Hi John, > > I'm not sure why it works for you, because it definately doesn't work for > > me. > > All the servers I have with this named version (contained with EL5) do the > > same thing: > > > > [12:27:40] Checking application versions... > > [12:27:40] Info: Starting test name 'apps' > > [12:27:44] Info: Application 'exim' not found. > > [12:27:44] Checking version of GnuPG [ OK ] > > [12:27:44] Info: Application 'gpg' version '1.4.5' found. > > [12:27:45] Checking version of Apache [ OK ] > > [12:27:45] Info: Found application 'httpd' version '2.2.3': this version is > > whitelisted. > > [12:27:46] Checking version of Bind DNS [ Warning ] > > [12:27:46] Warning: Application 'named', version '9.3.6-P1', is out of date, > > and possibly a security risk. > > [12:27:46] Checking version of OpenSSL [ OK ] > > [12:27:47] Info: Found application 'openssl' version '0.9.8e': this version > > is > > whitelisted. > > [12:27:47] Checking version of PHP [ OK ] > > [12:27:47] Info: Found application 'php' version '5.1.6': this version is > > whitelisted. > > [12:27:47] Checking version of Procmail MTA [ OK ] > > [12:27:48] Info: Application 'procmail' version '3.22' found. > > [12:27:48] Info: Application 'proftpd' not found. > > [12:27:48] Checking version of OpenSSH [ OK ] > > [12:27:48] Info: Found application 'sshd' version '4.3p2': this version is > > whitelisted. > > [12:27:48] Info: Applications checked: 7 out of 9 > > > > If it was just one server I'd say ok, but it's all my EL5 servers that are > > ignoring the entry "named:9.3.6-P1". I personally believe this is a rkhunter > > bug, but I guess that can only be proven if it's happening to others. > > > Oh I'm happy to admit it's a bug, but I need to verify that it actually > is and so far I cannot see where (in the code) it is failing. > > Could you put your whitelist back again using a specific version number > for named (and any others you are having problems with), and then run > 'rkhunter --enable apps --debug'. Could you email me the resulting /tmp > output file please, and I'll take a look to see if I can see what is > happening.
I've just done this on an EL5 server and sent you the file using mpack from the server. Please let me know if you don't receive it. Regards, Michael. > John. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
