Hi, > > APP_WHITELIST="httpd:2.2.3 named:9.3.6-P1 sshd:4.9p1 php:5.1.6 > > openssl:0.9.8e" > > > > and got the output: > > > > Warning: Application 'named', version '9.3.6-P1', is out of date, > > and possibly > > a security risk. > > > > So it seems the named entry is still ignored? > > > > I also find the sshd warning a little odd since what is installed is: > > > > # rpm -q openssh > > openssh-4.3p2-36.el5_4.2.i386 > > Huh, re the ssh - what's the output of ssh -V ? > Re the named, no ideas off the top...
It's: # ssh -V OpenSSH_4.9p1, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 But I just realised, for this server is a test server and some ssh work was done on it, so there's two copies of ssh, the one that comes with Red Hat: # /usr/bin/ssh -V OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 and the one that was added (when testing ssh chroot environments for the new version - RH's version is so old): # which ssh /usr/local/bin/ssh # /usr/local/bin/ssh -V OpenSSH_4.9p1, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 So it seems if I wanted to whitelist the sshd versions above, I'd then really need two entries like: APP_WHITELIST="httpd:2.2.3 named:9.3.6-P1 sshd:4.9p1 sshd:4.3p2 php:5.1.6 openssl:0.9.8e" ie. if the code supports that. Or get rid of the RH RPM version. Sorry for the bum steer on that one. Regards, Michael. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
