On Thu, 2009-12-31 at 12:45 +1100, Michael Mansour wrote: > > I'm not sure why it works for you, because it definately doesn't work for me. > All the servers I have with this named version (contained with EL5) do the > same thing: > > [12:27:40] Checking application versions... > [12:27:40] Info: Starting test name 'apps' > [12:27:44] Info: Application 'exim' not found. > [12:27:44] Checking version of GnuPG [ OK ] > [12:27:44] Info: Application 'gpg' version '1.4.5' found. > [12:27:45] Checking version of Apache [ OK ] > [12:27:45] Info: Found application 'httpd' version '2.2.3': this version is > whitelisted. > [12:27:46] Checking version of Bind DNS [ Warning ] > [12:27:46] Warning: Application 'named', version '9.3.6-P1', is out of date, > and possibly a security risk. > [12:27:46] Checking version of OpenSSL [ OK ] > [12:27:47] Info: Found application 'openssl' version '0.9.8e': this version is > whitelisted. > [12:27:47] Checking version of PHP [ OK ] > [12:27:47] Info: Found application 'php' version '5.1.6': this version is > whitelisted. > [12:27:47] Checking version of Procmail MTA [ OK ] > [12:27:48] Info: Application 'procmail' version '3.22' found. > [12:27:48] Info: Application 'proftpd' not found. > [12:27:48] Checking version of OpenSSH [ OK ] > [12:27:48] Info: Found application 'sshd' version '4.3p2': this version is > whitelisted. > [12:27:48] Info: Applications checked: 7 out of 9 > > If it was just one server I'd say ok, but it's all my EL5 servers that are > ignoring the entry "named:9.3.6-P1". I personally believe this is a rkhunter > bug, but I guess that can only be proven if it's happening to others. > Oh I'm happy to admit it's a bug, but I need to verify that it actually is and so far I cannot see where (in the code) it is failing.
Could you put your whitelist back again using a specific version number for named (and any others you are having problems with), and then run 'rkhunter --enable apps --debug'. Could you email me the resulting /tmp output file please, and I'll take a look to see if I can see what is happening. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
