HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   RKHunter Warnings (http://www.howtoforge.com/forums/showthread.php?t=44175)

sheshes 17th March 2010 21:37

RKHunter Warnings
 
Hi guys,

On my ISPconfig 3 server in RKHunters log I get 4 possible threads, although I haven't got any update notification from apt. Aren't the apps below udated vie aptitude?

[06:30:46] Checking version of GnuPG [ Warning ]
[06:30:46] Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk.
[06:30:46] Checking version of OpenSSL [ Warning ]
[06:30:46] Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk.
[06:30:46] Checking version of PHP [ Warning ]
[06:30:46] Warning: Application 'php', version '5.2.6', is out of date, and possibly a security risk.
[06:30:46] Checking version of OpenSSH [ Warning ]
[06:30:46] Warning: Application 'sshd', version '5.1p1', is out of date, and possibly a security risk.

damir 17th March 2010 22:31

It looks like you are using Debian Lenny, if that's the case than it's ok.

sheshes 17th March 2010 22:35

Ubuntu 9.04

damir 17th March 2010 22:56

This is common for debian based distros but what you can do is to add it to whitelist.

sudo nano -w /etc/rkhunter.conf

APP_WHITELIST="openssl gpg sshd php5"

sheshes 17th March 2010 23:04

Thanks damir, but I am already aware of that, my question is if these packages are not updated via aptitude, when they are available ofcourse and if they can cause any security breach issues by not updating them.

damir 17th March 2010 23:09

This are the stable packages that comes with distributions, and are recommended ones to use. You can always add repositories for the latest packages. I'm a Debian user, so i'm not aware what repositories is correct ones for Ubuntu.

sheshes 17th March 2010 23:16

Thanks i guess i 'll have to wait for stable releases by the ubuntu team.

BorderAmigos 18th March 2010 19:34

I downloaded the source for all of these and compiled and installed these newer versions on Debian Lenny. This cleared the error messages. Or you can wait for the repos to catch up.


All times are GMT +2. The time now is 19:41.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.