Hi John, > > The odd thing there is, I have: > > > > PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin > > > > for root's PATH and: > > > > # ll /usr/bin/ssh /usr/local/bin/ssh > > -rwxr-xr-x 1 root root 312672 Oct 1 02:39 /usr/bin/ssh > > -rwxr-xr-x 1 root root 283580 Jan 22 2009 /usr/local/bin/ssh > > > > # which ssh > > /usr/local/bin/ssh > > > The test is for 'sshd' though, not the 'ssh' command.
Oh ok, in that case it's similar: # ll /usr/sbin/sshd /usr/local/sbin/sshd -rwxr-xr-x 1 root root 345436 Jan 22 2009 /usr/local/sbin/sshd -rwxr-xr-x 1 root root 408352 Oct 1 02:39 /usr/sbin/sshd # which sshd /usr/local/sbin/sshd > > Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a > > security risk. > > > > If I changed the APP_WHITELIST sshd entry to "sshd:4.3p2" and re-ran > > rkhunter, > > rkhunter will then warn about " 'sshd', version '4.9p1' ". > > > Really?? Very odd. Can you show me the relevant output from each log > file (showing the sshd version found etc), and include the part of > the log file (near the top) which says what the 'command > directories' are. Thanks. Ok, with an APP_WHITELIST entry of: APP_WHITELIST="httpd:2.2.3 named:9.3.6-P1 php:5.1.6 openssl:0.9.8e" I get this as the output: Warning: Application 'named', version '9.3.6-P1', is out of date, and possibly a security risk. Warning: Application 'sshd', version '4.9p1', is out of date, and possibly a security risk. For that run, log file shows: [09:23:33] Info: Using '/usr/kerberos/sbin /usr/kerberos/bin /usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin /root/bi n /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec' as the command directories [09:27:44] Warning: Application 'sshd', version '4.9p1', is out of date, and possibly a security risk. With: APP_WHITELIST="httpd:2.2.3 named:9.3.6-P1 php:5.1.6 openssl:0.9.8e sshd:4.9p1" I get: Warning: Application 'named', version '9.3.6-P1', is out of date, and possibly a security risk. For that run, the log file shows: [09:36:07] Info: Using '/usr/kerberos/sbin /usr/kerberos/bin /usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin /root/bin /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec' as the command directories [09:39:46] Info: Found application 'sshd' version '4.9p1': this version is whitelisted. Hmmm.. it didn't do it this time. I've run through it a couple of times now and it seems to be ok now. Maybe it's just because it's 1 January 2010 now :) (at least for us in Aus we're 10.45 hrs into the new year already). Regards, Michael. > John. > > -- > John Horne, University of Plymouth, UK > Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast > and easy Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users ------- End of Original Message ------- ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
