Results 1 to 8 of 8

Thread: rkhunter log analysis

  1. #1
    Join Date
    Nov 2006
    Beans
    22

    Exclamation rkhunter log analysis

    Hi all

    I've just discovered rkhunter and took it for a spin.

    I have these issues in the log file, is it something I should be worried about and what have to be done ?

    [17:35:59] Performing system configuration file checks
    [17:35:59] Info: Starting test name 'system_configs'
    [17:35:59] Checking for SSH configuration file [ Found ]
    [17:35:59] Info: Found SSH configuration file: /etc/ssh/sshd_config
    [17:35:59] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
    [17:35:59] Checking if SSH root access is allowed [ Warning ]
    [17:35:59] Warning: The SSH and rkhunter configuration options should be the same:
    [17:35:59] SSH configuration option 'PermitRootLogin': yes
    [17:35:59] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
    [17:35:59] Checking if SSH protocol v1 is allowed [ Not allowed ]
    [17:35:59] Checking for running syslog daemon [ Found ]
    [17:35:59] Checking for syslog configuration file [ Found ]
    [17:35:59] Info: Found syslog configuration file: /etc/syslog.conf
    [17:36:00] Checking if syslog remote logging is allowed [ Not allowed ]
    [17:36:00]
    [17:36:00] Performing filesystem checks
    [17:36:00] Info: Starting test name 'filesystem'
    [17:36:00] Info: SCAN_MODE_DEV set to 'THOROUGH'
    [17:36:14] Checking /dev for suspicious file types [ Warning ]
    [17:36:14] Warning: Suspicious files found in /dev:
    [17:36:14] /dev/shm/pulse-shm-2448036307: data
    [17:36:14] /dev/shm/pulse-shm-803441736: data
    [17:36:15] Checking for hidden files and directories [ Warning ]
    [17:36:15] Warning: Hidden directory found: /etc/.java
    [17:36:15] Warning: Hidden directory found: /dev/.static
    [17:36:15] Warning: Hidden directory found: /dev/.udev
    [17:36:15] Warning: Hidden directory found: /dev/.initramfs

    Any pointers is highly appreciated as I dont have a clue :-/

    Thanks
    Niller

  2. #2
    Join Date
    Aug 2008
    Location
    Lisbon, Portugal
    Beans
    101
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: rkhunter log analysis

    Well, no need to worry about the warnings. But you should change the configuration of your sshd to not allow root login.

    To do this just edit the file /etc/ssh/sshd_config, and change the line: "PermitRootLogin: yes" to: "PermitRootLogin: no".

    This should get you rid of the SSH warning

  3. #3
    Join Date
    Nov 2006
    Beans
    22

    Re: rkhunter log analysis

    Thanks for reply

    But when I'm open the file /etc/ssh/sshd_config the PermitRootLogin or ALLOW_SSH_ROOT_USER entry is not there :-/

    I'm currently running Hardy Heron.

  4. #4
    Join Date
    Aug 2008
    Location
    Lisbon, Portugal
    Beans
    101
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: rkhunter log analysis

    If not, you may add it.

  5. #5
    Join Date
    Nov 2006
    Beans
    22

    Re: rkhunter log analysis

    Okay

    Thanks !!

  6. #6
    Join Date
    Apr 2008
    Location
    UK
    Beans
    1,098

    Re: rkhunter log analysis

    Quote Originally Posted by niller View Post
    Thanks for reply

    But when I'm open the file /etc/ssh/sshd_config the PermitRootLogin or ALLOW_SSH_ROOT_USER entry is not there :-/

    I'm currently running Hardy Heron.
    It should be there but whether it is or not makes no difference with Ubuntu as there is no root account to log into anyway.
    Brian.

  7. #7
    Join Date
    Sep 2005
    Location
    Germany
    Beans
    83
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: rkhunter log analysis

    Quote Originally Posted by brian_p View Post
    It should be there but whether it is or not makes no difference with Ubuntu as there is no root account to log into anyway.
    Hm maybe he enabled the root account?
    Or if he enables it later (for some reason) and then forgets about SSHd? It's better to be safe than sorry.


    Regards,
    ds[de]

  8. #8
    Join Date
    Apr 2008
    Location
    UK
    Beans
    1,098

    Re: rkhunter log analysis

    Quote Originally Posted by ds[de] View Post
    Hm maybe he enabled the root account?
    Then it would make sense to consider altering the default 'yes' to 'no'.

    Or if he enables it later (for some reason) and then forgets about SSHd? It's better to be safe than sorry.
    No need for him to be sorry. A login to the root account is no less safe than one into a user account.
    Brian.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •