Topic: Proof of something I knew in my heart all along.

[Neririn]

I just ran the latest version of RKHunter against my 6.0.1-01 box and it found the following vulnerabilities.

GnuPG 1.0.7
Apache 1.3.27
OpenSSL 0.9.6b
ProFTPd 1.2.9

Since there hasnt been an update in close to a year, I knew I would have vulnerabilities and likely does beyond the brief list above, but I tried to suppress my concern by watching the logs.  

Now that RKHunter has 'reopened' my eyes if you will, I am curious if there is a contrib, or a howto that will teach me what versions I need to download and complile for each of these.  Obviously I can download the source and compile, but SME 6 doesnt exactly come with the source dev compilers installed by default.  Do I need an old RH 7.3 machine?

Can anyone send me in the right direction on how to get these holes patched?  I'll be happy to share what I build with the community as an unofficial patch or whatever, but I honestly dont know where to begin.

Thanks

[Reinhold]

Knuddi (many others and me .-) has seen this "long before"  <eg>

(Note: there was/is a thread to this here somewhere too but got not time to look it up...)

Knuddi even put them all nicely in one place, why not go directly to his page an rpm -Uvh what you need:
http://sme.swerts-knudsen.dk/downloads/Updates/6.0.1/

Regards
Reinhold

[stefan24]

Now that RKHunter has 'reopened' my eyes if you will, I am curious if there is a contrib, or a howto that will teach me what versions I need to download and complile for each of these.  

Look at the following wiki page, which will update all at a glance (or gives you at least the files to update for yourself).

http://no.longer.valid/phpwiki/index.php?pagename=Latest%20version%20of%20update%20scripts

Since your installation is not new, take care about changes you made before, which will break your system.

BTW: *If* your system has a hardware router in front and you use no port forwarding to the SME box or system services like Web or Mail from the internet, I can see no probems with those "old" versions.


Stefan

[svangool]

stefan24 wrote:

Since your installation is not new, take care about changes you made before, which will break your system.

No guarentees, but I can confirm that the following update parts worked on my "old" 6.0 configuration:
Updates
SSH
SSL
Webmail
Apache
Mysql
PHPMyadmin
RKHunter
PHP 2.8

Comments:
I had to put /sbin/ before the service and chkconfig commands
The only things that I did not get working yet is the mysql_fix_privilege_tables and PHPMyadmin because I get "Access denied root@localhost (password:YES)" error, even if I supply my mysql password from root/.my.cnf to mysql_fix_privilege_tables and the PHP config file.
I'm still investigating this. I can't imagine how but one reason could be that I used "SU" in stead of being logged in as root.

These are minor issues (you can't use the GRANT command in Mysql and I can't use PHPmyadmin), the rest works fine.

Sjef.

[stefan24]

I had to put /sbin/ before the service and chkconfig commands

I have fixed this in the script now.

The only things that I did not get working yet is the mysql_fix_privilege_tables and PHPMyadmin because I get "Access denied root@localhost (password:YES)" error, ...

Maybe the mysqld is not ready. I inserted a sleep 10 here:

Code: [Select]

/sbin/service mysqld start
echo "please wait, until MySQL is started..."
sleep 10
/usr/bin/mysql_fix_privilege_tables


Does it work this way? I tested it several times and it went through.

Also look at

http://www.familybrown.org/howtos/mysql-password-howto.html

regarding mysql password changes (especially the last chapter).


Stefan

[svangool]

Also look at

http://www.familybrown.org/howtos/mysql-password-howto.html

regarding mysql password changes (especially the last chapter).

Stefan

Although my hands were wet (I saw some e-mails about breaking webmail when resetting mysql root password), I did it and it worked:

"Resetting the root password
Suppose you've already changed the root password, not realizing why it's such a bad idea.  Here's how to set it back to where it belongs:

[root@e-smith /root] # /etc/rc.d/init.d/mysqld stop
[root@e-smith /root] # /etc/e-smith/events/actions/conf-mysql-password
[root@e-smith /root] # /etc/rc.d/init.d/mysqld start"

Although I did not change my Mysql root password (maybe caused by the update), that solved the mysql_fix_privilege_tables and PHPMyadmin problem.

Thanks a lot Stefan!

[stefan24]

that solved the mysql_fix_privilege_tables and PHPMyadmin problem.

Thanks a lot Stefan!

Thanks for the feedback!

Stefan

[Damian]

I can verify that the upgrades completed by Sjef do work on 6.0 OK.

Nervous time seeing mysql be deleted and reinstalled though  

Well done Stefan!

Damian

[svangool]

Hi Damian,

Nervous time seeing mysql be deleted and reinstalled though

It's indeed a nerve-wrecking operation but it's a good feeling to have my rig up to date again.

Did you have the mysql password problem I had?

Sjef.

[Damian]

Hi Sjef,

No, I never changed it. I commented out some of the upgrades though but left in the rootkit hunter -pretty cool and now it's part of our standard build.

I tried 6.01 but it seemed unproven and so went back to 6.0. Seems everyone else is installing 6.01 so I might have missed the boat there.

Love the Clamav panel. Kudos to Jesper.

Damian