View Single Post
  #7  
Old 21st May 2013, 14:58
JESUSSAVES JESUSSAVES is offline
Member
 
Join Date: Sep 2011
Location: U.S.
Posts: 74
Thanks: 10
Thanked 5 Times in 4 Posts
Default table results

Till, thanks again for your response and help with this.

Here are the results:

iptables -L

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
fail2ban-pureftpd  tcp  --  anywhere             anywhere            multiport dports ftp
fail2ban-dovecot-pop3imap  tcp  --  anywhere             anywhere            multiport dports pop3,pop3s,imap2,imaps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-dovecot-pop3imap (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-pureftpd (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
netstat -tap

Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:mysql                 *:*                     LISTEN      1748/mysqld
tcp        0      0 *:submission            *:*                     LISTEN      24159/master
tcp        0      0 *:pop3                  *:*                     LISTEN      2276/dovecot
tcp        0      0 *:imap2                 *:*                     LISTEN      2276/dovecot
tcp        0      0 *:sunrpc                *:*                     LISTEN      1059/portmap
tcp        0      0 *:ssmtp                 *:*                     LISTEN      24159/master
tcp        0      0 *:ftp                   *:*                     LISTEN      2235/pure-ftpd (SER
tcp        0      0 ns01.delcowebhos:domain *:*                     LISTEN      1331/named
tcp        0      0 localhost.locald:domain *:*                     LISTEN      1331/named
tcp        0      0 *:ssh                   *:*                     LISTEN      1614/sshd
tcp        0      0 *:smtp                  *:*                     LISTEN      12427/smtpd
tcp        0      0 localhost.localdoma:953 *:*                     LISTEN      1331/named
tcp        0      0 *:imaps                 *:*                     LISTEN      2276/dovecot
tcp        0      0 *:pop3s                 *:*                     LISTEN      2276/dovecot
tcp        0      0 *:56707                 *:*                     LISTEN      1071/rpc.statd
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      1863/amavisd (maste
tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      24159/master
tcp        0      0 localhost.localdo:41798 localhost.localdo:mysql ESTABLISHED 30509/amavisd (ch10
tcp        0      0 localhost.localdo:41895 localhost.localdo:mysql ESTABLISHED 31544/amavisd (ch8-
tcp        0      0 localhost.localdo:mysql localhost.localdo:41895 ESTABLISHED 1748/mysqld
tcp        0      0 localhost.localdo:51627 localhost.localdoma:www TIME_WAIT   -
tcp        0      0 localhost.localdo:56649 localhost.localdoma:ftp TIME_WAIT   -
tcp        0     52 ns01.delcowebhostin:ssh 192.168.1.1:1643        ESTABLISHED 12365/0
tcp        0      0 localhost.localdo:mysql localhost.localdo:41798 ESTABLISHED 1748/mysqld
tcp6       0      0 [::]:http-alt           [::]:*                  LISTEN      2023/apache2
tcp6       0      0 [::]:www                [::]:*                  LISTEN      2023/apache2
tcp6       0      0 [::]:tproxy             [::]:*                  LISTEN      2023/apache2
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      2235/pure-ftpd (SER
tcp6       0      0 [::]:domain             [::]:*                  LISTEN      1331/named
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1614/sshd
tcp6       0      0 ip6-localhost:953       [::]:*                  LISTEN      1331/named
tcp6       0      0 [::]:https              [::]:*                  LISTEN      2023/apache2
intodns (which looks OK. a few informational messages, but mail had been working on the server but no longer works and dns hasn't changed)

