On Sat, 05 Dec 2009 21:55:16 -0600, Chris wrote > A couple of weeks ago I updated to Mandriva 2010. During it's daily msec > cronjob I noticed that chkrootkit was giving a few false positives > therefore decided to go back to rkhunter this evening. I've noticed that > two applications are being listed as outdated > > Checking version of Bind DNS [ Warning ] > [21:52:33] Warning: Application 'named', version '9.6.1', is out of > date, and possibly a security risk. > [21:52:33] Checking version of OpenSSL [ Warning ] > [21:52:33] Warning: Application 'openssl', version '0.9.8k', is out of > date, and possibly a security risk. > > The version of rkhunter that was installed with Mandriva's urpmi command > is 1.3.4. I noticed that 1.3.6 is the latest, possibly when the new > version is pushed for 2010 these two warnings will go away? > > Chris > > -- > KeyID 0xE372A7DA98E6705C
There was quite a lot written about this early last week, IIRC. Take a look through the archive. In essence' the developers state that it's very difficult to maintain data on all of the various distros' latest packages. So, one either has to maintain one's own list via "APP WHITELIST", or skip the app check via "DISABLE TESTS". HTH. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
