rkhunter
François Patte
Francois.Patte at math-info.univ-paris5.fr
Fri Oct 15 18:48:35 UTC 2004
Selon Alexander Dalloz <alexander.dalloz at uni-bielefeld.de>:
> Am Fr, den 15.10.2004 schrieb François Patte um 19:46:
>
> > > > * Application version scan
> > > > - GnuPG 1.2.3 [
> Vulnerable
> > > ]
> > > > - Apache 2.0.47 [
> Vulnerable
> > > ]
> > > > - OpenSSL 0.9.7a [
> Vulnerable
> > > ]
> > > > - PHP 4.3.3 [
> Vulnerable
> > > ]
> > > > - OpenSSH 3.6.1p2 [
> Vulnerable
> > > ]
>
> >
>
http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/updates/i386/gnupg-1.2.3-2.i386.rpm
> > >
> >
>
http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/updates/i386/httpd-2.0.51-1.4.legacy.i386.rpm
> > >
> >
>
http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/updates/i386/openssl-0.9.7a-33.10.i386.rpm
> > >
> >
>
http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/updates/i386/php-4.3.8-1.1.i386.rpm
>
> > Something is wrong in rkhunter:
> >
> > rpm -q gnupg
> > gnupg-1.2.3-2
> >
> > rpm -q httpd
> > le paquetage httpd n'est pas installé
> >
> > rpm -q openssl
> > openssl-0.9.7a-33.10
> >
> > rpm -q php
> > le paquetage php n'est pas installé
> >
> > rpm -q openssh
> > openssh-3.6.1p2-19
>
> > François Patte
>
> Yes, that is indeed curious. You really checked the same system? How
> should rkhunter detect the initial Apache2 version of FC1
>
>
http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/os/i386/httpd-2.0.47-10.i386.rpm
>
> if this package isn't even installed. Along with the the detected PHP
> version
>
>
http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/os/i386/php-4.3.3-6.i386.rpm
>
No, these package haven't been installed: it is a very minimal system only used
to be an interface beetween a private network and the internet!
--
François Patte
Ecole française d'Extrême-Orient - Pune - Inde
Université René Descartes - Paris 5
UFR de mathématiques et informatique
http://www.math-info.univ-paris5.fr/~patte
More information about the fedora-list
mailing list