[Rkhunter-users] [patch]: Checking if SSH protocol v1 is allowed

Sat, 25 Mar 2017 11:59:59 -0700 

Hi,

I was running rkhunter earlier and had a persistent warning reported about 
legacy ssh protocol in use:

Performing system configuration file checks
  Checking if SSH protocol v1 is allowed                   [ Warning ]


The system does not allow v1 so I started poking at the test and found that ssh 
config values were retrieved from a single config file (sshd_conf).  [fyi] The 
linux distribution that rk was invoked on uses a default open-ss* package 
installation that has vars split between two independent files -- sshd_conf and 
ssh_conf:

% egrep 'Proto|Root' /etc/ssh/*
  /etc/ssh/ssh_config:   Protocol 2
  /etc/ssh/sshd_config:  PermitRootLogin no

Exclusively searching for "Protocol" in sshd_conf confused the test and will 
always report a warning when mutliple config files are in use.

The patch below was able to correct the problem on my system and might be 
fodder for a future release.

Thanks -- Joey


--- rkhunter    2014-03-12 16:54:55.000000000 -0400
+++ rkhunter.mod        2017-03-25 13:51:45.551706944 -0400
@@ -16264,7 +16264,8 @@
        # First find out where the SSH configuration file is located.
        #
 
-       SSH_CONFIG_FILE=""
+       SSH_CONFIG_FILE=""    # ALLOW_SSH_PROT_V1
+       SSHD_CONFIG_FILE=""   # PermitRootLogin
 
        if [ -n "${SSH_CONFIG_DIR}" ]; then
                RKHTMPVAR="${SSH_CONFIG_DIR}"
@@ -16274,15 +16275,20 @@
 
        for DIR in ${RKHTMPVAR}; do
                if [ -f "${DIR}/sshd_config" ]; then
-                       SSH_CONFIG_FILE="${DIR}/sshd_config"
+                       SSHD_CONFIG_FILE="${DIR}/sshd_config"
+                       SSH_CONFIG_FILE="${SSHD_CONFIG_FILE}"
+                       grep -i '^[     ]*Protocol[     =]' "${DIR}/ssh_config" 
2>/dev/null >/dev/null
+                       if [ $? -eq 0 ]; then
+                           SSH_CONFIG_FILE="${DIR}/ssh_config"
+                       fi
                        break
                fi
        done
 
-       if [ -n "${SSH_CONFIG_FILE}" ]; then
+       if [ -n "${SSHD_CONFIG_FILE}" ]; then
                display --to SCREEN+LOG --type PLAIN --result FOUND --color 
GREEN --log-indent 2 --screen-indent 4 SYSTEM_CONFIGS_FILE_SSH
 
-               display --to LOG --type INFO SYSTEM_CONFIGS_FILE_FOUND 'an' 
'SSH' "${SSH_CONFIG_FILE}"
+               display --to LOG --type INFO SYSTEM_CONFIGS_FILE_FOUND 'an' 
'SSH' "${SSHD_CONFIG_FILE}"
 
                display --to LOG --type INFO CONFIG_SSH_ROOT 
"${ALLOW_SSH_ROOT_USER}"
                display --to LOG --type INFO CONFIG_SSH_PROTV1 
$ALLOW_SSH_PROT_V1
@@ -16294,7 +16300,7 @@
                # First we check for allowed root access.
                #
 
-               RKHTMPVAR=`grep -i '^[  ]*PermitRootLogin[      =]' 
"${SSH_CONFIG_FILE}" | tail ${TAIL_OPT}1`
+               RKHTMPVAR=`grep -i '^[  ]*PermitRootLogin[      =]' 
"${SSHD_CONFIG_FILE}" | tail ${TAIL_OPT}1`
 
                if [ -n "${RKHTMPVAR}" ]; then
                        #

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to