From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RDKzl-00031c-1D for garchives@archives.gentoo.org; Mon, 10 Oct 2011 18:54:37 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 98B7D21C10A; Mon, 10 Oct 2011 18:54:27 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 2931121C118 for ; Mon, 10 Oct 2011 18:53:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id AB45D1B4009 for ; Mon, 10 Oct 2011 18:53:33 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Score: -5.008 X-Spam-Level: X-Spam-Status: No, score=-5.008 required=5.5 tests=[AWL=1.591, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JT816FKIyUiu for ; Mon, 10 Oct 2011 18:53:26 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id EBE071B400E for ; Mon, 10 Oct 2011 18:53:23 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1RDKyX-0001Z7-RJ for gentoo-user@gentoo.org; Mon, 10 Oct 2011 20:53:21 +0200 Received: from athedsl-387405.home.otenet.gr ([79.131.65.75]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 10 Oct 2011 20:53:21 +0200 Received: from realnc by athedsl-387405.home.otenet.gr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 10 Oct 2011 20:53:21 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Nikos Chantziaras Subject: [gentoo-user] Re: transferring contents of /etc/conf.d to the config files Date: Mon, 10 Oct 2011 21:53:05 +0300 Organization: Lucas Barks Message-ID: References: <20111010173352.GA2844@solfire> <20111010184517.GB2844@solfire> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: athedsl-387405.home.otenet.gr User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20111003 Thunderbird/7.0.1 In-Reply-To: <20111010184517.GB2844@solfire> X-Archives-Salt: X-Archives-Hash: ffa831aba3510d20288ce066161900b1 On 10/10/2011 09:45 PM, meino.cramer@gmx.de wrote: > Nikos Chantziaras [11-10-10 19:52]: >> On 10/10/2011 08:33 PM, meino.cramer@gmx.de wrote: >>> Hi, >>> >>> I have read several docs to figure out this...all docs do changes >>> in /etc/conf.d but I found no hint how to transfer that settings >>> to the "real" configuration files of the according programs. >> >> These *are* real configuration files and you don't need to transfer >> anything. >> >> > > The reason I thought, that those settings in /etc/conf.d is due > to a warning of the rkhunter tool: > > [03:23:21] Performing system configuration file checks > [03:23:21] Info: Starting test name 'system_configs' > [03:23:21] Checking for SSH configuration file [ Found ] > [03:23:21] Info: Found SSH configuration file: /etc/ssh/sshd_config > [03:23:21] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'. > [03:23:21] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'. > [03:23:21] Checking if SSH root access is allowed [ Warning ] > [03:23:21] Warning: The SSH configuration option 'PermitRootLogin' has not been set. > The default value may be 'yes', to allow root access. > [03:23:21] Checking if SSH protocol v1 is allowed [ Warning ] > [03:23:21] Warning: The SSH configuration option 'Protocol' has not been set. > The default value may be '2,1', to allow the use of protocol version 1. > [03:23:22] Checking for running syslog daemon [ Not found ] > [03:23:22] Info: The syslog daemon is not running, but a metalog daemon has been found. > [03:23:22] Checking for syslog configuration file [ Not found ] > > Now I see, that it seems to check simply the wrong file. > > I think it would be an idea to patch rkhunter to be more compliant to > the setup of the gentoo system ?! > From own experience I know that a lot false warnings of such tools > dull the sigth on to the real threads... It's checking the correct file. Simply edit /etc/ssh/sshd_config to your liking. /etc/conf.d/ is not for those kind of settings; it's read-in by Gentoo's init system and other infrastructure.