Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
[opensuse-security] Security report from rkhunter on default install of openSUSE 10.2
  • From: Pavel Chalupa <pavel@xxxxxxxxxx>
  • Date: Wed, 27 Dec 2006 00:03:17 +0100
  • Message-id: <200612270003.51386.pavel@xxxxxxxxxx>
Hi,
is there anybody who can explain the security report generated by rkhunter?

At first: default install includes SSHD with remote root login allow, all
users remote login allowed, SSH protocol 1 allowed... during install is SSH
disallowed, but SSHD runnig after install...

At second: after some online updates, I tried to run rkhunter and its
reporting invisible /dev/tmpblablabla... and some two other files
corresponding with this one... this was too confusing and I killed this by
command rm /dev/tmpblabla... I have no idea what it was, but rkhunter
reported that system is infected... I have no backup of this, but the machine
still runnig and I can make some investigation, but I don't know how to do
it.

Does the second problem means, that openSUSE 10.2 has security hole in default
install and fresh installation can be exploited remotly during/after online
update, when making fresh install? Or one of the online repositories includes
package with backdoor?

Any suggestions?

Pavel Chalupa
< Previous Next >