On Tuesday 26 December 2006 14:03, Pavel Chalupa wrote:
Hi, is there anybody who can explain the security report generated by rkhunter?
At first: default install includes SSHD with remote root login allow, all users remote login allowed, SSH protocol 1 allowed... during install is SSH disallowed, but SSHD runnig after install...
At second: after some online updates, I tried to run rkhunter and its reporting invisible /dev/tmpblablabla... and some two other files corresponding with this one... this was too confusing and I killed this by command rm /dev/tmpblabla... I have no idea what it was, but rkhunter reported that system is infected... I have no backup of this, but the machine still runnig and I can make some investigation, but I don't know how to do it.
Pavel, Please... Step away from the keyboard. Do not go deleting things till you know what you are doing. Do not worry about ssh, it is a secure protocol. Run to your nearest book store and buy a book about getting started in linux, before you start worrying about security. SUSE installs very securely, so there is no point in running rkhunter till you understand the situation a little more. Linux is not like Windows, where the first thing you have to do is install a antivirus. -- _____________________________________ John Andersen