Rootkit Hunter scanner 1.4.0 found suspect applications on the Plesk 11.5 Linux server. Is there any Plesk services related to this warnings?

Refers to:

  • Plesk 12.5 for Linux
  • Plesk 11.5 for Linux

Created:

2016-11-16 12:53:57 UTC

Modified:

2016-12-21 19:29:04 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Rootkit Hunter scanner 1.4.0 found suspect applications on the Plesk 11.5 Linux server. Is there any Plesk services related to this warnings?

Symptoms

Rootkit Hunter scanner ( http://rkhunter.sourceforge.net/ ) 1.4.0 found suspect applications on the Plesk 11.5 Linux server. Is there any Plesk services related to this warnings?

tar -xzvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.
./installer.sh --install
rkhunter --check


System checks summary
=====================
File properties checks...
Files checked: 123
Suspect files: 0

Rootkit checks...
Rootkits checked : 111
Possible rootkits: 0

Applications checks...
Applications checked: 8
Suspect applications: 1

Resolution :

The name of suspected applications can be found in /var/log/rkhunter.log . For example:

grep 'Warning: Application' /var/log/rkhunter.log
[01:04:01] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk.
[01:04:01] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk.
[01:04:01] Warning: Application 'php', version '5.3.2', is out of date, and possibly a security risk.

As you can see Rootkit Hunter checks all installed application versions on the server. It shows the warning if some of application has outdated version.

Some distributions, for example Red Hat and OpenBSD, do patch old versions of software. However, Rootkit Hunter thinks it is an old version, and so sees it as being unsecure. It is possible to whitelist specific applications, or specific versions of an application. The configuration file contains more details about this. If you wish you can skip the application version check completely by adding the 'apps' test name to the DISABLE_TESTS option in your rkhunter configuration file.

See more details in Rootkit Hunter documentation

Note! Before any update packages make sure that the new software version is compatible with Plesk server: Plesk Release Notes

The following link may be also helpful:

Is it safe to update system packages using the operating system package manager?

Will installation of PHP module / update of PHP affect Plesk?

Have more questions? Submit a request
Please sign in to leave a comment.