Re: rkhunter report

To: debian-user@lists.debian.org
Subject: Re: rkhunter report
From: Norbert Zeh <nzeh@cs.dal.ca>
Date: Sat, 20 Nov 2010 16:57:40 -0400
Message-id: <[🔎] 20101120205740.GD3927@cs.dal.ca>
In-reply-to: <[🔎] 4CE82F6E.3030401@pcartwright.com>
References: <[🔎] 4CE7C832.7010308@pcartwright.com> <[🔎] 201011201414.22988.bss@iguanasuicide.net> <[🔎] 4CE82F6E.3030401@pcartwright.com>

Paul Cartwright [2010.11.20 1528 -0500]:
> On 11/20/2010 03:14 PM, Boyd Stephen Smith Jr. wrote:
> >> >Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a
> >> >security risk. Warning: Application 'openssl', version '0.9.8n', is out of
> >> >date, and possibly a security risk. Warning: Application 'sshd', version
> >> >'5.5p1', is out of date, and possibly a security risk.
> >> >
> >> > 
> >
> > I does look like "gnupg" and "openssl" have received some updates since the 
> > Lenny release, and "openssl" got some from the security team specifically.  
> > "openssh-server" hasn't been updated since the Lenny release, AFAIK.
> >
> > If there is a specific vulnerability you are concerned about, asking on 
> > debian-security for the status of a fix might be appropriate.  As far as 
> > unknown threats go, there may be security flaws in the Lenny versions that are 
> > fixed upstream, but there may also be new flaws introduced upstream and are 
> > not in the Lenny versions.
> I am not so much concerned about about vulnerability as I am rkhunter
> giving me a warning about "up-2-date" apps..
> openssl might concern me, because I use ssl.. same with ssh.. since MOST
> of what I do is behind my router, I am not very public internet facing..
> I just don't like getting messages that tell me something is NOT
> uptodate, when I am ALWAYS up to date..

If I recall correctly from a previous thread on this list, rkhunter
simply tests whether you have the most recent version of these
applications installed and warns you if you don't.  I simply ignored
these warnings when I got them.  If I understand the documentation of
rkhunter (which is very sparse) correctly, you can eliminate these
warnings by adding

ATTRWHITELIST=<path to gpg>

and the same for anything else you get these warnings for to
/etc/rkhunter.conf.  Again, if I understand correctly, this will also
turn off other attribute checks for these programs, including uid/gid,
etc.  Since these may be useful checks to detect malicious modifications
on your system, you may not want to do this.

Cheers,
Norbert

Reply to:

References:
- rkhunter report
  - From: Paul Cartwright <debian@pcartwright.com>
- Re: rkhunter report
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
- Re: rkhunter report
  - From: Paul Cartwright <debian@pcartwright.com>

Prev by Date: Re: Preventing installation of specific virtual packages
Next by Date: Re: Preventing installation of specific virtual packages
Previous by thread: Re: rkhunter report
Next by thread: Re: rkhunter report
Index(es):
- Date
- Thread