1 |
On Mon, Oct 10, 2011 at 12:13 PM, <meino.cramer@×××.de> wrote: |
2 |
> Nikos Chantziaras <realnc@×××××.de> [11-10-10 20:56]: |
3 |
>> On 10/10/2011 09:45 PM, meino.cramer@×××.de wrote: |
4 |
>> >Nikos Chantziaras<realnc@×××××.de> [11-10-10 19:52]: |
5 |
>> >>On 10/10/2011 08:33 PM, meino.cramer@×××.de wrote: |
6 |
>> >>>Hi, |
7 |
>> >>> |
8 |
>> >>>I have read several docs to figure out this...all docs do changes |
9 |
>> >>>in /etc/conf.d but I found no hint how to transfer that settings |
10 |
>> >>>to the "real" configuration files of the according programs. |
11 |
>> >> |
12 |
>> >>These *are* real configuration files and you don't need to transfer |
13 |
>> >>anything. |
14 |
>> >> |
15 |
>> >> |
16 |
>> > |
17 |
>> >The reason I thought, that those settings in /etc/conf.d is due |
18 |
>> >to a warning of the rkhunter tool: |
19 |
>> > |
20 |
>> >[03:23:21] Performing system configuration file checks |
21 |
>> >[03:23:21] Info: Starting test name 'system_configs' |
22 |
>> >[03:23:21] Checking for SSH configuration file [ Found ] |
23 |
>> >[03:23:21] Info: Found SSH configuration file: /etc/ssh/sshd_config |
24 |
>> >[03:23:21] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'. |
25 |
>> >[03:23:21] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'. |
26 |
>> >[03:23:21] Checking if SSH root access is allowed [ Warning |
27 |
>> >] |
28 |
>> >[03:23:21] Warning: The SSH configuration option 'PermitRootLogin' has |
29 |
>> >not been set. |
30 |
>> > The default value may be 'yes', to allow root access. |
31 |
>> >[03:23:21] Checking if SSH protocol v1 is allowed [ Warning |
32 |
>> >] |
33 |
>> >[03:23:21] Warning: The SSH configuration option 'Protocol' has not |
34 |
>> >been set. |
35 |
>> > The default value may be '2,1', to allow the use of |
36 |
>> >protocol version 1. |
37 |
>> >[03:23:22] Checking for running syslog daemon [ Not |
38 |
>> >found ] |
39 |
>> >[03:23:22] Info: The syslog daemon is not running, but a metalog |
40 |
>> >daemon has been found. |
41 |
>> >[03:23:22] Checking for syslog configuration file [ Not |
42 |
>> >found ] |
43 |
>> > |
44 |
>> >Now I see, that it seems to check simply the wrong file. |
45 |
>> > |
46 |
>> >I think it would be an idea to patch rkhunter to be more compliant to |
47 |
>> >the setup of the gentoo system ?! |
48 |
>> > From own experience I know that a lot false warnings of such tools |
49 |
>> >dull the sigth on to the real threads... |
50 |
>> |
51 |
>> It's checking the correct file. Simply edit /etc/ssh/sshd_config to |
52 |
>> your liking. /etc/conf.d/ is not for those kind of settings; it's |
53 |
>> read-in by Gentoo's init system and other infrastructure. |
54 |
>> |
55 |
>> |
56 |
> |
57 |
> Now I am a little more confused... |
58 |
> |
59 |
> What is the purpose of this file? : |
60 |
> |
61 |
> /etc/conf.d/sshd |
62 |
> |
63 |
> with this contents: |
64 |
> |
65 |
> |
66 |
> # /etc/conf.d/sshd: config file for /etc/init.d/sshd |
67 |
> |
68 |
> # Where is your sshd_config file stored? |
69 |
> |
70 |
> SSHD_CONFDIR="/etc/ssh" |
71 |
> |
72 |
> |
73 |
> # Any random options you want to pass to sshd. |
74 |
> # See the sshd(8) manpage for more info. |
75 |
> |
76 |
> SSHD_OPTS="" |
77 |
> |
78 |
> |
79 |
> # Pid file to use (needs to be absolute path). |
80 |
> |
81 |
> #SSHD_PIDFILE="/var/run/sshd.pid" |
82 |
> |
83 |
> |
84 |
> # Path to the sshd binary (needs to be absolute path). |
85 |
> |
86 |
> #SSHD_BINARY="/usr/sbin/sshd" |
87 |
> |
88 |
> |
89 |
> if /etc/ssh/sshd_config is for configuration of sshd's options...for |
90 |
> what purpose is /etc/conf.d/sshd then ? |
91 |
|
92 |
It's a Gentoo-ism. It's for the (highly unlikely) case of you having |
93 |
your sshd_config file in a directory different from /etc/ssh, and to |
94 |
pass other arguments to the sshd daemon. |
95 |
|
96 |
It's completely redundant and innecessary, but it was the way |
97 |
different distros dealed with the shortcomings of SysV (OpenRC, the |
98 |
Gentoo init systems, works on top of SysV). |
99 |
|
100 |
> And what files gets overwritten when installing a new version of sshd? |
101 |
|
102 |
All of them :D Of course they are overwritten with ._cfg000* backups, |
103 |
but anyway is ridiculous. As you say, the only config sshd would need |
104 |
to look for should be in /etc/ssh. With systemd, there is no need for |
105 |
a /etc/conf.d (or /etc/sysconfig) dir. |
106 |
|
107 |
Regards. |
108 |
-- |
109 |
Canek Peláez Valdés |
110 |
Posgrado en Ciencia e Ingeniería de la Computación |
111 |
Universidad Nacional Autónoma de México |