On Sat, 2008-12-06 at 00:14 -0500, Mark Misulich wrote:
>
> Running the following commands gave the following results:
>
> linux-bd31:/home/lxmark # rkhunter --propupdate
> [ Rootkit Hunter version 1.3.2 ]
> File updated: searched for 151 files, found 135
> linux-bd31:/home/lxmark # rkhunter --rwo --sk -c
> Warning: The SSH configuration option 'PermitRootLogin' has not been
> set.
> The default value may be 'yes', to allow root access.
>
> One or more warnings have been found while checking the system.
> Please check the log file (/var/log/rkhunter.log)
>
> I have changed the PermitRootLogin in the following ssh configuration
> files to PermitRootLogin=no without
> effect; /etc/ssh/ssh_config /etc/ssh/ssh_config~ /etc/ssh/sshd_config
> /etc/ssh/sshd_config~
>
It still gives you a warning for this? You will need to look in the log
file at the SSH test to see what it says. It will say what the current
RKH configuration option is set to, and what your SSH configuration file
setting is set to. The two should be the same. If necessary email me the
latest rkhunter log file which gives you this warning. (Do not send it
to the list, as the log files can be large.)
> After the following commands were executed,
>
> rkhunter --propupdate
>
> rkhunter --rwo --sk --pkgmgr RPM -c
>
Hmm, this is still a bit confusing as to why just the inode is being
reported as having changed. I am suspecting that the rpm command is
returning something unusual. I also noticed that RKH did not seem to
correctly pick up your O/S name - and I think you said you are running
OpenSuSE? (I can't check with my old suse system until I get back to
work.)
Can you run the command:
rkhunter --debug --enable properties --pkgmgr RPM
This will create the file /tmp/rkhunter-debug. Can you email me the file
please. Do not email it to the list as it will be a *large* file.
Thanks,
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
