Bug 508419 - rkhunter do PermitRootLogin misunderstanding
rkhunter do PermitRootLogin misunderstanding
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: rkhunter (Show other bugs)
rawhide
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Kevin Fenzi
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-26 18:59 EDT by Tomas Pelka
Modified: 2009-06-28 16:18 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-28 16:18:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Pelka 2009-06-26 18:59:33 EDT
Description of problem:
Even if my ssh daemon runs with PermitRootLogin no directive, rkhunter tells "Checking if SSH root access is allowed   [ Warning ]"

Version-Release number of selected component (if applicable):
rkhunter-1.3.4-5.el5

How reproducible:
100%

Steps to Reproduce:
1. run rkhunter -c
2. watch output
  
Actual results:
Checking if SSH root access is allowed                   [ Warning ]

Expected results:
Checking if SSH root access is allowed                   [ Not allowed ]

Additional info:
Comment 1 Kevin Fenzi 2009-06-26 22:59:36 EDT
What is the output of: 

grep ALLOW_SSH_ROOT_USER /etc/rkhunter.conf

and 

grep PermitRootLogin /etc/ssh/sshd_config

and also can you attach your /var/log/rkhunter/rkhunter.log from a run showing the above behavior?

The two above have to match. If you change your sshd_config to not allow it, you need to change the rkhunter.conf to also not allow it or it will warn.
Comment 2 Tomas Pelka 2009-06-28 16:18:22 EDT
(In reply to comment #1)
> What is the output of: 
> 
> grep ALLOW_SSH_ROOT_USER /etc/rkhunter.conf

Aah this is it, ALLOW_SSH_ROOT_USER should be no.

> 
> and 
> 
> grep PermitRootLogin /etc/ssh/sshd_config
> 
> and also can you attach your /var/log/rkhunter/rkhunter.log from a run showing
> the above behavior?
> 
> The two above have to match. If you change your sshd_config to not allow it,
> you need to change the rkhunter.conf to also not allow it or it will warn.  

Thanks and sorry for spamming bugzilla.

Note You need to log in before you can comment on or make changes to this bug.