Code:
Category 	Status 	Test name 	Information send feedback
Parent 	Info 	Domain NS records 	Nameserver records returned by the parent servers are:

ns01.delcowebhosting.com.   ['71.225.4.213']   [TTL=172800]
ns02.delcowebhosting.com.   ['71.225.4.213']   [TTL=172800]

g.gtld-servers.net was kind enough to give us that information.
Pass 	TLD Parent Check 	Good. g.gtld-servers.net, the parent server I interrogated, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check.
Pass 	Your nameservers are listed 	Good. The parent server g.gtld-servers.net has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers.
Pass 	DNS Parent sent Glue 	Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the nameserver.(see RFC 1912 section 2.3)
Pass 	Nameservers A records 	Good. Every nameserver listed has A records. This is a must if you want to be found.
NS 	Info 	NS records from your nameservers	NS records got from your nameservers listed at the parent NS are:

ns02.delcowebhosting.com  ['71.225.4.213']   [TTL=86400]
ns01.delcowebhosting.com  ['71.225.4.213']   [TTL=86400]

Pass 	Recursive Queries 	Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone.
Pass 	Same Glue 	The A records (the GLUE) got from the parent zone check are the same as the ones got from your nameservers. You have to make sure your parent server has the same NS records for your zone as you do according to the RFC. This tests only nameservers that are common at the parent and at your nameservers. If there are any missing or stealth nameservers you should see them below!
Pass 	Glue for NS records 	OK. When I asked your nameservers for your NS records they also returned the A records for the NS records. This is a good thing as it will spare an extra A lookup needed to find those A records.
Pass 	Mismatched NS records 	OK. The NS records at all your nameservers are identical.
Pass 	DNS servers responded 	Good. All nameservers listed at the parent server responded.
Pass 	Name of nameservers are valid 	OK. All of the NS records that your nameservers report seem valid.
Pass 	Multiple Nameservers 	Good. You have multiple nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.
Pass 	Nameservers are lame 	OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
Pass 	Missing nameservers reported by parent 	OK. All NS records are the same at the parent and at your nameservers.
Pass 	Missing nameservers reported by your nameservers 	OK. All nameservers returned by the parent server g.gtld-servers.net are the same as the ones reported by your nameservers.
Pass 	Domain CNAMEs 	OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
Pass 	NSs CNAME check 	OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
Warn 	Different subnets 	WARNING: Not all of your nameservers are in different subnets
Pass 	IPs of nameservers are public 	Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like
Pass 	DNS servers allow TCP connection 	OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default.
Warn 	Different autonomous systems 	WARNING: Single point of failure
Pass 	Stealth NS records sent 	Ok. No stealth ns records are sent
SOA 	Info 	SOA record	The SOA record is:
Primary nameserver: ns01.delcowebhosting.com
Hostmaster E-mail address: webmaster.delcowebhosting.com
Serial #: 2013021901
Refresh: 28800
Retry: 7200
Expire: 604800   1 weeks
Default TTL: 86400
Pass 	NSs have same SOA serial 	OK. All your nameservers agree that your SOA serial number is 2013021901.
Pass 	SOA MNAME entry 	OK. ns01.delcowebhosting.com That server is listed at the parent servers.
Pass 	SOA Serial 	Your SOA serial number is: 2013021901. This appears to be in the recommended format of YYYYMMDDnn.
Pass 	SOA REFRESH 	OK. Your SOA REFRESH interval is: 28800. That is OK
Pass 	SOA RETRY 	Your SOA RETRY value is: 7200. Looks ok
Pass 	SOA EXPIRE 	Your SOA EXPIRE number is: 604800.Looks ok
Pass 	SOA MINIMUM TTL 	Your SOA MINIMUM TTL is: 86400. This value was used to serve as a default TTL for records without a given TTL value and now is used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours. Your value of 86400 is OK.
MX 	Info 	MX Records	Your MX records that were reported by your nameservers are:

10   mail.lightningflatscreenmounting.com   71.225.4.213

[These are all the MX records that I found. If there are some non common MX records at your nameservers you should see them below. ]
Pass 	Different MX records at nameservers 	Good. Looks like all your nameservers have the same set of MX records. This tests to see if there are any MX records not reported by all your nameservers and also MX records that have the same hostname but different IPs
Pass 	MX name validity 	Good. I did not detect any invalid hostnames for your MX records.
Pass 	MX IPs are public 	OK. All of your MX records appear to use public IPs.
Pass 	MX CNAME Check 	OK. No problems here.
Pass 	MX A request returns CNAME 	OK. No CNAMEs returned for A records lookups.
Pass 	MX is not IP 	OK. All of your MX records are host names.
Info 	Number of MX records 	OK. Looks like you only have one MX record at your nameservers. You should be careful about what you are doing since you have a single point of failure that can lead to mail being lost if the server is down for a long time.
Pass 	Mismatched MX A 	OK. I did not detect differing IPs for your MX records.
Pass 	Duplicate MX A records 	OK. I have not found duplicate IP(s) for your MX records. This is a good thing.
Pass 	Reverse MX A records (PTR) 	Your reverse (PTR) record:
213.4.225.71.in-addr.arpa ->  c-71-225-4-213.hsd1.nj.comcast.net
You have reverse (PTR) records for all your IPs, that is a good thing.
WWW 	Info 	WWW A Record 	Your www.lightningflatscreenmounting.com A record is:
www.lightningflatscreenmounting.com  [71.225.4.213] 
Pass 	IPs are public 	OK. All of your WWW IPs appear to be public IPs.
Pass 	WWW CNAME 	OK. No CNAME
rkhunter

Code:
rkhunter --update
[ Rootkit Hunter version 1.3.6 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]

