The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

rkhunter & insecure software?

Discussion in 'General Discussion' started by AlexSmithMCP, Nov 28, 2004.

  1. AlexSmithMCP

    AlexSmithMCP Well-Known Member

    Joined:
    May 26, 2004
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi all,

    just installed rkhunter and ran it and get this:

    * Application version scan
    - ClamAV 0.75.1 [ OK ]
    - Exim MTA 4.43 [ OK ]
    - GnuPG 1.2.1 [ Vulnerable ]
    - Apache [unknown] [ OK ]
    - Bind DNS [unknown] [ OK ]
    - OpenSSL 0.9.7a [ Vulnerable ]
    - PHP 4.3.9 [ OK ]
    - PHP 4.3.9 [ OK ]
    - Procmail MTA 3.22 [ OK ]
    - OpenSSH 3.5p1 [ Vulnerable ]

    Now i know there are updates for those bits of software but what i want to know is can i go, download them from there respective sites and update them without breakign cpanel?

    I mean OpenSSL is 0.9.7e, GnuPG is 1.2.6 and OpenSSH is 3.9! yet Cpanel doesnt list them as "Insecure" like it has done with other software.

    Thanks in advance,

    Alex
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  3. AlexSmithMCP

    AlexSmithMCP Well-Known Member

    Joined:
    May 26, 2004
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thank you very much

    /me stops worrying :)
     
  4. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    if you're using redhat's up2date, or the fedora updates services (progeny, etc), then you probably don't have to worry about insecure system software.

    However, your OpenSSH version looks a little old (well it would be if you're running Redhat Enterprise 3 or any of its derivatives - CentOS etc)... though it does depend on your OS.
     

Share This Page