Hi,
is there anybody who can explain the security report generated by rkhunter?
At first: default install includes SSHD with remote root login allow, all
users remote login allowed, SSH protocol 1 allowed... during install is SSH
disallowed, but SSHD runnig after install...
At second: after some online updates, I tried to run rkhunter and its
reporting invisible /dev/tmpblablabla... and some two other files
corresponding with this one... this was too confusing and I killed this by
command rm /dev/tmpblabla... I have no idea what it was, but rkhunter
reported that system is infected... I have no backup of this, but the machine
still runnig and I can make some investigation, but I don't know how to do
it.
Does the second problem means, that openSUSE 10.2 has security hole in default
install and fresh installation can be exploited remotly during/after online
update, when making fresh install? Or one of the online repositories includes
package with backdoor?
Any suggestions?
Pavel Chalupa
