Package: rkhunter Version: 1.3.6-4 Severity: normal The cron job of rkhunter gives since a few weeks the (false) warning
Please inspect this machine, because it may be infected. and claims that some packages are out of date Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk. Warning: Application 'openssl', version '0.9.8o', is out of date, and possibly a security risk. Warning: Application 'sshd', version '5.5p1', is out of date, and possibly a security risk. One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) This gives a false alarm because all three packages are up-to-date for "squeeze": ii openssl 0.9.8o-4squeeze13 ii openssh-server 1:5.5p1-6+squeeze2 ii gnupg 1.4.10-4 # apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Either - these security relevant packages are updated in squeeze or (preferred) - this warning has to be corrected from "may be infected" to "outdated" or - rkhunters database in /var/lib/rkhunter/db/ is adjusted to avoid a false alarm from a security program. Thanks Axel Dürrbaum -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (700, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.20.1-16 The GNU assembler, linker and bina ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii exim4-daemon-light [ma 4.72-6+squeeze3 lightweight Exim MTA (v4) daemon ii file 5.04-5+squeeze2 Determines file type using "magic" ii net-tools 1.60-23 The NET-3 networking toolkit ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction Versions of packages rkhunter recommends: ii iproute 20100519-3 networking and traffic control too ii lsof 4.81.dfsg.1-1 List open files ii lynx 2.8.8dev.5-1 Text-mode WWW Browser (transitiona ii perl [libdigest-sha-pe 5.10.1-17squeeze3 Larry Wall's Practical Extraction pn unhide <none> (no description available) ii wget 1.12-2.1 retrieves files from the web Versions of packages rkhunter suggests: pn bsd-mailx <none> (no description available) pn tripwire <none> (no description available) -- Configuration Files: /etc/rkhunter.conf changed: ROTATE_MIRRORS=1 UPDATE_MIRRORS=1 MIRRORS_MODE=0 MAIL-ON-WARNING=root@localhost MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" TMPDIR=/var/lib/rkhunter/tmp DBDIR=/var/lib/rkhunter/db SCRIPTDIR=/usr/share/rkhunter/scripts BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec" LOGFILE=/var/log/rkhunter.log APPEND_LOG=0 COLOR_SET2=0 AUTO_X_DETECT=1 ALLOW_SSH_ROOT_USER=without-password ALLOW_SSH_PROT_V1=0 ENABLE_TESTS="all" DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps" PKGMGR=NONE SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep SCRIPTWHITELIST=/bin/which SCRIPTWHITELIST=/usr/bin/groups SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/bin/lwp-request SCRIPTWHITELIST=/usr/sbin/adduser SCRIPTWHITELIST=/usr/sbin/prelink SCRIPTWHITELIST=/sbin/chkconfig ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/dev/.udev ALLOWHIDDENDIR=/dev/.initramfs INETD_ALLOWED_SVC=pop3 INETD_ALLOWED_SVC=ident INETD_ALLOWED_SVC=tftp INETD_ALLOWED_SVC=swat UID0_ACCOUNTS="root admin" PWDLESS_ACCOUNTS="+" ALLOW_SYSLOG_REMOTE_LOGGING=0 SUSPSCAN_DIRS="/tmp /var/tmp" SUSPSCAN_TEMP=/dev/shm SUSPSCAN_MAXSIZE=10240000 SUSPSCAN_THRESH=200 INSTALLDIR="/usr" -- debconf information: rkhunter/apt_autogen: false rkhunter/cron_daily_run: rkhunter/cron_db_update: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org