Bug#886896: rkhunter: false positive warning sshd protocol 1

Gregor Horvath gh at gregor-horvath.com
Thu Jan 11 02:15:52 UTC 2018 

Package: rkhunter
Version: 1.4.2-6+deb9u1
Severity: normal

Dear Maintainer,

   * What led up to the situation?

   $ rkhunter -s -sk

   reports:

   Checking if SSH protocol v1 is allowed                   [ Warning ]

   Although it seems v1 is disallowed at compile time in Debian Stretch

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

     change  ALLOW_SSH_PROT_V1=2   in /etc/rkhunter.conf removed the wrong warning

   * What was the outcome of this action?

   * What outcome did you expect instead?




-- System Information:
Debian Release: 9.3
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), LANGUAGE=de_AT:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rkhunter depends on:
ii  binutils               2.28-5
ii  debconf [debconf-2.0]  1.5.61
ii  file                   1:5.30-1+deb9u1
ii  lsof                   4.89+dfsg-0.1
ii  net-tools              1.60+git20161116.90da8a0-1
ii  perl                   5.24.1-3+deb9u2
ii  ucf                    3.0036

Versions of packages rkhunter recommends:
ii  bsd-mailx [mailx]                          8.1.2-0.20160123cvs-4
ii  curl                                       7.52.1-5+deb9u3
ii  exim4-daemon-light [mail-transport-agent]  4.89-2+deb9u2
ii  iproute2                                   4.9.0-1+deb9u1
ii  unhide                                     20130526-1
ii  unhide.rb                                  22-2
ii  wget                                       1.18-5+deb9u1

Versions of packages rkhunter suggests:
ii  liburi-perl     1.71-1
ii  libwww-perl     6.15-1
ii  powermgmt-base  1.31+nmu1

-- Configuration Files:
/etc/default/rkhunter changed:
CRON_DAILY_RUN="yes"
CRON_DB_UPDATE="yes"
DB_UPDATE_EMAIL="false"
REPORT_EMAIL="root"
APT_AUTOGEN=""
NICE="0"
RUN_CHECK_ON_BATTERY="false"

/etc/logcheck/ignore.d.server/rkhunter [Errno 13] Keine Berechtigung: '/etc/logcheck/ignore.d.server/rkhunter'
/etc/rkhunter.conf changed:
UPDATE_MIRRORS=0
MIRRORS_MODE=1
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
UPDATE_LANG="en"
LOGFILE=/var/log/rkhunter.log
USE_SYSLOG=authpriv.warning
AUTO_X_DETECT=1
ALLOW_SSH_PROT_V1=2
ENABLE_TESTS=all
DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
HASH_CMD=sha256sum
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/sbin/adduser
WEB_CMD="/bin/false"
DISABLE_UNHIDE=1
INSTALLDIR=/usr


-- debconf-show failed

More information about the forensics-devel mailing list