sudo rkhunter --checkall检出问题怎么修复???

系统安装、升级讨论
版面规则
我们都知道新人的确很菜,也喜欢抱怨,并且带有浓厚的Windows习惯,但既然在这里询问,我们就应该有责任帮助他们解决问题,而不是直接泼冷水、简单的否定或发表对解决问题没有任何帮助的帖子。乐于分享,以人为本,这正是Ubuntu的精神所在。
回复
头像
Sunmover
帖子: 2339
注册时间: 2010-05-24 13:02
来自: 星城长沙

sudo rkhunter --checkall检出问题怎么修复???

#1

帖子 Sunmover » 2010-11-19 16:02

终端出现下面问题,怎么解决,现在有危险么? 谢谢!
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]

Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
Checking for hidden files and directories [ Warning ]
附件
terminal.png
头像
xiaomao101
帖子: 474
注册时间: 2006-04-05 18:12
联系:

Re: sudo rkhunter --checkall检出问题怎么修复???

#2

帖子 xiaomao101 » 2010-11-23 2:12

没什么大的问题。
头像
astolia
论坛版主
帖子: 6386
注册时间: 2008-09-18 13:11

Re: sudo rkhunter --checkall检出问题怎么修复???

#3

帖子 astolia » 2010-11-23 18:10

光看它终端中的输出没什么意思,要看它log文件才知道具体哪里不对。
SSH root那个,如果你没开ssh服务器的话,就比较可疑了。
后面两个,极有可能是误报,一般都和/dev/.udev/有关,不过具体还是要看log
头像
Sunmover
帖子: 2339
注册时间: 2010-05-24 13:02
来自: 星城长沙

Re: sudo rkhunter --checkall检出问题怎么修复???

#4

帖子 Sunmover » 2010-11-23 18:32

astolia 写了:光看它终端中的输出没什么意思,要看它log文件才知道具体哪里不对。
SSH root那个,如果你没开ssh服务器的话,就比较可疑了。
后面两个,极有可能是误报,一般都和/dev/.udev/有关,不过具体还是要看log
我也觉得那个SSH蛮危险,下面是log的相关的内容,看不懂,请问怎么解决?谢谢!!

代码: 全选

[18:18:12] Performing system configuration file checks
[18:18:12] Info: Starting test name 'system_configs'
[18:18:12]   Checking for SSH configuration file             [ Found ]
[18:18:12] Info: Found SSH configuration file: /etc/ssh/sshd_config
[18:18:12] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
[18:18:12] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
[18:18:12]   Checking if SSH root access is allowed          [ Warning ]
[18:18:12] Warning: The SSH and rkhunter configuration options should be the same:
[18:18:12]          SSH configuration option 'PermitRootLogin': yes
[18:18:12]          Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
[18:18:12]   Checking if SSH protocol v1 is allowed          [ Not allowed ]
[18:18:12]   Checking for running syslog daemon              [ Found ]
[18:18:12]   Checking for syslog configuration file          [ Found ]
[18:18:12] Info: Found syslog configuration file: /etc/rsyslog.conf
[18:18:12]   Checking if syslog remote logging is allowed    [ Not allowed ]
[18:18:12]
[18:18:12] Performing filesystem checks
[18:18:12] Info: Starting test name 'filesystem'
[18:18:12] Info: SCAN_MODE_DEV set to 'THOROUGH'
[18:18:13]   Checking /dev for suspicious file types         [ Warning ]
[18:18:13] Warning: Suspicious file types found in /dev:
[18:18:13]          /dev/shm/pulse-shm-853919460: data
[18:18:13]          /dev/shm/pulse-shm-3173121675: data
[18:18:13]          /dev/shm/pulse-shm-4022167610: data
[18:18:13]          /dev/shm/pulse-shm-3677588561: data
[18:18:13]          /dev/shm/pulse-shm-2870257226: data
[18:18:13]          /dev/shm/pulse-shm-2480717743: data
[18:18:13]   Checking for hidden files and directories       [ Warning ]
[18:18:13] Warning: Hidden directory found: /dev/.udev
[18:18:13] Warning: Hidden directory found: /dev/.initramfs
[18:18:35]
[18:18:35] Info: Test 'apps' disabled at users request.
[18:18:35]
[18:18:35] System checks summary
[18:18:35] =====================
头像
astolia
论坛版主
帖子: 6386
注册时间: 2008-09-18 13:11

Re: sudo rkhunter --checkall检出问题怎么修复???

