Your message dated Sun, 22 Oct 2006 10:05:20 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Fixed upstream
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: rkhunter
Version: 1.2.8-3
Severity: minor
For inexperienced users, the following excerpt from a daily check mail
says about nothing:
----------------- cut here --------------------
Line:
[ Warning! ]
Line: [ Warning! ]
Watch out Root login possible. Possible risk!
-----------------------------------------------------------------
Found warnings:
[00:03:35] WARNING, found: /etc/.serial.conf.old (ASCII English text)
[00:03:38] Warning: root login possible. Change for your safety the
'PermitRootLogin'
----------------- cut here --------------------
Apart from the fact that the warning about /etc/.serial.conf.old is a
false positive (the file is perfectly normal), the Warning about
PermitRootLogin is insufficient. It gives absolutely no hint where that
configuration could be found or to which program it is related.
The two "Line: " outputs at the top look like they belong to some
debugging output.
So to summarize: The mail contained a false positive about
/etc/.serial.conf.old (which I can live with). And it contained a
warning that doesn't give any detail about what to fix (which service or
configuration). To an inexperienced user, this might look like a warning
regarding local logins.
I suggest: Fix that warning to include either a reference to sshd or to
/etc/ssh/sshd_config (or wherever the setting was found).
Regards,
Sven
-- System Information:
Debian Release: 3.1
APT prefers stable
APT policy: (990, 'stable'), (400, 'experimental'), (90, 'testing'), (50,
'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11.12-incase
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages rkhunter depends on:
ii debconf [debconf 1.4.30.13 Debian configuration management sy
ii file 4.12-1 Determines file type using "magic"
ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii perl 5.8.4-8sarge3 Larry Wall's Practical Extraction
ii wget 1.9.1-12 retrieves files from the web
Versions of packages rkhunter recommends:
pn libmd5-perl <none> (no description available)
-- debconf information:
* rkhunter/cron_daily_run: true
* rkhunter/cron_db_update: true
--- End Message ---
--- Begin Message ---
Package: rkhunter
Version: 1.2.9-1
Hi,
The new maintainer has fixed this issue in the latest release:
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... Watch out Root login possible. Possible
risk!
info: "PermitRootLogin yes" found in file /etc/ssh/sshd_config
Hint: See logfile for more information about this issue
The logfile is also clear:
[09:01:06] Info: Found 'PermitRootLogin yes'. Unsafe for production servers...
[09:01:06] Tip: Change the option in your configuration file
(/etc/ssh/sshd_config).
[09:01:06] Use normal user accounts and 'su' to obtain root permissions.
[09:01:06] Remote root login permitted, but allowed by using explicit option
I thus close the bug.
Cheers,
Julien
--- End Message ---
