If you run Rootkit Hunter and you haven’t modified your stock Red Hat configuration of the SSH service (sshd), chances are it will find that you allow root logins. Rootkit Hunter considers these as possible security risks. However, to fix this, you can simply login as root, fire up a text editor, and edit the file
Make the following changes:
You’ll find a commented line like this: #Protocol 2,1
Uncomment it and change it to: Protocol 2
This will disallow logins using the older versions of the protocol
Look for the commented line #PermitRootLogin yes
Uncomment the line and change it so it reads: PermitRootLogin no
This will configure sshd NOT to allow root logins.
After this, be sure to restart sshd (assuming you run the service in the first place so: Service sshd restart
By the way Rootkit scanner is scanning tool to ensure you for about 99.9% you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits.
Rootkit Hunter is a Unix-primarily based scanning tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of vital files with known good ones in online database, looking for default directories (of rootkits), improper permissions, hidden records data, suspicious strings in kernel modules and particular tests for Linux or FreeBSD. Most instances rootkits are self-hiding toolkits utilized by blackhats, crackers and script kiddies, to keep away from the attention of the system admin. If you’re unsure as to whether your system is compromised, you will get a second opinion from sources such as Linux-oriented forum. If your system is contaminated with a rootkit, cleaning it up will not be an option. Restoring can be not an option unless you might be expert, and have autonomous and an impartial means of verifying that the backup is clear, and does not include misconfigured or stale software. Never trust a potentially compromised machine! Basically a clean install of the OS is always advisable after backing up the system.
Today, in our Linux Page (in Spanish) we added a brief news about Alien-GUI which is an interesting software developed to grafically (and automatically) convert tar, deb in RPM. As you already know, RPM is the package manager used to install software on different Linux system as (but not only) Mandriva, Fedora, Red Hat and Suse. Before installing Alien GUI, it is necessary to install Alien directly from Synaptics Package Manager (System – Administration). Alien GUi is very simple to use thanks to its intuitive graphic interface and it passed our test when we use it on a Mandriva. To sum up Alien Gui is a useful tool that sometimes could help all us to fastly solve some package compatibility problems in just few clicks. Recommended!