I'm trying this again...
-----------------------------------------------------------------------------
I noted a while ago that rkhunter was giving a warning about,
Warning: The SSH configuration option 'PermitRootLogin' has not been
set.
The default value may be 'yes', to allow root access.
It followed changes to the sshd_config file & creation of the sshd_config.d
directory for local config changes.
I submitted this to the fedora bugzilla for rkhunter, & Kevin Fenzi
<ke...@scrye.com> (Thanks Kevin, you were right to suggest that) responded that
I should bring the matter up on the upstream list, which I sadly did not have
time for.
At the time (28 June 2020) I did post to the list & got a rejection with a
suggestion that I first read,
http://sourceforge.net/mailarchive/forum.php?forum=rkhunter-users
and
http://sourceforge.net/docman/display_doc.php?docid=35179&group_id=155034
before posting a question. (also the email contained the cryptic "L.S." at
the top???)
Both URLs give the message:
Whoops, we can't find that page.
The above pages still give the same message, so unless the list email that
I got that contains them has been updated, they are still problematic.
Today I joined the mailing list rkhunterus...@lists.sourceforge.net & perused
the recent activity. I use firefox & it seemed that long lines in the,
https://sourceforge.net/p/rkhunter/mailman/rkhunter-users/?viewmonth=202004
page were not rendered well with the borders cutting the lines off (maybe that's
just firefox) otherwise, yet another problem to fix ;-)
Also, it seems that the last rkhunter release was 2018-02-20 - can anyone
confirm that is the case? I know it's hard to maintain software - especially
open source - so this is not a complaint! Obviously it's lasted well for some
time, AND it might only be "redhat/fedora" that is now problematic.
Now to my original problem, I submitted,
https://bugzilla.redhat.com/show_bug.cgi?id=1851620
--------------------------------------------------------------------------------
John Dodson 2020-06-27 15:07:45 UTC
Description of problem:
rkhunter complains about sshd setting after redhat update to sshd_config but
does not consider sshd_config.d includes
--------------------- Start Rootkit Hunter Update ---------------------
[ Rootkit Hunter version 1.4.6 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ No update ]
Checking file i18n/tr.utf8 [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
Checking file i18n/ja [ No update ]
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
----------------------- End Rootkit Hunter Scan -----------------------
Version-Release number of selected component (if applicable):
1.4.6
How reproducible:
New error - will it go away or will I need a propupd!?
Steps to Reproduce:
1. Run rkhunter after recent sshd update
2.
3.
Actual results:
Above error message.
Expected results:
No error because I put in my own include file with that PermitRootLogin option
as "no" (which was previously in sshd_config)
--------------------------------------------------------------------------------
Obviously a --propupd did not resolve the problem, so looking at the code it
seems that the following changes might alleviate the problem (they do for me)
although could break following uses of grep -i ... ${SSH_CONFIG_FILE} ...
Effectively it includes the /etc/ssh/sshd_config.d/* files in the grep.
Without more detailed debugging, I don't claim to understand all the code
(yet ;-), I can't be certain, perhaps a maintainer can comment?
(This is a cut & paste - so tab's are probably lost or corrupted - beware)
--------------------------------------------------------------------------------
$ diff rkhunter.johnd /usr/bin/rkhunter
17389,17395d17388
< # JohnD - include the /etc/ssh/sshd_config.d/* files.
< if [ -d "${SSH_CONFIG_FILE}.d" ];then
< SSH_CONFIG_FILE="${SSH_CONFIG_FILE}
${SSH_CONFIG_FILE}.d/*"
< else
< :
< fi
<
17413,17414c17406,17407
< # JohnD - add -h to grep opts!
< RKHTMPVAR=`grep -ih '^[ ]*PermitRootLogin[
=]' ${SSH_CONFIG_FILE} 2>/dev/null | tail ${TAIL_OPT}1`
---
> RKHTMPVAR=`grep -i '^[ ]*PermitRootLogin[ =]'
"${SSH_CONFIG_FILE}" 2>/dev/null | tail ${TAIL_OPT}1`
--------------------------------------------------------------------------------
It probably should also check that the sshd_config file is doing the
appropriate "Include" or be conditional on it might be better, depending
on how sshd config's are evolving.
In my case I have "PermitRootLogin no" in /etc/ssh/sshd_config.d/99-johnd-
sshd.conf
Cheers
John (Retired with too many grandchildren that know more about computers than
I do! ;-)
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
