#1  
Old 17th March 2010, 22:37
sheshes sheshes is offline
Senior Member
 
Join Date: Aug 2009
Location: Nicosia
Posts: 123
Thanks: 2
Thanked 0 Times in 0 Posts
Default RKHunter Warnings

Hi guys,

On my ISPconfig 3 server in RKHunters log I get 4 possible threads, although I haven't got any update notification from apt. Aren't the apps below udated vie aptitude?

[06:30:46] Checking version of GnuPG [ Warning ]
[06:30:46] Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk.
[06:30:46] Checking version of OpenSSL [ Warning ]
[06:30:46] Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk.
[06:30:46] Checking version of PHP [ Warning ]
[06:30:46] Warning: Application 'php', version '5.2.6', is out of date, and possibly a security risk.
[06:30:46] Checking version of OpenSSH [ Warning ]
[06:30:46] Warning: Application 'sshd', version '5.1p1', is out of date, and possibly a security risk.

Last edited by sheshes; 17th March 2010 at 22:40.
Reply With Quote
Sponsored Links
  #2  
Old 17th March 2010, 23:31
damir damir is offline
Senior Member
 
Join Date: Jun 2006
Posts: 375
Thanks: 11
Thanked 51 Times in 42 Posts
Default

It looks like you are using Debian Lenny, if that's the case than it's ok.
Reply With Quote
  #3  
Old 17th March 2010, 23:35
sheshes sheshes is offline
Senior Member
 
Join Date: Aug 2009
Location: Nicosia
Posts: 123
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Ubuntu 9.04
Reply With Quote
  #4  
Old 17th March 2010, 23:56
damir damir is offline
Senior Member
 
Join Date: Jun 2006
Posts: 375
Thanks: 11
Thanked 51 Times in 42 Posts
Default

This is common for debian based distros but what you can do is to add it to whitelist.

sudo nano -w /etc/rkhunter.conf

APP_WHITELIST="openssl gpg sshd php5"
Reply With Quote
  #5  
Old 18th March 2010, 00:04
sheshes sheshes is offline
Senior Member
 
Join Date: Aug 2009
Location: Nicosia
Posts: 123
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Thanks damir, but I am already aware of that, my question is if these packages are not updated via aptitude, when they are available ofcourse and if they can cause any security breach issues by not updating them.
Reply With Quote
  #6  
Old 18th March 2010, 00:09
damir damir is offline
Senior Member
 
Join Date: Jun 2006
Posts: 375
Thanks: 11
Thanked 51 Times in 42 Posts
Default

This are the stable packages that comes with distributions, and are recommended ones to use. You can always add repositories for the latest packages. I'm a Debian user, so i'm not aware what repositories is correct ones for Ubuntu.
Reply With Quote
The Following User Says Thank You to damir For This Useful Post:
sheshes (18th March 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter Tripple Installation/Configuration 22 14th May 2014 00:03
rkhunter Messages atjensen11 Installation/Configuration 0 16th September 2009 18:59
rkhunter on centos revisited Doug G Installation/Configuration 2 16th August 2009 20:43
warnings in mail.warn Hans Server Operation 1 11th August 2009 16:38
rkhunter upgrade? KenMasters Installation/Configuration 1 10th June 2009 09:39


All times are GMT +2. The time now is 22:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.