A security tool to prevent rootkits, rkhunter - some notes, made for a server I help to administer -
1. I will now change the rkhunter configuration file so that the emails will come to me instead of coming to you. vim /etc/sysconfig/rkhunter
2. the hidden file warning message is about /etc/.brand which just says hostgator - it is just a branding file from hostgator. Totally harmless.
3. I will prevent ssh login without keys. That is, password-based ssh login using terminal will be disabled. This is a good security feature, since the ssh is routinely hit with brute force attacks.
4. It looks like rkhunter does not play nice with user-compiled or modified files. I will set up rkhunter to ignore all the currently available files, and only give warnings for new files. Basically by editing the whitelist, and running
sudo rkhunter --update
sudo rkhunter --propupd
https://www.linuxquestions.org/questions/linux-security-4/rkhunter-package-manager-fail-warnings-on-centos-5-running-whm-11-a-871791/
https://www.digitalocean.com/community/tutorials/how-to-use-rkhunter-to-guard-against-rootkits-on-an-ubuntu-vps
1. I will now change the rkhunter configuration file so that the emails will come to me instead of coming to you. vim /etc/sysconfig/rkhunter
2. the hidden file warning message is about /etc/.brand which just says hostgator - it is just a branding file from hostgator. Totally harmless.
3. I will prevent ssh login without keys. That is, password-based ssh login using terminal will be disabled. This is a good security feature, since the ssh is routinely hit with brute force attacks.
4. It looks like rkhunter does not play nice with user-compiled or modified files. I will set up rkhunter to ignore all the currently available files, and only give warnings for new files. Basically by editing the whitelist, and running
sudo rkhunter --update
sudo rkhunter --propupd
https://www.linuxquestions.org/questions/linux-security-4/rkhunter-package-manager-fail-warnings-on-centos-5-running-whm-11-a-871791/
https://www.digitalocean.com/community/tutorials/how-to-use-rkhunter-to-guard-against-rootkits-on-an-ubuntu-vps
No comments:
Post a Comment