securitybreach Posted November 22, 2005 Share Posted November 22, 2005 I have Slackware 10.2 and whenever I run rkhunter I get the following: Scanning OpenSSL...[00:38:07] /usr/bin/openssl found[00:38:07] Version 0.9.7g seems to be vulnerable (if unpatched)!Check: SSH Searching for sshd_config... Found /etc/ssh/sshd_config Checking for allowed root login... Watch out Root login possible. Possible risk! info: Hint: See logfile for more information about this issue Checking for allowed protocols... [ Warning (SSH v1 allowed) ] How can I patch openssl and also how can I prevent root login with ssh? Thanx Quote Link to comment Share on other sites More sharing options...
quint Posted November 22, 2005 Share Posted November 22, 2005 securitybreach,There may be something here that you can apply:Root accessHTH. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted November 22, 2005 Author Share Posted November 22, 2005 securitybreach,There may be something here that you can apply:Root accessHTH. That fixes SSH. Thanks quint Quote Link to comment Share on other sites More sharing options...
linuxdude32 Posted November 22, 2005 Share Posted November 22, 2005 This looks like a reference with the security patch you might need:http://slackware.com/security/viewer.php?l...security.555090Note I say "might" because even with the patch it looks like the release number is the same. Some distros don't increment the version number when it's just a security fix and there's no way for rkhunter to know this since it only goes by the version number. Doesn't hurt to run the upgrade commands though. If you have the latest release, nothing should happen or it'll tell you you already have it. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted November 22, 2005 Author Share Posted November 22, 2005 I already installed the patched openssl and rkhunter still sees it as a vulnerability. Oh well. Thanks anyway linuxdud32 This looks like a reference with the security patch you might need:http://slackware.com/security/viewer.php?l...security.555090Note I say "might" because even with the patch it looks like the release number is the same. Some distros don't increment the version number when it's just a security fix and there's no way for rkhunter to know this since it only goes by the version number. Doesn't hurt to run the upgrade commands though. If you have the latest release, nothing should happen or it'll tell you you already have it. Quote Link to comment Share on other sites More sharing options...
linuxdude32 Posted November 23, 2005 Share Posted November 23, 2005 I already installed the patched openssl and rkhunter still sees it as a vulnerability. Oh well. Thanks anyway linuxdud32You're welcome. I get the same issue sometimes when I run it under SUSE. SUSE has been known to backport patches to previous releases but rkhunter still thinks it's unpatched. As long as you keep up-to-date on patches then you're know you're right and it's wrong. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.