* Bob S.
On Sunday 29 August 2004 10:00 am, Patrick Shanahan wrote:
rkhunter-1.1.7-1.ps.noarch.rpm is available for download: http://wahoo.no-ip.org/~pat/rkhunter-1.1.7-1.ps.noarch.rpm
OK, seems like a great idea to me. Been meaning to do this for quite awhile. Downloaded it and ran it. Gave me a bunch of stuff to look at. Identified problems below. No rootkits thank goodness. Now, some of it is obvious, don't run Apache, or ssh, etc. But what do I do about the other stuff that came up? Stuff that I should probably be investigating. Couldn't find the logfile.
/var/log/rkhunter.log
Now Patrick, be nice! Read the man page from top to bottom, several times. Just some old guy running SuSE 8.2 as his desktop and having a lot of fun doing it. No formal training or experience whatsoever. Learning "on the fly" as they might say.
then we have parity, 63, retired, high school grad, computer hobby, training - IBM KeyPunch operation 1965 (for knowledge only, never used)
Here is the error portion from rkhunter:
/sbin/checkproc [ BAD ] /sbin/depmod [ BAD ] /sbin/insmod [ BAD ] /sbin/modinfo [ BAD ] /sbin/modprobe [ BAD ] /sbin/rmmod [ BAD ]
I do not know about these (above). I have forwarded a copy of your post to the author for comment and will provide a copy to you via the list when he responds unless he posts his response to the list.
Checking /etc/rc.d/rc.sysinit [ Not found ] Checking boot.local/rc.local file... - /etc/rc.local [ Not found ] - /etc/rc.d/rc.local [ Not found ] - /usr/local/etc/rc.local [ Not found ] - /usr/local/etc/rc.d/rc.local [ Not found ] - /etc/conf.d/local.start [ Not found ]
[ Not found ] = don't exist, no worry (rkhunter works on other distro's which use[d] these files)
* Check: SSH Searching for sshd_config... Found /etc/ssh/sshd_config Checking for allowed root login... Watch out Root login possible. Possible risk!
this is a false pos, if you look in sshd_config (you said you didn't use ssh), you will find the line '#PermitRootLogin yes' which is commented out. The author has been advised of this by me:
/etc/ssh/sshd_config #Protocol 2,1 #PermitRootLogin yes
I do not understand the warning/notice ??
Ah, it's because you have both lines in it.. And I have to check a lot of different OpenSSH configs... Please remove the lines and it will be OK. Nethertheless, I will add it to my ToDo list ;-)
MD5 compared: 26 Incorrect MD5 checksums: 6
File scan Scanned files: 320 Possible infected files: 0
Application scan Vulnerable applications: 2
Scanning took 482 seconds
NOTE: Your report appears to be from an *old* version of rkhunter. Which version are you using? Later versions have corrections and updated parameters. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/photos