LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   rkhunter (http://www.linuxquestions.org/questions/linux-security-4/rkhunter-387095/)

atlaika 11-27-2005 06:33 PM

rkhunter
 
I scanned with rkhunter and it picked up one thing.
Code:

* Check: SSH
  Searching for sshd_config...
  Found /etc/ssh/sshd_config
  Checking for allowed root login... Watch out Root login possible. Possible risk!
    info:
    Hint: See logfile for more information about this issue
  Checking for allowed protocols...                          [ Warning (SSH v1 allowed) ]

Do I need to fix anything and if > how?

spooon 11-27-2005 06:50 PM

to disable root login, edit /etc/ssh/sshd_config and uncomment the line that says "PermitRootLogin" and make it say "PermitRootLogin no"

atlaika 11-27-2005 07:56 PM

Done :-)
Thank you very much.

uncomment means that I have to remove the "#" true?

lord-fu 11-27-2005 08:23 PM

Edit file and make sure Protocol 2 is the only allowed protocol as well.
Yes removing # is uncommenting. As well as adding a # comments a line out.

atlaika 11-27-2005 08:45 PM

Thank you.
Code:

#Port 22
#Protocol 2,1
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Do you mean edit "#Protocol 2.1" to "Protocol 2.0"?

lord-fu 11-27-2005 08:52 PM

Protocol 2
Exactly as above. Make sure to remove # in front though.

spooon 11-27-2005 09:06 PM

Oh yeah also when you're done remember to restart the SSH server with "service sshd restart" or something like that.

atlaika 11-29-2005 10:47 AM

Thank you both.
Did as you suggested and changed to Protocol 2.0
Quote:

Originally posted by spooon
Oh yeah also when you're done remember to restart the SSH server with "service sshd restart" or something like that.
It can't find the command "service sshd restart"
I am on -
SuSE 10.0 GM
Do you happen to know what the command to restart would be?

edit

I just ran rkhunter again.
I have installed a couple of things. Unsure if it is new or I missed it the first time.
Code:

- OpenSSL 0.9.7g                                          [ Vulnerable ]
Vulnerable applications: 1

Any suggestions please?

edit
http://forums.scotsnewsletter.com/in...0&#entry167632
http://www.redhat.com/docs/manuals/l...rivileges.html

Is it a false positive?



All times are GMT -5. The time now is 02:50 PM.