RkHunter and applications?

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Galactic Zero
Forum Regular
Forum Regular
Posts: 471
Joined: Mon Dec 06, 2004 10:43 pm

RkHunter and applications?

Unread post by Galactic Zero »

Ok I got the following message from rkHunter and need some advice please:

Application advisories
* Application version scan
- GnuPG 1.2.1 [ Old or patched version ]
- Apache 2.0.46 [ Old or patched version ]
- Bind DNS 9.2.4 [ Unknown ]
- OpenSSL 0.9.7a [ Old or patched version ]
- ProFTPd 1.2.9 [ Old or patched version ]

RPM -qa Shows:

gnupg-(none)-1.2.1-10
openssl-(none)-0.9.7a-33.15
psa-proftpd-xinetd-(none)-1.2.9-rhel3.build71050228.12
psa-proftpd-(none)-1.2.9-rhel3.build71050228.12

I'm not finding Bind DNS using the rpm query or Apache.

So, could use some guidance please.

Thanks.
Franklyn Halamka
Still learning my way around Linux Security.
http://www.galacticzero.net
tonisius

Unread post by tonisius »

i believe apache rpm is called httpd
Jason Lee
Forum User
Forum User
Posts: 87
Joined: Mon Dec 06, 2004 1:39 pm
Location: Winnipeg, Canada

Unread post by Jason Lee »

And bind DNS is called named
Galactic Zero
Forum Regular
Forum Regular
Posts: 471
Joined: Mon Dec 06, 2004 10:43 pm

Unread post by Galactic Zero »

Here is the apache info, named did't come up.. ?!?

httpd-(none)-2.0.46-46.highfd.rhel3.art
redhat-config-httpd-5-1.1.0-4
httpd-(none)-2.0.46-46.2.ent.centos.1
Franklyn Halamka
Still learning my way around Linux Security.
http://www.galacticzero.net
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Unread post by scott »

bind should be called bind, heres what it looks like on mine:

[root@3es root]# rpm -qa |grep bind
bind-9.2.4-5_EL3
bind-utils-9.2.4-7_EL3
bind-9.2.4-7_EL3
Galactic Zero
Forum Regular
Forum Regular
Posts: 471
Joined: Mon Dec 06, 2004 10:43 pm

Unread post by Galactic Zero »

Ok here is my bind list:

[root@gz root]# rpm -qa |grep bind
redhat-config-bind-(none)-2.0.0-14.2
bind-20-9.2.4-5_EL3
bind-libs-20-9.2.4-5_EL3
bind-libs-10-9.2.4-EL3_10
bind-10-9.2.4-EL3_10
ypbind-3-1.12-5
bind-utils-20-9.2.4-5_EL3
ypbind-3-1.12-5.21.1
redhat-config-bind-(none)-2.0.0-14.2.centos.0
bind-utils-10-9.2.4-EL3_10

So, with RK hunter flagging these programs what do I need to fix to ensure that they are secure? when I yum update "program" I get there are no updates for it, so should I assume I'm ok?

I'm pretty much running only art's channels for yum.

Thanks. This is helping educate me.
Franklyn Halamka
Still learning my way around Linux Security.
http://www.galacticzero.net
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Unread post by scott »

In this case Id say thats a false positive with rkhunter then, a lot of times red hat will backport fixes from newer versions of an app, and not change the version numbers.
Galactic Zero
Forum Regular
Forum Regular
Posts: 471
Joined: Mon Dec 06, 2004 10:43 pm

Unread post by Galactic Zero »

Ok, with running RHE3, PSA 7.1.x, do I need all the bind apps?

Thanks for your assistance.
Franklyn Halamka
Still learning my way around Linux Security.
http://www.galacticzero.net
Post Reply