当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 11 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-19 16:02 
头像

注册: 2010-05-24 13:02
帖子: 2339
地址: 星城长沙
送出感谢: 0 次
接收感谢: 4
终端出现下面问题,怎么解决,现在有危险么? 谢谢!
引用:
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]

Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
Checking for hidden files and directories [ Warning ]



附件:
terminal.png
terminal.png [ 86.69 KiB | 被浏览 1036 次 ]



_________________
安装了不吃亏^_^
Ailurus小熊猫
IcePlayer音乐播放器
奉献给IcePlayer用户
GtkHash哈希计算器
页首
 用户资料  
 
2 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-23 2:12 
头像

注册: 2006-04-05 18:12
帖子: 474
送出感谢: 0 次
接收感谢: 0 次
没什么大的问题。


_________________
Fedora Notes


页首
 用户资料  
 
3 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-23 18:10 
头像

注册: 2008-09-18 13:11
帖子: 2764
送出感谢: 1
接收感谢: 447
光看它终端中的输出没什么意思,要看它log文件才知道具体哪里不对。
SSH root那个,如果你没开ssh服务器的话,就比较可疑了。
后面两个,极有可能是误报,一般都和/dev/.udev/有关,不过具体还是要看log


页首
 用户资料  
 
4 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-23 18:32 
头像

注册: 2010-05-24 13:02
帖子: 2339
地址: 星城长沙
送出感谢: 0 次
接收感谢: 4
astolia 写道:
光看它终端中的输出没什么意思,要看它log文件才知道具体哪里不对。
SSH root那个,如果你没开ssh服务器的话,就比较可疑了。
后面两个,极有可能是误报,一般都和/dev/.udev/有关,不过具体还是要看log


我也觉得那个SSH蛮危险,下面是log的相关的内容,看不懂,请问怎么解决?谢谢!!
代码:
[18:18:12] Performing system configuration file checks
[18:18:12] Info: Starting test name 'system_configs'
[18:18:12]   Checking for SSH configuration file             [ Found ]
[18:18:12] Info: Found SSH configuration file: /etc/ssh/sshd_config
[18:18:12] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
[18:18:12] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
[18:18:12]   Checking if SSH root access is allowed          [ Warning ]
[18:18:12] Warning: The SSH and rkhunter configuration options should be the same:
[18:18:12]          SSH configuration option 'PermitRootLogin': yes
[18:18:12]          Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
[18:18:12]   Checking if SSH protocol v1 is allowed          [ Not allowed ]
[18:18:12]   Checking for running syslog daemon              [ Found ]
[18:18:12]   Checking for syslog configuration file          [ Found ]
[18:18:12] Info: Found syslog configuration file: /etc/rsyslog.conf
[18:18:12]   Checking if syslog remote logging is allowed    [ Not allowed ]
[18:18:12]
[18:18:12] Performing filesystem checks
[18:18:12] Info: Starting test name 'filesystem'
[18:18:12] Info: SCAN_MODE_DEV set to 'THOROUGH'
[18:18:13]   Checking /dev for suspicious file types         [ Warning ]
[18:18:13] Warning: Suspicious file types found in /dev:
[18:18:13]          /dev/shm/pulse-shm-853919460: data
[18:18:13]          /dev/shm/pulse-shm-3173121675: data
[18:18:13]          /dev/shm/pulse-shm-4022167610: data
[18:18:13]          /dev/shm/pulse-shm-3677588561: data
[18:18:13]          /dev/shm/pulse-shm-2870257226: data
[18:18:13]          /dev/shm/pulse-shm-2480717743: data
[18:18:13]   Checking for hidden files and directories       [ Warning ]
[18:18:13] Warning: Hidden directory found: /dev/.udev
[18:18:13] Warning: Hidden directory found: /dev/.initramfs
[18:18:35]
[18:18:35] Info: Test 'apps' disabled at users request.
[18:18:35]
[18:18:35] System checks summary
[18:18:35] =====================


_________________
安装了不吃亏^_^
Ailurus小熊猫
IcePlayer音乐播放器
奉献给IcePlayer用户
GtkHash哈希计算器


页首
 用户资料  
 
5 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-23 18:56 
头像

注册: 2008-09-18 13:11
帖子: 2764
送出感谢: 1
接收感谢: 447
如果你没装openssh-server或者其他ssh服务器软件的话,不应该有/etc/ssh/sshd_config这个东西的
它提示的是/etc/ssh/sshd_config中有个PermitRootLogin参数设置成了yes,就是允许以root身份通过ssh登录
后两个warning就没什么了,都是正常文件的误报


页首
 用户资料  
 
6 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-23 19:21 
头像

注册: 2010-05-24 13:02
帖子: 2339
地址: 星城长沙
送出感谢: 0 次
接收感谢: 4
astolia 写道:
如果你没装openssh-server或者其他ssh服务器软件的话,不应该有/etc/ssh/sshd_config这个东西的
它提示的是/etc/ssh/sshd_config中有个PermitRootLogin参数设置成了yes,就是允许以root身份通过ssh登录
后两个warning就没什么了,都是正常文件的误报


我没有下意识的去安装什么ssh服务,会不会是什么软件安装并开启的呢?例如论坛加速程序里需要这个服务?
无论如何这个ssh服务确实是莫名其妙的开启了,请问怎样解决?是把yes设置成no还是直接删除该文件或与其相关的文件?谢谢您的热心解答!


_________________
安装了不吃亏^_^
Ailurus小熊猫
IcePlayer音乐播放器
奉献给IcePlayer用户
GtkHash哈希计算器


页首
 用户资料  
 
7 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-23 19:37 
头像

注册: 2008-09-18 13:11
帖子: 2764
送出感谢: 1
接收感谢: 447
sshd是让别人连接到你的机器上,不大可能有什么普通用户程序依赖它

如果安装了openssh-server就直接卸载呗,卸载完了再看看/etc/ssh/sshd_config还在不在,在的话直接删除


页首
 用户资料  
 
8 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-23 20:00 
头像

注册: 2010-05-24 13:02
帖子: 2339
地址: 星城长沙
送出感谢: 0 次
接收感谢: 4
astolia 写道:
sshd是让别人连接到你的机器上,不大可能有什么普通用户程序依赖它

如果安装了openssh-server就直接卸载呗,卸载完了再看看/etc/ssh/sshd_config还在不在,在的话直接删除


谢谢您帮忙,在新立得里把这个服务卸载了?您说这个是10.04或10.10系统自带的服务项么?


附件:
synaptic.png
synaptic.png [ 149.32 KiB | 被浏览 979 次 ]



_________________
安装了不吃亏^_^
Ailurus小熊猫
IcePlayer音乐播放器
奉献给IcePlayer用户
GtkHash哈希计算器
页首
 用户资料  
 
9 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-23 22:53 
头像

注册: 2008-09-18 13:11
帖子: 2764
送出感谢: 1
接收感谢: 447
是图中下面那个openssh-server,ssh是让你连接到别人机器上用的。openssh-server默认是不会安装的


页首
 用户资料  
 
10 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2010-11-24 0:25 
头像

注册: 2010-05-24 13:02
帖子: 2339
地址: 星城长沙
送出感谢: 0 次
接收感谢: 4
astolia 写道:
是图中下面那个openssh-server,ssh是让你连接到别人机器上用的。openssh-server默认是不会安装的


哦,明白了,谢谢。 :em11


_________________
安装了不吃亏^_^
Ailurus小熊猫
IcePlayer音乐播放器
奉献给IcePlayer用户
GtkHash哈希计算器


页首
 用户资料  
 
11 楼 
 文章标题 : Re: sudo rkhunter --checkall检出问题怎么修复???
帖子发表于 : 2012-05-12 6:10 
头像

