Problem with rkhunter and update
William Hooper
whooperhsd3 at earthlink.net
Wed Oct 6 16:01:58 UTC 2004
Franco said:
> Hi, if i start rkunter it tell me this :
>
>
> - OpenSSL 0.9.7a [ Vulnerable]
> - OpenSSH 3.6.1p2 [ Vulnerable]
>
>
> but fedora don't release update, i know that i can upgrade OpenSSH from
> rpm and also fron source but i try to upgrade OpenSSL and all seams to
> install fine but rkhunter don't see the new installation and tell me that
> OpenSSL 0.9.7a is Vulnerable.
Checkout question B8 in the rkhunter FAQ.
http://www.rootkit.nl/articles/rootkit_hunter_faq.html
Like most "vulnerablity scanners", this one is relying on version number.
This means it will almost always give you false positives on any Fedora or
Red Hat system because of the practice of keeping the stable version and
backporting the fixes.
http://www.redhat.com/advice/speaks_backport.html
--
William Hooper
More information about the fedora-list
mailing list