On Monday 28 May 2007 12:17, Jim Flanagan wrote: > Hi all, > > On my new reinstall of openSuse10.2, I installed rkhunter 1. 28 and > updated thru the command line. > > When I run it in command line, it reports no errors. But when it runs > its daily run, it reports the following 2 errors in root email.... > > ---------- > Please inspect this machine, because it can be infected > ------------ > > ----------- > running daily cronjob scripts > > SCRIPT: suse.de-rkhunter exited with RETURNCODE = 1. > SCRIPT: output (stdout && stderr) follows > > Line: > Watch out Root login possible. Possible risk! > Some errors has been found while checking. Please perform a manual check > on this machine ziggy > SCRIPT: suse.de-rkhunter > ------- END OF OUTPUT > > > SCRIPT: output (stdout && stderr) follows > > Laying out /etc/preload.d/Firefox > Laying out /etc/preload.d/Gimp > Laying out /etc/preload.d/Khelpcenter > Laying out /etc/preload.d/Mozilla > Laying out /etc/preload.d/OpenOffice > Laying out /etc/preload.d/boot > Laying out /etc/preload.d/cups > Laying out /etc/preload.d/gdm > Laying out /etc/preload.d/kde > Laying out /etc/preload.d/kde.early > Laying out /etc/preload.d/kdm > Laying out /etc/preload.d/kdm.auto > Laying out /etc/preload.d/later > SCRIPT: suse.de-update-preload > ------- END OF OUTPUT > -------------------- > > Can anyone interpret this for me. I'm at a loss here. I do not get any > errors or bad reports when I run rkhunter in command line. But these > emails keep coming once a day.
Hi Jim, I once use rkhunter too, and I don't see any error in your email. > Line: > Watch out Root login possible. Possible risk! It means that your ssh still allows root to login. For better security, we need to disable root login in ssh, by editing /etc/ssh/sshd_config, PermitRootLogin no. > Some errors has been found while checking. Please perform a manual check > on this machine ziggy This is I don't now. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 2:31pm up 2:27, 2.6.18.2-34-default GNU/Linux Let's use OpenOffice. http://www.openoffice.org
pgpEpSbLM5nel.pgp
Description: PGP signature