注册: 2009-08-07 17:39
帖子: 101
送出感谢: 0 次
接收感谢: 4
俺的有木有毛病捏?
l@l-desktop:~$ cat /var/log/rkhunter.log |grep Warning
[04:57:50] Warning: The O/S name or version has changed since the last run:
[04:57:51] Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
[04:57:55] Warning: Checking for prerequisites [ Warning ]
[04:57:58] /usr/sbin/cron [ Warning ]
[04:57:58] Warning: The file properties have changed:
[04:57:59] /usr/sbin/groupadd [ Warning ]
[04:57:59] Warning: The file properties have changed:
[04:57:59] /usr/sbin/groupdel [ Warning ]
[04:57:59] Warning: The file properties have changed:
[04:57:59] /usr/sbin/groupmod [ Warning ]
[04:57:59] Warning: The file properties have changed:
[04:57:59] /usr/sbin/grpck [ Warning ]
[04:57:59] Warning: The file properties have changed:
[04:58:00] /usr/sbin/nologin [ Warning ]
[04:58:00] Warning: The file properties have changed:
[04:58:00] /usr/sbin/pwck [ Warning ]
[04:58:00] Warning: The file properties have changed:
[04:58:01] /usr/sbin/rsyslogd [ Warning ]
[04:58:01] Warning: The file properties have changed:
[04:58:01] /usr/sbin/tcpd [ Warning ]
[04:58:01] Warning: The file properties have changed:
[04:58:02] /usr/sbin/useradd [ Warning ]
[04:58:02] Warning: The file properties have changed:
[04:58:02] /usr/sbin/userdel [ Warning ]
[04:58:02] Warning: The file properties have changed:
[04:58:02] /usr/sbin/usermod [ Warning ]
[04:58:02] Warning: The file properties have changed:
[04:58:02] /usr/sbin/vipw [ Warning ]
[04:58:02] Warning: The file properties have changed:
[04:58:03] /usr/bin/awk [ Warning ]
[04:58:03] Warning: The file properties have changed:
[04:58:03] /usr/bin/curl [ Warning ]
[04:58:03] Warning: The file properties have changed:
[04:58:04] /usr/bin/dpkg [ Warning ]
[04:58:04] Warning: The file properties have changed:
[04:58:04] /usr/bin/dpkg-query [ Warning ]
[04:58:04] Warning: The file properties have changed:
[04:58:04] /usr/bin/file [ Warning ]
[04:58:04] Warning: The file properties have changed:
[04:58:05] /usr/bin/GET [ Warning ]
[04:58:05] Warning: The file properties have changed:
[04:58:05] /usr/bin/killall [ Warning ]
[04:58:05] Warning: The file properties have changed:
[04:58:06] /usr/bin/last [ Warning ]
[04:58:06] Warning: The file properties have changed:
[04:58:06] /usr/bin/lastlog [ Warning ]
[04:58:06] Warning: The file properties have changed:
[04:58:06] /usr/bin/ldd [ Warning ]
[04:58:06] Warning: The file properties have changed:
[04:58:06] /usr/bin/less [ Warning ]
[04:58:06] Warning: The file properties have changed:
[04:58:07] /usr/bin/locate [ Warning ]
[04:58:07] Warning: The file properties have changed:
[04:58:07] /usr/bin/logger [ Warning ]
[04:58:07] Warning: The file properties have changed:
[04:58:07] /usr/bin/mlocate [ Warning ]
[04:58:07] Warning: The file properties have changed:
[04:58:08] /usr/bin/newgrp [ Warning ]
[04:58:08] Warning: The file properties have changed:
[04:58:08] /usr/bin/passwd [ Warning ]
[04:58:08] Warning: The file properties have changed:
[04:58:08] /usr/bin/perl [ Warning ]
[04:58:08] Warning: The file properties have changed:
[04:58:09] /usr/bin/pgrep [ Warning ]
[04:58:09] Warning: The file properties have changed:
[04:58:09] /usr/bin/pstree [ Warning ]
[04:58:09] Warning: The file properties have changed:
[04:58:10] /usr/bin/size [ Warning ]
[04:58:10] Warning: The file properties have changed:
[04:58:10] /usr/bin/strace [ Warning ]
[04:58:10] Warning: The file properties have changed:
[04:58:11] /usr/bin/strings [ Warning ]
[04:58:11] Warning: The file properties have changed:
[04:58:11] /usr/bin/sudo [ Warning ]
[04:58:11] Warning: The file properties have changed:
[04:58:11] /usr/bin/top [ Warning ]
[04:58:11] Warning: The file properties have changed:
[04:58:12] /usr/bin/vmstat [ Warning ]
[04:58:12] Warning: The file properties have changed:
[04:58:12] /usr/bin/w [ Warning ]
[04:58:12] Warning: The file properties have changed:
[04:58:12] /usr/bin/watch [ Warning ]
[04:58:12] Warning: The file properties have changed:
[04:58:12] /usr/bin/wget [ Warning ]
[04:58:12] Warning: The file properties have changed:
[04:58:13] /usr/bin/whatis [ Warning ]
[04:58:13] Warning: The file properties have changed:
[04:58:13] /usr/bin/whereis [ Warning ]
[04:58:13] Warning: The file properties have changed:
[04:58:13] /usr/bin/which [ Warning ]
[04:58:13] Warning: The file properties have changed:
[04:58:13] /usr/bin/unhide.rb [ Warning ]
[04:58:13] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text executable
[04:58:14] /usr/bin/gawk [ Warning ]
[04:58:14] Warning: The file properties have changed:
[04:58:14] /usr/bin/lwp-request [ Warning ]
[04:58:14] Warning: The file properties have changed:
[04:58:14] /usr/bin/w.procps [ Warning ]