rkhunter -c
[ Rootkit Hunter version 1.3.6 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ OK ]
    /bin/bash                                                [ OK ]
    /bin/cat                                                 [ OK ]
    /bin/chmod                                               [ OK ]
    /bin/chown                                               [ OK ]
    /bin/cp                                                  [ OK ]
    /bin/date                                                [ OK ]
    /bin/df                                                  [ OK ]
    /bin/dmesg                                               [ OK ]
    /bin/echo                                                [ OK ]
    /bin/egrep                                               [ OK ]
    /bin/fgrep                                               [ OK ]
    /bin/fuser                                               [ OK ]
    /bin/grep                                                [ OK ]
    /bin/ip                                                  [ OK ]
    /bin/kill                                                [ OK ]
    /bin/less                                                [ OK ]
    /bin/login                                               [ OK ]
    /bin/ls                                                  [ OK ]
    /bin/lsmod                                               [ OK ]
    /bin/mktemp                                              [ OK ]
    /bin/more                                                [ OK ]
    /bin/mount                                               [ OK ]
    /bin/mv                                                  [ OK ]
    /bin/netstat                                             [ OK ]
    /bin/ps                                                  [ OK ]
    /bin/pwd                                                 [ OK ]
    /bin/readlink                                            [ OK ]
    /bin/sed                                                 [ OK ]
    /bin/sh                                                  [ OK ]
    /bin/su                                                  [ OK ]
    /bin/touch                                               [ OK ]
    /bin/uname                                               [ OK ]
    /bin/which                                               [ OK ]
    /usr/bin/awk                                             [ OK ]
    /usr/bin/basename                                        [ OK ]
    /usr/bin/chattr                                          [ OK ]
    /usr/bin/cut                                             [ OK ]
    /usr/bin/diff                                            [ OK ]
    /usr/bin/dirname                                         [ OK ]
    /usr/bin/dpkg                                            [ OK ]
    /usr/bin/dpkg-query                                      [ OK ]
    /usr/bin/du                                              [ OK ]
    /usr/bin/env                                             [ OK ]
    /usr/bin/file                                            [ OK ]
    /usr/bin/find                                            [ OK ]
    /usr/bin/GET                                             [ Warning ]
    /usr/bin/groups                                          [ OK ]
    /usr/bin/head                                            [ OK ]
    /usr/bin/id                                              [ OK ]
    /usr/bin/killall                                         [ OK ]
    /usr/bin/last                                            [ OK ]
    /usr/bin/lastlog                                         [ OK ]
    /usr/bin/ldd                                             [ OK ]
    /usr/bin/less                                            [ OK ]
    /usr/bin/locate                                          [ OK ]
    /usr/bin/logger                                          [ OK ]
    /usr/bin/lsattr                                          [ OK ]
    /usr/bin/lsof                                            [ OK ]
    /usr/bin/mail                                            [ OK ]
    /usr/bin/md5sum                                          [ OK ]
    /usr/bin/mlocate                                         [ OK ]
    /usr/bin/newgrp                                          [ OK ]
    /usr/bin/passwd                                          [ OK ]
    /usr/bin/perl                                            [ Warning ]
    /usr/bin/pgrep                                           [ OK ]
    /usr/bin/pstree                                          [ OK ]
    /usr/bin/rkhunter                                        [ OK ]
    /usr/bin/runcon                                          [ OK ]
    /usr/bin/sha1sum                                         [ OK ]
    /usr/bin/sha224sum                                       [ OK ]
    /usr/bin/sha256sum                                       [ OK ]
    /usr/bin/sha384sum                                       [ OK ]
    /usr/bin/sha512sum                                       [ OK ]
    /usr/bin/size                                            [ OK ]
    /usr/bin/sort                                            [ OK ]
    /usr/bin/stat                                            [ OK ]
    /usr/bin/strings                                         [ OK ]
    /usr/bin/tail                                            [ OK ]
    /usr/bin/test                                            [ OK ]
    /usr/bin/top                                             [ OK ]
    /usr/bin/touch                                           [ OK ]
    /usr/bin/tr                                              [ OK ]
    /usr/bin/uniq                                            [ OK ]
    /usr/bin/users                                           [ OK ]
    /usr/bin/vmstat                                          [ OK ]
    /usr/bin/w                                               [ OK ]
    /usr/bin/watch                                           [ OK ]
    /usr/bin/wc                                              [ OK ]
    /usr/bin/wget                                            [ OK ]
    /usr/bin/whatis                                          [ OK ]
    /usr/bin/whereis                                         [ OK ]
    /usr/bin/which                                           [ OK ]
    /usr/bin/who                                             [ OK ]
    /usr/bin/whoami                                          [ OK ]
    /usr/bin/mawk                                            [ OK ]
    /usr/bin/lwp-request                                     [ Warning ]
    /usr/bin/bsd-mailx                                       [ OK ]
    /usr/bin/w.procps                                        [ OK ]
    /sbin/depmod                                             [ OK ]
    /sbin/ifconfig                                           [ OK ]
    /sbin/ifdown                                             [ OK ]
    /sbin/ifup                                               [ OK ]
    /sbin/init                                               [ OK ]
    /sbin/insmod                                             [ OK ]
    /sbin/ip                                                 [ OK ]
    /sbin/lsmod                                              [ OK ]
    /sbin/modinfo                                            [ OK ]
    /sbin/modprobe                                           [ OK ]
    /sbin/rmmod                                              [ OK ]
    /sbin/runlevel                                           [ OK ]
    /sbin/sulogin                                            [ OK ]
    /sbin/sysctl                                             [ OK ]
    /usr/sbin/adduser                                        [ OK ]
    /usr/sbin/chroot                                         [ OK ]
    /usr/sbin/cron                                           [ OK ]
    /usr/sbin/groupadd                                       [ OK ]
    /usr/sbin/groupdel                                       [ OK ]
    /usr/sbin/groupmod                                       [ OK ]
    /usr/sbin/grpck                                          [ OK ]
    /usr/sbin/inetd                                          [ Warning ]
    /usr/sbin/nologin                                        [ OK ]
    /usr/sbin/pwck                                           [ OK ]
    /usr/sbin/rsyslogd                                       [ OK ]
    /usr/sbin/tcpd                                           [ OK ]
    /usr/sbin/useradd                                        [ OK ]
    /usr/sbin/userdel                                        [ OK ]
    /usr/sbin/usermod                                        [ OK ]
    /usr/sbin/vipw                                           [ OK ]
    /usr/sbin/unhide-linux26                                 [ OK ]
Reply With Quote