Public bug reported: Binary package hint: rkhunter
As of now (Dec 09) rkhunter updates to the programs_bad.dat file will cause rkhunter to warn about the installed versions of openssl (0.9.8g) and openssh (4.7p1) As I understand it, that's a 'false positive' because Ubuntu patches the current version for security issues rather than installing updated versions. Upstream is not willing to try and track the version numbers for every possible distro (see <http://sourceforge.net/mailarchive/forum.php?thread_name=1259660989.9270.13.camel%40jhorne&forum_name=rkhunter-users>) To be consistent with the current practice of placing common whitelist options in the conf file, but leaving them commented out, can the Ubuntu package add the version numbers for the apps it ships be added to the conf file? Thus, for Hardy put this line in /etc/rkhunter.conf #APP_WHITELIST="openssl:0.9.8g sshd:4.7p1 exim:4.69-2 httpd:2.2.8-1ubuntu0.14 named:1:9.4.2.dfsg.P2-2ubuntu0.2 php:5.2.4-2ubuntu5.9 procmail:3.22-16ubuntu3 proftpd:1.3.1-6ubuntu1" (side note - I dunno about that colon in the version number of bind - it might cause problems parsing - untested) Comments? ** Affects: rkhunter (Ubuntu) Importance: Undecided Status: New -- rkhunter reports openssl and sshd versions out of date https://bugs.launchpad.net/bugs/493607 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs