rkhunter warnings....how do I fix these...5 of them
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
rkhunter warnings....how do I fix these...5 of them
[10:16:57] Checking if SSH root access is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
[10:16:57] Checking if SSH protocol v1 is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version 1.
Question 1 - How do I set this to 'NO'
Checking /dev for suspicious file types [ Warning ]
[10:16:58] Warning: Suspicious file types found in /dev:
[10:16:58] /dev/shm/initrd_exports.sh: ASCII text
[10:16:59] Checking for hidden files and directories [ Warning ]
[10:16:59] Warning: Hidden directory found: /dev/.sysconfig
[10:16:59] Warning: Hidden directory found: /dev/.udev
[10:16:59] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix,
max compression
Question 2 - Are these hidden file/directories ok?
10:17:21] Checking version of OpenSSL [ Warning ]
[10:17:21] Warning: Application 'openssl', version '1.0.0', is out of date, and possibly
a security risk.
Question 3 - How do I update OpenSSL?
[10:11:52] /sbin/chkconfig [ Warning ]
[10:11:52] Warning: The command '/sbin/chkconfig' has been replaced by a script: /sbin/chkconfig:
a /usr/bin/perl script text
Question 4 - Is this replacement OK?
[10:11:53] /sbin/ifup [ Warning ]
[10:11:53] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again
shell script text
[10:16:57] Checking if SSH root access is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
[10:16:57] Checking if SSH protocol v1 is allowed [ Warning ]
[10:16:57] Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version 1.
Question 1 - How do I set this to 'NO'
Did you try Google??? Edit the sshd_config file, and set the value to no.
Quote:
Checking /dev for suspicious file types [ Warning ]
[10:16:58] Warning: Suspicious file types found in /dev:
[10:16:58] /dev/shm/initrd_exports.sh: ASCII text
[10:16:59] Checking for hidden files and directories [ Warning ]
[10:16:59] Warning: Hidden directory found: /dev/.sysconfig
[10:16:59] Warning: Hidden directory found: /dev/.udev
[10:16:59] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix,
max compression
Question 2 - Are these hidden file/directories ok?
Depends on your distro. I've got two of the three in openSUSE 11.3, but you don't tell us what you're using.
Quote:
10:17:21] Checking version of OpenSSL [ Warning ]
[10:17:21] Warning: Application 'openssl', version '1.0.0', is out of date, and possibly
a security risk.
Question 3 - How do I update OpenSSL?
Again, you don't tell us version/distro of Linux, or provide details. You can update through online repos, or compile from source.
Quote:
[10:11:52] /sbin/chkconfig [ Warning ]
[10:11:52] Warning: The command '/sbin/chkconfig' has been replaced by a script: /sbin/chkconfig:
a /usr/bin/perl script text
Question 4 - Is this replacement OK?
Depends on distro...openSUSE has this as well.
Quote:
[10:11:53] /sbin/ifup [ Warning ]
[10:11:53] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again
shell script text
Question 5 - Is this replacement OK?
Yes. Please provide details when posting questions, and you can try Google for alot of simple questions too.
you can try Google for alot of simple questions too.
Using Google is completely unnecessary in this case as reading the README and the comments in rkhunter.conf should have gotten the OP the answer to the majority of the issues. Most questions have been answered already: check the FAQ (scriptlets at the bottom) and search the rkhunter mailing list archives. Also see http://www.linuxquestions.org/questi...9/#post4200611.
And you'll end up here at this post.
Seriously if your first response to a question is "Just Google it !!!!!" don't bother responding.
...says the person who doesn't address ANYTHING in this thread. And you obviously don't bother paying attention either, since the questions were all answered in this thread, both by me and unSpawn, not to mention the fact this thread has been dead for almost a month now. And you don't post for 7 years, and only do so to complain about how someone else answered a question, and succeed only in pointing out that you didn't read/understand the replies in the thread?? Find something better to do.
And you must have a special version of Google...because putting in "linux ssh permitrootlogin no" doesn't even bring up LinuxQuestions at ALL on the first page.
And you must have a special version of Google...because putting in "linux ssh permitrootlogin no" doesn't even bring up LinuxQuestions at ALL on the first page.
Just FYI; this thread was the first hit on Google searching on the following error message from rkhunter:
Code:
Warning: The SSH configuration option 'Protocol' has not been set
So, I agree with dhughes; any response that purely forwards people to Google is pretty unhelpful. That's not a stab at TB0ne's post though, because it was helpful overall. I also realise this thread has been inactive for a long period, but the fact that I found it goes to show these old threads rarely become irrelevant.
For anyone else stumbling upon this thread based on my query above, here are two solutions:
1. disable root SSH logins (safest):
open /etc/ssh/sshd_config and change "PermitRootLogin" from yes to no
2. tell rkhunter to ignore this error (less secure, only do this if you know what you're doing!):
open /etc/rkhunter.conf and change ALLOW_SSH_ROOT_USER=no to ALLOW_SSH_ROOT_USER=unset
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.