Just a partial answer as I run on a different platform. v1.4.6 (2018-02-20) is the latest release version, although I see there's a 1.4.6a with some minor changes in the developer area. There would normally be a v1.4.7 version during the development process prior to a 1.4.8 release, but I have not checked into that.
I see at least a similar bug report submitted back in 2016 that is still open and unassigned <https://sourceforge.net/p/rkhunter/bugs/151/>. Perhaps that meets your need. Sent from my iPad -Al- > On Jul 25, 2020, at 21:57, John Dodson <jwadod...@gmail.com> wrote: > I noted a while ago that rkhunter was giving a warning about, > > Warning: The SSH configuration option 'PermitRootLogin' has not been > set. > The default value may be 'yes', to allow root access. > > It followed changes to the sshd_config file & creation of the sshd_config.d > directory for local config changes. > > I submitted this to the fedora bugzilla for rkhunter, & Kevin Fenzi > <ke...@scrye.com> (Thanks Kevin, you were right to suggest that) responded > that > I should bring the matter up on the upstream list, which I sadly did not have > time for. > > At the time (28 June 2020) I did post to the list & got a rejection with a > suggestion that I first read, > > http://sourceforge.net/mailarchive/forum.php?forum=rkhunter-users > and > http://sourceforge.net/docman/display_doc.php?docid=35179&group_id=155034 > > before posting a question. (also the email contained the cryptic "L.S." at > the top???) > Both URLs give the message: > > Whoops, we can't find that page. > > The above pages still give the same message, so unless the list email that > I got that contains them has been updated, they are still problematic. > > Today I joined the mailing list rkhunterus...@lists.sourceforge.net & perused > the recent activity. I use firefox & it seemed that long lines in the, > https://sourceforge.net/p/rkhunter/mailman/rkhunter-users/?viewmonth=202004 > page were not rendered well with the borders cutting the lines off (maybe > that's > just firefox) otherwise, yet another problem to fix ;-) > > Also, it seems that the last rkhunter release was 2018-02-20 - can anyone > confirm that is the case? I know it's hard to maintain software - especially > open source - so this is not a complaint! Obviously it's lasted well for some > time, AND it might only be "redhat/fedora" that is now problematic. > > Now to my original problem, I submitted, > > https://bugzilla.redhat.com/show_bug.cgi?id=1851620 > > -------------------------------------------------------------------------------- > > John Dodson 2020-06-27 15:07:45 UTC > > Description of problem: > rkhunter complains about sshd setting after redhat update to sshd_config but > does not consider sshd_config.d includes > > --------------------- Start Rootkit Hunter Update --------------------- > [ Rootkit Hunter version 1.4.6 ] > > Checking rkhunter data files... > Checking file mirrors.dat [ No update ] > Checking file programs_bad.dat [ No update ] > Checking file backdoorports.dat [ No update ] > Checking file suspscan.dat [ No update ] > Checking file i18n/cn [ No update ] > Checking file i18n/de [ No update ] > Checking file i18n/en [ No update ] > Checking file i18n/tr [ No update ] > Checking file i18n/tr.utf8 [ No update ] > Checking file i18n/zh [ No update ] > Checking file i18n/zh.utf8 [ No update ] > Checking file i18n/ja [ No update ] > > ---------------------- Start Rootkit Hunter Scan ---------------------- > Warning: The SSH configuration option 'PermitRootLogin' has not been set. > The default value may be 'yes', to allow root access. > > ----------------------- End Rootkit Hunter Scan ----------------------- > > Version-Release number of selected component (if applicable): > 1.4.6 > > How reproducible: > New error - will it go away or will I need a propupd!? > > Steps to Reproduce: > 1. Run rkhunter after recent sshd update > 2. > 3. > > Actual results: > Above error message. > > Expected results: > No error because I put in my own include file with that PermitRootLogin option > as "no" (which was previously in sshd_config) > > -------------------------------------------------------------------------------- > > Obviously a --propupd did not resolve the problem, so looking at the code it > seems that the following changes might alleviate the problem (they do for me) > although could break following uses of grep -i ... ${SSH_CONFIG_FILE} ... > > Effectively it includes the /etc/ssh/sshd_config.d/* files in the grep. > > Without more detailed debugging, I don't claim to understand all the code > (yet ;-), I can't be certain, perhaps a maintainer can comment? > > (This is a cut & paste - so tab's are probably lost or corrupted - beware) > -------------------------------------------------------------------------------- > $ diff rkhunter.johnd /usr/bin/rkhunter > 17389,17395d17388 > < # JohnD - include the /etc/ssh/sshd_config.d/* files. > < if [ -d "${SSH_CONFIG_FILE}.d" ];then > < SSH_CONFIG_FILE="${SSH_CONFIG_FILE} > ${SSH_CONFIG_FILE}.d/*" > < else > < : > < fi > < > 17413,17414c17406,17407 > < # JohnD - add -h to grep opts! > < RKHTMPVAR=`grep -ih '^[ ]*PermitRootLogin[ > =]' ${SSH_CONFIG_FILE} 2>/dev/null | tail ${TAIL_OPT}1` > --- >> RKHTMPVAR=`grep -i '^[ ]*PermitRootLogin[ =]' > "${SSH_CONFIG_FILE}" 2>/dev/null | tail ${TAIL_OPT}1` > -------------------------------------------------------------------------------- > > It probably should also check that the sshd_config file is doing the > appropriate "Include" or be conditional on it might be better, depending > on how sshd config's are evolving. > In my case I have "PermitRootLogin no" in /etc/ssh/sshd_config.d/99-johnd- > sshd.conf > > Cheers > > John
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
