Your message dated Sat, 16 Feb 2013 08:50:17 +0100 with message-id <[email protected]> and subject line Re: Bug#693414: rkhunter: Out of date warnings for up-to-date debian packages has caused the Debian Bug report #693414, regarding rkhunter: Out of date warnings for up-to-date debian packages to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 693414: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693414 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: rkhunter Version: 1.3.6-4 Severity: normal The cron job of rkhunter gives since a few weeks the (false) warning Please inspect this machine, because it may be infected. and claims that some packages are out of date Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk. Warning: Application 'openssl', version '0.9.8o', is out of date, and possibly a security risk. Warning: Application 'sshd', version '5.5p1', is out of date, and possibly a security risk. One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) This gives a false alarm because all three packages are up-to-date for "squeeze": ii openssl 0.9.8o-4squeeze13 ii openssh-server 1:5.5p1-6+squeeze2 ii gnupg 1.4.10-4 # apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Either - these security relevant packages are updated in squeeze or (preferred) - this warning has to be corrected from "may be infected" to "outdated" or - rkhunters database in /var/lib/rkhunter/db/ is adjusted to avoid a false alarm from a security program. Thanks Axel Dürrbaum -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (700, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.20.1-16 The GNU assembler, linker and bina ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii exim4-daemon-light [ma 4.72-6+squeeze3 lightweight Exim MTA (v4) daemon ii file 5.04-5+squeeze2 Determines file type using "magic" ii net-tools 1.60-23 The NET-3 networking toolkit ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction Versions of packages rkhunter recommends: ii iproute 20100519-3 networking and traffic control too ii lsof 4.81.dfsg.1-1 List open files ii lynx 2.8.8dev.5-1 Text-mode WWW Browser (transitiona ii perl [libdigest-sha-pe 5.10.1-17squeeze3 Larry Wall's Practical Extraction pn unhide <none> (no description available) ii wget 1.12-2.1 retrieves files from the web Versions of packages rkhunter suggests: pn bsd-mailx <none> (no description available) pn tripwire <none> (no description available) -- Configuration Files: /etc/rkhunter.conf changed: ROTATE_MIRRORS=1 UPDATE_MIRRORS=1 MIRRORS_MODE=0 MAIL-ON-WARNING=root@localhost MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" TMPDIR=/var/lib/rkhunter/tmp DBDIR=/var/lib/rkhunter/db SCRIPTDIR=/usr/share/rkhunter/scripts BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec" LOGFILE=/var/log/rkhunter.log APPEND_LOG=0 COLOR_SET2=0 AUTO_X_DETECT=1 ALLOW_SSH_ROOT_USER=without-password ALLOW_SSH_PROT_V1=0 ENABLE_TESTS="all" DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps" PKGMGR=NONE SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep SCRIPTWHITELIST=/bin/which SCRIPTWHITELIST=/usr/bin/groups SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/bin/lwp-request SCRIPTWHITELIST=/usr/sbin/adduser SCRIPTWHITELIST=/usr/sbin/prelink SCRIPTWHITELIST=/sbin/chkconfig ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/dev/.udev ALLOWHIDDENDIR=/dev/.initramfs INETD_ALLOWED_SVC=pop3 INETD_ALLOWED_SVC=ident INETD_ALLOWED_SVC=tftp INETD_ALLOWED_SVC=swat UID0_ACCOUNTS="root admin" PWDLESS_ACCOUNTS="+" ALLOW_SYSLOG_REMOTE_LOGGING=0 SUSPSCAN_DIRS="/tmp /var/tmp" SUSPSCAN_TEMP=/dev/shm SUSPSCAN_MAXSIZE=10240000 SUSPSCAN_THRESH=200 INSTALLDIR="/usr" -- debconf information: rkhunter/apt_autogen: false rkhunter/cron_daily_run: rkhunter/cron_db_update:
--- End Message ---
--- Begin Message ---Le vendredi 16 novembre 2012 à 09:53 +0100, Axel Dürrbaum a écrit : > Package: rkhunter > Version: 1.3.6-4 > Severity: normal > > The cron job of rkhunter gives since a few weeks the (false) warning > > Please inspect this machine, because it may be infected. > > and claims that some packages are out of date > > Warning: Application 'gpg', version '1.4.10', is out of date, and > possibly a security risk. > Warning: Application 'openssl', version '0.9.8o', is out of date, and > possibly a security risk. > Warning: Application 'sshd', version '5.5p1', is out of date, and > possibly a security risk. While the *packages* are up-to-date, rkhunter detects new versions of the applications were released, which could be a possible security risk eg. without the Security Team support. These warnings should be inspected by a system administrator who is the only person who can take the responsibility to whitelist these versions. The warning message "Please inspect this machine, because it may be infected" is only a general message inviting you inspecting the logs. I close this bug for all the reasons given above. Cheers, Julien -- .''`. Julien Valroff ~ ~ : :' : Debian Developer & Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1
--- End Message ---
_______________________________________________ forensics-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
