I didn’t find any other section to post this, so here I am…
I just checked my system with rkhunter and it remind me to a couple possibilities of rootkits and others warnings.
What I have to do now? I mean, what I have to check and/or how to find/remove them?
A warnings returned for the ssh check for root acces allowing and another for the check of the ssh protocol v1 allowing.
Then, another warnings returned for the check for hidden files and directories and another one after checking for suspicious (large) shared memory segment (for this last one, could it means for ram? I added more module a couple days ago…)
It should be.
There doesn’t seem to be any personally identifiable information in there.
I haven’t been using any such things for a very long time. I’m afraid I have no suggestions as what to use. Hopefully other users with more insight to such pieces of software would give you some suggestions.
In the server device, you should try doing this and see if it fixes “ssh check for root access allowing”.
In the server, edit
uncomment the PermitRootLogin line and change it to no so that it looks like this.
As for the enabled ssh V1, in the same config file for your server device, there may be a line as
I believe that at one time when protocol 2 was introduced, this line existed. But I haven’t seen this for a long time.
I checked my server and my /etc/ssh/sshd_config file does not have this line. If you find this line in your config file, either comment it out or change to
I didn’t know lynis, and it is certainly far better than any other root detector.
Fortunately it provides a summary at the end, otherwise the (supposed) non-compliances and deficiencies would be intimidating. The problem with almost all security tools is that they are good at finding problems but bad at stating whether a problem actually matters or not.
In my case all it eventually got worried about was the system clock not being synchronised via ntp for over a day, and there only being one DNS server (mullvad only has one)
I already installed it. The audit show me different problems in the kernel section abour symlinks, ipv4 and stuff like that, but my ignorance suggest to me that it could be some ‘hack’ configuration from Arch. Could it be?