New version 1.44 of rkhunter released

hydrurga · 07-02-2017, 03:09 PM

For those of you who use rkhunter (Rootkit Hunter), the latest version 1.44 has just been released (29 June 2017).

It's the first release in over three years, since 1.42 was published in February 2014.

According to the rkhunter web pages:

Quote:

Rootkit Hunter release 1.4.4 obsoletes all previous releases. Please upgrade real soon now.

https://sourceforge.net/projects/rkh...iles/rkhunter/

Habitual · 07-02-2017, 04:28 PM

Security Crawl Monday!

Thanks!

Recipe for the some one.
in a terminal, issue:

Code:

cd /usr/src/
wget http://rkhunter.cvs.sourceforge.net/...nter/?view=tar
mv index.html\?view\=tar rkhunter.tar.gz
tar zxf rkhunter.tar.gz
mv rkhunter rkhunter-1-4-4
cd  rkhunter-1-4-4
./installer.sh --install
rkhunter --propupd
rkhunter --update
rkhunter -c -sk --rwo --nomow

and check /var/log/rkhunter.log for Warning:

I did not remove (--remove) 1.4.3 for this process.

Have Fun!

Habitual · 07-24-2017, 11:30 AM

Did anyone besides me see a 1.4.5 this morning?

Code:

rkhunter --versioncheck
[ Rootkit Hunter version 1.4.5 ]

Checking rkhunter version...
  This version  : 1.4.5
  Latest version: 1.4.4

Code:

cd /usr/src/
mv rkhunter-1-4-5/ rkhunter-1-4-5.wtf/

go thru the business end of wget/tar/mv/cd/.installer.sh/propupd/
and still

Code:

[ Rootkit Hunter version 1.4.5 ]

Checking rkhunter version...
  This version  : 1.4.5
  Latest version: 1.4.4

Anyone? Anyone at all?

AWS host(s) are at and only show 1.4.4.
The 1.4.5 is a VDS on my network.

hydrurga · 07-24-2017, 11:50 AM

Have you been using that time machine again? :-)

Your wget in post #2 does indeed return a version of rkhunter that claims to be 1.4.5.

Habitual · 07-24-2017, 12:16 PM

http://bit.ly/2tOpyF3

Trihexagonal · 07-24-2017, 08:46 PM

This is the latest version available in the FreeBSD ports tree:

Code:

root@peerless:/ # rkhunter --versioncheck
[ Rootkit Hunter version 1.4.4 ]

Checking rkhunter version...
  This version  : 1.4.4
  Latest version: 1.4.4

aus9 · 07-24-2017, 10:12 PM

maybe Habitual can adjust his download link from the CVS version to the stable version in post 2?
https://nchc.dl.sourceforge.net/proj...r-1.4.4.tar.gz

Code:

wget https://nchc.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz
--2017-07-25 11:11:44--  https://nchc.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz
Resolving nchc.dl.sourceforge.net (nchc.dl.sourceforge.net)... 211.79.60.17, 2001:e10:ffff:1f02::17
Connecting to nchc.dl.sourceforge.net (nchc.dl.sourceforge.net)|211.79.60.17|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 297626 (291K) [application/x-gzip]
Saving to: 'rkhunter-1.4.4.tar.gz’

rkhunter-1.4.4.tar.gz                           100%[====================================================================================================>] 290.65K   459KB/s    in 0.6s    

2017-07-25 11:11:45 (459 KB/s) - 'rkhunter-1.4.4.tar.gz’ saved [297626/297626]

Habitual · 07-25-2017, 07:13 AM

Maybe it's hacked?

http://cfhcable.dl.sourceforge.net/p...r-1.4.4.tar.gz
worked via browser, so I have no reason to believe it won't operate that way in a/the terminal.

I have to admit that cvs link was acquired in the exact same manner (Browser > Downloads > copy download 'link')
about 6 years ago, mebbe...?

Code:

wget "http://cfhcable.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz"

works, as advertised.
Well, I'm glad it's not just "me" then!

and for the other "Type A" personalities out there!

Code:

md5sum rkhunter-1.4.4.tar.gz && sha256sum rkhunter-1.4.4.tar.gz
c625bcb5e226d1f2a7a3a530b7e4fbd9  rkhunter-1.4.4.tar.gz
a8807c83f9f325312df05aa215fa75ad697c7a16163175363c2066baa26dda77  rkhunter-1.4.4.tar.gz

Thank you all for your time.
John.

aus9 · 07-25-2017, 07:05 PM

Quote:

and for the other "Type A" personalities out there!

and the wiki is now out-of-date

Code:

cd Downloads
wget https://nchc.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz
wget https://nchc.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz.asc
gpg --keyserver pgp.mit.edu --recv-keys D13AAA83
gpg --verify rkh*.asc rkh*.gz

# result
gpg: Signature made Thu 29 Jun 2017 20:16:16 AWST using RSA key ID D13AAA83
gpg: Good signature from "John Horne <john.horne@plymouth.ac.uk>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9713 808A 269F A032 6356  958B E9C5 DC50 D13A AA83

out of date is gpg --keyserver pgp.mit.edu --recv-keys A65F5E17

luckily the dev team advise to use the mailing list if any issues so the wiki is not important