tiger 1:3.2.3-10 / usr / lib / tiger / html / linux.html

This file is indexed.

/usr/lib/tiger/html/linux.html is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
<HR><PRE>








</PRE><HR>
<CENTER><H2> Documents for linux</H2></CENTER>
<A NAME="lin001w"><P><B>Code [lin001w]</B><P>
A program installed in your system has probably been not installed
by a package of your Linux packaging system. If this binary has
been installed by the administrator note that /usr/local/ is the
place for this files.
<PRE>










</PRE><HR>
<A NAME="lin002i"><P><B>Code [lin002i]</B><P>
Installed processes listening on Internet interfaces must be
tightly controlled since they are the "open doors" to the
outside.
<PRE>










</PRE><HR>
<A NAME="lin003w"><P><B>Code [lin003w]</B><P>
Processes that have not been run by root are listening on
interfaces open to the outside. This processes might have been
run by root and changed uids or might be rogue processes.
Confirm if their presence is necessary.
Notice that sometimes services open sporadic UDP listeners to
receive DNS requests, if you receive reports on open UDP services
that later on are closed this might be a false positive.
<PRE>










</PRE><HR>
<A NAME="lin004i"><P><B>Code [lin004i]</B><P>
Netstat can be used instead of lsof in order to provide information
on listening processes, however it will provide less info since it
cannot determine the process (or PID) associated with the open socket
or the user that runs it.
<PRE>










</PRE><HR>
<A NAME="lin005f"><P><B>Code [lin005f]</B><P>
In Debian systems, checksums are stored in /var/lib/dpkg/info/
if the md5sum of a file differs from the checksum of installed packages
it might be due to changes made by the system administrator (for
example, files in /etc) by everyday use of by a possible intruder
(who might have placed a trojan instead of the checked file)
Be forewarned, an attacker might have modified this info files
(they are not protected against this)
<PRE>










</PRE><HR>
<A NAME="lin006w"><P><B>Code [lin006w]</B><P>
A file installed by a package no longer exists in the system and
cannot be checked for. An administrator should not remove files from
the system, they should be removed uninstalling the packages that
provided them. This is an unusual behavior.
<PRE>










</PRE><HR>
<A NAME="lin007w"><P><B>Code [lin007w]</B><P>
In the default configuration of many GNU/Linux distributions users can
reboot the machine pressing Ctrl+Alt+Delete while in console mode. This can
be considered a security risk if an attacker can easily taken down the
server from console.
You can restrict this feature through the use of the /etc/shutdown.allow
file. In that file is defined, only if a user listed in the file (or
root) are logged in will the system shutdown be initiated.
<PRE>










</PRE><HR>
<A NAME="lin008e"><P><B>Code [lin008e]</B><P>
The /proc pseudo-filesystem is needed to check the network configuration
settings in the kernel and determine insecure setups. /proc is available
when the kernel is compiled with the CONFIG_PROC_FS=Y option (if you want
to modify them you also need to add the CONFIG_SYSCTL=Y option). You also
need to have it mounted, if it's not try: 'mount -t proc proc /proc'.
This is usually done in most distributions per default.
<PRE>










</PRE><HR>
<A NAME="lin009i"><P><B>Code [lin009i]</B><P>
The kernel will answer (per configuration) to ICMP echo requests in any
interface. You might want to configure it to not answer to this requests
and thus make it more "invisible". Do it with:
# sysctl -w net.ipv4.icmp_echo_ignore_all=1
Note, however, that this violates RFCs.
<PRE>










</PRE><HR>
<A NAME="lin010f"><P><B>Code [lin010f]</B><P>
The system will answer to ICMP broadcast echo messages. This is considered
a problem since ICMP broadcasts can cause network denial of service as
the same time as giving away the location of the hosts. To remove this do:
# sysctl -w net.ipv4.icmp_echo_ignore_broadcasts = 1
<PRE>










</PRE><HR>
<A NAME="lin011f"><P><B>Code [lin011f]</B><P>
The system is configured to answer to bad formatted ICMP messages. This
behavior is not recommended, please unconfigure it with:
# sysctl -w net.ipv4.icmp_ignore_bogus_error_responses = 1
<PRE>










