Hello all, please bear with me as I'm a rookie here trying to straighten out
my learning curve a little.
Server Info:
Processor: AMD Opteron 1218
Operating System: CentOS 5 64 bit
Security (including rkhunter and chrootkit) set up by a company called "Way
to Web" using CPanel Service Package + Mailwatch.
I've read through the faq, readme, forums and quite a few posts in this
mailing list archives also.
I was able to learn how to use putty with commands to find my rkhunter.conf
file and based on the info from the above reading material, I added the
files and directory (highlighted in red) from the warning email below:
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option 'PermitRootLogin': without-password
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': yes
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
I put the above files and directory into the rkhunter.conf as follows:
295 # Allow the specified commands to be scripts.
296 # One command per line (use multiple SCRIPTWHITELIST lines).
297 #
298 #SCRIPTWHITELIST=/sbin/ifup
299 #SCRIPTWHITELIST=/sbin/ifdown
300 #SCRIPTWHITELIST=/usr/bin/groups
301 #SCRIPTWHITELIST=/usr/dev/.udev
302 #SCRIPTWHITELIST=/usr/bin/.ssh.hmac
303 #SCRIPTWHITELIST=/usr/sbin/.sshd.hmac
309 # Allow the specified hidden directories.
310 # One directory per line (use multiple ALLOWHIDDENDIR lines).
311 #
312 #ALLOWHIDDENDIR=/etc/.java
313 #ALLOWHIDDENDIR=/dev/.udev
314 #ALLOWHIDDENDIR=/dev/.udevdb
315 #ALLOWHIDDENDIR=/dev/.udev.tdb
316 #ALLOWHIDDENDIR=/dev/.static
317 #ALLOWHIDDENDIR=/dev/.initramfs
318 #ALLOWHIDDENDIR=/dev/.SRC-unix
321 # Allow the specified hidden files.
322 # One file per line (use multiple ALLOWHIDDENFILE lines).
323 #
324 #ALLOWHIDDENFILE=/etc/.java
325 #ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
326 #ALLOWHIDDENFILE=/etc/.pwd.lock
327 #ALLOWHIDDENFILE=/etc/.init.state
328 #ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
329 #ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
I used the command rkhunter -propupd after making changes and then ran
rkhunter -c and I am still getting the same warnings. I tried only making
changes to the #ALLOWHIDDENDIR and #ALLOWHIDDENFILE with the same result.
These warning messages don't bother me, I was just trying to learn a little
about configuring rkhunter. I hope I have used this list appropriately and
gave enough info for someone here to maybe help me out. Thanks in advance.
Nootkan
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
