/var/lib/gdm) has group

`gdm' write access.

--WARN-- [acc021w] Login ID libuuid appears to be a dormant account.

--WARN-- [acc022w] Login ID nobody home directory (/nonexistent) is not

accessible.

--WARN-- [acc006w] Login ID polkituser's home directory (/var/run/PolicyKit)

has group `polkituser' write access.



# Performing check of /etc/hosts.equiv and .rhosts files...



# Checking accounts from /etc/passwd...



# Performing check of .netrc files...



# Checking accounts from /etc/passwd...



# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...

--WARN-- [root003w] Root user has message capability turned on.

[houseworkshy]

Part 2


# Performing check of PATH components...

--WARN-- [path009w] /etc/profile does not export an initial setting for PATH.

# Only checking user 'root'



# Performing check of anonymous FTP...



# Performing checks of mail aliases...

# Checking aliases from /etc/aliases.



# Performing check of `cron' entries...

--WARN-- [cron004w] Root crontab does not exist

--WARN-- [cron005w] Use of cron is not restricted



# Performing check of 'inetd'...

# Checking inetd entries from /etc/inetd.conf



# Performing check of services with tcp wrappers...

# Analysing inetd entries from /etc/inetd.conf



# Performing check of 'services' ...

# Checking services from /etc/services.

--WARN-- [inet003w] The port for service sieve is also assigned to service

cisco-sccp.

--WARN-- [inet003w] The port for service ndtp is also assigned to service

pipe_server.

--WARN-- [inet003w] The port for service ndtp is also assigned to service

search.

--WARN-- [inet003w] The port for service postgres is also assigned to service

postgresql.

--WARN-- [inet003w] The port for service postgres is also assigned to service

postgresql.

--WARN-- [inet003w] The port for service sane is also assigned to service

sane-port.

--WARN-- [inet003w] The port for service webcache is also assigned to service

http-alt.

--WARN-- [inet003w] The port for service webcache is also assigned to service

http-alt.



# Performing NFS exports check...



# Performing check of system file permissions...



# Checking for known intrusion signs...

# Testing for promiscuous interfaces with /bin/ip

# Testing for backdoors in inetd.conf



# Performing check of files in system mail spool...



# Performing check for rookits...

# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...



# Performing system specific checks...

# Performing checks for Linux/2...



# Checking boot loader file permissions...

--WARN-- [boot02] The configuration file /boot/grub/menu.lst has group

permissions. Should be 0600

--FAIL-- [boot02] The configuration file /boot/grub/menu.lst has world

permissions. Should be 0600

--WARN-- [boot06] The Grub bootloader does not have a password configured.



# Checking for vulnerabilities in inittab configuration...



# Checking for correct umask settings for init scripts...

--WARN-- [misc021w] There are no umask entries in /etc/init.d/rcS



# Checking Logins not used on the system ...



# Checking network configuration

--WARN-- [lin012w] The system accepts ICMP redirection messages

--FAIL-- [lin016f] The system permits source routing from incoming packets

--WARN-- [lin017w] The system is not configured to log suspicious (martian)

packets

--FAIL-- [lin019f] The system does not have any local firewall rules

configured



# Verifying system specific password checks...



# Checking OS release...

[houseworkshy]

A truncated part 3

# Checking installed packages vs Debian Security Advisories...



# Checking md5sums of installed files

--FAIL-- [lin005f] Installed file

`/usr/share/app-install/desktop/abiword.desktop' checksum differs

from installed package 'app-install-data'.


The above fail is repeated for every package on the sytem and probably every package in my software list. There are pages and pages of it. Then

# Checking installed files against packages...

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.ofmap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.inputmap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.dep' does not

belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.ieee1394map'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.seriomap' does

not belong to any package.

--WARN-- [lin001w] File

`/lib/modules/2.6.28-17-generic/volatile/wlan_xauth.ko' does not

belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/volatile/wlan_wep.ko'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/volatile/wlan_tkip.ko'

does not belong to any package.

--WARN-- [lin001w] File

`/lib/modules/2.6.28-17-generic/volatile/wlan_scan_sta.ko' does not

belong to any package.

--WARN-- [lin001w] File

`/lib/modules/2.6.28-17-generic/volatile/wlan_scan_ap.ko' does not

belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/volatile/wlan_ccmp.ko'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/volatile/wlan_acl.ko'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/volatile/wlan.ko' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/volatile/wl.ko' does

not belong to any package.

--WARN-- [lin001w] File

`/lib/modules/2.6.28-17-generic/volatile/ath_rate_sample.ko' does not

belong to any package.

