RKHunter Warnings
 

Hi guys,

On my ISPconfig 3 server in RKHunters log I get 4 possible threads, although I haven't got any update notification from apt. Aren't the apps below udated vie aptitude?

[06:30:46] Checking version of GnuPG [ Warning ]
[06:30:46] Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk.
[06:30:46] Checking version of OpenSSL [ Warning ]
[06:30:46] Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk.
[06:30:46] Checking version of PHP [ Warning ]
[06:30:46] Warning: Application 'php', version '5.2.6', is out of date, and possibly a security risk.
[06:30:46] Checking version of OpenSSH [ Warning ]
[06:30:46] Warning: Application 'sshd', version '5.1p1', is out of date, and possibly a security risk.

It looks like you are using Debian Lenny, if that's the case than it's ok.

Ubuntu 9.04

This is common for debian based distros but what you can do is to add it to whitelist.

sudo nano -w /etc/rkhunter.conf

APP_WHITELIST="openssl gpg sshd php5"

Thanks damir, but I am already aware of that, my question is if these packages are not updated via aptitude, when they are available ofcourse and if they can cause any security breach issues by not updating them.

This are the stable packages that comes with distributions, and are recommended ones to use. You can always add repositories for the latest packages. I'm a Debian user, so i'm not aware what repositories is correct ones for Ubuntu.

Thanks i guess i 'll have to wait for stable releases by the ubuntu team.

I downloaded the source for all of these and compiled and installed these newer versions on Debian Lenny. This cleared the error messages. Or you can wait for the repos to catch up.