[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rkhunter

You wrote:

On Oct 15, 2004 at 13:43, François Patte in a soothing rage wrote:


who has experienced rkhunter? I have just installed it and tried and
seems ok on my machine, expect these warning messages:

* Application version scan
  - GnuPG 1.2.3                                              [ Vulnerable ]
  - Apache 2.0.47                                            [ Vulnerable ]
  - OpenSSL 0.9.7a                                           [ Vulnerable ]
  - PHP 4.3.3                                                [ Vulnerable ]
  - OpenSSH 3.6.1p2                                          [ Vulnerable ]

I'm running fc1 and tried to update these soft but yum answer is that
in installed in the latest version...

Are fedoralegacy mirrors not up to date or rkhunter is wrong?

There is one mistake in the above list: Apache is not installed.
But is httpd installed? Cause that is Apache. Just because rkhunter
says something is vulnerable does not necessarily mean that the FC
rpm is. You need to look at the changelog for each rpm to find out
whether it contains patches for posted vulnerabilities.


1st. rkhunter checks about LATEST released, since some distribution like RedHat / Fedora are
not using the latest always.
2nd. FC1 used glibc-2.3.2-101.4 and some of these modules you listed (i.e. OpenSSL, OpenSSH)
requires a new version of glibc. Because this and because upgrading glibc is not so easy
(sometimes your system cannot run properly after an upgrade), I suggest to upgrade to
FC2 or to backup all glibc files before anything and to have an alternate OS which can
read/write on your FC1 disk(s) installation or, more good, to backup entire FC1
installation (with Norton Ghost or PowerQuest DriveImage or other similar tool).
Be careful !!! It happends to me sometime in the past ...
3rd. perhaps rkhunter list Apache since you didn't install becaude a module needed by Apache
is already installed. Try set rkhunter to make a detailed log since scanning (see
rkhunter help).

Good luck !

Traian Gheorghe ONCIU
N:SRL (DalilaSoft);S.C.;Dalila SoftWare
FN:S.C. Dalila SoftWare SRL (DalilaSoft)
ORG:S.C. Dalila SoftWare SRL
TEL;WORK;VOICE:+4 0723 535 315
TEL;WORK;FAX:+4 0241 651 246
ADR;WORK:;+4 0723 535 315;Bd. Tomis nr. 342, bl. C3, sc. B, et. V, ap. 60;Constanþa;România;8700;România
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:+4 0723 535 315=0D=0ABd. Tomis nr. 342, bl. C3, sc. B, et. V, ap. 60=0D=0ACo=
nstan=FEa, Rom=E2nia 8700=0D=0ARom=E2nia
EMAIL;PREF;INTERNET:DalilaSoft DalilaSoft Ro

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]