[04:58:14] Warning: The file properties have changed:
[04:58:15] /sbin/depmod [ Warning ]
[04:58:15] Warning: The file properties have changed:
[04:58:15] /sbin/fsck [ Warning ]
[04:58:15] Warning: The file properties have changed:
[04:58:15] /sbin/ifdown [ Warning ]
[04:58:15] Warning: The file properties have changed:
[04:58:16] /sbin/ifup [ Warning ]
[04:58:16] Warning: The file properties have changed:
[04:58:16] /sbin/init [ Warning ]
[04:58:16] Warning: The file properties have changed:
[04:58:16] /sbin/insmod [ Warning ]
[04:58:16] Warning: The file properties have changed:
[04:58:17] /sbin/ip [ Warning ]
[04:58:17] Warning: The file properties have changed:
[04:58:17] /sbin/lsmod [ Warning ]
[04:58:17] Warning: The file properties have changed:
[04:58:17] /sbin/modinfo [ Warning ]
[04:58:17] Warning: The file properties have changed:
[04:58:18] /sbin/modprobe [ Warning ]
[04:58:18] Warning: The file properties have changed:
[04:58:18] /sbin/rmmod [ Warning ]
[04:58:18] Warning: The file properties have changed:
[04:58:18] /sbin/runlevel [ Warning ]
[04:58:18] Warning: The file properties have changed:
[04:58:19] /sbin/sulogin [ Warning ]
[04:58:19] Warning: The file properties have changed:
[04:58:19] /sbin/sysctl [ Warning ]
[04:58:19] Warning: The file properties have changed:
[04:58:20] /bin/bash [ Warning ]
[04:58:20] Warning: The file properties have changed:
[04:58:21] /bin/dmesg [ Warning ]
[04:58:21] Warning: The file properties have changed:
[04:58:21] /bin/egrep [ Warning ]
[04:58:21] Warning: The file properties have changed:
[04:58:21] /bin/fgrep [ Warning ]
[04:58:21] Warning: The file properties have changed:
[04:58:21] /bin/fuser [ Warning ]
[04:58:21] Warning: The file properties have changed:
[04:58:22] /bin/grep [ Warning ]
[04:58:22] Warning: The file properties have changed:
[04:58:22] /bin/ip [ Warning ]
[04:58:22] Warning: The file properties have changed:
[04:58:22] /bin/kill [ Warning ]
[04:58:22] Warning: The file properties have changed:
[04:58:23] /bin/less [ Warning ]
[04:58:23] Warning: The file properties have changed:
[04:58:23] /bin/login [ Warning ]
[04:58:23] Warning: The file properties have changed:
[04:58:23] /bin/lsmod [ Warning ]
[04:58:23] Warning: The file properties have changed:
[04:58:24] /bin/more [ Warning ]
[04:58:24] Warning: The file properties have changed:
[04:58:24] /bin/mount [ Warning ]
[04:58:24] Warning: The file properties have changed:
[04:58:25] /bin/ps [ Warning ]
[04:58:25] Warning: The file properties have changed:
[04:58:25] /bin/sed [ Warning ]
[04:58:25] Warning: The file properties have changed:
[04:58:25] /bin/sh [ Warning ]
[04:58:25] Warning: The file properties have changed:
[04:58:26] /bin/su [ Warning ]
[04:58:26] Warning: The file properties have changed:
[04:58:26] /bin/which [ Warning ]
[04:58:26] Warning: The file properties have changed:
[04:58:27] /bin/dash [ Warning ]
[04:58:27] Warning: The file properties have changed:
[05:02:51] Checking for passwd file changes [ Warning ]
[05:02:51] Warning: User 'Lgb' has been added to the passwd file.
[05:02:51] Warning: User 'lgb' has been added to the passwd file.
[05:02:51] Warning: User 'clamav' has been added to the passwd file.
[05:02:51] Checking for group file changes [ Warning ]
[05:02:51] Warning: Changes found in the group file for group 'adm':
[05:02:51] Warning: Changes found in the group file for group 'dialout':
[05:02:51] Warning: Changes found in the group file for group 'fax':
[05:02:52] Warning: Changes found in the group file for group 'cdrom':
[05:02:52] Warning: Changes found in the group file for group 'floppy':
[05:02:52] Warning: Changes found in the group file for group 'tape':
[05:02:52] Warning: Changes found in the group file for group 'sudo':
[05:02:52] Warning: Changes found in the group file for group 'dip':
[05:02:52] Warning: Changes found in the group file for group 'video':
[05:02:52] Warning: Changes found in the group file for group 'plugdev':
[05:02:52] Warning: Changes found in the group file for group 'fuse':
[05:02:52] Warning: Group 'Lgb' has been added to the group file.
[05:02:52] Warning: Group 'lgb' has been added to the group file.
[05:02:52] Warning: Group 'clamav' has been added to the group file.
[05:02:52] Warning: Group 'colord' has been removed from the group file.
[05:02:52] Warning: Group 'scanner' has been removed from the group file.
[05:02:53] Checking for hidden files and directories [ Warning ]
[05:02:53] Warning: Hidden directory found: /etc/.java
[05:02:53] Warning: Hidden directory found: /dev/.udev
[05:02:53] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 11 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 3 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译