Mailinglist Archive: opensuse (911 mails)

< Previous Next >
RE: [opensuse] Have I been hacked or "visited"? seccheck and rkhunter outputs
> -----Ursprüngliche Nachricht-----
Von: stakanov@xxxxxxxxxx
Gesendet: Di. 22.12.2015 17:29
An: opensuse ,
Betreff: [opensuse] Have I been hacked or visited? seccheck and rkhunter
outputs

I get the following two separte messages by seccheck and rkhunter.

Rkhunter:

Warning: The file properties have changed:
File: /usr/bin/rkhunter
Current inode: 1458231 Stored inode: 1455628
Warning: The file '/usr/bin/ssh' exists on the system, but it is not present
in the 'rkhunter.dat' file.
Warning: The file '/usr/sbin/sshd' exists on the system, but it is not
present in the 'rkhunter.dat' file.
Warning: The file properties have changed:
File: /etc/rkhunter.conf
Current inode: 525324 Stored inode: 525329
Warning: The file '/etc/rkhunter.d/00-opensuse.conf' exists on the system,
but it is not present in the
'rkhunter.dat' file.
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text

Seccheck complains about:

Please note that these security checks are neither complete nor reliable.
Any attacker with proper experience and root access to your system can
deceive *any* security check!

Changes in your weekly security configuration of linux-ge2e:


Please check and perhaps disable the following unused accounts:
Warning: user root has got a password and a valid shell but never logged in

Question: The latter could be because of sudo?
Instead for ssh and sshd I do not have any explanation. It is deactivated on
this system. Has there been an
update that can cause this?

lastlog does not show anything special. Only local user did log in...at least
following the log.


-----Ursprüngliche Nachricht Ende-----

Now, I found a lot of new fies of ssh authentication made the 14th december of
this year. I never use ssh, I do not log in remotely to my notebook and up to
now I had my peace of mind to disallow ssh root login and to change the port
while having everything set to disabled.
Now I have a question.
Somebody who does not want to use "remote" at all. What can he do to un-install
every remote package. The problem is that if you un-install openssh a lot of
applications of kde seemed to complain.
So I tried and un-installed it. But nothing happened. Why do I have all these
dependencies for features that I do not use. Wouldn't it be better to put those
in a pattern to install if needed instead of putting them into kde-base?
What problem do I actually have if I do not have opensssh installed at all? To
me it seems none.
Even tor does not seem to rely on it.
So why on normal desktop systems is there ssh, if by default it is
de-activated. Wouldn't an active selection with usable defaults as option
not be the better choice.
Thanks for educating me.

P.S. Merry Christmas to everybody and for who has the itch of "politically
correctness" and feels bothered by it (somebody could be pastafari, or whatever
else, I know, so: seasonal greetings to them.




---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen!
http://email.freenet.de/basic/Informationen

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups