Bug 543065
| Summary: | application scan warnings | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nerijus Baliƫnas <nerijus> |
| Component: | rkhunter | Assignee: | Kevin Fenzi <kevin> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 12 | CC: | devrim, gwync, kevin |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 1.3.6-2.fc12 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-12-24 03:51:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Nerijus Baliƫnas
2009-12-01 16:19:03 UTC
Yes, with the release of 1.3.6, the application database was updated for all rkhunter releases.
You got this new database via a daily cronjob ('rkhunter --update').
I have a 1.3.6 version in rawhide right now, I would like it to test for at least a few days there before pushing updates out to stable releases.
In that update I am going to disable apps test by default.
My reasoning:
1. The upstream list addresses upstream versions of those packages and what versions fix currently known security issues. Sometimes fedora (and often/always in epel) security fixes may be backported to an earlier version, leaving the version number not too usefull.
2. Keeping a list updated with the versions locally in the rkhunter package would mean having to push updates anytime any of the 9 applications listed are changed.
3. Keeping a list updated locally with rkhunter would also mean I would have to follow all upstream and fedora security issues for all those applications. ;(
4. Finally, just noting versions of 9 packages isn't terribly usefull. There are many more packages out there, and really staying updated is beyond the scope of rkhunter, unless it just added a 'you have pending updates, you should apply them'.
Anyhow, disabling the test for now is a good idea, and with 1.3.6 it will be disabled by default.
I'll leave this open for a bit, and close it when I push testing updates of 1.3.6 out.
Thanks for the report!
rkhunter-1.3.6-2.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/rkhunter-1.3.6-2.fc12 rkhunter-1.3.6-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/rkhunter-1.3.6-2.fc11 rkhunter-1.3.6-2.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/rkhunter-1.3.6-2.el5 rkhunter-1.3.6-2.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rkhunter'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0970 rkhunter-1.3.6-2.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rkhunter'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12841 rkhunter-1.3.6-2.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rkhunter'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-12843 rkhunter-1.3.6-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. rkhunter-1.3.6-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. rkhunter-1.3.6-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |