LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-27-2010, 08:27 AM   #1
cbjhawks
Member
 
Registered: Oct 2001
Location: Overland Park, KS
Distribution: OpenSuSE 11.4
Posts: 363

Rep: Reputation: 30
rkhunter warnings....how do I fix these...5 of them


[10:16:57] Checking if SSH root access is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
[10:16:57] Checking if SSH protocol v1 is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version 1.

Question 1 - How do I set this to 'NO'


Checking /dev for suspicious file types [ Warning ]
[10:16:58] Warning: Suspicious file types found in /dev:
[10:16:58] /dev/shm/initrd_exports.sh: ASCII text
[10:16:59] Checking for hidden files and directories [ Warning ]
[10:16:59] Warning: Hidden directory found: /dev/.sysconfig
[10:16:59] Warning: Hidden directory found: /dev/.udev
[10:16:59] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix,
max compression

Question 2 - Are these hidden file/directories ok?


10:17:21] Checking version of OpenSSL [ Warning ]
[10:17:21] Warning: Application 'openssl', version '1.0.0', is out of date, and possibly
a security risk.

Question 3 - How do I update OpenSSL?


[10:11:52] /sbin/chkconfig [ Warning ]
[10:11:52] Warning: The command '/sbin/chkconfig' has been replaced by a script: /sbin/chkconfig:
a /usr/bin/perl script text

Question 4 - Is this replacement OK?


[10:11:53] /sbin/ifup [ Warning ]
[10:11:53] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again
shell script text

Question 5 - Is this replacement OK?
 
Old 12-27-2010, 10:09 AM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,470

Rep: Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538
Quote:
Originally Posted by cbjhawks View Post
[10:16:57] Checking if SSH root access is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
[10:16:57] Checking if SSH protocol v1 is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version 1.

Question 1 - How do I set this to 'NO'
Did you try Google??? Edit the sshd_config file, and set the value to no.
Quote:
Checking /dev for suspicious file types [ Warning ]
[10:16:58] Warning: Suspicious file types found in /dev:
[10:16:58] /dev/shm/initrd_exports.sh: ASCII text
[10:16:59] Checking for hidden files and directories [ Warning ]
[10:16:59] Warning: Hidden directory found: /dev/.sysconfig
[10:16:59] Warning: Hidden directory found: /dev/.udev
[10:16:59] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix,
max compression

Question 2 - Are these hidden file/directories ok?
Depends on your distro. I've got two of the three in openSUSE 11.3, but you don't tell us what you're using.
Quote:
10:17:21] Checking version of OpenSSL [ Warning ]
[10:17:21] Warning: Application 'openssl', version '1.0.0', is out of date, and possibly
a security risk.

Question 3 - How do I update OpenSSL?
Again, you don't tell us version/distro of Linux, or provide details. You can update through online repos, or compile from source.
Quote:
[10:11:52] /sbin/chkconfig [ Warning ]
[10:11:52] Warning: The command '/sbin/chkconfig' has been replaced by a script: /sbin/chkconfig:
a /usr/bin/perl script text

Question 4 - Is this replacement OK?
Depends on distro...openSUSE has this as well.
Quote:
[10:11:53] /sbin/ifup [ Warning ]
[10:11:53] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again
shell script text

Question 5 - Is this replacement OK?
Yes. Please provide details when posting questions, and you can try Google for alot of simple questions too.
 
Old 12-27-2010, 12:56 PM   #3
cbjhawks
Member
 
Registered: Oct 2001
Location: Overland Park, KS
Distribution: OpenSuSE 11.4
Posts: 363

Original Poster
Rep: Reputation: 30
TBOne...sorry ! using OpenSuSE 11.3

Kde 4.5
 
Old 12-27-2010, 12:58 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,140
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Quote:
Originally Posted by TB0ne View Post
you can try Google for alot of simple questions too.
Using Google is completely unnecessary in this case as reading the README and the comments in rkhunter.conf should have gotten the OP the answer to the majority of the issues. Most questions have been answered already: check the FAQ (scriptlets at the bottom) and search the rkhunter mailing list archives. Also see http://www.linuxquestions.org/questi...9/#post4200611.
 
Old 01-22-2011, 12:13 AM   #5
dhughes
LQ Newbie
 
Registered: Nov 2003
Location: Charlottetown, P.E.I., Canada
Distribution: Ubuntu 10.10
Posts: 17

Rep: Reputation: 0
Quote:
Originally Posted by TB0ne View Post
...and you can try Google for alot of simple questions too.
And you'll end up here at this post.


Seriously if your first response to a question is "Just Google it !!!!!" don't bother responding.
 
Old 01-22-2011, 08:26 AM   #6
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,470

Rep: Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538
Quote:
Originally Posted by dhughes View Post
And you'll end up here at this post.
Seriously if your first response to a question is "Just Google it !!!!!" don't bother responding.
...says the person who doesn't address ANYTHING in this thread. And you obviously don't bother paying attention either, since the questions were all answered in this thread, both by me and unSpawn, not to mention the fact this thread has been dead for almost a month now. And you don't post for 7 years, and only do so to complain about how someone else answered a question, and succeed only in pointing out that you didn't read/understand the replies in the thread?? Find something better to do.

And you must have a special version of Google...because putting in "linux ssh permitrootlogin no" doesn't even bring up LinuxQuestions at ALL on the first page.

Last edited by TB0ne; 01-22-2011 at 03:44 PM.
 
Old 12-31-2011, 10:19 AM   #7
khinch
Member
 
Registered: Apr 2007
Location: Carlisle, UK
Distribution: Debian
Posts: 73

Rep: Reputation: 18
Quote:
And you must have a special version of Google...because putting in "linux ssh permitrootlogin no" doesn't even bring up LinuxQuestions at ALL on the first page.
Just FYI; this thread was the first hit on Google searching on the following error message from rkhunter:

Code:
Warning: The SSH configuration option 'Protocol' has not been set
So, I agree with dhughes; any response that purely forwards people to Google is pretty unhelpful. That's not a stab at TB0ne's post though, because it was helpful overall. I also realise this thread has been inactive for a long period, but the fact that I found it goes to show these old threads rarely become irrelevant.

For anyone else stumbling upon this thread based on my query above, here are two solutions:
1. disable root SSH logins (safest):
open /etc/ssh/sshd_config and change "PermitRootLogin" from yes to no
2. tell rkhunter to ignore this error (less secure, only do this if you know what you're doing!):
open /etc/rkhunter.conf and change ALLOW_SSH_ROOT_USER=no to ALLOW_SSH_ROOT_USER=unset
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] rkhunter warnings skoinga Linux - Security 1 12-23-2010 10:49 AM
Three new Rkhunter warnings... Amdx2_x64 Linux - Security 2 10-27-2010 10:48 PM
Rkhunter 1.3.6 are these warnings okay on mac os x ver.10.6.4? mistertowjam Other *NIX 1 08-21-2010 10:26 AM
rkhunter warnings adityavpratap Slackware 15 02-24-2007 07:11 AM
rkhunter warnings jantman Linux - Security 4 01-23-2007 02:39 PM


All times are GMT -5. The time now is 07:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration