On Sunday 11 January 2009 10:32:18 Dick Gevers wrote: > On Sat, 10 Jan 2009 17:22:07 -0600, Chris wrote about Re: [Rkhunter-users] > > Warning: Found passwordless account: mpi: > >> Sounds odd, but it could just be that it hasn't been explained too well > >> in the docs. I have no passwordless accounts on any system, but do > >> configure systems to only allow SSH access, and only with with known > >> shared keys/userids/IP addresses. As such, there is no access unless the > >> user has the relevant private key, and from the relevant host. (Okay, so > >> access through software exploits is always a possibility, but that's > >> were patching and more securing/restricting comes in.) It is possible > >> that your MPI app does something like this - no passwords, but uses > >> shared keys to maintain access control. Perhaps asking on a Mandriva > >> list will offer better advice. > >> > >> > >> > >> John. > > > >Thanks for the reply John, I'll ask around on a couple of the Mandriva > >lists as you've suggested. > > I missed if you asked, but this Mandriva Linux Cooker listee found the > package: > > Name : mpich2 Relocations: (not relocatable) > Version : 1.0.7 Vendor: Mandriva > Release : 1mdv2009.0 Build Date: Sun Jul 20 12:45:42 > 2008 Install Date: (not installed) Build Host: > n4.mandriva.com Group : System/Cluster Source RPM: > (none) > Size : 16582668 License: BSD-style > Signature : (none) > Packager : Funda Wang <fundaw...@mandriva.org> > URL : http://www-unix.mcs.anl.gov/mpi/mpich/ > Summary : Portable implementation of MPI > Description : > MPICH is a freely available, portable implementation of MPI, the Standard > for message-passing libraries. > MPICH-A Portable Implementation of MPI is a MPI Standard conforming library > that was developed by the Argonne National Laboratory. It allows different > processes across a network of workstations to communicate using specific > message passing functions. It includes librairies, parallel debuging tools > and docs. > > This package provides the libraries that use the standard p4 device. > > > The package PREIN script reads: > /usr/sbin/groupadd -g 12384 -r -f mpi > /dev/null 2>&1 ||: > /usr/sbin/useradd -u 12384 -g mpi -d /var/lib/mpi -r \ > > > -s /bin/bash mpi -p "" -m > /dev/null 2>&1 ||: > > Cheers, > =Dick Gevers= > Thanks Dick, that's exactly how the user/group is setup user mpi, user id 12384 group mpi. I don't know how it got installed or when but urpme shows:
[r...@localhost ~]# urpme -a mpich2 Removing the following package will break your system: 1 which really doesn't tell me anything. So I guess for the time being I'll just leave it as is and mark it as a valid passwordless account in rkhunger conf. Thanks for the help Chris -- KeyID 0xE372A7DA98E6705C
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
