Bug#693414: rkhunter: Out of date warnings for up-to-date debian packages
Axel Dürrbaum
axeld at uni-kassel.de
Fri Nov 16 08:53:17 UTC 2012
Package: rkhunter
Version: 1.3.6-4
Severity: normal
The cron job of rkhunter gives since a few weeks the (false) warning
Please inspect this machine, because it may be infected.
and claims that some packages are out of date
Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk.
Warning: Application 'openssl', version '0.9.8o', is out of date, and possibly a security risk.
Warning: Application 'sshd', version '5.5p1', is out of date, and possibly a security risk.
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
This gives a false alarm because all three packages are up-to-date for "squeeze":
ii openssl 0.9.8o-4squeeze13
ii openssh-server 1:5.5p1-6+squeeze2
ii gnupg 1.4.10-4
# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Either
- these security relevant packages are updated in squeeze or (preferred)
- this warning has to be corrected from "may be infected" to "outdated" or
- rkhunters database in /var/lib/rkhunter/db/ is adjusted
to avoid a false alarm from a security program.
Thanks
Axel Dürrbaum
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (700, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages rkhunter depends on:
ii binutils 2.20.1-16 The GNU assembler, linker and bina
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii exim4-daemon-light [ma 4.72-6+squeeze3 lightweight Exim MTA (v4) daemon
ii file 5.04-5+squeeze2 Determines file type using "magic"
ii net-tools 1.60-23 The NET-3 networking toolkit
ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction
Versions of packages rkhunter recommends:
ii iproute 20100519-3 networking and traffic control too
ii lsof 4.81.dfsg.1-1 List open files
ii lynx 2.8.8dev.5-1 Text-mode WWW Browser (transitiona
ii perl [libdigest-sha-pe 5.10.1-17squeeze3 Larry Wall's Practical Extraction
pn unhide <none> (no description available)
ii wget 1.12-2.1 retrieves files from the web
Versions of packages rkhunter suggests:
pn bsd-mailx <none> (no description available)
pn tripwire <none> (no description available)
-- Configuration Files:
/etc/rkhunter.conf changed:
ROTATE_MIRRORS=1
UPDATE_MIRRORS=1
MIRRORS_MODE=0
MAIL-ON-WARNING=root at localhost
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec"
LOGFILE=/var/log/rkhunter.log
APPEND_LOG=0
COLOR_SET2=0
AUTO_X_DETECT=1
ALLOW_SSH_ROOT_USER=without-password
ALLOW_SSH_PROT_V1=0
ENABLE_TESTS="all"
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"
PKGMGR=NONE
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/sbin/prelink
SCRIPTWHITELIST=/sbin/chkconfig
ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENDIR=/dev/.udev
ALLOWHIDDENDIR=/dev/.initramfs
INETD_ALLOWED_SVC=pop3
INETD_ALLOWED_SVC=ident
INETD_ALLOWED_SVC=tftp
INETD_ALLOWED_SVC=swat
UID0_ACCOUNTS="root admin"
PWDLESS_ACCOUNTS="+"
ALLOW_SYSLOG_REMOTE_LOGGING=0
SUSPSCAN_DIRS="/tmp /var/tmp"
SUSPSCAN_TEMP=/dev/shm
SUSPSCAN_MAXSIZE=10240000
SUSPSCAN_THRESH=200
INSTALLDIR="/usr"
-- debconf information:
rkhunter/apt_autogen: false
rkhunter/cron_daily_run:
rkhunter/cron_db_update:
More information about the forensics-devel
mailing list