Nerijus Baliunas wrote:
> On Thu, 27 May 2010 07:17:39 -0500 Mike McCarty <[email protected]>
> wrote:
>
>> I think it's asking a bit much to want a tool like rkhunter
>> to "know" what every host it may be run on has as its defaults
>> for everything. If you want the warning to go away, then my
>> suggestion is explicitly to uncomment the "Protocol 2" line
>> so, even though that's the default, rkhunter will know that
>> version 1 is not allowed. I suggest not turning off the test.
>
> IMHO rkhunter package in F13 should not give any warnings
> with default config files. So I will ask Fedora rkhunter
> maintainers to add ALLOW_SSH_PROT_V1=1 if it is decided
> not to autodetect whether 'Protocol' is needed.
It would make sense that the rkhunter from the RPM supplied
by Red Hat might know about that default, but I'm not sure
that what you suggest is the best way. Doesn't ALLOW_SSH_PROT_V1=1
instruct rkhunter to consider allowing version 1 not to be
a reportable event? If so, then if someone put
Protocol 2,1
into his configuration file, no report would be generated. Is
that really what you want?
Here's the relevant portion of rkhunter.conf
# Set this option to '1' to allow the use of the SSH-1 protocol, but note
# that theoretically it is weaker, and therefore less secure, than the
# SSH-2 protocol. Do not modify this option unless you have good reasons
# to use the SSH-1 protocol (for instance for AFS token passing or Kerberos4
# authentication). If the 'Protocol' option has not been set in the SSH
# configuration file, then a value of '2' may be set here in order to
# suppress a warning message. This option has a default value of '0'.
#
ALLOW_SSH_PROT_V1=0
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
------------------------------------------------------------------------------
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
