我收到来自 的警告rkhunter,尽管sshd和rkhunter选项根登录都设置为“否”。使用 rkhunter 1.4.6 运行 Centos 7.6.1810。
以下是 grep 结果,验证sshd和rkhunterconfig 设置是否均设置为“no”:
$grep PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin no
$grep ALLOW_SSH_ROOT_USER /etc/rkhunter.conf
ALLOW_SSH_ROOT_USER=no
为清楚起见,请注意协议选项设置如下:
$grep Protocol /etc/ssh/sshd_config
Protocol 2
$grep ALLOW_SSH_PROT_V1 /etc/rkhunter.conf
ALLOW_SSH_PROT_V1=0
日志rkhunter清楚地表明sshd和rkhunterconfig 都设置为指示没有root登录,但我收到有关 ssh root 访问的警告:
[13:43:33] Info: Using configuration file '/etc/rkhunter.conf'
[13:48:21] Info: Starting test name 'system_configs_ssh'
[13:48:21] Checking for an SSH configuration file [ Found ]
[13:48:21] Info: Found an SSH configuration file: /etc/ssh/sshd_config
[13:48:21] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
[13:48:21] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
[13:48:21] Checking if SSH root access is allowed [ Warning ]
[13:48:21] Warning: The SSH and rkhunter configuration options should be the same:
[13:48:21] SSH configuration option 'PermitRootLogin': no
[13:48:21] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
[13:48:21] Checking if SSH protocol v1 is allowed [ Not allowed ]
[13:48:21] Checking for other suspicious configuration settings [ None found ]
同样,我从 rkhunter 收到的电子邮件向我发出警告,但它也确认设置已经相同:
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option 'PermitRootLogin': no
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
----------------------- End Rootkit Hunter Scan -----------------------
关于导致此rkhunter警告的原因以及如何解决它的任何想法?
答案1
事实证明,该sshd_config文件是一个 DOS 文本文件。因此,分配给该PermitRootLogin设置的值(由 解析rkhunter)不是nobut no\r(DOS 行结尾的回车符将是该选项值的一部分)。
这反过来意味着PermitRootLogin和的值ALLOW_SSH_ROOT_USER不同,即使两个字符串在终端中的表示看起来相同。