Re: [Rkhunter-users] noob here, should I be worried about these?

Tue, 19 Dec 2006 01:03:52 -0800 

Dimitri Yioulos wrote:
On Monday 18 December 2006 3:10 pm, [EMAIL PROTECTED] wrote: 
do I have to be worried about these?


rkhunter turned up these two

* Filesystem checks
   Checking /dev for suspicious files...                      [ OK ]
Scanning for hidden files... [ Warning! ] 
---------------
/etc/.java
/etc/.pwd.lock /dev/.udev
/dev/.static
---------------
Please inspect:  /etc/.java (directory)  /dev/.udev (directory)
/dev/.static (directory)

-----------------------------------------------------
or this?
* Check: SSH
   Searching for sshd_config...
   Found /etc/ssh/sshd_config
   Checking for allowed root login... Watch out Root login possible.
Possible risk!
    info: "PermitRootLogin yes" found in file /etc/ssh/sshd_config
    Hint: See logfile for more information about this issue
Checking for allowed protocols... [ Warning 
(SSH v1 allowed) ]


It's never a both; we were all noobs once :-)
About the first few lines having to do w/ java, I wouldn't worry about those. 
I believe those are files which rkhunter simply doesn't know about.
You can explicitly allow those by adding/uncommenting the following lines in /etc/rkhunter.conf: 

ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENDIR=/dev/.udev
ALLOWHIDDENDIR=/dev/.static
As to the last, it is true that allowing root ssh access can be a security risk. To "fix" that, locate the file sshd_config. Use any text editor; find the line "PermitRootLogin". Change from yes to no and save the file. You're 
good to go.
No, you're good to go after restarting sshd (/etc/init.d/sshd restart). :o)
And for the allowed protocols warning, set "Protocol 2" in your sshd_config file (/etc/ssh/sshd_config on Red Hat style Linux, but Mepis may be different). The default for OpenSSH is "Protocol 2,1", but SSH v1 shouldn't be enabled unless you really need it for legacy reasons. Again, restart sshd after changing the configuration for the changes to take effect. 

Nils Breunese.

Attachment: PGP.sig
Description: Dit deel van het bericht is digitaal ondertekend

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to