On Tue, 2009-12-29 at 16:21 +1100, Michael Mansour wrote: > Hi Brian, > > > Hi Michael > > > > You have named twice on that whitelist. > > While I haven't studied the code to see what happens, that doesn't > > look right to me. > Specifying an app name twice in the whitelist makes no difference, only the checked app name on its own or the app name and its version number will be used. Any other occurance of the app name is simply not used.
> Yeah I didn't notice that. I changed the line to: > > APP_WHITELIST="httpd:2.2.3 named:9.3.6-P1 sshd:4.3p2 php:5.1.6 openssl:0.9.8e" > > and re-ran /etc/cron.daily/rkhunter > > and got the output: > > Warning: Application 'named', version '9.3.6-P1', is out of date, and possibly > a security risk. > Warning: Application 'sshd', version '4.9p1', is out of date, and possibly a > security risk. > > So I then changed it to: > > APP_WHITELIST="httpd:2.2.3 named:9.3.6-P1 sshd:4.9p1 php:5.1.6 openssl:0.9.8e" > > and got the output: > > Warning: Application 'named', version '9.3.6-P1', is out of date, and possibly > a security risk. > > So it seems the named entry is still ignored? > Well I just tested this - with named version 9.6.1-p1 - and the whitelisting worked fine. I would suggest looking in the RKH log file. It will say what whitelisted apps it has found, and the version of the apps it finds. The top of the log file will also say which RKH config file(s) it is looking at - it may be that you are looking at one config file, but RKH is looking at a different one. If necessary you can whitelist just 'named'. The test will then, in effect, ignore the test for the 'named' version number (regardless of what it is). John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
