unSpawn, Thanks for your reply. Sorry for the mix up in my first reply. I have tried as you suggested by dropping the # and still get the warning messages. I have tried putting everything back to the original setup and then doing one step at a time hoping that would work and still no go.
When I say the warnings don't bother me, I just meant that I've been monitoring them now for over a month and nothing has affected server in any way as far as cpu, bandwidth, or unusual spikes etc, so I determined that they were safe. I get so many crons with info from my server on various processes within my server that I thought something would show up somewhere. Did I make a hasty judgment? I'm a little confused with your comment about never allowing root to ssh over the network. How am I or any future clients supposed to log in to their ssh account using something like putty or SSH Secure Shell 3.2.9 with both set to no? In any case I made the changes in /usr/local/etc/rkhunter.conf "ALLOW_SSH_ROOT_USER': yes" to "ALLOW_SSH_ROOT_USER': no" and then in /etc/ssh/sshd_config "#PermitRootLogin': no" to "PermitRootLogin': no" I couldn't even see the "without-password" phrase anywhere in the config file. I'm not sure where the warning message even comes from now. Is there another ssh configuration file somewhere with different settings? I still get the same warning messages after rkhunter --propupd and rkhunter -c so I guess it's back to the drawing board. Nootkan -----Original Message----- From: unsp...@hushmail.com [mailto:unsp...@hushmail.com] Sent: October 3, 2009 12:19 AM To: rkhunter-users@lists.sourceforge.net; i...@sportsmanfishing.com Subject: Re: [Rkhunter-users] Unable to Whitelist Files and Directory Hello Nootkan, On Sat, 03 Oct 2009 02:25:17 +0200 Sportsman <i...@sportsmanfishing.com> wrote: >(highlighted in red) Not everybody uses HTML email.... >I used the command rkhunter -propupd after making changes and then ran >rkhunter -c and I am still getting the same warnings. I tried only making >changes to the #ALLOWHIDDENDIR and #ALLOWHIDDENFILE with the same result. You have to remove the hash because having lines starting with a hash means it's a comment line, so it should be: ALLOWHIDDENDIR=/dev/.udev ALLOWHIDDENFILE=/usr/bin/.ssh.hmac ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac >These warning messages don't bother me Generally speaking warnings should bother you. If they're due to distribution defaults and configuration errors it means you have to correct them for proper operation. If they're due to attacks (often very noisy) then you have a chance of investigating and taking measures. By the way allowing "PermitRootLogin': without-password" and "ALLOW_SSH_ROOT_USER': yes" are very much against best practices: root should never be allowed to log in over the network regardless. Best regards, unSpawn --- ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
