Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-07-2005, 11:22 PM
|
#1
|
Member
Registered: Aug 2003
Posts: 834
Rep:
|
Help with Rkhunter findings............................
I ran rkhunter and found this:
- PHP 4.3.7 [ Vulnerable ]
- PHP [unknown] [ OK ]
- Procmail MTA 3.15.2 [ OK ]
- ProFTPd 1.2.9 [ Vulnerable ]
I am not running a server so should I worry about these?
Also it says Warning some users in root group, Is that a problem?
Thanks.
|
|
|
07-08-2005, 12:18 AM
|
#2
|
Member
Registered: Jan 2005
Location: India
Distribution: RHEL,CentOS,SUSE,Solaris10
Posts: 183
Rep:
|
YA both php and proftp are old versions lot of security problems inside that versions,so update your php and proftp.
|
|
|
07-08-2005, 08:58 AM
|
#3
|
Member
Registered: Jun 2003
Location: UK
Distribution: Devuan Beowulf
Posts: 514
Rep:
|
As long as youve disabled those services, there shouldnt be a problem since they cant be exploited if they arent running.
Updating them both of course is the logical way of doing things, but if you really dont use them, id say to remove them from your system full stop, no point in cluttering it with things you have no use for.
|
|
|
07-09-2005, 11:27 AM
|
#4
|
Member
Registered: Aug 2003
Posts: 834
Original Poster
Rep:
|
Thanks.
|
|
|
07-12-2005, 05:32 AM
|
#5
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
And having accounts in the root group is bad. Those users will have a lot of access and you should try to put them in more secure groups. What does your /etc/passwd look like?
|
|
|
07-21-2005, 02:38 PM
|
#6
|
Member
Registered: Aug 2003
Posts: 834
Original Poster
Rep:
|
Quote:
Originally posted by Ephracis
And having accounts in the root group is bad. Those users will have a lot of access and you should try to put them in more secure groups. What does your /etc/passwd look like?
|
I dont know what you mean? Is it safe to post that file?
|
|
|
07-22-2005, 10:20 AM
|
#7
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
Quote:
Originally posted by M$ISBS
I dont know what you mean? Is it safe to post that file?
|
Yes, it does only contain information about users and groups. Even though the name is "passwd" (password) I assume that you use shadowed passwords (most distros do that now), then the actual hashed passwords are in /etc/shadow, encrypted. Your /etc/passwd will then only show a 'x' where in the password field, so it will be safe to post that into this forum.
But anyway, you should not have a regular user in the root-group. That would be unsafe.
|
|
|
07-22-2005, 07:41 PM
|
#8
|
Member
Registered: Aug 2003
Posts: 834
Original Poster
Rep:
|
How would I go about moving my user from the root group safely? Thanks.
|
|
|
07-22-2005, 08:30 PM
|
#9
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
Code:
su
<password>
usermod -g users -G "" login
This will put user "login" in group "users" and no other groups than that. You may want to put it into some other group (some distros put every user in their own group, named exactly as the loginname).
And you may also want to put your user in additional groups such as "cdrom", "mount", "sound" and such, to grant it access to various stuff.
This can differ between different distros.
|
|
|
07-28-2005, 08:08 PM
|
#10
|
Member
Registered: Aug 2003
Posts: 834
Original Poster
Rep:
|
Quote:
Originally posted by Ephracis
Code:
su
<password>
usermod -g users -G "" login
This will put user "login" in group "users" and no other groups than that. You may want to put it into some other group (some distros put every user in their own group, named exactly as the loginname).
And you may also want to put your user in additional groups such as "cdrom", "mount", "sound" and such, to grant it access to various stuff.
This can differ between different distros.
|
Thanks, But can this be done from KDE if I login to KDE as root? and is there any risk of losing the user I am changing the group of? Thanks.
|
|
|
07-28-2005, 08:57 PM
|
#11
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
You should never login as root with any desktop environment or window manager, there is no reason to. Just start KDE as usual, open up a terminal of your choice (Konsole, aterm, xterm, rxvt, etc) and type in the commands I listed up for you.
And no, you will not lose the user as long as you don't type userdel or deluser, or start editing /etc/passwd.
|
|
|
07-31-2005, 09:43 PM
|
#12
|
Member
Registered: Aug 2003
Posts: 834
Original Poster
Rep:
|
I did as stated above and now I have my user under users and root, How did that happen? and how can I fix that? Thanks.
|
|
|
08-01-2005, 03:45 AM
|
#13
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
The "-g users" put the login under the users group. You may want to put it in another group though, some distros have a group named exactly as the login name, but some uses the "users" group for all the regular users.
I am not sure why your login is still in the root group, check your /etc/groups and edit it so your root group only contains privileged accounts (e g the root account).
This setup should not be default in any distro, have you been doing anything to the accounts or was it like this after you installed Linux?
|
|
|
08-01-2005, 07:28 PM
|
#14
|
Member
Registered: Aug 2003
Posts: 834
Original Poster
Rep:
|
I just checked and I have a file called group- and one called group but the goup without the hyphen does not show any users in user or root. I just modified the group- file and removed my user from root group. I think I created the accounts in KDE so maybe KDE did something different with setting up the accounts.
After doing the above, I ran rkhunter and the message showing a user group in root group does not show up.
Last edited by M$ISBS; 08-01-2005 at 07:33 PM.
|
|
|
All times are GMT -5. The time now is 10:27 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|