rkhunter reports openssl and sshd versions out of date
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rkhunter (Debian) |
Fix Released
|
Unknown
|
|||
rkhunter (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: rkhunter
As of now (Dec 09) rkhunter updates to the programs_bad.dat file will cause rkhunter to warn about the installed versions of openssl (0.9.8g) and openssh (4.7p1)
As I understand it, that's a 'false positive' because Ubuntu patches the current version for security issues rather than installing updated versions.
Upstream is not willing to try and track the version numbers for every possible distro
(see <http://
To be consistent with the current practice of placing common whitelist options in the conf file, but leaving them commented out, can the Ubuntu package add the version numbers for the apps it ships be added to the conf file?
Thus, for Hardy put this line in /etc/rkhunter.conf
#APP_WHITELIST=
(side note - I dunno about that colon in the version number of bind - it might cause problems parsing - untested)
Comments?
Changed in rkhunter (Ubuntu): | |
status: | New → Confirmed |
Changed in rkhunter (Debian): | |
status: | Unknown → Fix Released |
Changed in rkhunter (Ubuntu): | |
status: | Confirmed → Fix Released |
About the colons, look in /var/log/rkhunter, and it'll tell you exactly what to whitelist. For named, I had to use "named:9.4.2".
Still, it seems silly that I have to whitelist apps that are in Ubuntu because of a root-kit checker that is in Ubuntu. I would have hoped that the distro would be more internally consistent.
As it stands, I have spent a little time this morning to make sure that I do not get a bunch of false-positive emails from all of my servers. Those got old very quickly.
Alan