hallo!
habe auf einem server ein ungewöhnliches phänomen festgestellt:
unter "uptime" werden 2 users angegeben, unter "users" aber nur 1 - wo ist der 2. user hin??
"chkrootkit" liefert
Code:
Searching for suspicious files and dirs, it may take a while...
/usr/lib/jvm/.java-1.5.0-sun.jinfo
/usr/lib/jvm/java-1.5.0-sun-1.5.0.10/.systemPrefs
/usr/lib/jvm/.java-gcj.jinfo
/lib/init/rw/.ramfs
Searching for OBSD rk v1... /usr/lib/security
/usr/lib/security/classpath.security
"rkhunter"
Code:
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/etc/.pwd.lock
/etc/.java /dev/.static
/dev/.udev
/dev/.initramfs
/dev/.initramfs-tools
---------------
Please inspect: /etc/.java (directory) /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory)
* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... Watch out Root login possible. Possible risk!
info: "PermitRootLogin yes" found in file /etc/ssh/sshd_config
Hint: See logfile for more information about this issue
Checking for allowed protocols... [ OK (Only SSH2 allowed) ]
muss ich mir sorgen machen??