2009/11/30 Kevin Fenzi <kevin@xxxxxxxxx>: > Disable the application checks. I am going to likely push out a new > rkhunter package that does this soon. > > The problem is that upstream pushes out a dat file with the versions of > those packages that are up to date and proof against known security > issues. Fedora often backports fixes for stable releases, so the > version isn't very good as an indicator when you are safe or not. I'm not sure that disabling the application checks is the best approach. There is a mechanism in "rkhunter.conf" to whitelist specific applications (APP_WHITELIST), either by name or name and version. I'd rather know about it when things change, so I've put the version numbers in as well since it's a quick update if and when Fedora updates the release instead of back-porting patches. The line in my "rkhunter.conf" on F11 is as follows: APP_WHITELIST="gpg:1.4.0 httpd:2.2.13 named:9.6.1 sshd:5.2p1" You'd need to adapt the version numbers per Fedora release of course (or forego them entirely) but IMHO it's still preferable to disabling the application checks entirely. -- Andy The only person to have all his work done by Friday was Robinson Crusoe -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
