Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
For ssh it is looking at the default /etc/sshd/sshd-config file and see some things not quite like it would like to see. If the service is not active then the port is not active.
OpenSSL may be referring that it is aware of security issue with that version and you should look to update it. If not using the not a big deal again.
Not sure about the first one.
Have you updated rkhunter since the install? ' rkhunter --update '
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udevdb /etc/.pwd.lock
Not sure about the first one.
Explanation: "hidden" here refers to files (remember about everything is a file) whose name starts with a dot, because those can only be seen when you explicitly add "-a" to the "ls" command. Dotfiles are used for benign purposes like storing personal configuration information in your $HOME and have been used in the past as a (simple) way to avoid easy spotting. Also see directories whose name contains of three dots.
Verification: since your distro uses an evolved package management system it would be easy to query which package owns the file: "rpm -q --whatprovides /some/file" and then "rpm -qV --noscripts returned_package_name". A distro-agnostic approach would be to use an integrity checker (Aide, Samhain or even tripwire) to check the file for changes but obviously you must have that integrity checker installed, configured and updated the database shortly after installing the O.S. If all verification methods fail you can use "stat" to find out ownership and access details, "file" to figure out if it's readable, "strings -an1" or a hexeditor if it's binary and your favourite text editor if it's human readable text. The combined results of using these commands offers enough leads to search LQ and the rest of teh intarweb for clues or post.
- OpenSSL 0.9.7g [ Vulnerable ]
OpenSSL may be referring that it is aware of security issue with that version and you should look to update it. If not using the not a big deal again.
Next to updating (which is inarguably the best first reflex) some distro's backport patches and not increment major / minor package versions. If you find this is the case you can ask the Rootkit Hunter maintainers to adjust checking.
Checking for allowed protocols... [ Warning (SSH v1 allowed) ]
I did not allow SSH, I have not even used it yet. Is it possible that someone found a way in and changed the rules?
For ssh it is looking at the default /etc/sshd/sshd-config file and see some things not quite like it would like to see. If the service is not active then the port is not active.
Since the software is installed and apparently not in use you have two options: remove it or change the line "Protocol 2,1" to read "Protocol 2" anyway in /etc/sshd_config. This way you know now you've covered that hole if you would like to use ssh in the future.
- GnuPG 1.4.2 [ Vulnerable ]
Check your distro's repo's for an update of the package. Comments wrt to OpenSSL apply here as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.