On Wed, Dec 27, 2006 at 12:03:17AM +0100, Pavel Chalupa wrote:
Hi, is there anybody who can explain the security report generated by rkhunter?
At first: default install includes SSHD with remote root login allow, all users remote login allowed, SSH protocol 1 allowed... during install is SSH disallowed, but SSHD runnig after install...
We still allow SSH protocol version 1, but this will go away.
At second: after some online updates, I tried to run rkhunter and its reporting invisible /dev/tmpblablabla... and some two other files corresponding with this one... this was too confusing and I killed this by command rm /dev/tmpblabla... I have no idea what it was, but rkhunter reported that system is infected... I have no backup of this, but the machine still runnig and I can make some investigation, but I don't know how to do it.
Does the second problem means, that openSUSE 10.2 has security hole in default install and fresh installation can be exploited remotly during/after online update, when making fresh install? Or one of the online repositories includes package with backdoor?
THere is no known security hole in the default install and the SUSE supplied repositories. I cannot speak for other repositories, like packman or guru, but you would be the first reporter. And you should give us *exact* error messages from above if you want us to help. Ciao, MArcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org