#1  
Old 17th March 2010, 21:37
sheshes sheshes is offline
Senior Member
 
Join Date: Aug 2009
Posts: 104
Thanks: 1
Thanked 0 Times in 0 Posts
Default RKHunter Warnings

Hi guys,

On my ISPconfig 3 server in RKHunters log I get 4 possible threads, although I haven't got any update notification from apt. Aren't the apps below udated vie aptitude?

[06:30:46] Checking version of GnuPG [ Warning ]
[06:30:46] Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk.
[06:30:46] Checking version of OpenSSL [ Warning ]
[06:30:46] Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk.
[06:30:46] Checking version of PHP [ Warning ]
[06:30:46] Warning: Application 'php', version '5.2.6', is out of date, and possibly a security risk.
[06:30:46] Checking version of OpenSSH [ Warning ]
[06:30:46] Warning: Application 'sshd', version '5.1p1', is out of date, and possibly a security risk.

Last edited by sheshes; 17th March 2010 at 21:40.
Reply With Quote
Sponsored Links
  #2  
Old 17th March 2010, 22:31
damir damir is offline
Senior Member
 
Join Date: Jun 2006
Posts: 375
Thanks: 11
Thanked 51 Times in 42 Posts
Default

It looks like you are using Debian Lenny, if that's the case than it's ok.
Reply With Quote
  #3  
Old 17th March 2010, 22:35
sheshes sheshes is offline
Senior Member
 
Join Date: Aug 2009
Posts: 104
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Ubuntu 9.04
Reply With Quote
  #4  
Old 17th March 2010, 22:56
damir damir is offline
Senior Member
 
Join Date: Jun 2006
Posts: 375
Thanks: 11
Thanked 51 Times in 42 Posts
Default

This is common for debian based distros but what you can do is to add it to whitelist.

sudo nano -w /etc/rkhunter.conf

APP_WHITELIST="openssl gpg sshd php5"
Reply With Quote
  #5  
Old 17th March 2010, 23:04
sheshes sheshes is offline
Senior Member
 
Join Date: Aug 2009
Posts: 104
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Thanks damir, but I am already aware of that, my question is if these packages are not updated via aptitude, when they are available ofcourse and if they can cause any security breach issues by not updating them.
Reply With Quote
  #6  
Old 17th March 2010, 23:09
damir damir is offline
Senior Member
 
Join Date: Jun 2006
Posts: 375
Thanks: 11
Thanked 51 Times in 42 Posts
Default

This are the stable packages that comes with distributions, and are recommended ones to use. You can always add repositories for the latest packages. I'm a Debian user, so i'm not aware what repositories is correct ones for Ubuntu.
Reply With Quote
The Following User Says Thank You to damir For This Useful Post:
sheshes (17th March 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter Messages atjensen11 Installation/Configuration 0 16th September 2009 17:59
rkhunter on centos revisited Doug G Installation/Configuration 2 16th August 2009 19:43
warnings in mail.warn Hans Server Operation 1 11th August 2009 15:38
rkhunter Tripple Installation/Configuration 21 15th June 2009 04:03
rkhunter upgrade? KenMasters Installation/Configuration 1 10th June 2009 08:39


All times are GMT +2. The time now is 02:08.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.