* Application version scan - Exim MTA 4.34 [43C[ OK ] - GnuPG 1.2.1 [45C[ Vulnerable ] - Apache [unknown] [40C[ OK ] - Bind DNS [unknown] [38C[ OK ] - OpenSSL 0.9.7a [42C[ Vulnerable ] - PHP 4.3.8 [47C[ OK ] - PHP 4.3.8 [47C[ OK ] - Procmail MTA 3.22 [39C[ OK ] - OpenSSH 3.5p1 [43C[ Vulnerable ] Security advisories * Check: Groups and Accounts Searching for /etc/passwd... [30C[ Found ] Checking users with UID '0' (root)... [21C[ OK ] * Check: SSH Searching for sshd_config... Found /etc/ssh/sshd_config Checking for allowed root login... [24C[ OK (Remote root login disabled) ] Checking for allowed protocols... [25C[ OK (Only SSH2 allowed) ] * Check: Events and Logging Search for syslog configuration... [24C[ OK ] Checking for running syslog slave... [22C[ OK ] Checking for logging to remote system... [18C[ OK (no remote logging) ] procmail? why is this installed.. did cpanel install this? how can I update openssl and openssh without mucking cpanel up? and what is GnuPG and how can I update it? /etc/passwd [FOUND] is this bad? logging to remote system [ no remote logging] is this bad? * Filesystem checks Checking /dev for suspicious files... [21C[ OK ] Scanning for hidden files...[31C[ Warning! ] --------------- /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory) .pwd.lock is a blank file I copied it to a different file and rm'd it /etc/.java is a directory with files all are empty as I can see. Any suggestions?