Hi Brian, > Hi Michael > > You have named twice on that whitelist. > While I haven't studied the code to see what happens, that doesn't > look right to me.
Yeah I didn't notice that. I changed the line to: APP_WHITELIST="httpd:2.2.3 named:9.3.6-P1 sshd:4.3p2 php:5.1.6 openssl:0.9.8e" and re-ran /etc/cron.daily/rkhunter and got the output: Warning: Application 'named', version '9.3.6-P1', is out of date, and possibly a security risk. Warning: Application 'sshd', version '4.9p1', is out of date, and possibly a security risk. So I then changed it to: APP_WHITELIST="httpd:2.2.3 named:9.3.6-P1 sshd:4.9p1 php:5.1.6 openssl:0.9.8e" and got the output: Warning: Application 'named', version '9.3.6-P1', is out of date, and possibly a security risk. So it seems the named entry is still ignored? I also find the sshd warning a little odd since what is installed is: # rpm -q openssh openssh-4.3p2-36.el5_4.2.i386 Thanks and regards, Michael. > Brian > > On 27-Dec-09, at 8:30 PM, Michael Mansour wrote: > > APP_WHITELIST="httpd:2.2.3 named:9.3.6 php:5.1.6 sshd:4.3p2 named: > > 9.3.6-P1 > > openssl:0.9.8e" ------- End of Original Message ------- ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
