SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for rkhunter-1.4.6-68.1.x86_64.rpm :
Tue Sep 25 14:00:00 2018 Jan Engelhardt
- Replace %__-type macro indirections.
- Avoid repeating name in summary.

Mon Sep 24 14:00:00 2018 Mathias Homann
- upgrade to version 1.4.6

* 1.4.6 (20/02/2018)

* New:
- Added support for Alpine Linux (busybox).
- Added the \'Diamorphine LKM\' test.
- Added the ALLOWIPCPID configuration file option. This will allow
specific PIDs to be whitelisted from the shared memory check.
- Added the ALLOWIPCUSER configuration file option. This will allow
specific usernames to be whitelisted from the shared memory check.
- Added the IPC_SEG_SIZE configuration file option. This can be used
to set the minimum shared memory segment size to check. The default
value is 1048576 bytes (1MB).
- Added the SKIP_INODE_CHECK configuration file option. Setting this
option will disable the reporting of any changed inode numbers.
The default is to report inode changes. (This option may be useful
for filesystems such as Btrfs.)
- Added Ebury sshd backdoor test.
- Added a new SSH configuration test to check for various suspicious
configuration options. Currently there is only one check which
relates to the Ebury backdoor.
- Added basic test for Jynx2 rootkit.
- Added Komplex trojan test.
- Added basic test for KeRanger running process.
- Added test for Keydnap backdoor.
- Added basic test for Eleanor backdoor running process.
- Added basic tests for Mokes backdoor.
- Added tests for Proton backdoor.
- Added the SUSPSCAN_WHITELIST configuration file option. This
option can be used to whitelist file pathnames from the
\'suspscan\' test.

* Changes:
- The \'ipc_shared_mem\' test will now log the minimum segment size
that will be checked. It will also log the size of any segments
which appear suspicious (that is, larger than the configured
allowed maximum size).
- If verbose logging is disabled, then generally only the test
name and the final result for the test will now be logged.
- Kernel symbol checks will now use the \'System.map\' file, if it
exists, and no other kernel symbol file can be found.

* Bugfixes:
- For prelinked systems ensure that the default hash function is
SHA1 and not SHA256.
- The result from the \'hidden_procs\' test was not being
calculated correctly.
- Checking the O/S version number could be missed in some cases.
- Minor improvement to the
*BSD immutable files check.
- The \'OS_VERSION_FILE\' configuration option pathname cannot be
a link, but this was not checked.
- Improved checks for the O/S name on Devuan systems.
- Handling of the \'/etc/issue\' file during O/S detection has now
improved. Escape sequences are either replaced or removed.
- Not all the linux kernel module names were being checked.
- The logging of detached memory segments tried to show the
process pathname. This has now been corrected, and where no
pathname is available, the segment owner and PID will be logged.
- It was possible for the return code to be lost when running the
\'ipc_shared_mem\' test. This has now been corrected.
- Some configuration options were still not being handled correctly
when specified more than once.
- The \'ipc_shared_mem\' test did not correctly handle whitelisting
when a segment pathname was flagged as deleted. This has now
been corrected.
- Commands disabled in the configuration file were being logged
as not found. They are now logged as having been disabled.
- Disabling verbose logging could hide some warning messages.
- The \'shared_libs\' test now caters for simple filenames, as well
as pathnames which contain the \'$LIB\', \'$ORIGIN\' or \'$PLATFORM\'
variables.
- -

Thu Nov 23 13:00:00 2017 rbrownAATTsuse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)

Mon Jul 3 14:00:00 2017 svenAATTuebelacker.net
- upgrade to version 1.4.4 (29/06/2017)
- Added the GLOBSTAR configuration file option. This will set the shells globstar option to allow recursive checks of directories. By default this option is disabled.
- Added a Japanese translation file.
- Added support for the \'BSDng\' package manager option. This can be used by those
*BSD systems which have the \'pkg\' command available (currently later FreeBSD systems).
- The BSD package manager will now try the \'pkg_info\' command \'-W\' option if the \'-F\' option fails.
- Added the LOCKDIR configuration option. It is now possible to specify the directory rkhunter will use to store the lock file (if USE_LOCKING has been set). The default is unset, and this will cause rkhunter to look for a directory to use. Details are in the configuration file.
- Added the ALLOWIPCPROC configuration file option. This can be used to whitelist suspicious processes using shared memory segments (found during the \'ipc_shared_mem\' check).

Fri Apr 7 14:00:00 2017 saigkillAATTopensuse.org
- whitelist /dev/shm/CAPI20
* and /dev/shm/sem.CAPI20
* (boo#1030378)
- whitelist /usr/bin/.fipscheck.hmac (boo#1030378)

Tue Oct 25 14:00:00 2016 meissnerAATTsuse.com
- do not use /etc/SuSE-release anymore, fallback to generic
/etc/os-release (bsc#1006382)

Sun Feb 28 13:00:00 2016 bwiedemannAATTsuse.com
- Add rkhunter-grep-fix.patch to fix a bogus warning (boo#968578)

Fri Dec 25 13:00:00 2015 mpluskalAATTsuse.com
- Add gpg signature

Sun May 10 14:00:00 2015 VolkerKuhlmannAATTgmx.de
- Default config file changed so APPEND_LOG was no longer activated.
Add to /etc/rkhunter.d/00-opensuse.conf

Sun May 10 14:00:00 2015 VolkerKuhlmannAATTgmx.de
- Fix spec obliterating PKGMGR_NO_VRFY. This fixes bnc#926624
- Create /etc/rkhunter.d and put config added by rpm in a file in it.
- Fix hideous way of spec adding config variables to a file.

