| 1 |
On Mon, Oct 10, 2011 at 12:13 PM, <meino.cramer@×××.de> wrote: |
| 2 |
> Nikos Chantziaras <realnc@×××××.de> [11-10-10 20:56]: |
| 3 |
>> On 10/10/2011 09:45 PM, meino.cramer@×××.de wrote: |
| 4 |
>> >Nikos Chantziaras<realnc@×××××.de> [11-10-10 19:52]: |
| 5 |
>> >>On 10/10/2011 08:33 PM, meino.cramer@×××.de wrote: |
| 6 |
>> >>>Hi, |
| 7 |
>> >>> |
| 8 |
>> >>>I have read several docs to figure out this...all docs do changes |
| 9 |
>> >>>in /etc/conf.d but I found no hint how to transfer that settings |
| 10 |
>> >>>to the "real" configuration files of the according programs. |
| 11 |
>> >> |
| 12 |
>> >>These *are* real configuration files and you don't need to transfer |
| 13 |
>> >>anything. |
| 14 |
>> >> |
| 15 |
>> >> |
| 16 |
>> > |
| 17 |
>> >The reason I thought, that those settings in /etc/conf.d is due |
| 18 |
>> >to a warning of the rkhunter tool: |
| 19 |
>> > |
| 20 |
>> >[03:23:21] Performing system configuration file checks |
| 21 |
>> >[03:23:21] Info: Starting test name 'system_configs' |
| 22 |
>> >[03:23:21] Checking for SSH configuration file [ Found ] |
| 23 |
>> >[03:23:21] Info: Found SSH configuration file: /etc/ssh/sshd_config |
| 24 |
>> >[03:23:21] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'. |
| 25 |
>> >[03:23:21] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'. |
| 26 |
>> >[03:23:21] Checking if SSH root access is allowed [ Warning |
| 27 |
>> >] |
| 28 |
>> >[03:23:21] Warning: The SSH configuration option 'PermitRootLogin' has |
| 29 |
>> >not been set. |
| 30 |
>> > The default value may be 'yes', to allow root access. |
| 31 |
>> >[03:23:21] Checking if SSH protocol v1 is allowed [ Warning |
| 32 |
>> >] |
| 33 |
>> >[03:23:21] Warning: The SSH configuration option 'Protocol' has not |
| 34 |
>> >been set. |
| 35 |
>> > The default value may be '2,1', to allow the use of |
| 36 |
>> >protocol version 1. |
| 37 |
>> >[03:23:22] Checking for running syslog daemon [ Not |
| 38 |
>> >found ] |
| 39 |
>> >[03:23:22] Info: The syslog daemon is not running, but a metalog |
| 40 |
>> >daemon has been found. |
| 41 |
>> >[03:23:22] Checking for syslog configuration file [ Not |
| 42 |
>> >found ] |
| 43 |
>> > |
| 44 |
>> >Now I see, that it seems to check simply the wrong file. |
| 45 |
>> > |
| 46 |
>> >I think it would be an idea to patch rkhunter to be more compliant to |
| 47 |
>> >the setup of the gentoo system ?! |
| 48 |
>> > From own experience I know that a lot false warnings of such tools |
| 49 |
>> >dull the sigth on to the real threads... |
| 50 |
>> |
| 51 |
>> It's checking the correct file. Simply edit /etc/ssh/sshd_config to |
| 52 |
>> your liking. /etc/conf.d/ is not for those kind of settings; it's |
| 53 |
>> read-in by Gentoo's init system and other infrastructure. |
| 54 |
>> |
| 55 |
>> |
| 56 |
> |
| 57 |
> Now I am a little more confused... |
| 58 |
> |
| 59 |
> What is the purpose of this file? : |
| 60 |
> |
| 61 |
> /etc/conf.d/sshd |
| 62 |
> |
| 63 |
> with this contents: |
| 64 |
> |
| 65 |
> |
| 66 |
> # /etc/conf.d/sshd: config file for /etc/init.d/sshd |
| 67 |
> |
| 68 |
> # Where is your sshd_config file stored? |
| 69 |
> |
| 70 |
> SSHD_CONFDIR="/etc/ssh" |
| 71 |
> |
| 72 |
> |
| 73 |
> # Any random options you want to pass to sshd. |
| 74 |
> # See the sshd(8) manpage for more info. |
| 75 |
> |
| 76 |
> SSHD_OPTS="" |
| 77 |
> |
| 78 |
> |
| 79 |
> # Pid file to use (needs to be absolute path). |
| 80 |
> |
| 81 |
> #SSHD_PIDFILE="/var/run/sshd.pid" |
| 82 |
> |
| 83 |
> |
| 84 |
> # Path to the sshd binary (needs to be absolute path). |
| 85 |
> |
| 86 |
> #SSHD_BINARY="/usr/sbin/sshd" |
| 87 |
> |
| 88 |
> |
| 89 |
> if /etc/ssh/sshd_config is for configuration of sshd's options...for |
| 90 |
> what purpose is /etc/conf.d/sshd then ? |
| 91 |
|
| 92 |
It's a Gentoo-ism. It's for the (highly unlikely) case of you having |
| 93 |
your sshd_config file in a directory different from /etc/ssh, and to |
| 94 |
pass other arguments to the sshd daemon. |
| 95 |
|
| 96 |
It's completely redundant and innecessary, but it was the way |
| 97 |
different distros dealed with the shortcomings of SysV (OpenRC, the |
| 98 |
Gentoo init systems, works on top of SysV). |
| 99 |
|
| 100 |
> And what files gets overwritten when installing a new version of sshd? |
| 101 |
|
| 102 |
All of them :D Of course they are overwritten with ._cfg000* backups, |
| 103 |
but anyway is ridiculous. As you say, the only config sshd would need |
| 104 |
to look for should be in /etc/ssh. With systemd, there is no need for |
| 105 |
a /etc/conf.d (or /etc/sysconfig) dir. |
| 106 |
|
| 107 |
Regards. |
| 108 |
-- |
| 109 |
Canek Peláez Valdés |
| 110 |
Posgrado en Ciencia e Ingeniería de la Computación |
| 111 |
Universidad Nacional Autónoma de México |
Archives