LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   rkhunter warnings....how do I fix these...5 of them (http://www.linuxquestions.org/questions/linux-security-4/rkhunter-warnings-how-do-i-fix-these-5-of-them-852605/)

cbjhawks 12-27-2010 09:27 AM

rkhunter warnings....how do I fix these...5 of them
 
[10:16:57] Checking if SSH root access is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
[10:16:57] Checking if SSH protocol v1 is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version 1.

Question 1 - How do I set this to 'NO'


Checking /dev for suspicious file types [ Warning ]
[10:16:58] Warning: Suspicious file types found in /dev:
[10:16:58] /dev/shm/initrd_exports.sh: ASCII text
[10:16:59] Checking for hidden files and directories [ Warning ]
[10:16:59] Warning: Hidden directory found: /dev/.sysconfig
[10:16:59] Warning: Hidden directory found: /dev/.udev
[10:16:59] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix,
max compression

Question 2 - Are these hidden file/directories ok?


10:17:21] Checking version of OpenSSL [ Warning ]
[10:17:21] Warning: Application 'openssl', version '1.0.0', is out of date, and possibly
a security risk.

Question 3 - How do I update OpenSSL?


[10:11:52] /sbin/chkconfig [ Warning ]
[10:11:52] Warning: The command '/sbin/chkconfig' has been replaced by a script: /sbin/chkconfig:
a /usr/bin/perl script text

Question 4 - Is this replacement OK?


[10:11:53] /sbin/ifup [ Warning ]
[10:11:53] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again
shell script text

Question 5 - Is this replacement OK?

TB0ne 12-27-2010 11:09 AM

Quote:

Originally Posted by cbjhawks (Post 4204307)
[10:16:57] Checking if SSH root access is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
[10:16:57] Checking if SSH protocol v1 is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version 1.

Question 1 - How do I set this to 'NO'

Did you try Google??? Edit the sshd_config file, and set the value to no.
Quote:

Checking /dev for suspicious file types [ Warning ]
[10:16:58] Warning: Suspicious file types found in /dev:
[10:16:58] /dev/shm/initrd_exports.sh: ASCII text
[10:16:59] Checking for hidden files and directories [ Warning ]
[10:16:59] Warning: Hidden directory found: /dev/.sysconfig
[10:16:59] Warning: Hidden directory found: /dev/.udev
[10:16:59] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix,
max compression

Question 2 - Are these hidden file/directories ok?
Depends on your distro. I've got two of the three in openSUSE 11.3, but you don't tell us what you're using.
Quote:

10:17:21] Checking version of OpenSSL [ Warning ]
[10:17:21] Warning: Application 'openssl', version '1.0.0', is out of date, and possibly
a security risk.

Question 3 - How do I update OpenSSL?
Again, you don't tell us version/distro of Linux, or provide details. You can update through online repos, or compile from source.
Quote:

[10:11:52] /sbin/chkconfig [ Warning ]
[10:11:52] Warning: The command '/sbin/chkconfig' has been replaced by a script: /sbin/chkconfig:
a /usr/bin/perl script text

Question 4 - Is this replacement OK?
Depends on distro...openSUSE has this as well.
Quote:

[10:11:53] /sbin/ifup [ Warning ]
[10:11:53] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again
shell script text

Question 5 - Is this replacement OK?
Yes. Please provide details when posting questions, and you can try Google for alot of simple questions too.

cbjhawks 12-27-2010 01:56 PM

TBOne...sorry ! using OpenSuSE 11.3
 
Kde 4.5

unSpawn 12-27-2010 01:58 PM

Quote:

Originally Posted by TB0ne (Post 4204403)
you can try Google for alot of simple questions too.

Using Google is completely unnecessary in this case as reading the README and the comments in rkhunter.conf should have gotten the OP the answer to the majority of the issues. Most questions have been answered already: check the FAQ (scriptlets at the bottom) and search the rkhunter mailing list archives. Also see http://www.linuxquestions.org/questi...9/#post4200611.

dhughes 01-22-2011 01:13 AM

Quote:

Originally Posted by TB0ne (Post 4204403)
...and you can try Google for alot of simple questions too.

And you'll end up here at this post.


Seriously if your first response to a question is "Just Google it !!!!!" don't bother responding.

TB0ne 01-22-2011 09:26 AM

Quote:

Originally Posted by dhughes (Post 4233776)
And you'll end up here at this post.
Seriously if your first response to a question is "Just Google it !!!!!" don't bother responding.

...says the person who doesn't address ANYTHING in this thread. And you obviously don't bother paying attention either, since the questions were all answered in this thread, both by me and unSpawn, not to mention the fact this thread has been dead for almost a month now. And you don't post for 7 years, and only do so to complain about how someone else answered a question, and succeed only in pointing out that you didn't read/understand the replies in the thread?? Find something better to do.

And you must have a special version of Google...because putting in "linux ssh permitrootlogin no" doesn't even bring up LinuxQuestions at ALL on the first page.

khinch 12-31-2011 11:19 AM

Quote:

And you must have a special version of Google...because putting in "linux ssh permitrootlogin no" doesn't even bring up LinuxQuestions at ALL on the first page.
Just FYI; this thread was the first hit on Google searching on the following error message from rkhunter:

Code:

Warning: The SSH configuration option 'Protocol' has not been set
So, I agree with dhughes; any response that purely forwards people to Google is pretty unhelpful. That's not a stab at TB0ne's post though, because it was helpful overall. I also realise this thread has been inactive for a long period, but the fact that I found it goes to show these old threads rarely become irrelevant.

For anyone else stumbling upon this thread based on my query above, here are two solutions:
1. disable root SSH logins (safest):
open /etc/ssh/sshd_config and change "PermitRootLogin" from yes to no
2. tell rkhunter to ignore this error (less secure, only do this if you know what you're doing!):
open /etc/rkhunter.conf and change ALLOW_SSH_ROOT_USER=no to ALLOW_SSH_ROOT_USER=unset


All times are GMT -5. The time now is 11:43 PM.