543065 – application scan warnings

Bug 543065 - application scan warnings

Summary: application scan warnings

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rkhunter
Sub Component:
Version:	12
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Kevin Fenzi
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-12-01 16:19 UTC by Nerijus Baliūnas
Modified:	2009-12-24 20:45 UTC (History)
CC List:	3 users (show)
Fixed In Version:	1.3.6-2.fc12
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-12-24 03:51:56 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Nerijus Baliūnas 2009-12-01 16:19:03 UTC

After automatically updated programs_bad.dat rkhunter gives a few warnings:

--------------------- Start Rootkit Hunter Update ---------------------

[ Rootkit Hunter version 1.3.4 ]



Checking rkhunter data files...

  Checking file mirrors.dat                                  [ No update ]

  Checking file programs_bad.dat                             [ Updated ]

  Checking file backdoorports.dat                            [ Updated ]

  Checking file suspscan.dat                                 [ Updated ]

  Checking file i18n/cn                                      [ No update ]

  Checking file i18n/de                                      [ No update ]

  Checking file i18n/en                                      [ No update ]

  Checking file i18n/zh                                      [ No update ]

  Checking file i18n/zh.utf8                                 [ No update ]



---------------------- Start Rootkit Hunter Scan ----------------------

Warning: Application 'httpd', version '2.2.13', is out of date, and possibly a security risk.

Warning: Application 'named', version '9.6.1', is out of date, and possibly a security risk.

Warning: Application 'php', version '5.3.0', is out of date, and possibly a security risk.

Warning: Application 'sshd', version '5.2p1', is out of date, and possibly a security risk.

I silenced it by adding apps to DISABLE_TESTS line of /etc/rkhunter.conf.

BTW, there is a new version 1.3.6 at http://rkhunter.sourceforge.net/.

Comment 1 Kevin Fenzi 2009-12-01 16:37:27 UTC

Yes, with the release of 1.3.6, the application database was updated for all rkhunter releases. 
You got this new database via a daily cronjob ('rkhunter --update'). 

I have a 1.3.6 version in rawhide right now, I would like it to test for at least a few days there before pushing updates out to stable releases. 

In that update I am going to disable apps test by default. 

My reasoning: 

1. The upstream list addresses upstream versions of those packages and what versions fix currently known security issues. Sometimes fedora (and often/always in epel) security fixes may be backported to an earlier version, leaving the version number not too usefull. 

2. Keeping a list updated with the versions locally in the rkhunter package would mean having to push updates anytime any of the 9 applications listed are changed. 

3. Keeping a list updated locally with rkhunter would also mean I would have to follow all upstream and fedora security issues for all those applications. ;( 

4. Finally, just noting versions of 9 packages isn't terribly usefull. There are many more packages out there, and really staying updated is beyond the scope of rkhunter, unless it just added a 'you have pending updates, you should apply them'. 

Anyhow, disabling the test for now is a good idea, and with 1.3.6 it will be disabled by default. 
I'll leave this open for a bit, and close it when I push testing updates of 1.3.6 out.

Thanks for the report!

Comment 2 Fedora Update System 2009-12-06 18:49:26 UTC

rkhunter-1.3.6-2.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/rkhunter-1.3.6-2.fc12

Comment 3 Fedora Update System 2009-12-06 19:00:59 UTC

rkhunter-1.3.6-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/rkhunter-1.3.6-2.fc11

Comment 4 Fedora Update System 2009-12-06 19:56:54 UTC

rkhunter-1.3.6-2.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/rkhunter-1.3.6-2.el5

Comment 5 Fedora Update System 2009-12-07 06:29:53 UTC

rkhunter-1.3.6-2.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rkhunter'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0970

Comment 6 Fedora Update System 2009-12-07 07:33:05 UTC

rkhunter-1.3.6-2.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rkhunter'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12841

Comment 7 Fedora Update System 2009-12-07 07:33:19 UTC

rkhunter-1.3.6-2.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rkhunter'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-12843

Comment 8 Fedora Update System 2009-12-24 03:51:46 UTC

rkhunter-1.3.6-2.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2009-12-24 20:37:40 UTC

rkhunter-1.3.6-2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2009-12-24 20:45:37 UTC

rkhunter-1.3.6-2.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.