Hi,To all

Hey could someone please have a look at this see if
all is good.there are some warnings not sue what they
are if it is something that anyone things i need to take
care of please, let me know


WARNING, found: /etc/.java (directory)
[09:06:50] ------------------------ Application advisories -----------------------
[09:06:50] ---------------------- Application version check ----------------------
[09:06:51] ----------------------------------------------------------
[09:06:51] Scanning Exim%%MTA...
[09:06:51] Application not found
[09:06:51] ----------------------------------------------------------
[09:06:51] Scanning GnuPG...
[09:06:51] /usr/bin/gpg found
[09:06:51] Version 1.2.2 seems to be vulnerable (if unpatched)!
[09:06:51] ----------------------------------------------------------
[09:06:51] Scanning Apache...
[09:06:51] Application not found
[09:06:51] ----------------------------------------------------------
[09:06:51] Scanning Bind%%DNS...
[09:06:51] Application not found
[09:06:52] ----------------------------------------------------------
[09:06:52] Scanning OpenSSL...
[09:06:52] /usr/bin/openssl found
[09:06:52] Version 0.9.7b seems to be vulnerable (if unpatched)!
[09:06:52] ----------------------------------------------------------
[09:06:52] Scanning PHP...
[09:06:52] Application not found
[09:06:52] ----------------------------------------------------------
[09:06:52] Scanning Procmail%%MTA...
[09:06:52] /usr/bin/procmail found
[09:06:52] Version 3.15.1 seems to be vulnerable (if unpatched)!
[09:06:53] ----------------------------------------------------------
[09:06:53] Scanning ProFTPd...
[09:06:53] Application not found
[09:06:53] ----------------------------------------------------------
[09:06:53] Scanning OpenSSH...
[09:06:53] /usr/sbin/sshd found
[09:06:53] Version 3.7.1p2 is available in non-vulnerable group and seems to be OK!
[09:06:54] ------------------------- Security advisories -------------------------
[09:06:55] Info: Found no explicit values, but a default value of 'yes'
[09:06:55] Remote root login permitted, but allowed by using explicit option
[09:06:55] Found default option Protocol 2,1
[09:06:55] Warning: SSH version 1 possible allowed!
[09:06:55] Hint: Change the 'Protocol xxx' line into 'Protocol 2'

[09:07:23] 3 vulnerable applications found



well as you can see this is not all of the logfile if
someone needs it just ask

Thank you

Well, it gave you a lot of things that worry me. Your system is VULNERABLE, though I see no signs it has been compromised.

Hi,Matir

Could you please give me more info like what
is it that worry you what can i do to make my
Suse safe see what i am doing is trying to find

out all the progs i need first & am running
some of these progs to see what needs
fixing once i know what has to be done

i will once again reinstall Suse & then
install all the progs i have downloaded
once i have that done i will go online

& update all of Suse

Thank you

You have several applications that are outdated versions and need to be updated (gpg, openSSL, postfix, etc). Run a update with YOU (YastOnlineUpdate) and then re-run the check. If it still finds what it thinks are vulnerable versions, then they are just backported patched versions. The final message is several SSH warnings that apply to everyone running SSH...set the PermitRootLogin option to 'No", Set the Protocol option to only use SSH protocol '2' only (SSH protocol 1 isn't secure). Make all of these changes to /etc/ssh/sshd_config and then restart sshd.

Hello,Capt_Caveman

Ok will do but may i ask this would it be a good
idea to do this after i add all the progs or do the
updates first sorry for being so dumb about this
but i am so lost here

Thank you

I'd run the update first (which will update the outdated software) and modify the sshd configuration, then re-run the rkhunter test to verify that you've made all the necessary changes.

---edit---
Just to clarify. If rkhunter says that it didn't find an applicaiton, then you don't need to worry about installing it. Those messages are just informational.

Hi,Capt_Caveman

Well it looks like we may have fix some of this
hmmm odd do i was thinking that once. i update
all of suse that i would not need to go looking
for any more updates for a time

but the progs in the logfile look like they
are stell there i did try to update them
again using YOU but no go

as for the Kernel it said it was updated
but how would you know????

here is the new if this is over kill then please delete it


[22:08:06] ------------------------ Application advisories -----------------------
[22:08:06] ---------------------- Application version check ----------------------
[22:08:06] ----------------------------------------------------------
[22:08:07] Scanning Exim%%MTA...
[22:08:07] Application not found
[22:08:07] ----------------------------------------------------------
[22:08:07] Scanning GnuPG...
[22:08:07] /usr/bin/gpg found
[22:08:07] Version 1.2.2 seems to be vulnerable (if unpatched)!
[22:08:07] ----------------------------------------------------------
[22:08:07] Scanning Apache...
[22:08:07] Application not found
[22:08:07] ----------------------------------------------------------
[22:08:07] Scanning Bind%%DNS...
[22:08:07] Application not found
[22:08:07] ----------------------------------------------------------
[22:08:07] Scanning OpenSSL...
[22:08:08] /usr/bin/openssl found
[22:08:08] Version 0.9.7b seems to be vulnerable (if unpatched)!
[22:08:08] ----------------------------------------------------------
[22:08:08] Scanning PHP...
[22:08:08] Application not found
[22:08:08] ----------------------------------------------------------
[22:08:08] Scanning Procmail%%MTA...
[22:08:08] /usr/bin/procmail found
[22:08:08] Version 3.15.1 seems to be vulnerable (if unpatched)!
[22:08:09] ----------------------------------------------------------
[22:08:09] Scanning ProFTPd...
[22:08:09] Application not found
[22:08:09] ----------------------------------------------------------
[22:08:09] Scanning OpenSSH...
[22:08:09] /usr/sbin/sshd found
[22:08:09] Version 3.7.1p2 is available in non-vulnerable group and seems to be OK!
[22:08:09] ------------------------- Security advisories -------------------------
[22:08:10] Unknown PermitRootLogin state


Thank you

As long as all updates have been applied, then you should be in good shape (check update/rpm log messages in /var/log/ directory). For those programs, SuSE uses patched versions rather than updating to the most current release. So a fully patched SuSE 9 box should be running openssl-0.9.7b-113, even though 0.9.7e is the current release. This causes security apps that just look at version numbers to incorrectly flag those patched applications. To verify that the kernel update was applied, do: uname -a. If it was updated, you should be running 2.4.21-273.

Hi,Capt_Caveman

First let me say that you have been a great help to me.
& yes you are right on it is 2.4.21-273.

so i should be good then i have one more thing
to ask if i may am going to update KDE to this here

3.3.3.2

i have downloaded a ton of RPM from here

ftp://ftp.kde.org/pub/kde/stable/3.3.2/SuSE/ix86/9.0/

but the problem i'm having is i don't see anywhere
to check for md5sum

now i have a prog to find the md5sum
but i can't find on that site or anywhere
to see if they compare with what i have

Thank you

The program should be called 'md5sum'. You can find it with 'which md5sum' or using 'find / | grep md5sum'. To check an md5sum use: md5sum <filename> and compare the output to the known good md5 checksum.

Hi,Capt_Caveman

Ok here is what i have been doing downloading
the files i need to my XP running a Virus & Trojan
scan then using this prog here.

winMd5Sum i right click on the file i download
& it gives me a sum

but if i have you right you are saying that
i can use using 'find / | grep md5sum
once that gives me a sum i can use

that to compare to what i got with my prog????
sorry you are working with a rock head here

Thank you