Mike, thanks for your reply. I have ran rkhunter --propupd. I also ran rkhunter --update. I also restarted open ssh in my WHM.
-----Original Message----- From: Michael White [mailto:white...@gmail.com] Sent: October 27, 2009 8:06 PM To: rkhunter-users@lists.sourceforge.net Subject: Re: [Rkhunter-users] PermitRootLogin Issues Still On Mon, Oct 26, 2009 at 2:15 PM, Sportsman <i...@sportsmanfishing.com> wrote: > Hello, well Ive followed your advice and made the changes in sshd_config > and rkhunter.conf to reflect the permitrootlogin issues but I am still > getting the same warnings from Root Hunter when I run a check. > > SSH configuration option 'PermitRootLogin': no > > [14:11:36] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': yes > > [14:11:36] Checking if SSH protocol v1 is allowed [ Not allowed ] > > [14:11:36] Checking for running syslog daemon [ Found ] > > [14:11:36] Checking for syslog configuration file [ Found ] > > [14:11:36] Info: Found syslog configuration file: /etc/syslog.conf > > [14:11:36] Checking if syslog remote logging is allowed [ Not allowed ] > > [14:11:36] > > [14:11:36] Performing filesystem checks > > [14:11:36] Info: Starting test name 'filesystem' > > [14:11:36] Info: SCAN_MODE_DEV set to 'THOROUGH' > > [14:11:37] Checking /dev for suspicious file types [ None found ] > > [14:11:37] Checking for hidden files and directories [ Warning ] > > [14:11:37] Warning: Hidden directory found: /dev/.udev > > [14:11:37] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text > > [14:11:37] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text > > [14:11:37] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text > > > > > > Here is a copy of the lines from my sshd_config: > > # Authentication: > > > > #LoginGraceTime 2m > > PermitRootLogin no > > #StrictModes yes > > #MaxAuthTries 6 > > > > #RSAAuthentication yes > > #PubkeyAuthentication yes > > #AuthorizedKeysFile .ssh/authorized_keys > > > > Here is a copy of the lines from rkhunter.conf: > > # The following option is checked against the SSH configuration file > > # 'PermitRootLogin' option. A warning will be displayed if they do not > > # match. However, if a value has not been set in the SSH configuration > > # file, then a value here of 'yes' or 'unset' will not cause a warning. > > # This option has a default value of 'no'. > > ALLOW_SSH_ROOT_USER=no > > > > Here is a copy of the hidden file lines from rkhunter.conf: > > # Allow the specified hidden directories. > > # One directory per line (use multiple ALLOWHIDDENDIR lines). > > # > > #ALLOWHIDDENDIR=/etc/.java > > ALLOWHIDDENDIR=/dev/.udev > > #ALLOWHIDDENDIR=/dev/.udevdb > > #ALLOWHIDDENDIR=/dev/.udev.tdb > > #ALLOWHIDDENDIR=/dev/.static > > #ALLOWHIDDENDIR=/dev/.initramfs > > #ALLOWHIDDENDIR=/dev/.SRC-unix > > > > # Allow the specified hidden files. > > # One file per line (use multiple ALLOWHIDDENFILE lines). > > # > > #ALLOWHIDDENFILE=/etc/.java > > #ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz > > ALLOWHIDDENFILE=/usr/bin/.ssh.hmac > > ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac > > ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac > > #ALLOWHIDDENFILE=/etc/.pwd.lock > > #ALLOWHIDDENFILE=/etc/.init.state > > > > What am I doing wrong? > > > > ---------------------------------------------------------------------------- -- > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > > Did you restart OpenSSH? I believe that you have to restart SSH in order for the changes in the configuration file to take effect. regards, Mike ---------------------------------------------------------------------------- -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
