I've checked my Linux server (Centos 6) with rkhunter. I found the following in rkhunter log
[14:38:54] Checking if SSH protocol v1 is allowed [ Warning ]
[14:38:54] Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version 1.
When i checked with /etc/ssh/
I found 2 config files, sshd_config
and ssh_config
.
ssh_config last modified on 21-Sep-2013 (22:30).
rkhunter result of 21-Sep-2013 (04:20)
[04:10:40] Checking if SSH root access is allowed [ Not set ]
[04:10:40] Checking if SSH protocol v1 is allowed [ Not allowed ]
I'm worried that my server maybe compromised.
Update
After run clamav scan on server, I found /usr/sbin/sasluster
(Stealth MultiFunctional IrcBot).
How do I remove it? What does it mean?