#5

帖子 astolia » 2010-11-23 18:56

如果你没装openssh-server或者其他ssh服务器软件的话,不应该有/etc/ssh/sshd_config这个东西的
它提示的是/etc/ssh/sshd_config中有个PermitRootLogin参数设置成了yes,就是允许以root身份通过ssh登录
后两个warning就没什么了,都是正常文件的误报
头像
Sunmover
帖子: 2339
注册时间: 2010-05-24 13:02
来自: 星城长沙

Re: sudo rkhunter --checkall检出问题怎么修复???

#6

帖子 Sunmover » 2010-11-23 19:21

astolia 写了:如果你没装openssh-server或者其他ssh服务器软件的话,不应该有/etc/ssh/sshd_config这个东西的
它提示的是/etc/ssh/sshd_config中有个PermitRootLogin参数设置成了yes,就是允许以root身份通过ssh登录
后两个warning就没什么了,都是正常文件的误报
我没有下意识的去安装什么ssh服务,会不会是什么软件安装并开启的呢?例如论坛加速程序里需要这个服务?
无论如何这个ssh服务确实是莫名其妙的开启了,请问怎样解决?是把yes设置成no还是直接删除该文件或与其相关的文件?谢谢您的热心解答!
头像
astolia
论坛版主
帖子: 6386
注册时间: 2008-09-18 13:11

Re: sudo rkhunter --checkall检出问题怎么修复???

#7

帖子 astolia » 2010-11-23 19:37

sshd是让别人连接到你的机器上,不大可能有什么普通用户程序依赖它

如果安装了openssh-server就直接卸载呗,卸载完了再看看/etc/ssh/sshd_config还在不在,在的话直接删除
头像
Sunmover
帖子: 2339
注册时间: 2010-05-24 13:02
来自: 星城长沙

Re: sudo rkhunter --checkall检出问题怎么修复???

#8

帖子 Sunmover » 2010-11-23 20:00

astolia 写了:sshd是让别人连接到你的机器上,不大可能有什么普通用户程序依赖它

如果安装了openssh-server就直接卸载呗,卸载完了再看看/etc/ssh/sshd_config还在不在,在的话直接删除
谢谢您帮忙,在新立得里把这个服务卸载了?您说这个是10.04或10.10系统自带的服务项么?
附件
synaptic.png
头像
astolia
论坛版主
帖子: 6386
注册时间: 2008-09-18 13:11

Re: sudo rkhunter --checkall检出问题怎么修复???

#9

帖子 astolia » 2010-11-23 22:53

是图中下面那个openssh-server,ssh是让你连接到别人机器上用的。openssh-server默认是不会安装的
头像
Sunmover
帖子: 2339
注册时间: 2010-05-24 13:02
来自: 星城长沙

Re: sudo rkhunter --checkall检出问题怎么修复???

#10

帖子 Sunmover » 2010-11-24 0:25

astolia 写了:是图中下面那个openssh-server,ssh是让你连接到别人机器上用的。openssh-server默认是不会安装的
哦,明白了,谢谢。 :em11
头像
874768078abel
帖子: 101
注册时间: 2009-08-07 17:39

Re: sudo rkhunter --checkall检出问题怎么修复???

#11

帖子 874768078abel » 2012-05-12 6:10

俺的有木有毛病捏?
l@l-desktop:~$ cat /var/log/rkhunter.log |grep Warning
[04:57:50] Warning: The O/S name or version has changed since the last run:
[04:57:51] Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
[04:57:55] Warning: Checking for prerequisites [ Warning ]
[04:57:58] /usr/sbin/cron [ Warning ]
[04:57:58] Warning: The file properties have changed:
[04:57:59] /usr/sbin/groupadd [ Warning ]
[04:57:59] Warning: The file properties have changed:
[04:57:59] /usr/sbin/groupdel [ Warning ]
[04:57:59] Warning: The file properties have changed:
[04:57:59] /usr/sbin/groupmod [ Warning ]
[04:57:59] Warning: The file properties have changed:
[04:57:59] /usr/sbin/grpck [ Warning ]
[04:57:59] Warning: The file properties have changed:
[04:58:00] /usr/sbin/nologin [ Warning ]
[04:58:00] Warning: The file properties have changed:
[04:58:00] /usr/sbin/pwck [ Warning ]
[04:58:00] Warning: The file properties have changed:
[04:58:01] /usr/sbin/rsyslogd [ Warning ]
[04:58:01] Warning: The file properties have changed:
[04:58:01] /usr/sbin/tcpd [ Warning ]
[04:58:01] Warning: The file properties have changed:
[04:58:02] /usr/sbin/useradd [ Warning ]
[04:58:02] Warning: The file properties have changed:
[04:58:02] /usr/sbin/userdel [ Warning ]
[04:58:02] Warning: The file properties have changed:
[04:58:02] /usr/sbin/usermod [ Warning ]
[04:58:02] Warning: The file properties have changed:
[04:58:02] /usr/sbin/vipw [ Warning ]
[04:58:02] Warning: The file properties have changed:
[04:58:03] /usr/bin/awk [ Warning ]
[04:58:03] Warning: The file properties have changed:
[04:58:03] /usr/bin/curl [ Warning ]
[04:58:03] Warning: The file properties have changed:
[04:58:04] /usr/bin/dpkg [ Warning ]
[04:58:04] Warning: The file properties have changed:
[04:58:04] /usr/bin/dpkg-query [ Warning ]
[04:58:04] Warning: The file properties have changed:
[04:58:04] /usr/bin/file [ Warning ]
[04:58:04] Warning: The file properties have changed:
[04:58:05] /usr/bin/GET [ Warning ]
[04:58:05] Warning: The file properties have changed:
[04:58:05] /usr/bin/killall [ Warning ]
[04:58:05] Warning: The file properties have changed:
[04:58:06] /usr/bin/last [ Warning ]
[04:58:06] Warning: The file properties have changed:
[04:58:06] /usr/bin/lastlog [ Warning ]
[04:58:06] Warning: The file properties have changed:
[04:58:06] /usr/bin/ldd [ Warning ]
[04:58:06] Warning: The file properties have changed:
[04:58:06] /usr/bin/less [ Warning ]
[04:58:06] Warning: The file properties have changed:
[04:58:07] /usr/bin/locate [ Warning ]
[04:58:07] Warning: The file properties have changed:
[04:58:07] /usr/bin/logger [ Warning ]
[04:58:07] Warning: The file properties have changed:
[04:58:07] /usr/bin/mlocate [ Warning ]
[04:58:07] Warning: The file properties have changed:
[04:58:08] /usr/bin/newgrp [ Warning ]
[04:58:08] Warning: The file properties have changed:
[04:58:08] /usr/bin/passwd [ Warning ]
[04:58:08] Warning: The file properties have changed:
[04:58:08] /usr/bin/perl [ Warning ]
[04:58:08] Warning: The file properties have changed:
[04:58:09] /usr/bin/pgrep [ Warning ]
[04:58:09] Warning: The file properties have changed:
[04:58:09] /usr/bin/pstree [ Warning ]
[04:58:09] Warning: The file properties have changed:
[04:58:10] /usr/bin/size [ Warning ]
[04:58:10] Warning: The file properties have changed:
[04:58:10] /usr/bin/strace [ Warning ]
[04:58:10] Warning: The file properties have changed:
[04:58:11] /usr/bin/strings [ Warning ]
[04:58:11] Warning: The file properties have changed:
[04:58:11] /usr/bin/sudo [ Warning ]
[04:58:11] Warning: The file properties have changed:
[04:58:11] /usr/bin/top [ Warning ]
[04:58:11] Warning: The file properties have changed:
[04:58:12] /usr/bin/vmstat [ Warning ]
[04:58:12] Warning: The file properties have changed:
[04:58:12] /usr/bin/w [ Warning ]
[04:58:12] Warning: The file properties have changed:
[04:58:12] /usr/bin/watch [ Warning ]
[04:58:12] Warning: The file properties have changed:
[04:58:12] /usr/bin/wget [ Warning ]
[04:58:12] Warning: The file properties have changed:
[04:58:13] /usr/bin/whatis [ Warning ]
[04:58:13] Warning: The file properties have changed:
[04:58:13] /usr/bin/whereis [ Warning ]
[04:58:13] Warning: The file properties have changed:
[04:58:13] /usr/bin/which [ Warning ]
[04:58:13] Warning: The file properties have changed:
[04:58:13] /usr/bin/unhide.rb [ Warning ]
[04:58:13] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text executable
[04:58:14] /usr/bin/gawk [ Warning ]
[04:58:14] Warning: The file properties have changed:
[04:58:14] /usr/bin/lwp-request [ Warning ]
[04:58:14] Warning: The file properties have changed:
[04:58:14] /usr/bin/w.procps [ Warning ]
[04:58:14] Warning: The file properties have changed:
[04:58:15] /sbin/depmod [ Warning ]
[04:58:15] Warning: The file properties have changed:
[04:58:15] /sbin/fsck [ Warning ]
[04:58:15] Warning: The file properties have changed:
[04:58:15] /sbin/ifdown [ Warning ]
[04:58:15] Warning: The file properties have changed:
[04:58:16] /sbin/ifup [ Warning ]
[04:58:16] Warning: The file properties have changed:
[04:58:16] /sbin/init [ Warning ]
[04:58:16] Warning: The file properties have changed:
[04:58:16] /sbin/insmod [ Warning ]
[04:58:16] Warning: The file properties have changed:
[04:58:17] /sbin/ip [ Warning ]
[04:58:17] Warning: The file properties have changed:
[04:58:17] /sbin/lsmod [ Warning ]
[04:58:17] Warning: The file properties have changed:
[04:58:17] /sbin/modinfo [ Warning ]
[04:58:17] Warning: The file properties have changed:
[04:58:18] /sbin/modprobe [ Warning ]
[04:58:18] Warning: The file properties have changed:
[04:58:18] /sbin/rmmod [ Warning ]
[04:58:18] Warning: The file properties have changed:
[04:58:18] /sbin/runlevel [ Warning ]
[04:58:18] Warning: The file properties have changed:
[04:58:19] /sbin/sulogin [ Warning ]
[04:58:19] Warning: The file properties have changed:
[04:58:19] /sbin/sysctl [ Warning ]
[04:58:19] Warning: The file properties have changed:
[04:58:20] /bin/bash [ Warning ]
[04:58:20] Warning: The file properties have changed:
[04:58:21] /bin/dmesg [ Warning ]
[04:58:21] Warning: The file properties have changed:
[04:58:21] /bin/egrep [ Warning ]
[04:58:21] Warning: The file properties have changed:
[04:58:21] /bin/fgrep [ Warning ]
[04:58:21] Warning: The file properties have changed:
[04:58:21] /bin/fuser [ Warning ]
[04:58:21] Warning: The file properties have changed:
[04:58:22] /bin/grep [ Warning ]
[04:58:22] Warning: The file properties have changed:
[04:58:22] /bin/ip [ Warning ]
[04:58:22] Warning: The file properties have changed:
[04:58:22] /bin/kill [ Warning ]
[04:58:22] Warning: The file properties have changed:
[04:58:23] /bin/less [ Warning ]
[04:58:23] Warning: The file properties have changed:
[04:58:23] /bin/login [ Warning ]
[04:58:23] Warning: The file properties have changed:
[04:58:23] /bin/lsmod [ Warning ]
[04:58:23] Warning: The file properties have changed:
[04:58:24] /bin/more [ Warning ]
[04:58:24] Warning: The file properties have changed:
[04:58:24] /bin/mount [ Warning ]
[04:58:24] Warning: The file properties have changed:
[04:58:25] /bin/ps [ Warning ]
[04:58:25] Warning: The file properties have changed:
[04:58:25] /bin/sed [ Warning ]
[04:58:25] Warning: The file properties have changed:
[04:58:25] /bin/sh [ Warning ]
[04:58:25] Warning: The file properties have changed:
[04:58:26] /bin/su [ Warning ]
[04:58:26] Warning: The file properties have changed:
[04:58:26] /bin/which [ Warning ]
[04:58:26] Warning: The file properties have changed:
[04:58:27] /bin/dash [ Warning ]
[04:58:27] Warning: The file properties have changed:
[05:02:51] Checking for passwd file changes [ Warning ]
[05:02:51] Warning: User 'Lgb' has been added to the passwd file.
[05:02:51] Warning: User 'lgb' has been added to the passwd file.
[05:02:51] Warning: User 'clamav' has been added to the passwd file.
[05:02:51] Checking for group file changes [ Warning ]
[05:02:51] Warning: Changes found in the group file for group 'adm':
[05:02:51] Warning: Changes found in the group file for group 'dialout':
[05:02:51] Warning: Changes found in the group file for group 'fax':
[05:02:52] Warning: Changes found in the group file for group 'cdrom':
[05:02:52] Warning: Changes found in the group file for group 'floppy':
[05:02:52] Warning: Changes found in the group file for group 'tape':
[05:02:52] Warning: Changes found in the group file for group 'sudo':
[05:02:52] Warning: Changes found in the group file for group 'dip':
[05:02:52] Warning: Changes found in the group file for group 'video':
[05:02:52] Warning: Changes found in the group file for group 'plugdev':
[05:02:52] Warning: Changes found in the group file for group 'fuse':
[05:02:52] Warning: Group 'Lgb' has been added to the group file.
[05:02:52] Warning: Group 'lgb' has been added to the group file.
[05:02:52] Warning: Group 'clamav' has been added to the group file.
[05:02:52] Warning: Group 'colord' has been removed from the group file.
[05:02:52] Warning: Group 'scanner' has been removed from the group file.
[05:02:53] Checking for hidden files and directories [ Warning ]
[05:02:53] Warning: Hidden directory found: /etc/.java
[05:02:53] Warning: Hidden directory found: /dev/.udev
[05:02:53] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'
回复