I to am having this issue, and have been combing google and the mailing lists to find an answer. The problem as I see it is that distro's lock in at a cretin version number of lets say openssh and only provide patches to that version. My Ubuntu hardy install locks in openssh at 4.7, but the public version of openssh is at version 5.2 (iirc) I'm guessing that RK maintains a separate list ignoring the distro locked in version. I'm willing to bet that if I upgraded to the latest version on Ubuntu that has the latest version on openssh, RK would STFU. Also I haven't found a way to whitelist these or turn this off.
On Mon, Nov 30, 2009 at 10:41 AM, Ralph Seward <rj_sew...@hotmail.com> wrote: > Dear All: > > This morning I ran Rkhunter on my Linux box running 64-bit Fedora 10 and I > found the following warnings toward the end of the run: > > [10:19:15] Checking application versions... > [10:19:15] Info: Starting test name 'apps' > [10:19:15] Info: Application 'exim' not found. > [10:19:15] Checking version of GnuPG [ Warning ] > [10:19:15] Warning: Application 'gpg', version '1.4.9', is out of date, and > possibly a security risk. > [10:19:15] Checking version of Apache [ Warning ] > [10:19:15] Warning: Application 'httpd', version '2.2.11', is out of date, > and possibly a security risk. > [10:19:15] Info: Application 'named' not found. > [10:19:15] Checking version of OpenSSL [ Warning ] > [10:19:15] Warning: Application 'openssl', version '0.9.8g', is out of date, > and possibly a security risk. > [10:19:15] Checking version of PHP [ Warning ] > [10:19:15] Warning: Application 'php', version '5.2.9', is out of date, and > possibly a security risk. > [10:19:15] Checking version of Procmail MTA [ OK ] > [10:19:15] Info: Application 'procmail' version '3.22' found. > [10:19:15] Info: Application 'proftpd' not found. > [10:19:15] Checking version of OpenSSH [ Warning ] > [10:19:16] Warning: Application 'sshd', version '5.1p1', is out of date, and > possibly a security risk. > [10:19:16] Info: Applications checked: 6 out of 9 > > Yet when I attempt an update nothing appears to need updating: > # yum update > Loaded plugins: protect-packages, refresh-packagekit > Setting up Update Process > No Packages marked for Update > > So, what's up with this? > > Thanks, > R > > > ________________________________ > Hotmail: Trusted email with powerful SPAM protection. Sign up now. > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > > -- Erik Mathis Mathis Technology Services Owner/Operator 770 492-4424 ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
