Debian: Checking your Linux for potential rootkit

You have been tasked to set up a Linux server, you have just installed the core packages of debian with debian small CD.

After installation is completed, you download two rootkit checkers:

apt-get update #To ensure you have the latest package database.

apt-get upgrade #To ensure you have the latest package with security holes patched.

apt-get install chkrootkit -y #download and install chkrootkit

apt-get install rkhunter -y #download and install rkhunter (root kit hunter)

You realized your sshd allows root access.

Running rkhunter you noticed sshd allowed root access, allowing root access would give potential problem with hackers bruteforcing root password, of course you could thwart bruteforce by enforcing account lockdown for a specific period of time; however there were many ways to gain root access without knowing your password. You have decided to fix this potential problem by fixing your /etc/ssh/sshd_config.

Indeed allowing root access was the default of sshd.
You proceed to disable allowing root access and save the config.

Oh by the way ServerKeyBits 768 is kind of weak, usual RSA key length is recommended to be at least 1024-bit.

After you have made the minor changes to sshd_config you proceed to restart the service:

service ssh restart


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s