These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for recommended repository on the new forum.
Web Hosting and Cloud Computing Control Panels
Howdy,
Generally, just the ones that are there after a typical Debian installation. Which ones are you using ATM?
-Eric
i dont have a problem with nothing, just a security question becouse rkhunter sends me alerts.. example: Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk. Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk. Warning: Application 'php', version '5.2.6', is out of date, and possibly a security risk. Warning: Application 'proftpd', version '1.3.1', is out of date, and possibly a security risk. Warning: Application 'sshd', version '5.1p1', is out of date, and possibly a security risk.
i have this /etc/apt/sources.list
deb ftp://ftp.nl.debian.org/debian lenny main non-free contrib deb-src ftp://ftp.nl.debian.org/debian lenny main non-free contrib
deb http://security.debian.org/ lenny/updates main contrib non-free deb-src http://security.debian.org/ lenny/updates main contrib non-free
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free deb-src http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free deb http://software.virtualmin.com/gpl/debian/ virtualmin-lenny main deb http://software.virtualmin.com/gpl/debian/ virtualmin-universal main
Those repositories look perfect!
Now, as for that rkhunter output -- rkhunter knows what the latest revisions of openssl and php are, and as it compares what it knows to be the newest releases to what it's seeing on your Debian Lenny setup, it thinks your versions are out of date.
But, they're not :-)
Distros tend to do that -- the version number of a given software package that's installed doesn't change much over the life of the distro. Debian Lenny came with 5.2.6 back in 2009, and that hasn't changed at all.
There have been security issues though, but rather than giving you a newer PHP version, they backport the security fixes into PHP 5.2.6.
Unfortunately, rkhunter doesn't account for that :-)
So what you'd have to do is tell rkhunter what software versions are okay on your distro. You can do that by editing /etc/rkhunter.conf, and configuring "APP_WHITELIST".
-Eric
Thank you very much for your explanation and taking the time to answer it =)