Re: rkhunter report
Paul Cartwright [2010.11.20 1528 -0500]:
> On 11/20/2010 03:14 PM, Boyd Stephen Smith Jr. wrote:
> >> >Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a
> >> >security risk. Warning: Application 'openssl', version '0.9.8n', is out of
> >> >date, and possibly a security risk. Warning: Application 'sshd', version
> >> >'5.5p1', is out of date, and possibly a security risk.
> >> >
> >> >
> >
> > I does look like "gnupg" and "openssl" have received some updates since the
> > Lenny release, and "openssl" got some from the security team specifically.
> > "openssh-server" hasn't been updated since the Lenny release, AFAIK.
> >
> > If there is a specific vulnerability you are concerned about, asking on
> > debian-security for the status of a fix might be appropriate. As far as
> > unknown threats go, there may be security flaws in the Lenny versions that are
> > fixed upstream, but there may also be new flaws introduced upstream and are
> > not in the Lenny versions.
> I am not so much concerned about about vulnerability as I am rkhunter
> giving me a warning about "up-2-date" apps..
> openssl might concern me, because I use ssl.. same with ssh.. since MOST
> of what I do is behind my router, I am not very public internet facing..
> I just don't like getting messages that tell me something is NOT
> uptodate, when I am ALWAYS up to date..
If I recall correctly from a previous thread on this list, rkhunter
simply tests whether you have the most recent version of these
applications installed and warns you if you don't. I simply ignored
these warnings when I got them. If I understand the documentation of
rkhunter (which is very sparse) correctly, you can eliminate these
warnings by adding
ATTRWHITELIST=<path to gpg>
and the same for anything else you get these warnings for to
/etc/rkhunter.conf. Again, if I understand correctly, this will also
turn off other attribute checks for these programs, including uid/gid,
etc. Since these may be useful checks to detect malicious modifications
on your system, you may not want to do this.
Cheers,
Norbert
Reply to: