Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] Security report from rkhunter on default install of openSUSE 10.2
  • From: "Darko Gavrilovic" <d.gavrilovic@xxxxxxxxx>
  • Date: Wed, 27 Dec 2006 14:24:49 -0500
  • Message-id: <38c146350612271124s6759fb68r8926389b9d165361@xxxxxxxxxxxxxx>
On 12/26/06, Pavel Chalupa <pavel@xxxxxxxxxx> wrote:
Hi,
is there anybody who can explain the security report generated by rkhunter?

At first: default install includes SSHD with remote root login allow, all
users remote login allowed, SSH protocol 1 allowed... during install is SSH
disallowed, but SSHD runnig after install...

http://en.opensuse.org/SUSE_Security_Lockdown_-_Hardening_Your_Linux_System




At second: after some online updates, I tried to run rkhunter and its
reporting invisible /dev/tmpblablabla... and some two other files
corresponding with this one... this was too confusing and I killed this by
command rm /dev/tmpblabla... I have no idea what it was, but rkhunter
reported that system is infected... I have no backup of this, but the machine
still runnig and I can make some investigation, but I don't know how to do
it.

Does the second problem means, that openSUSE 10.2 has security hole in default
install and fresh installation can be exploited remotly during/after online
update, when making fresh install? Or one of the online repositories includes
package with backdoor?

prbly false positives.

read the faq,

http://sourceforge.net/docman/display_doc.php?docid=35179&group_id=155034



Any suggestions?

Pavel Chalupa





--
"Develop success from failures. Discouragement and failure are two of
the surest stepping stones to success." - Dale Carnegie
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
References