Hello, well I've followed your advice and made the changes in sshd_config
and rkhunter.conf to reflect the permitrootlogin issues but I am still
getting the same warnings from Root Hunter when I run a check.
SSH configuration option 'PermitRootLogin': no
[14:11:36] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': yes
[14:11:36] Checking if SSH protocol v1 is allowed [ Not allowed ]
[14:11:36] Checking for running syslog daemon [ Found ]
[14:11:36] Checking for syslog configuration file [ Found ]
[14:11:36] Info: Found syslog configuration file: /etc/syslog.conf
[14:11:36] Checking if syslog remote logging is allowed [ Not allowed ]
[14:11:36]
[14:11:36] Performing filesystem checks
[14:11:36] Info: Starting test name 'filesystem'
[14:11:36] Info: SCAN_MODE_DEV set to 'THOROUGH'
[14:11:37] Checking /dev for suspicious file types [ None found ]
[14:11:37] Checking for hidden files and directories [ Warning ]
[14:11:37] Warning: Hidden directory found: /dev/.udev
[14:11:37] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
[14:11:37] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
[14:11:37] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
Here is a copy of the lines from my sshd_config:
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
Here is a copy of the lines from rkhunter.conf:
# The following option is checked against the SSH configuration file
# 'PermitRootLogin' option. A warning will be displayed if they do not
# match. However, if a value has not been set in the SSH configuration
# file, then a value here of 'yes' or 'unset' will not cause a warning.
# This option has a default value of 'no'.
ALLOW_SSH_ROOT_USER=no
Here is a copy of the hidden file lines from rkhunter.conf:
# Allow the specified hidden directories.
# One directory per line (use multiple ALLOWHIDDENDIR lines).
#
#ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENDIR=/dev/.udev
#ALLOWHIDDENDIR=/dev/.udevdb
#ALLOWHIDDENDIR=/dev/.udev.tdb
#ALLOWHIDDENDIR=/dev/.static
#ALLOWHIDDENDIR=/dev/.initramfs
#ALLOWHIDDENDIR=/dev/.SRC-unix
# Allow the specified hidden files.
# One file per line (use multiple ALLOWHIDDENFILE lines).
#
#ALLOWHIDDENFILE=/etc/.java
#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
#ALLOWHIDDENFILE=/etc/.pwd.lock
#ALLOWHIDDENFILE=/etc/.init.state
What am I doing wrong?
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
