On 12/26/06, Pavel Chalupa <pavel@kregion.cz> wrote:
Hi, is there anybody who can explain the security report generated by rkhunter?
At first: default install includes SSHD with remote root login allow, all users remote login allowed, SSH protocol 1 allowed... during install is SSH disallowed, but SSHD runnig after install...
http://en.opensuse.org/SUSE_Security_Lockdown_-_Hardening_Your_Linux_System
At second: after some online updates, I tried to run rkhunter and its reporting invisible /dev/tmpblablabla... and some two other files corresponding with this one... this was too confusing and I killed this by command rm /dev/tmpblabla... I have no idea what it was, but rkhunter reported that system is infected... I have no backup of this, but the machine still runnig and I can make some investigation, but I don't know how to do it.
Does the second problem means, that openSUSE 10.2 has security hole in default install and fresh installation can be exploited remotly during/after online update, when making fresh install? Or one of the online repositories includes package with backdoor?
prbly false positives. read the faq, http://sourceforge.net/docman/display_doc.php?docid=35179&group_id=155034
Any suggestions?
Pavel Chalupa
-- "Develop success from failures. Discouragement and failure are two of the surest stepping stones to success." - Dale Carnegie --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org