Thread: rkhunter
View Single Post
  #16  
Old 9th June 2009, 05:05
dragons dragons is offline
Junior Member
 
Join Date: Mar 2009
Posts: 18
Thanks: 2
Thanked 0 Times in 0 Posts
Default

OK I sorted out one of the warnings by adding this line to rkhunter.conf

Code:
ALLOWHIDDENFILE=/etc/.hosts.swp
I now just have one warning about root logins as follows

Quote:
* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... Watch out Root login possible. Possible risk!
info: No 'PermitRootLogin' entry found in file /etc/ssh/sshd_config
Hint: See logfile for more information about this issue
Checking for allowed protocols... [ OK (Only SSH2 allowed) ]

* Check: Events and Logging
Search for syslog configuration... [ OK ]
Checking for running syslog slave... [ OK ]
Checking for logging to remote system... [ OK (no remote logging) ]
and sshd_config has this

Code:
# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication mechanism. 
# Depending on your PAM configuration, this may bypass the setting of 
# PasswordAuthentication, PermitEmptyPasswords, and 
# "PermitRootLogin without-password". If you just want the PAM account and 
# session checks to run without PAM authentication, then enable this but set 
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes
what should this setting be I am assuming this is what is spitting out the error and sending me the email with the following quote

Quote:
Please inspect this machine, because it can be infected
Reply With Quote