LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Blogs > unSpawn
User Name
Password

Notices



Rate this Entry

Rootkit Hunter release 1.4.0

Posted 04-30-2012 at 08:11 PM by unSpawn
Updated 04-30-2012 at 08:12 PM by unSpawn

Rootkit Hunter 1.4.0 release is here thanks to John Horne and all contributors who provided code, submitted ideas, bugs, fixes, documentation, helped out on the rkhunter-users mailing list and promoted Rootkit Hunter.

New:

- Added the '--list propfiles' command-line option. This will dump out the list of filenames that will be searched for when building the file properties database. By default the list is not shown if just '--list' is used.
- Added Jynx rootkit check.
- Added Turtle/Turtle2 rootkit check.
- Added KBeast rootkit check.
- The installer now supports the Slackware TXZ package layout option.

Changes:

- Allow the ALLOWDEVFILE, ALLOWHIDDENFILE and ALLOWHIDDENDIR options to use '%' as the space character. (Note: This is a temporary fix).
- The ALLOWPROCDELFILE option can now use wildcards in the file names.
- The '--list perl' command-line option now shows whether the perl command itself is installed or not.
- The 'shared_libs' test now allows whitelisting of the preloading environment variables.
- The '-r/--rootdir' command-line options, and the ROOTDIR configuration option are now deprecated. If they are used then an error message will be displayed. The options will have no effect, but rkhunter will continue. The options will be completely removed at the next release.
- The 'hidden_ports' test will now show if a found port is TCP or UDP.
- It is now possible to whitelist ports in the 'hidden_ports' test using the PORT_WHITELIST configuration option.

Bugfixes:

- Allow the ALLOWPROCDELFILE option to work again.
- Correct the check of the ProFTPD version number.
- Fix the FreeBSD 'sockstat' command check to ensure that the correct fields are used.
- Fix for newer version of the 'file' command when reporting scripts.
- Fix the ALLOWHIDDENFILE option to allow hidden symbolic links.
- The 'filesystem' check now handles files and directories with spaces in their names correctly.
- The 'startup_files' test was displaying file names with spaces in them incorrectly. Also the test was not checking files which were in hidden directories.
- Ensure that the ALLOWDEVFILE, ALLOWHIDDENFILE and ALLOWHIDDENDIR options re-evaluate their whitelisting lists to ensure that any wildcard entries are the most recent. (A time window previously existed which meant that the list was processed, but new files could be created before the test was run. As such they were reported as false-positive warnings, when they should have been whitelisted.)
- Allow the EXISTWHITELIST option to work with symbolic links.
- The test of whether prelinking is being used or not was sometimes causing the file properties hash test to be skipped, without the real reason being stated. Now the hash test will proceed but the user will still get a warning (because it detects that prelinking was used and is not now, or vice-versa).
- Rkhunter will now check to see if the 'head' and 'tail' commands understand the '-n' option. If they do, then it will be used. If they do not, then the older 'head -1' and 'tail -1' commands will be used.

For more details please see the CHANGELOG.
Rootkit Hunter release 1.4.0 obsoletes all previous releases. Please upgrade real soon now.
Posted in Uncategorized
Views 959 Comments 0
« Prev     Main     Next »

  



All times are GMT -5. The time now is 06:21 AM.

Main Menu
Advertisement

Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration