Bug#886896: rkhunter: false positive warning sshd protocol 1

[Demetris Demetriou]

Running rkhunter (v1.4.2) from stretch on multiple servers.

SSH protocol 1 was removed in the openssh version that ships with 
stretch (v7.4): 
https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-May/035069.html



That being said: I'm running with a commented #ALLOW_SSH_PROT_V1=0 
(which is the default upstream). According to the documentation: A value 
of '0' indicates that the use of SSH-1 is not allowed.



Offending line: 
https://sources.debian.org/src/rkhunter/1.4.6-5/files/rkhunter.conf/ 
line 323.


Bug resolution: change the line to the default value of 0 and comment it 
out for future use (basically pull the line straight from upstream).

Bug#886896: rkhunter: false positive warning sshd protocol 1

[Gregor Horvath]

Package: rkhunter
Version: 1.4.2-6+deb9u1
Severity: normal

Dear Maintainer,

   * What led up to the situation?

   $ rkhunter -s -sk

   reports:

   Checking if SSH protocol v1 is allowed   [ Warning ]

   Although it seems v1 is disallowed at compile time in Debian Stretch

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

 change  ALLOW_SSH_PROT_V1=2   in /etc/rkhunter.conf removed the wrong 
warning

   * What was the outcome of this action?

   * What outcome did you expect instead?




-- System Information:
Debian Release: 9.3
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_AT:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rkhunter depends on:
ii  binutils   2.28-5
ii  debconf [debconf-2.0]  1.5.61
ii  file   1:5.30-1+deb9u1
ii  lsof   4.89+dfsg-0.1
ii  net-tools  1.60+git20161116.90da8a0-1
ii  perl   5.24.1-3+deb9u2
ii  ucf3.0036

Versions of packages rkhunter recommends:
ii  bsd-mailx [mailx]  8.1.2-0.20160123cvs-4
ii  curl   7.52.1-5+deb9u3
ii  exim4-daemon-light [mail-transport-agent]  4.89-2+deb9u2
ii  iproute2   4.9.0-1+deb9u1
ii  unhide 20130526-1
ii  unhide.rb  22-2
ii  wget   1.18-5+deb9u1

Versions of packages rkhunter suggests:
ii  liburi-perl 1.71-1
ii  libwww-perl 6.15-1
ii  powermgmt-base  1.31+nmu1

-- Configuration Files:
/etc/default/rkhunter changed:
CRON_DAILY_RUN="yes"
CRON_DB_UPDATE="yes"
DB_UPDATE_EMAIL="false"
REPORT_EMAIL="root"
APT_AUTOGEN=""
NICE="0"
RUN_CHECK_ON_BATTERY="false"

/etc/logcheck/ignore.d.server/rkhunter [Errno 13] Keine Berechtigung: 
'/etc/logcheck/ignore.d.server/rkhunter'
/etc/rkhunter.conf changed:
UPDATE_MIRRORS=0
MIRRORS_MODE=1
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
UPDATE_LANG="en"
LOGFILE=/var/log/rkhunter.log
USE_SYSLOG=authpriv.warning
AUTO_X_DETECT=1
ALLOW_SSH_PROT_V1=2
ENABLE_TESTS=all
DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
HASH_CMD=sha256sum
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/sbin/adduser
WEB_CMD="/bin/false"
DISABLE_UNHIDE=1
INSTALLDIR=/usr


-- debconf-show failed