Rootkit Hunter scanner (http://rkhunter.sourceforge.net/ ) 1.4.0 found suspect applications on the Plesk 11.5 Linux server. Is there any Plesk services related to this warnings?
tar -xzvf rkhunter-1.4.0.tar.gz cd rkhunter-1.4. ./installer.sh --install rkhunter --check System checks summary ===================== File properties checks... Files checked: 123 Suspect files: 0 Rootkit checks... Rootkits checked : 111 Possible rootkits: 0 Applications checks... Applications checked: 8 Suspect applications: 1
The name of suspected applications can be found in
/var/log/rkhunter.log. For example:
grep 'Warning: Application' /var/log/rkhunter.log [01:04:01] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk. [01:04:01] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk. [01:04:01] Warning: Application 'php', version '5.3.2', is out of date, and possibly a security risk.
As you can see Rootkit Hunter checks all installed application versions on the server. It shows the warning if some of application has outdated version.
Some distributions, for example Red Hat and OpenBSD, do patch old versions of software. However, Rootkit Hunter thinks it is an old version, and so sees it as being unsecure. It is possible to whitelist specific applications, or specific versions of an application. The configuration file contains more details about this. If you wish you can skip the application version check completely by adding the 'apps' test name to the DISABLE_TESTS option in your rkhunter configuration file.
See more details in Rootkit Hunter documentation
Note! Before any update packages make sure that the new software version is compatible with Plesk server: Plesk Release Notes
The following link may be also helpful: