LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 07-07-2005, 11:22 PM   #1
M$ISBS
Member
 
Registered: Aug 2003
Posts: 818

Rep: Reputation: 30
Help with Rkhunter findings............................


I ran rkhunter and found this:

- PHP 4.3.7 [ Vulnerable ]
- PHP [unknown] [ OK ]
- Procmail MTA 3.15.2 [ OK ]
- ProFTPd 1.2.9 [ Vulnerable ]

I am not running a server so should I worry about these?

Also it says Warning some users in root group, Is that a problem?

Thanks.
 
Old 07-08-2005, 12:18 AM   #2
hardcorelinux
Member
 
Registered: Jan 2005
Location: India
Distribution: RHEL,CentOS,SUSE,Solaris10
Posts: 183

Rep: Reputation: 31
YA both php and proftp are old versions lot of security problems inside that versions,so update your php and proftp.
 
Old 07-08-2005, 08:58 AM   #3
v00d00101
Member
 
Registered: Jun 2003
Location: UK
Distribution: Fedora 8, Centos 5.1
Posts: 480

Rep: Reputation: 30
As long as youve disabled those services, there shouldnt be a problem since they cant be exploited if they arent running.

Updating them both of course is the logical way of doing things, but if you really dont use them, id say to remove them from your system full stop, no point in cluttering it with things you have no use for.
 
Old 07-09-2005, 11:27 AM   #4
M$ISBS
Member
 
Registered: Aug 2003
Posts: 818

Original Poster
Rep: Reputation: 30
Thanks.
 
Old 07-12-2005, 05:32 AM   #5
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
And having accounts in the root group is bad. Those users will have a lot of access and you should try to put them in more secure groups. What does your /etc/passwd look like?
 
Old 07-21-2005, 02:38 PM   #6
M$ISBS
Member
 
Registered: Aug 2003
Posts: 818

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Ephracis
And having accounts in the root group is bad. Those users will have a lot of access and you should try to put them in more secure groups. What does your /etc/passwd look like?
I dont know what you mean? Is it safe to post that file?
 
Old 07-22-2005, 10:20 AM   #7
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
Quote:
Originally posted by M$ISBS
I dont know what you mean? Is it safe to post that file?
Yes, it does only contain information about users and groups. Even though the name is "passwd" (password) I assume that you use shadowed passwords (most distros do that now), then the actual hashed passwords are in /etc/shadow, encrypted. Your /etc/passwd will then only show a 'x' where in the password field, so it will be safe to post that into this forum.

But anyway, you should not have a regular user in the root-group. That would be unsafe.
 
Old 07-22-2005, 07:41 PM   #8
M$ISBS
Member
 
Registered: Aug 2003
Posts: 818

Original Poster
Rep: Reputation: 30
How would I go about moving my user from the root group safely? Thanks.
 
Old 07-22-2005, 08:30 PM   #9
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
Code:
su
<password>
usermod -g users -G "" login
This will put user "login" in group "users" and no other groups than that. You may want to put it into some other group (some distros put every user in their own group, named exactly as the loginname).

And you may also want to put your user in additional groups such as "cdrom", "mount", "sound" and such, to grant it access to various stuff.

This can differ between different distros.
 
Old 07-28-2005, 08:08 PM   #10
M$ISBS
Member
 
Registered: Aug 2003
Posts: 818

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Ephracis
Code:
su
<password>
usermod -g users -G "" login
This will put user "login" in group "users" and no other groups than that. You may want to put it into some other group (some distros put every user in their own group, named exactly as the loginname).

And you may also want to put your user in additional groups such as "cdrom", "mount", "sound" and such, to grant it access to various stuff.
This can differ between different distros.
Thanks, But can this be done from KDE if I login to KDE as root? and is there any risk of losing the user I am changing the group of? Thanks.
 
Old 07-28-2005, 08:57 PM   #11
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
You should never login as root with any desktop environment or window manager, there is no reason to. Just start KDE as usual, open up a terminal of your choice (Konsole, aterm, xterm, rxvt, etc) and type in the commands I listed up for you.

And no, you will not lose the user as long as you don't type userdel or deluser, or start editing /etc/passwd.
 
Old 07-31-2005, 09:43 PM   #12
M$ISBS
Member
 
Registered: Aug 2003
Posts: 818

Original Poster
Rep: Reputation: 30
I did as stated above and now I have my user under users and root, How did that happen? and how can I fix that? Thanks.
 
Old 08-01-2005, 03:45 AM   #13
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
The "-g users" put the login under the users group. You may want to put it in another group though, some distros have a group named exactly as the login name, but some uses the "users" group for all the regular users.

I am not sure why your login is still in the root group, check your /etc/groups and edit it so your root group only contains privileged accounts (e g the root account).

This setup should not be default in any distro, have you been doing anything to the accounts or was it like this after you installed Linux?
 
Old 08-01-2005, 07:28 PM   #14
M$ISBS
Member
 
Registered: Aug 2003
Posts: 818

Original Poster
Rep: Reputation: 30
I just checked and I have a file called group- and one called group but the goup without the hyphen does not show any users in user or root. I just modified the group- file and removed my user from root group. I think I created the accounts in KDE so maybe KDE did something different with setting up the accounts.
After doing the above, I ran rkhunter and the message showing a user group in root group does not show up.

Last edited by M$ISBS; 08-01-2005 at 07:33 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter atlaika Linux - Security 7 11-29-2005 10:47 AM
rkhunter phatbastard Linux - Security 3 12-08-2004 09:44 PM
rkhunter or chkrootkit? marlor Linux - Security 2 08-28-2004 08:26 AM
2 week Linux trial... my findings plisken Linux - General 21 07-21-2004 09:56 PM
The Great SuSE Experiment and my findings (long and opinionistic) cav Linux - Distributions 21 09-11-2003 04:32 PM


All times are GMT -5. The time now is 09:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration