rkhunter warning about 'old'versions
Hi all,
I have an issue with rkhunter on my servers. Yesterday I installed the newest version 1.3.6 on a testserver and noticed that I got warnings for several programs that appear to be old versions according to rkhunter. This while the server in question is fully updated with apt-get. I was looking into that yesterday. Today when rkhunter got it's updates all of a sudden I'm getting the same warning from version 1.3.4: Code:
Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk. gpg -> 1.4.10 openssl -> 0.9.8l I've checked the web and there are indeed newer versions (non major) available but apparently not yet in the repositories used by apt-get on my Debian Lenny servers. How do I handle this? I'm relying on apt-get to keep my servers up to date so a little strange if I have to start updating manually because rkhunter complains. Kind regards, Eric |
There's this in the Rootkit Hunter FAQ:
Quote:
|
Hi win32sux,
I've noticed that too, and know that I can whitelist and/or disable the application check. But what's the use of a program's functionality if you have to disable parts of it? The versions I'm running are pretty good up to date according to the repositories, so I really wouldn't like to disable the checks or whitelist the programs that have 'old' versions. If I disable the option I'll have to enable again when the newest versions are available in the repositories or delete them from the whitelist. My update/upgrade with apt-get is working good and in my opinion so should the rkhunter tool. There's no use for an 'automated' utility when you have to drop down to manual administration for parts of it. Or am I seeing this wrong? Kind regards, Eric |
Quote:
|
Hi unSpawn,
I didn't mean to offend you, just was stating an opinion. My apologies. Kind regards, Eric |
I'm not offended at all and no apologies are necessary. If you think it needs improvement then you're more than welcome to do something about it.
|
It seems to me that rkhunter is very up-to-date. That is why it is (correctly) complaining that some of your software is "out of date". This is, of course, the way it should be.
apt-get (So I guess you are running Debian, or a derivative) always lags for me. The versions it offers are rarely the latest. The problem boils down to: Do you want "Bleeding edge", "Cutting edge" or just "Stable"? If you want: - "Bleeding edge" you might have to update (and perhaps recompile) hourly, and there may well be problems. - "Cutting edge" once every few days and there still may be problems. - "Stable" once every few months, and it'll probably be OK from the functionality aspect, but your security may be out of date. That said, most distros post important security updates very quickly. There's a two way balancing act here: Security and / or Stability. It is a difficult choice. |
Hello,
Thanks for the thorough explication. Yes, I'm using Debian as server for it's stability. I know that the security patches are available quite fast. Because of our production environment I have to give preference to stability and thus will whitelist the applications in RKHUNTER. Thanks all for the advice and input. Kind regards, Eric |
All times are GMT -5. The time now is 08:32 AM. |