security help

[Theoyster]

I ran rootkit hunter just to see what the vulnerabilities might be running tiger 10.4 and came up with this:

Checking for allowed root login... Watch out Root login possible. Possible risk!
Checking for allowed protocols... Warning (SSH v1 allowed)
- Apache 1.3.33 [ Vulnerable ]
- OpenSSL 0.9.7b [ Vulnerable ]
- PHP 4.3.10 [ Vulnerable ]

I don't really recall ever enabling root. I tried using netinfo manager to disable it and there is no 'security' tab there for me to do so. How else can I disable root access?

 

[angelwatt]

Searched: mac 10.4 disable root login

Here's Apple's page on enabling root, which should you to see how to disable root.

 

[Theoyster]

Thanks angelwatt. That's where it says to use the netinfo manager and click on the security menu where you can enable or disable root login...

Trouble is my netinfo manager doesn't have a security menu when I open it. I've only found one other post anywhere on the web that mentions this problem. Anyone have any ideas what is going on with this?

 

[Theoyster]

Duh, security tab is at the top of the page. I was looking at the netinfo gui itself.

Are any of these other vulnerabilities anything problematic?

 

[angelwatt]

Are any of these other vulnerabilities anything problematic?

The others are web service related. Unless you're running those services and your router allows access to them (by way of port forwarding), which you would have setup yourself, then not so much. Even if they were accessible from outside your network they're not huge problem areas. The Apache server is a bit out of date so could have security holes, but overall they won't cause you grief.