packages not updating? RKHunter reporting wrong?

[sciguy14]

I have atomic Repos setup with priority 1. My RKHunter has been telling me for the last few days that some of my packages are not up to date:

Code: Select all

Warning: Application 'httpd', version '2.2.3', is out of date, and possibly a security risk.
Warning: Application 'named', version '9.3.6-P1', is out of date, and possibly a security risk.
Warning: Application 'openssl', version '0.9.8e', is out of date, and possibly a security risk.
Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.

Should I be concerned about this? Running YUM update tells me the following:

Code: Select all

Loaded plugins: downloadonly, fastestmirror, priorities
Loading mirror speeds from cached hostfile
 * atomic: www3.atomicorp.com
 * rpmforge: apt.sw.be
Excluding Packages from Plesk Server Administrator
Finished
829 packages excluded due to repository priority protections
Setting up Update Process
No Packages marked for Update

829 packages seems like a lot to me, and I find it strange that atomic isn't up-to-date on these packages. Is RKHunter just reporting it wrong? Do I have something set up wrong? Thanks!

[scott]

Provided you are keeping up with the latest updates from the vendor (centos/redhat/fedora) then those are likely false positives. Also there arent 800 packages in a single atomic channel, so that message is also misleading. I suspect its because of your priorities in yum, and if its coming from the vendor update channels then you truly do have something to worry about

[breun]

I add the 'apps' test to the DISABLE_TESTS line in rkhunter's config, because if everything you install is through yum and your OS version is not EOL those are all false positives.

[sciguy14]

Thanks, I've disabled the apps test, and that gets rid of the annoying rkhunter false positives. I still don't completely understand th yum error about 800 packages though. How can I confirm that all my priorities are correct, and that updates are being downloaded as they should be?

Thanks for all the help so far!

[scott]

Id go look to see what its set at. Its an optional flag so worst case you can always remove it

[sciguy14]

atomic is set to priority 1.
CentOS Base is priority 1 as well.
Plesk Doesn't have a priority set.
RPMforge has priority 15.

Could the issue be that the Plesk Repo doesn't have a priority set?

[scott]

I reckon thats coming from rpmforge, 15 is pretty low

[sciguy14]

So what should I change it to? And Should I set a priority for Plesk? Are the other priorities okay? Pardon my ignorance...

[scott]

You generally dont need to use it unless you've got a lot of repos with overlapping packages. I consider any conflict atomic has with rpmforge to be our bug, so you shouldn't need to override one or the other with a priority. Try commenting them out and see what happens

[sciguy14]

commenting out rpmforge dropped the number of excluded packages down to 8.

[breun]

I add the 'apps' test to the DISABLE_TESTS line in rkhunter's config, because if everything you install is through yum and your OS version is not EOL those are all false positives.

The Fedora/EPEL packages for rkhunter now also disable the apps test by default: https://bugzilla.redhat.com/show_bug.cgi?id=543065 The ART packages don't though.