[10:16:57] Checking if SSH root access is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
[10:16:57] Checking if SSH protocol v1 is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version 1.

Question 1 - How do I set this to 'NO'


Checking /dev for suspicious file types [ Warning ]
[10:16:58] Warning: Suspicious file types found in /dev:
[10:16:58] /dev/shm/initrd_exports.sh: ASCII text
[10:16:59] Checking for hidden files and directories [ Warning ]
[10:16:59] Warning: Hidden directory found: /dev/.sysconfig
[10:16:59] Warning: Hidden directory found: /dev/.udev
[10:16:59] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix,
max compression

Question 2 - Are these hidden file/directories ok?


10:17:21] Checking version of OpenSSL [ Warning ]
[10:17:21] Warning: Application 'openssl', version '1.0.0', is out of date, and possibly
a security risk.

Question 3 - How do I update OpenSSL?


[10:11:52] /sbin/chkconfig [ Warning ]
[10:11:52] Warning: The command '/sbin/chkconfig' has been replaced by a script: /sbin/chkconfig:
a /usr/bin/perl script text

Question 4 - Is this replacement OK?


[10:11:53] /sbin/ifup [ Warning ]
[10:11:53] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again
shell script text

Question 5 - Is this replacement OK?

Did you try Google??? Edit the sshd_config file, and set the value to no.
Depends on your distro. I've got two of the three in openSUSE 11.3, but you don't tell us what you're using.
Again, you don't tell us version/distro of Linux, or provide details. You can update through online repos, or compile from source.
Depends on distro...openSUSE has this as well.
Yes. Please provide details when posting questions, and you can try Google for alot of simple questions too.

Kde 4.5

Using Google is completely unnecessary in this case as reading the README and the comments in rkhunter.conf should have gotten the OP the answer to the majority of the issues. Most questions have been answered already: check the FAQ (scriptlets at the bottom) and search the rkhunter mailing list archives. Also see http://www.linuxquestions.org/questi...9/#post4200611.

And you'll end up here at this post.


Seriously if your first response to a question is "Just Google it !!!!!" don't bother responding.

...says the person who doesn't address ANYTHING in this thread. And you obviously don't bother paying attention either, since the questions were all answered in this thread, both by me and unSpawn, not to mention the fact this thread has been dead for almost a month now. And you don't post for 7 years, and only do so to complain about how someone else answered a question, and succeed only in pointing out that you didn't read/understand the replies in the thread?? Find something better to do.

And you must have a special version of Google...because putting in "linux ssh permitrootlogin no" doesn't even bring up LinuxQuestions at ALL on the first page.

Just FYI; this thread was the first hit on Google searching on the following error message from rkhunter:

So, I agree with dhughes; any response that purely forwards people to Google is pretty unhelpful. That's not a stab at TB0ne's post though, because it was helpful overall. I also realise this thread has been inactive for a long period, but the fact that I found it goes to show these old threads rarely become irrelevant.

For anyone else stumbling upon this thread based on my query above, here are two solutions:
1. disable root SSH logins (safest):

open /etc/ssh/sshd_config and change "PermitRootLogin" from yes to no

2. tell rkhunter to ignore this error (less secure, only do this if you know what you're doing!):

open /etc/rkhunter.conf and change ALLOW_SSH_ROOT_USER=no to ALLOW_SSH_ROOT_USER=unset