Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] Security report from rkhunter on default install of openSUSE 10.2
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Wed, 27 Dec 2006 11:51:49 +0100
  • Message-id: <20061227105149.GA1350@xxxxxxx>
On Wed, Dec 27, 2006 at 12:03:17AM +0100, Pavel Chalupa wrote:
> Hi,
> is there anybody who can explain the security report generated by rkhunter?
>
> At first: default install includes SSHD with remote root login allow, all
> users remote login allowed, SSH protocol 1 allowed... during install is SSH
> disallowed, but SSHD runnig after install...

We still allow SSH protocol version 1, but this will go away.

> At second: after some online updates, I tried to run rkhunter and its
> reporting invisible /dev/tmpblablabla... and some two other files
> corresponding with this one... this was too confusing and I killed this by
> command rm /dev/tmpblabla... I have no idea what it was, but rkhunter
> reported that system is infected... I have no backup of this, but the machine
> still runnig and I can make some investigation, but I don't know how to do
> it.

> Does the second problem means, that openSUSE 10.2 has security hole in default
> install and fresh installation can be exploited remotly during/after online
> update, when making fresh install? Or one of the online repositories includes
> package with backdoor?

THere is no known security hole in the default install and the SUSE supplied
repositories.

I cannot speak for other repositories, like packman or guru, but you would be
the first reporter.

And you should give us *exact* error messages from above if you want us to help.

Ciao, MArcus
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References