--WARN-- [lin001w] File

`/lib/modules/2.6.28-17-generic/volatile/ath_rate_onoe.ko' does not

belong to any package.

--WARN-- [lin001w] File

`/lib/modules/2.6.28-17-generic/volatile/ath_rate_minstrel.ko' does

not belong to any package.

--WARN-- [lin001w] File

`/lib/modules/2.6.28-17-generic/volatile/ath_rate_amrr.ko' does not

belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/volatile/ath_pci.ko'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/volatile/ath_hal.ko'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/volatile/.mounted'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.symbols.bin'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.alias.bin'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.ccwmap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.isapnpmap'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.pcimap' does

not belong to any package.

--WARN-- [lin001w] File

`/lib/modules/2.6.28-17-generic/updates/dkms/nvidia.ko' does not

belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.usbmap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.dep.bin' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.alias' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-17-generic/modules.symbols' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.ofmap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.inputmap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.dep' does not

belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.ieee1394map'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.seriomap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.symbols.bin'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.alias.bin'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.ccwmap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.isapnpmap'

does not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.pcimap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.usbmap' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.dep.bin' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.alias' does

not belong to any package.

--WARN-- [lin001w] File `/lib/modules/2.6.28-11-generic/modules.symbols' does

not belong to any package.

--WARN-- [lin001w] File `/lib/init/rw/.ramfs' does not belong to any package.

[houseworkshy]

And finally

Performing check of root directory...



# Checking device permissions...

--WARN-- [dev003w] The directory /dev/block resides in a device directory.

--WARN-- [dev003w] The directory /dev/char resides in a device directory.

--FAIL-- [dev002f] /dev/fuse has world permissions

--FAIL-- [dev002f] /dev/log has world permissions

--FAIL-- [dev002f] /dev/nvidia0 has world permissions

--FAIL-- [dev002f] /dev/nvidiactl has world permissions

--WARN-- [dev003w] The directory /dev/pktcdvd resides in a device directory.

--WARN-- [dev003w] File /dev/sndstat is a regular file in a device directory.



# Checking for existence of log files...

--FAIL-- [logf005f] Log file /var/log/btmp permission should be 660



# Checking for correct umask settings...



# Checking listening processes

--WARN-- [lin003w] The process `avahi-daemon' is listening on socket 48224

(UDP on every interface) is run by avahi.

--WARN-- [lin003w] The process `avahi-daemon' is listening on socket 5353 (UDP

on every interface) is run by avahi.

--WARN-- [lin002i] The process `dhclient' is listening on socket 68 (UDP) on

every interface.



# Checking sshd_config configuration files...

--FAIL-- [ssh005w] Cannot find a configuration file for SSH.



# Performing common access checks for root...

--FAIL-- [netw020f] There is no /etc/ftpusers file.



# Checking ntpd configuration...



# Checking unusual file names...



# Looking for unusual device files...

--ALERT-- [fsys006a] Unexpected device files found:

crw------- 1 root root 5, 1 Jan 28 11:16 /lib/udev/devices/console

crw-r----- 1 root kmem 1, 2 Jan 28 11:16 /lib/udev/devices/kmem

brw------- 1 root root 7, 0 Jan 28 11:16 /lib/udev/devices/loop0

crw------- 1 root root 10, 200 Jan 28 11:16 /lib/udev/devices/net/tun

crw------- 1 root root 1, 3 Jan 28 11:16 /lib/udev/devices/null

crw------- 1 root root 108, 0 Jan 28 11:16 /lib/udev/devices/ppp

lrwxrwxrwx 1 root root 15 Jan 28 11:16 /lib/udev/devices/stderr -> /proc/self/fd/2





# Checking symbolic links...



# Performing check of embedded pathnames...

12:34> Security report completed for desktop.

[houseworkshy]

Sorry about the size of all that lot, I don't know what is or isn't valid. Other than changing my user name to "myusername" and missing out duplicate checksum FAILS for everything it is verbatum.

[warfacegod]

What do you expect me to do with that? ?

[warfacegod]

I just installed tiger on my laptop, I'll get back to you when it's done running. By the way, how looonggg did that take to run?

[houseworkshy]

I made what is left of my mind bubble. But am I correct in thinking that all is not well.

[houseworkshy]

It ran quite quickly actually, minuets. To read the report I had to gksu gedit then copied a file onto my desktop so I could play with it and not have a root editor open whilst I was online. Not that it made much differance now I guess.

[warfacegod]

I don't want to say something and have it be wrong but if I were you, I'd go with my gut. Just from very briefly scanning through that...whatever that is, my gut is feeling funny. If my laptop had that, there would be klaxxons going off in my head. I would post a link to this over in the Security forum to see what those guys say.