Hi guys, On my ISPconfig 3 server in RKHunters log I get 4 possible threads, although I haven't got any update notification from apt. Aren't the apps below udated vie aptitude? [06:30:46] Checking version of GnuPG [ Warning ] [06:30:46] Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk. [06:30:46] Checking version of OpenSSL [ Warning ] [06:30:46] Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk. [06:30:46] Checking version of PHP [ Warning ] [06:30:46] Warning: Application 'php', version '5.2.6', is out of date, and possibly a security risk. [06:30:46] Checking version of OpenSSH [ Warning ] [06:30:46] Warning: Application 'sshd', version '5.1p1', is out of date, and possibly a security risk.
This is common for debian based distros but what you can do is to add it to whitelist. sudo nano -w /etc/rkhunter.conf APP_WHITELIST="openssl gpg sshd php5"
Thanks damir, but I am already aware of that, my question is if these packages are not updated via aptitude, when they are available ofcourse and if they can cause any security breach issues by not updating them.
This are the stable packages that comes with distributions, and are recommended ones to use. You can always add repositories for the latest packages. I'm a Debian user, so i'm not aware what repositories is correct ones for Ubuntu.
I downloaded the source for all of these and compiled and installed these newer versions on Debian Lenny. This cleared the error messages. Or you can wait for the repos to catch up.
