LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-23-2005, 02:00 PM   #1
Dogit
Member
 
Registered: Feb 2005
Distribution: Suse 9.0,9.2 Pro
Posts: 67

Rep: Reputation: 15
Smile rkhunter logfile check


Hi,To all

Hey could someone please have a look at this see if
all is good.there are some warnings not sue what they
are if it is something that anyone things i need to take
care of please, let me know


WARNING, found: /etc/.java (directory)
[09:06:50] ------------------------ Application advisories -----------------------
[09:06:50] ---------------------- Application version check ----------------------
[09:06:51] ----------------------------------------------------------
[09:06:51] Scanning Exim%%MTA...
[09:06:51] Application not found
[09:06:51] ----------------------------------------------------------
[09:06:51] Scanning GnuPG...
[09:06:51] /usr/bin/gpg found
[09:06:51] Version 1.2.2 seems to be vulnerable (if unpatched)!
[09:06:51] ----------------------------------------------------------
[09:06:51] Scanning Apache...
[09:06:51] Application not found
[09:06:51] ----------------------------------------------------------
[09:06:51] Scanning Bind%%DNS...
[09:06:51] Application not found
[09:06:52] ----------------------------------------------------------
[09:06:52] Scanning OpenSSL...
[09:06:52] /usr/bin/openssl found
[09:06:52] Version 0.9.7b seems to be vulnerable (if unpatched)!
[09:06:52] ----------------------------------------------------------
[09:06:52] Scanning PHP...
[09:06:52] Application not found
[09:06:52] ----------------------------------------------------------
[09:06:52] Scanning Procmail%%MTA...
[09:06:52] /usr/bin/procmail found
[09:06:52] Version 3.15.1 seems to be vulnerable (if unpatched)!
[09:06:53] ----------------------------------------------------------
[09:06:53] Scanning ProFTPd...
[09:06:53] Application not found
[09:06:53] ----------------------------------------------------------
[09:06:53] Scanning OpenSSH...
[09:06:53] /usr/sbin/sshd found
[09:06:53] Version 3.7.1p2 is available in non-vulnerable group and seems to be OK!
[09:06:54] ------------------------- Security advisories -------------------------
[09:06:55] Info: Found no explicit values, but a default value of 'yes'
[09:06:55] Remote root login permitted, but allowed by using explicit option
[09:06:55] Found default option Protocol 2,1
[09:06:55] Warning: SSH version 1 possible allowed!
[09:06:55] Hint: Change the 'Protocol xxx' line into 'Protocol 2'

[09:07:23] 3 vulnerable applications found



well as you can see this is not all of the logfile if
someone needs it just ask

Thank you
 
Old 02-23-2005, 03:29 PM   #2
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Well, it gave you a lot of things that worry me. Your system is VULNERABLE, though I see no signs it has been compromised.
 
Old 02-23-2005, 04:02 PM   #3
Dogit
Member
 
Registered: Feb 2005
Distribution: Suse 9.0,9.2 Pro
Posts: 67

Original Poster
Rep: Reputation: 15
Hi,Matir

Could you please give me more info like what
is it that worry you what can i do to make my
Suse safe see what i am doing is trying to find

out all the progs i need first & am running
some of these progs to see what needs
fixing once i know what has to be done

i will once again reinstall Suse & then
install all the progs i have downloaded
once i have that done i will go online

& update all of Suse

Thank you
 
Old 02-23-2005, 07:13 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
You have several applications that are outdated versions and need to be updated (gpg, openSSL, postfix, etc). Run a update with YOU (YastOnlineUpdate) and then re-run the check. If it still finds what it thinks are vulnerable versions, then they are just backported patched versions. The final message is several SSH warnings that apply to everyone running SSH...set the PermitRootLogin option to 'No", Set the Protocol option to only use SSH protocol '2' only (SSH protocol 1 isn't secure). Make all of these changes to /etc/ssh/sshd_config and then restart sshd.
 
Old 02-23-2005, 07:29 PM   #5
Dogit
Member
 
Registered: Feb 2005
Distribution: Suse 9.0,9.2 Pro
Posts: 67

Original Poster
Rep: Reputation: 15
Hello,Capt_Caveman

Ok will do but may i ask this would it be a good
idea to do this after i add all the progs or do the
updates first sorry for being so dumb about this
but i am so lost here

Thank you
 
Old 02-23-2005, 09:50 PM   #6
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I'd run the update first (which will update the outdated software) and modify the sshd configuration, then re-run the rkhunter test to verify that you've made all the necessary changes.

---edit---
Just to clarify. If rkhunter says that it didn't find an applicaiton, then you don't need to worry about installing it. Those messages are just informational.

Last edited by Capt_Caveman; 02-23-2005 at 09:51 PM.
 
Old 02-24-2005, 08:47 AM   #7
Dogit
Member
 
Registered: Feb 2005
Distribution: Suse 9.0,9.2 Pro
Posts: 67

Original Poster
Rep: Reputation: 15
Smile

Hi,Capt_Caveman

Well it looks like we may have fix some of this
hmmm odd do i was thinking that once. i update
all of suse that i would not need to go looking
for any more updates for a time

but the progs in the logfile look like they
are stell there i did try to update them
again using YOU but no go

as for the Kernel it said it was updated
but how would you know????

here is the new if this is over kill then please delete it


[22:08:06] ------------------------ Application advisories -----------------------
[22:08:06] ---------------------- Application version check ----------------------
[22:08:06] ----------------------------------------------------------
[22:08:07] Scanning Exim%%MTA...
[22:08:07] Application not found
[22:08:07] ----------------------------------------------------------
[22:08:07] Scanning GnuPG...
[22:08:07] /usr/bin/gpg found
[22:08:07] Version 1.2.2 seems to be vulnerable (if unpatched)!
[22:08:07] ----------------------------------------------------------
[22:08:07] Scanning Apache...
[22:08:07] Application not found
[22:08:07] ----------------------------------------------------------
[22:08:07] Scanning Bind%%DNS...
[22:08:07] Application not found
[22:08:07] ----------------------------------------------------------
[22:08:07] Scanning OpenSSL...
[22:08:08] /usr/bin/openssl found
[22:08:08] Version 0.9.7b seems to be vulnerable (if unpatched)!
[22:08:08] ----------------------------------------------------------
[22:08:08] Scanning PHP...
[22:08:08] Application not found
[22:08:08] ----------------------------------------------------------
[22:08:08] Scanning Procmail%%MTA...
[22:08:08] /usr/bin/procmail found
[22:08:08] Version 3.15.1 seems to be vulnerable (if unpatched)!
[22:08:09] ----------------------------------------------------------
[22:08:09] Scanning ProFTPd...
[22:08:09] Application not found
[22:08:09] ----------------------------------------------------------
[22:08:09] Scanning OpenSSH...
[22:08:09] /usr/sbin/sshd found
[22:08:09] Version 3.7.1p2 is available in non-vulnerable group and seems to be OK!
[22:08:09] ------------------------- Security advisories -------------------------
[22:08:10] Unknown PermitRootLogin state


Thank you
 
Old 02-24-2005, 10:15 PM   #8
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
As long as all updates have been applied, then you should be in good shape (check update/rpm log messages in /var/log/ directory). For those programs, SuSE uses patched versions rather than updating to the most current release. So a fully patched SuSE 9 box should be running openssl-0.9.7b-113, even though 0.9.7e is the current release. This causes security apps that just look at version numbers to incorrectly flag those patched applications. To verify that the kernel update was applied, do: uname -a. If it was updated, you should be running 2.4.21-273.
 
Old 02-24-2005, 10:35 PM   #9
Dogit
Member
 
Registered: Feb 2005
Distribution: Suse 9.0,9.2 Pro
Posts: 67

Original Poster
Rep: Reputation: 15
Hi,Capt_Caveman

First let me say that you have been a great help to me.
& yes you are right on it is 2.4.21-273.

so i should be good then i have one more thing
to ask if i may am going to update KDE to this here

3.3.3.2

i have downloaded a ton of RPM from here

ftp://ftp.kde.org/pub/kde/stable/3.3.2/SuSE/ix86/9.0/

but the problem i'm having is i don't see anywhere
to check for md5sum

now i have a prog to find the md5sum
but i can't find on that site or anywhere
to see if they compare with what i have

Thank you
 
Old 02-24-2005, 11:19 PM   #10
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
The program should be called 'md5sum'. You can find it with 'which md5sum' or using 'find / | grep md5sum'. To check an md5sum use: md5sum <filename> and compare the output to the known good md5 checksum.
 
Old 02-24-2005, 11:34 PM   #11
Dogit
Member
 
Registered: Feb 2005
Distribution: Suse 9.0,9.2 Pro
Posts: 67

Original Poster
Rep: Reputation: 15
Hi,Capt_Caveman

Ok here is what i have been doing downloading
the files i need to my XP running a Virus & Trojan
scan then using this prog here.

winMd5Sum i right click on the file i download
& it gives me a sum

but if i have you right you are saying that
i can use using 'find / | grep md5sum
once that gives me a sum i can use

that to compare to what i got with my prog????
sorry you are working with a rock head here

Thank you
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell scripting: Print output to logfile, error to logfile & screen stefanlasiewski Programming 18 05-22-2008 12:47 PM
rkhunter atlaika Linux - Security 7 11-29-2005 10:47 AM
rkhunter phatbastard Linux - Security 3 12-08-2004 09:44 PM
Getting Warning during rkhunter? BajaNick Linux - Security 8 09-12-2004 08:34 PM
Boot disk; check. CD in drive; check. Doesn't work; check. Hal DamnSmallLinux 7 02-04-2004 02:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration