On Sat, 2010-11-20 at 15:50 -0800, Al Varnell wrote: > On 11/20/10 3:26 PM, "Robert Holtzman" <hol...@cox.net> wrote: > > > On Fri, Nov 19, 2010 at 07:38:03PM -0800, Al Varnell wrote: > >> On Nov 19, 2010, at 5:21 PM, Chris <cpoll...@embarqmail.com> wrote: > >> > >>> RKhunter V1.3.6, this apparently started yesterday on my morning > >>> rkhunter cronjob. It also reports: > > > > ..........snip.......... > > > >> > >> Did you run --update first? There was an update to the RKH DB in > >> conjunction with the rollout of the new version. You do know that v1.3.8 > >> is > >> out, right? Lots of good new stuff. > > > > Will --update update to 1.3.8? I'm running the Ubuntu version of 1.3.6-3 > > > According to the man "This command option causes rkhunter to check if there > is a later version of any of its text data files." so it would only update > the database and not update to 1.3.8. > > > and --update yielded this: > > > > hol...@localhost:~$ sudo rkhunter --update > > [sudo] password for holtzm: > > [ Rootkit Hunter version 1.3.6 ] > > > > Checking rkhunter data files... > > Checking file mirrors.dat [ No update] > > Checking file programs_bad.dat [ No update] > > Checking file backdoorports.dat [ No update] > > Checking file suspscan.dat [ No update] > > Checking file i18n/cn [ No update] > > Checking file i18n/de [ No update] > > Checking file i18n/en [ No update] > > Checking file i18n/zh [ No update] > > Checking file i18n/zh.utf8 [ No update] > > > > Any ideas? > > > These are all stored in /private/var/lib/rkhunter/db/. Check if they are > all dated Nov 17. If so then you must have run --update it since then. If > not, then I don't know as much as I thought I did about the process. > I see what's causing the warnings, looking at the /var/lib/rkhunter/programs_bad.dat file I see the among the string of outdated versions is:
gpg:1.4.10 httpd:2.2.15 openssl:1.0.0a I see that there is a new version of openssl dated 17 Nov however I'll wait for Mandriva to publish the newer rpm, the same with httpd. GPG, I can upgrade as I installed it from source. For now I've just whitelisted the above three apps until newer versions are installed. -- Chris KeyID 0xE372A7DA98E6705C
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users