rhkunter interprets mixed-case directive incorrectly in configuration file(s)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rkhunter (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
# apt-cache policy rkhunter
rkhunter:
Installed: 1.4.0-3
Candidate: 1.4.0-3
Version table:
*** 1.4.0-3 0
500 http://
100 /var/lib/
rkhunter seems to be misinterpreting the case of the ALLOW_SSH_ROOT_USER directive in the effective configuration file. (I don't know whether the same problem applies to other directives.)
Given a stock rkhunter installation, I created the file /etc/rkhunter.
ALLOW_SSH_
Yet, when I execute "rkhunter --check", I receive the following warning:
[12:21:34] Checking if SSH root access is allowed [ Warning ]
[12:21:34] Warning: The SSH and rkhunter configuration options should be the same:
[12:21:34] SSH configuration option 'PermitRootLogin': yes
[12:21:34] Rkhunter configuration option 'ALLOW_
Clearly, rkhunter is casting the string in its own configuration file, "PermitRootLogin", to all-lowercase, yielding "permitrootlogin", thus triggering this erroneous warning.
I forgot to mention the most annoying aspect of the bug, which is that there is no workaround.
If I change rkhunter's configuration file to use "permitrootlogin" (all lower-case), somewhat unsurprisingly, the problem still occurs.
[09:34:26] Info: Found SSH /etc/ssh/ sshd_config configuration file: SSH_ROOT_ USER': permitrootlogin
[09:34:26] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'permitrootlogin'.
[09:34:26] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
[09:34:26] Checking if SSH root access is allowed [ Warning ]
[09:34:26] Warning: The SSH and rkhunter configuration options should be the same:
[09:34:26] SSH configuration option 'PermitRootLogin': yes
[09:34:26] Rkhunter configuration option 'ALLOW_
But, surely, if we change the directive in the SSH configuration file, and even restart the SSH daemon, the problem will be solved! Nope, wrong.
[09:39:11] Info: Found SSH /etc/ssh/ sshd_config configuration file: SSH_ROOT_ USER': permitrootlogin
[09:39:11] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'permitrootlogin'.
[09:39:11] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
[09:39:11] Checking if SSH root access is allowed [ Warning ]
[09:39:11] Warning: The SSH and rkhunter configuration options should be the same:
[09:39:11] SSH configuration option 'PermitRootLogin': yes # <--- This is wrong! The sshd_config file contains "permitrootlogin"!
[09:39:11] Rkhunter configuration option 'ALLOW_
So, we're stuck with a warning on every run, with no means by which to suppress it effectively. This renders the tool useless.