Sportsman wrote: > Hello, well I’ve followed your advice and made the changes in sshd_config and > rkhunter.conf to reflect the permitrootlogin issues but I am still getting > the same warnings from Root Hunter when I run a check. > > SSH configuration option 'PermitRootLogin': no > > [14:11:36] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': yes > > [14:11:36] Checking if SSH protocol v1 is allowed [ Not allowed ] > > [14:11:36] Checking for running syslog daemon [ Found ] > > [14:11:36] Checking for syslog configuration file [ Found ] > > [14:11:36] Info: Found syslog configuration file: /etc/syslog.conf > > [14:11:36] Checking if syslog remote logging is allowed [ Not allowed ] > > [14:11:36] > > [14:11:36] Performing filesystem checks > > [14:11:36] Info: Starting test name 'filesystem' > > [14:11:36] Info: SCAN_MODE_DEV set to 'THOROUGH' > > [14:11:37] Checking /dev for suspicious file types [ None found ] > > [14:11:37] Checking for hidden files and directories [ Warning ] > > [14:11:37] Warning: Hidden directory found: /dev/.udev > > [14:11:37] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text > > [14:11:37] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text > > [14:11:37] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text > > > > > > Here is a copy of the lines from my sshd_config: > > # Authentication: > > > > #LoginGraceTime 2m > > PermitRootLogin no > > #StrictModes yes > > #MaxAuthTries 6 > > > > #RSAAuthentication yes > > #PubkeyAuthentication yes > > #AuthorizedKeysFile .ssh/authorized_keys > > > > Here is a copy of the lines from rkhunter.conf: > > # The following option is checked against the SSH configuration file > > # 'PermitRootLogin' option. A warning will be displayed if they do not > > # match. However, if a value has not been set in the SSH configuration > > # file, then a value here of 'yes' or 'unset' will not cause a warning. > > # This option has a default value of 'no'. > > ALLOW_SSH_ROOT_USER=no > > > > Here is a copy of the hidden file lines from rkhunter.conf: > > # Allow the specified hidden directories. > > # One directory per line (use multiple ALLOWHIDDENDIR lines). > > # > > #ALLOWHIDDENDIR=/etc/.java > > ALLOWHIDDENDIR=/dev/.udev > > #ALLOWHIDDENDIR=/dev/.udevdb > > #ALLOWHIDDENDIR=/dev/.udev.tdb > > #ALLOWHIDDENDIR=/dev/.static > > #ALLOWHIDDENDIR=/dev/.initramfs > > #ALLOWHIDDENDIR=/dev/.SRC-unix > > > > # Allow the specified hidden files. > > # One file per line (use multiple ALLOWHIDDENFILE lines). > > # > > #ALLOWHIDDENFILE=/etc/.java > > #ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz > > ALLOWHIDDENFILE=/usr/bin/.ssh.hmac > > ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac > > ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac > > #ALLOWHIDDENFILE=/etc/.pwd.lock > > #ALLOWHIDDENFILE=/etc/.init.state > > > > What am I doing wrong? > > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Did you restart OpenSSH? I believe that you have to restart SSH in order for the changes in the configuration file to take effect. regards, Mike ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
