Proshield Security Program Configuration in Debian
What is proshield ?
ProShield is a security program for Debian Linux. It helps
ensure your system is secure and up-to-date by checking many
different aspects of your system. Regular use is recommended.
Whether you are a Linux novice or a system administrator with a
dozen servers, ProShield is designed to be useable by all.
ProShield's main goal is to help secure a newly installed box
(computer), as well as maintain the security of an existing box
on a maintainance basis.
Helps you backup your system weekly.
Checks for extra root accounts.
Checks account & password files for correct access control
Makes sure a few security-hazardous packages are not installed.
Checks to make sure a packet sniffer is not running.
Removes unneeded packages from the local package archive.
Checks for new software releases, in order to see if installed
software is reasonably up to date. Smart-suggestion to upgrade
if an important package is released.
Checks to see if 'apt' is fetching unnecessary information when
checking for software updates.
Makes sure system time is accurate.
Checks to make sure the user isn't logged into the system (GUI)
Checks the configuration of the ssh server ([sshd] if installed)
for insecure settings.
At runtime, ProShield will also check to see if there has been a
new version released, and can download and install it at the
Once you install chkrootkit now we are ready for proshield
#dpkg -i proshield_3.7.45.deb
this will install proshield now you need to run this to check
the security of your debian system using the following command
ProShield may generate messages during operation, but you can
At the end, a report summary will be displayed.
** YOU MUST BE CONNECTED TO THE INTERNET FOR PROSHIELD TO
FUNCTION CORRECTLY **
ProShield is now checking to see if you are running the latest
This appears to be the first time you have run ProShield.
Please note that ProShield is not designed to perform forensic
analysis on your system to see if your computer has been
compromised. Detecting a compromised system is difficult, and
ProShield is not, and will never be a tool of that nature.
Press <enter> to continue...
Now enter from your key board
Note: ProShield assumes you have shadowed passwords
(/etc/shadow). If you don't, ProShield will still function just
fine, but will complain about /etc/shadow.
Making sure password file
permissions are correct...Done.
eth0: PACKET SNIFFER(/sbin/dhclient)
WARNING, a packet sniffer was detected. The program and its PID
is listed above.
Please wait while system time is checked...Done.
Checking to see if any of these are installed: nis/portmap/arpwatch...No
packages found matching portmap.
No packages found matching arpwatch.
Please wait while the Debian software repositories are queried
(this may take a long time)... Done.
Processing new software releases...Done.
Checking if the new software releases include any 'important'
Checking 'apt' package archive for unneeded old packages...Done.
Checking to see if 'apt' is programmed to fetch source
Checking to see if you are logged into X as root...Done.
Checking some of your ssh server settings...Done.
Checking to see when system was last backed up...Done.
- - ProShield Advisories for testmain1: - -
*A packet sniffer was detected. More information can be found in
output above the advisory section.
*'apt' is currently set up to fetch an additional set of
information regarding 'source packages'. This is probably not
*sshd (the ssh server) is configured to allowed direct root user
makes it a magnitude of order easier for an attacker to
penetrate your system.
*It's time to backup your system again.
ProShield will now ask you interactive questions to help you
security (by solving some of the above problems).
Press <enter> to continue...
sshd (ssh server) is currently allowing direct root user logins.
security hazardous. Would you like ProShield to fix this?
Would you like ProShield to never ask you again about ssh
root user logins?
Currently 'apt' is downloading source package release
information, which is
unnecessary. Unless you know what a source package is (and use
can answer 'y' and ProShield will modify your 'sources' file so
that apt does
not waste time/bandwidth doing this anymore. Answer 'n' to make
It's time to backup your system again. ProShield can do this
Your system will be backed up and stored in a compressed archive
Would you like ProShield to backup your system now?
By default, ProShield backups the most common directories and
your computer, and this is usually enough. However, at this
time, it is
possible to override ProShield's list of folders to backup, and
own list of folders to backup.
(the default list is /root/ /home/ /etc/ /usr/local/ /var/spool/cron/)
Would you like to change ProShield's list of directories to
Your system is being backed up (this may take a long
Backup complete (1,534 files backed up in 27 seconds).
Your backup archive is located at
You should make a copy of it on CD, tape, or another hard drive
one not in this machine