Why should I be concerned about any of these?: Found warnings: [19:33:46] WARNING, found: /etc/.java (directory) [19:33:49] Warning: root login possible. Change for your safety the 'PermitRootLogin' [19:33:49] Warning: SSH version 1 possible allowed! Thanks, Jerome
On Tue, 28 Dec 2004 19:50:43 -0800, Susemail <susemail@hawaii.rr.com> wrote:
Why should I be concerned about any of these?:
Found warnings: [19:33:46] WARNING, found: /etc/.java (directory)
Because it shouldn't be there and SUSE didn't ship anything that would put it there. So something else did.
[19:33:49] Warning: root login possible. Change for your safety the 'PermitRootLogin'
Letting root ssh into a system is inviting trouble if a problem is found with OpenSSH. It could leave you open to an attack that could wipe the system.
[19:33:49] Warning: SSH version 1 possible allowed!
Tons of exploits found for SSH1 and it should be disabled. SUSE doesn't enable this by default on install so something enabled SSH1 protocol. -- "There is no need to teach that stars can fall out of the sky and land on a flat Earth in order to defend religious faith."
On Tuesday 28 December 2004 23:56, Ben Rosenberg wrote:
On Tue, 28 Dec 2004 19:50:43 -0800, Susemail <susemail@hawaii.rr.com> wrote:
Why should I be concerned about any of these?:
Found warnings: [19:33:46] WARNING, found: /etc/.java (directory)
Because it shouldn't be there and SUSE didn't ship anything that would put it there. So something else did.
removed.
[19:33:49] Warning: root login possible. Change for your safety the 'PermitRootLogin'
Letting root ssh into a system is inviting trouble if a problem is found with OpenSSH. It could leave you open to an attack that could wipe the system.
I used 'locate PermitRootLogin' and I checked the sysconfig directory to find PermitRootLogin. Where is it or even better, how should I have looked for it?
[19:33:49] Warning: SSH version 1 possible allowed!
Tons of exploits found for SSH1 and it should be disabled. SUSE doesn't enable this by default on install so something enabled SSH1 protocol. --
I can only see an enabled sshd in the Runlevel editor. Using locate I get: /usr/lib/nessus/plugins/ssh1_proto_enabled.nasl. How do I disable the SSH1 protocal
"There is no need to teach that stars can fall out of the sky and land on a flat Earth in order to defend religious faith."
On Wednesday 29 December 2004 09:09, Susemail wrote:
How do I disable the SSH1 protocal
~ maybe, have a look at :- /etc/ssh/sshd_config ................. then look for line, something like . . . # Authentication: #LoginGraceTime 600 #PermitRootLogin yes # dec 29, 2004 PermitRootLogin no ..................................... Punch-Line : PermitRootLogin no best rgds ---------------
On Tuesday 28 December 2004 23:31, riccardo wrote:
On Wednesday 29 December 2004 09:09, Susemail wrote:
How do I disable the SSH1 protocal
________________
~ maybe, have a look at :-
/etc/ssh/sshd_config
.................
then look for line, something like . . .
# Authentication:
#LoginGraceTime 600 #PermitRootLogin yes # dec 29, 2004 PermitRootLogin no
.....................................
Punch-Line : PermitRootLogin no
best rgds --------------- I found it but it's already commented out:
# Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes I will change it to no but that shouldn't make any difference. Is there some other way this could be being set to yes? How do I disable the SSH1 protocal? Thanks, Jerome
On Wed, 29 Dec 2004 10:05:48 -1000, Susemail <susemail@hawaii.rr.com> wrote:
I will change it to no but that shouldn't make any difference. Is there some other way this could be being set to yes? How do I disable the SSH1 protocal?
Thanks, Jerome
In /etc/ssh/sshd_config There should be: #Protocol 2,1 Uncomment it, and remove ",1" So, it will look like: Protocol 2 This will deny ver.1 of ssh. Sunny -- Get Firefox http://www.spreadfirefox.com/?q=affiliates&id=10745&t=85
On Wednesday 29 December 2004 10:11, Sunny wrote:
On Wed, 29 Dec 2004 10:05:48 -1000, Susemail <susemail@hawaii.rr.com> wrote:
I will change it to no but that shouldn't make any difference. Is there some other way this could be being set to yes? How do I disable the SSH1 protocal?
Thanks, Jerome
In /etc/ssh/sshd_config
There should be:
#Protocol 2,1
Uncomment it, and remove ",1"
So, it will look like:
Protocol 2
This will deny ver.1 of ssh.
Sunny
-- On Wednesday 29 December 2004 20:05, Susemail wrote: #PermitRootLogin yes #StrictModes yes
I will change it to no
~ this will make one huge difference, and, is what you need :)
I found it but it's already commented out:
# Authentication:
#LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes
I will change it to no but that shouldn't make any difference.
It does make a difference, from the comments right at the top of sshd_config "# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value." So, the uncommented line shows you the DEFAULT situation unless you change it... Scott Problem solved. Thanks to Sunny, riccardo, and Scott. Jerome
On Wednesday 29 December 2004 12:05 pm, Susemail wrote:
On Tuesday 28 December 2004 23:31, riccardo wrote:
On Wednesday 29 December 2004 09:09, Susemail wrote:
How do I disable the SSH1 protocal
________________
~ maybe, have a look at :-
/etc/ssh/sshd_config
.................
then look for line, something like . . .
# Authentication:
#LoginGraceTime 600 #PermitRootLogin yes # dec 29, 2004 PermitRootLogin no
.....................................
Punch-Line : PermitRootLogin no
best rgds ---------------
I found it but it's already commented out:
# Authentication:
#LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes
I will change it to no but that shouldn't make any difference.
It does make a difference, from the comments right at the top of sshd_config "# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value." So, the uncommented line shows you the DEFAULT situation unless you change it... Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.8-24.10-default x86_64
On Wednesday 29 December 2004 10:36, Scott Leighton wrote:
On Wednesday 29 December 2004 12:05 pm, Susemail wrote:
On Tuesday 28 December 2004 23:31, riccardo wrote:
On Wednesday 29 December 2004 09:09, Susemail wrote:
How do I disable the SSH1 protocal
________________
~ maybe, have a look at :-
/etc/ssh/sshd_config
.................
then look for line, something like . . .
# Authentication:
#LoginGraceTime 600 #PermitRootLogin yes # dec 29, 2004 PermitRootLogin no
.....................................
Punch-Line : PermitRootLogin no
best rgds ---------------
I found it but it's already commented out:
# Authentication:
#LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes
I will change it to no but that shouldn't make any difference.
It does make a difference, from the comments right at the top of sshd_config
"# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value."
So, the uncommented line shows you the DEFAULT situation unless you change it...
You mean the commented line? Jerome
Scott
-- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.8-24.10-default x86_64
S, On Wednesday 29 December 2004 01:09, Susemail wrote:
On Tuesday 28 December 2004 23:56, Ben Rosenberg wrote:
On Tue, 28 Dec 2004 19:50:43 -0800, Susemail <susemail@hawaii.rr.com> wrote:
Why should I be concerned about any of these?:
Found warnings: [19:33:46] WARNING, found: /etc/.java (directory)
Because it shouldn't be there and SUSE didn't ship anything that would put it there. So something else did.
removed.
Did it occur to you that this was not bogus presence? Rootkit Hunter is not omniscient. It has to be programmed with what to consider foreign. It appears it is "unaware" of the files and directories added by Sun's Java. % ll -AR /etc/.java /etc/.java: total 0 drwxr-xr-x 2 root root 6 2004-06-24 23:11 deployment/ drwxr-xr-x 2 root root 50 2004-06-17 22:51 .systemPrefs/ /etc/.java/deployment: total 0 /etc/.java/.systemPrefs: total 0 -rw-r--r-- 1 root root 0 2004-04-05 18:06 .system.lock -rw-r--r-- 1 root root 0 2004-04-05 18:06 .systemRootModFile You have now damaged your Java installation.
...
Randall Schulz
participants (6)
-
Ben Rosenberg -
Randall R Schulz -
riccardo -
Scott Leighton -
Sunny -
Susemail