</PRE><HR>
<A NAME="lin012w"><P><B>Code [lin012w]</B><P>
The system is configured to accept ICMP redirects, this might or might
not be necessary in your network topology. If you have multiple routers
to which connect through to outside locations it might be necessary,
otherwise remove it since an attacker could send bogus ICMP redirection
messages to try to route the outgoing network packets to other systems
(including his own) and thus allowing for man in the middle or
denial of service attacks:
# sysctl -w net.ipv4.conf.all.accept_redirects = 0
and:
# sysctl -w net.ipv4.conf.default.accept_redirects = 0
<PRE>










</PRE><HR>
<A NAME="lin013f"><P><B>Code [lin013f]</B><P>
It is common to protect systems against Denial of Service attacks using
SYN packets (commonly known as "SYN flooding") by activating support
of TCP syncookies. Note, however, that activating this violates some RFCs:
# sysctl -w net.ipv4.tcp_syncookies = 1
<PRE>










</PRE><HR>
<A NAME="lin014f"><P><B>Code [lin014f]</B><P>
It is possible to send IP spoofed packets from this machine. Spoofed
packets are commonly used by trojans that make use of compromised hosts
to deliver denial of service, man in the middle or connection hijacking.
You should consider configuring your kernel to not permit this:
# sysctl -w net.ipv4.conf.all.rp_filter = 2
and:
# sysctl -w net.ipv4.conf.default.rp_filter = 2
<PRE>










</PRE><HR>
<A NAME="lin015w"><P><B>Code [lin015w]</B><P>
IP forwarding is the option that permits the system to act as a router
and thus resend packets from one network interface to another. If your
system is not acting as such this option should be disabled:
# sysctl -w net.ipv4.ip_forward = 0
<PRE>










</PRE><HR>
<A NAME="lin016f"><P><B>Code [lin016f]</B><P>
Source routing might permit an attacker to send packets through your
host (if routing is enabled) to other hosts without following your
network topology setup. It should be enabled only under very special
circumstances or otherwise an attacker could try to bypass the traffic
filtering that is done on the network:
# sysctl -w net.ipv4.conf.all.accept_source_route = 0
and:
# sysctl -w net.ipv4.conf.default.accept_source_route = 0
<PRE>










</PRE><HR>
<A NAME="lin017w"><P><B>Code [lin017w]</B><P>
Suspicious packets received by the kernel should be logged to detect
incoming attacks. To activate this logging capability:
# sysctl -w net.ipv4.conf.all.log_martians = 1
and:
# sysctl -w net.ipv4.conf.default.log_martians = 1
<PRE>










</PRE><HR>
<A NAME="lin018w"><P><B>Code [lin018w]</B><P>
The "weak end host" description in the RFC1122 permits multihomed systems
to receive packets for a network interface from another network interface.
This, as a matter of fact, removes the benefit of configuring services
and binding them to a single IP address (not to all IP addresses).
For 2.2 kernels remove this option with:
# echo 1 > /proc/sys/net/ipv4/conf/eth1/hidden
For 2.4 and later kernels you might need to patch the kernel or configure
your firewalling rules properly (i.e. defining anti-spoofing rules).
<PRE>










</PRE><HR>
<A NAME="lin019f"><P><B>Code [lin019f]</B><P>
The system has no firewalling rules in place to limit access to network
services and protocols. Considering configuring a set of local firewall
rules adapted to your needs. There are multiple firewall generation software
you can use to generate these (such as Bastille, Shorewall, Firestarter,
or Knetfiler).
Local firewall rules can be used to block undesired incoming and outgoing
traffic and can be useful to prevent access to network services that are
listening on all system interfaces, only want to be used from specific
hosts (or interfaces) and lack capabilities to either restrict its
use to specific local network IP addresses or hosts.
If the system is multi-home a local firewall configuration will prevent
spoofing attacks due to "weak end host" issues.

APT Browse - Built by Thomas Orozco.