Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] Security report from rkhunter on default install of openSUSE 10.2
  • From: Mathias Homann <admin@xxxxxxxxxx>
  • Date: Thu, 28 Dec 2006 11:08:19 +0100
  • Message-id: <200612281108.20478.admin@xxxxxxxxxx>
Am Mittwoch, 27. Dezember 2006 11:51 schrieb Marcus Meissner:

> THere is no known security hole in the default install and the SUSE
> supplied repositories.
>
> I cannot speak for other repositories, like packman or guru, but
> you would be the first reporter.
>
> And you should give us *exact* error messages from above if you
> want us to help.

I don't know about 10.2 (yet; just installing rkhunter on my 10.2),
but on my 10.0 rkhunter complains about this:

* Application version scan
   - GnuPG 1.4.2   [ Vulnerable ]
   - OpenSSL 0.9.7g   [ Vulnerable ]

* Check: SSH
   Searching for sshd_config...
   Found /etc/ssh/sshd_config
   Checking for allowed root login... Watch out Root login possible.
Possible risk!
    info:
    Hint: See logfile for more information about this issue
   Checking for allowed protocols...   [ Warning (SSH v1 allowed) ]


Now, I'm not overly concerned about the "root allowed" since on my box
that is allowed only with ssh key, not with passphrase, AND not from
external adresses... but I'm not quite sure about the SSHv1
complaint, and the versions...


bye,
MH

--
gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD
763C
--
gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD
763C
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >