|
To disable root login edit /etc/ssh/sshd_config and
uncomment the following line:
#PermitRootLogin yes
and change to:
PermitRootLogin no
save and restart ssh. Now logout and log back in. You willl
need to have another Linux user handy to login as because you will no longer be
able to login as root. If you need root privileges just login as your Linux user
and su - into root.
Apache 1.3.33 is not the latest stable version of the 1.3.3
series, upgrade to 1.3.37 and that Apache message should go
away. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Rainsford Sent: Friday, October 20, 2006 6:53 AM To: [email protected] Subject: [Rkhunter-users] archives, root access & Apache being very new to this list, i just wanted to ask if there are searchable
archives of this list?
I am looking to find out a way to, turn off this:
Checking for allowed root login... Watch out Root login possible.
Possible risk!
After running for the first couple of times, i have found and reduced some
vulnerabilities I never knew about before-thanks for that.
Also, I am not sure what to do about this possible risk:
- Apache 1.3.33 [ Vulnerable ]
Many thanks for any help anyone
can offer,
regards
Richard
In case I have missed anything and it might be needed, my full report is
below:
Rootkit Hunter 1.2.8 is running
Determining OS... Darwin
Warning: Mac OS X is not fully supported!
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Skipped!
Check rootkits
* Default files and directories
Rootkit '55808 Trojan - Variant A'... [ OK ]
ADM Worm... [ OK ]
Rootkit 'AjaKit'... [ OK ]
Rootkit 'aPa Kit'... [ OK ]
Rootkit 'Apache Worm'... [ OK ]
Rootkit 'Ambient (ark) Rootkit'... [ OK ]
Rootkit 'Balaur Rootkit'... [ OK ]
Rootkit 'BeastKit'... [ OK ]
Rootkit 'beX2'... [ OK ]
Rootkit 'BOBKit'... [ OK ]
Rootkit 'CiNIK Worm (Slapper.B variant)'... [ OK ]
Rootkit 'Danny-Boy's Abuse Kit'... [ OK ]
Rootkit 'Devil RootKit'... [ OK ]
Rootkit 'Dica'... [ OK ]
Rootkit 'Dreams Rootkit'... [ OK ]
Rootkit 'Duarawkz'... [ OK ]
Rootkit 'Flea Linux Rootkit'... [ OK ]
Rootkit 'FreeBSD Rootkit'... [ OK ]
Rootkit 'Fuck`it Rootkit'... [ OK ]
Rootkit 'GasKit'... [ OK ]
Rootkit 'Heroin LKM'... [ OK ]
Rootkit 'HjC Kit'... [ OK ]
Rootkit 'ignoKit'... [ OK ]
Rootkit 'ImperalsS-FBRK'... [ OK ]
Rootkit 'Irix Rootkit'... [ OK ]
Rootkit 'Kitko'... [ OK ]
Rootkit 'Knark'... [ OK ]
Rootkit 'Li0n Worm'... [ OK ]
Rootkit 'Lockit / LJK2'... [ OK ]
Rootkit 'MRK'... [ OK ]
Rootkit 'Ni0 Rootkit'... [ OK ]
Rootkit 'RootKit for SunOS / NSDAP'... [ OK ]
Rootkit 'Optic Kit (Tux)'... [ OK ]
Rootkit 'Oz Rootkit'... [ OK ]
Rootkit 'Portacelo'... [ OK ]
Rootkit 'R3dstorm Toolkit'... [ OK ]
Rootkit 'RH-Sharpe's rootkit'... [ OK ]
Rootkit 'RSHA's rootkit'... [ OK ]
Sebek LKM [ OK ]
Rootkit 'Scalper Worm'... [ OK ]
Rootkit 'Shutdown'... [ OK ]
Rootkit 'SHV4'... [ OK ]
Rootkit 'SHV5'... [ OK ]
Rootkit 'Sin Rootkit'... [ OK ]
Rootkit 'Slapper'... [ OK ]
Rootkit 'Sneakin Rootkit'... [ OK ]
Rootkit 'Suckit Rootkit'... [ OK ]
Rootkit 'SunOS Rootkit'... [ OK ]
Rootkit 'Superkit'... [ OK ]
Rootkit 'TBD (Telnet BackDoor)'... [ OK ]
Rootkit 'TeLeKiT'... [ OK ]
Rootkit 'T0rn Rootkit'... [ OK ]
Rootkit 'Trojanit Kit'... [ OK ]
Rootkit 'Tuxtendo'... [ OK ]
Rootkit 'URK'... [ OK ]
Rootkit 'VcKit'... [ OK ]
Rootkit 'Volc Rootkit'... [ OK ]
Rootkit 'X-Org SunOS Rootkit'... [ OK ]
Rootkit 'zaRwT.KiT Rootkit'... [ OK ]
* Suspicious files and malware
Scanning for known rootkit strings [ OK ]
Scanning for known rootkit files [ OK ]
Testing running processes... [ OK ]
Miscellaneous Login backdoors [ OK ]
Miscellaneous directories [ OK ]
Software related files [ OK ]
Sniffer logs [ OK ]
* Trojan specific characteristics
shv4
Checking /etc/rc.d/rc.sysinit [ Not found ]
Checking /etc/inetd.conf [ Clean ]
Checking /etc/xinetd.conf [ Skipped ]
* Suspicious file properties
chmod properties
Checking /bin/ps [ Clean ]
Checking /bin/ls [ Clean ]
Checking /usr/bin/w [ Clean ]
Checking /usr/bin/who [ Clean ]
Script replacements
Checking /bin/ps [ Clean ]
Checking /bin/ls [ Clean ]
Checking /usr/bin/w [ Clean ]
Checking /usr/bin/who [ Clean ]
* OS dependant tests
Networking
* Check: frequently used backdoors
Not tested
* Interfaces
Scanning for promiscuous interfaces [ OK ]
System checks
* Allround tests
Checking hostname... Found. Hostname is PBG4.local
Checking for passwordless user accounts... Skipped
Checking for differences in user accounts... OK. No changes.
Checking for differences in user groups... OK. No changes.
Checking boot.local/rc.local file...
- /etc/rc.local [ Not found ]
- /etc/rc.d/rc.local [ Not found ]
- /usr/local/etc/rc.local [ Not found ]
- /usr/local/etc/rc.d/rc.local [ Not found ]
- /etc/conf.d/local.start [ Not found ]
- /etc/init.d/boot.local [ Not found ]
Checking rc.d files... [ Not found ]
Checking history files
Bourne Shell [ Not Found ]
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/usr/.DS_Store /etc/.9947C8BE-6E0C-11DA-A567-000D93633422
/etc/.????? 9ZU329BcFDISWF6s-oDZXa8vP ????
/etc/.????? RjZD7xHokpjZZDp0F1E5C94N4 ????
/etc/.BroadbandTuner-saved-settings
/etc/.MaQTg40BcDh6Dk4IRB52l3993DF0yPvUafk6
/etc/.NxVxIozejrpdI7xdgmdbxT9952F0In1qMkho
/etc/.TekPLABDLlrPBtsSbdEcC7lPA6fA8vbp9Btt
---------------
Please inspect: /usr/.DS_Store (data)
/etc/.9947C8BE-6E0C-11DA-A567-000D93633422 (data) /etc/.????? (cannot open
(/etc/.?????)) 9ZU329BcFDISWF6s-oDZXa8vP (cannot open
(9ZU329BcFDISWF6s-oDZXa8vP)) mach (symbolic link to `/mach.sym') sbin
(directory) /etc/.????? (cannot open (/etc/.?????)) RjZD7xHokpjZZDp0F1E5C94N4
(cannot open (RjZD7xHokpjZZDp0F1E5C94N4)) mach (symbolic link to `/mach.sym')
sbin (directory) /etc/.BroadbandTuner-saved-settings (ASCII text)
/etc/.MaQTg40BcDh6Dk4IRB52l3993DF0yPvUafk6 (data)
/etc/.NxVxIozejrpdI7xdgmdbxT9952F0In1qMkho (data)
/etc/.TekPLABDLlrPBtsSbdEcC7lPA6fA8vbp9Btt (data)
Application advisories
* Application scan
Checking Apache2 modules ... [ Not found ]
Checking Apache configuration ... [ OK ]
* Application version scan
- GnuPG 1.4.5 [ Unknown ]
- Apache 1.3.33 [ Vulnerable ]
- Bind DNS 9.2.2 [ OK ]
- OpenSSL 0.9.7i [ OK ]
- PHP 4.4.1 [ OK ]
- Procmail MTA 3.22 [ OK ]
- OpenSSH 4.2p1 [ OK ]
Your system contains some unknown version numbers. Please run Rootkit
Hunter
with the --update parameter or fill in the contact form (www.rootkit.nl)
Security advisories
* Check: Groups and Accounts
Searching for /etc/passwd... [ Found ]
Checking users with UID '0' (root)... [ OK ]
* Check: SSH
Searching for sshd_config...
Found /etc/sshd_config
Checking for allowed root login... Watch out Root login possible. Possible
risk!
info:
Hint: See logfile for more information about this issue
Checking for allowed protocols... [ Warning (SSH v1 allowed) ]
* Check: Events and Logging
Search for syslog configuration... [ OK ]
Checking for running syslog slave... [ OK ]
Checking for logging to remote system... [ OK (remote logging) ]
info: install.* @127.0.0.1:32376
---------------------------- Scan results
----------------------------
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Vulnerable applications: 1
Scanning took 71 seconds
-----------------------------------------------------------------------
Do you have some problems, undetected rootkits, false positives,
ideas
or suggestions?
Please e-mail me by filling in the contact form (@http://www.rootkit.nl)
-----------------------------------------------------------------------
to exit press ctrl + c and then ctrl + d
|
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
