Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] Security report from rkhunter on default install of openSUSE 10.2
  • From: "Darko Gavrilovic" <d.gavrilovic@xxxxxxxxx>
  • Date: Wed, 27 Dec 2006 14:24:49 -0500
  • Message-id: <38c146350612271124s6759fb68r8926389b9d165361@xxxxxxxxxxxxxx>
On 12/26/06, Pavel Chalupa <pavel@xxxxxxxxxx> wrote:
is there anybody who can explain the security report generated by rkhunter?

At first: default install includes SSHD with remote root login allow, all
users remote login allowed, SSH protocol 1 allowed... during install is SSH
disallowed, but SSHD runnig after install...

At second: after some online updates, I tried to run rkhunter and its
reporting invisible /dev/tmpblablabla... and some two other files
corresponding with this one... this was too confusing and I killed this by
command rm /dev/tmpblabla... I have no idea what it was, but rkhunter
reported that system is infected... I have no backup of this, but the machine
still runnig and I can make some investigation, but I don't know how to do

Does the second problem means, that openSUSE 10.2 has security hole in default
install and fresh installation can be exploited remotly during/after online
update, when making fresh install? Or one of the online repositories includes
package with backdoor?

prbly false positives.

read the faq,

Any suggestions?

Pavel Chalupa

"Develop success from failures. Discouragement and failure are two of
the surest stepping stones to success." - Dale Carnegie
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >