On Tue, 2007-10-23 at 19:37 +0200, Helmut Hullen wrote: > Hallo, John, > > Du (john.horne) meintest am 23.10.07: > > >> since upgrading RKHunter to the current version 1.3.0 i got multiple > >> new warning messages on my FreeBSD box. > > > >> Warning: No local startup files found. > >> > >> -> Why is this resulting in a warning if no local startup file was > >> -> found? > >> > > In this case the check is for the file used for local startup > > modifications. Typically something like /etc/rc.d/rc.local or > > rc.sysinit. Again, having no such file is suspicious. > > Can you do some tricks with "OS_VERSION_FILE"? > > http://arktur.de/Wiki/Entwicklung:UIDGID#Kennungen > http://arktur.shuttle.de/beta/Paketbau.shtml#init > > I have no informations about the BSD names and locations, but perhaps I > (or someone else) could find them in packets which fit for many > distributions, p.e. LTSP or apcupsd. > Rather than trying to cater for all distributions by hardcoding in pathnames into RKH, it is easier to hardcode some of the more common ones and then allow the user to specify in the config file any remaining ones. This will allow FreeBSD to work. However, RKH should cater for more than one directory (this will then allow Avalon to add the directory rather than all the startup script filenames to the config file).
> > The value of 'PermitRootLogin' in the sshd_config must be exactly the > > same as that in the rkhunter.conf file (the ALLOW_SSH_ROOT_USER > > option). Since SSH defaults to 'yes', and RKH defaults to 'no', you > > get a warning. You need to set the option in the sshd_config file to > > some value suitable for your requirements, and then set > > ALLOW_SSH_ROOT_USER to the same value in the rkhunter.conf file. (I > > guess we should allow some setting for when the 'PermitRootLogin' is > > unset.) > > But when RKH can find the actual value of "PermitRootLogin": why does it > need an entry in "/etc/rkhunter.conf"? > To see if the value has been changed. If a hacker changes your "PermitRootLogin" to 'yes' in sshd_config, then you will probably want to know about it. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
