[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rkhunter

François Patte wrote:
who has experienced rkhunter? I have just installed it and tried and everything
seems ok on my machine, expect these warning messages:

* Application version scan
   - GnuPG 1.2.3                                              [ Vulnerable ]
   - Apache 2.0.47                                            [ Vulnerable ]
   - OpenSSL 0.9.7a                                           [ Vulnerable ]
   - PHP 4.3.3                                                [ Vulnerable ]
   - OpenSSH 3.6.1p2                                          [ Vulnerable ]

I'm running fc1 and tried to update these soft but yum answer is that everything
in installed in the latest version...

Are fedoralegacy mirrors not up to date or rkhunter is wrong?

Did you check the RootKit Hunter FAQ? http://www.rootkit.nl/articles/rootkit_hunter_faq.html


Rootkit Hunter tells me I have vulnerable applications installed, but I have fully patched my server! How is this possible?

Some distributions like Red Hat and OpenBSD do patch old versions. So Rootkit Hunter thinks it's a old version, but instead it's a safe patched version. If you have the same situation, don't use the program version checker (--skip-application-check), to suppress the false positives.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]