Sun Apr 5 14:00:00 2015 arunAATTgmx.de
- specfile:

* added ALLOWHIDENFILE /dev/.blkid.tab, /dev/.blkid.tab.old, and
/etc/.updated

Fri Oct 24 14:00:00 2014 Greg.FreemyerAATTgmail.com
- update to v1.4.2

* See CHANGELOG at http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG
- change Source: field to full URL
- change the spelling of README.SuSE to README.SUSE
- delete patch rkhunter-1.4.0-crontab.patch, now upstream
- add +%{_var}/lib/%{name}/db/signatures to %files section

Tue Oct 14 14:00:00 2014 jengelhAATTinai.de
- Remove bogus AutoReqProv: off
- Remove ancient specfile tags and sections

Sat Jan 11 13:00:00 2014 meissnerAATTsuse.com
- handle current lib64 platforms, added ppc64le and s390x.

Fri Jun 28 14:00:00 2013 Sascha Manns
- added some more strings to fix the issue.

Fri Jun 28 14:00:00 2013 Sascha Manns
- fixed bnc#826276 (added string /dev/.sysconfig/network to
ALLOWEDDEVFILE)

Mon Mar 25 13:00:00 2013 schwabAATTsuse.de
- Add aarch64 to the list of lib64 platforms

Mon Mar 18 13:00:00 2013 Sascha Manns
- fixed bnc#776687 (changed OS_VERSION_FILE in rkhunter.con to
/etc/SuSE-release)

Mon Jan 7 13:00:00 2013 bjoernAATTcs.tu-berlin.de
Changes:
- do not report a false positive on /etc/crontab
- see http://sourceforge.net/tracker/?func=detail&atid=794187&aid=3591302&group_id=155034

Sun May 13 14:00:00 2012 Sascha.MannsAATTopen-slx.de
- updated to 1.4.0

* 1.4.0 (01/05/2012)
New:
- Added the \'--list propfiles\' command-line option. This will dump
out the list of filenames that will be searched for when building the
fileproperties database. By default the list is not shown if just
\'--list\' is used.
- Added Jynx rootkit check.
- Added Turtle/Turtle2 rootkit check.
- Added KBeast rootkit check.
- The installer now supports the Slackware TXZ package layout option.
Changes:
- Avoid checking exclamation points in ALLOWDEVFILE checks (this was
caught on 01/05/2012 causing a reissue of the 1.4.0 release).
- Allow the ALLOWDEVFILE, ALLOWHIDDENFILE and ALLOWHIDDENDIR options
to
use \'%\' as the space character. (Note: This is a temporary fix).
- The ALLOWPROCDELFILE option can now use wildcards in the file
names.
- The \'--list perl\' command-line option now shows whether the perl
command itself is installed or not.
- The \'shared_libs\' test now allows whitelisting of the preloading
environment variables.
- The \'-r/--rootdir\' command-line options, and the ROOTDIR
configuration option are now deprecated. If they are used then an
error message will be displayed. The options will have no effect,
but rkhunter will continue. The options will be completely removed
at the next release.
- The \'hidden_ports\' test will now show if a found port is TCP or
UDP.
- It is now possible to whitelist ports in the \'hidden_ports\' test
using the PORT_WHITELIST configuration option.
Bugfixes:
- Allow the ALLOWPROCDELFILE option to work again.
- Correct the check of the ProFTPD version number.
- Fix the FreeBSD \'sockstat\' command check to ensure that the correct
fields are used.
- Fix for newer version of the \'file\' command when reporting scripts.
- Fix the ALLOWHIDDENFILE option to allow hidden symbolic links.
- The \'filesystem\' check now handles files and directories with
spaces
in their names correctly.
- The \'startup_files\' test was displaying file names with spaces in
them incorrectly. Also the test was not checking files which were
in hidden directories.
- Ensure that the ALLOWDEVFILE, ALLOWHIDDENFILE and ALLOWHIDDENDIR
options re-evaluate their whitelisting lists to ensure that any
wildcard entries are the most recent. (A time window previously
existed which meant that the list was processed, but new files
could be created before the test was run. As such they were
reported as false-positive warnings, when they should have been
whitelisted.)
- Allow the EXISTWHITELIST option to work with symbolic links.
- The test of whether prelinking is being used or not was sometimes
causing the file properties hash test to be skipped, without the
real reason being stated. Now the hash test will proceed but the
user will still get a warning (because it detects that prelinking
was used and is not now, or vice-versa).
- Rkhunter will now check to see if the \'head\' and \'tail\' commands
understand the \'-n\' option. If they do, then it will be used. If
they do not, then the older \'head -1\' and \'tail -1\' commands will be
used.

Thu Sep 22 14:00:00 2011 Sascha.MannsAATTopen-slx.de
- fixed bnc#717773 rkhunter sends email without To-Header
- added \'echo \"To: $REPORT_EMAIL\" into rkhunter.cron

Thu Aug 4 14:00:00 2011 Sascha.MannsAATTopen-slx.de
- fixed License to GPLv2 or later
has misunderstood a message

Tue May 24 14:00:00 2011 saigkillAATTopensuse.org
- fixed bnc#695317 based on Volker Kuhlmann THX

Wed Nov 17 13:00:00 2010 saigkillAATTopensuse.org
- Updated to version 1.3.8

Mon Nov 30 13:00:00 2009 saigkillAATTopensuse.org
- updated to Version 1.3.6

Mon Nov 30 13:00:00 2009 saigkillAATTopensuse.org
- cleanup :


  
ICM