John, thx's for the information.
Mike ----- Original Message ----- From: "John Horne" <[EMAIL PROTECTED]> To: <rkhunter-users@lists.sourceforge.net> Sent: Tuesday, September 25, 2007 8:41 AM Subject: Re: [Rkhunter-users] Warning Message > On Tue, 2007-09-25 at 08:26 -0500, Mike Blezien wrote: > >> >> I think I located the problem. In the passwd file was a line commented out >> with >> the # sign which I assume is what Rkhunter was reading and causing the >> warning >> message: >> >> # root:x:0:0:,,:/root:/bin/bash >> > As far as I am aware commenting out userid's is not a common thing to > do. For a start the /etc/shadow entry will still exist with the > password. The 'pwck' command will show the (/etc/passwd) entry as being > invalid. To disable an account you can do this by locking it with the > 'passwd' command. > > I think RKH is, in this instance, doing the right thing in showing the > warning. > > I should point out that the account name is actually '# root'. However, > RKH sees this as 2 account names - '#' and 'root'. The 'root' account is > automatically whitelisted, so doesn't cause a warning. I guess RKH > should cater for a space being there though, and have reported the name > as '# root'. > > > > John. > > -- > --------------------------------------------------------------- > John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 > E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
