| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: rkhunter | Distribution: openSUSE:Factory:zSystems |
| Version: 1.4.6 | Vendor: openSUSE |
| Release: 8.2 | Build date: Wed Mar 8 02:59:00 2023 |
| Group: System/Monitoring | Build host: s390zl21 |
| Size: 1194770 | Source RPM: rkhunter-1.4.6-8.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://rkhunter.sourceforge.net/ | |
| Summary: A scanner for Rootkits, Backdoors, and Local Exploits | |
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. This tool scans for rootkits, backdoors, and local exploits by running tests like: * Comparing MD5 hashes * Looking for default files used by rootkits * Checking for wrong file permissions for binaries * Looking for suspected strings in LKM and KLD modules * Looking for hidden files * Optionally scanning within plain text and binary files * Checking software versions * Testing applications
GPL-2.0-or-later
* Wed Sep 28 2022 Alexander van Kaam <alexvkaam@gmail.com>
- added systemd timer and service file
fix boo#1115455
* Mon May 23 2022 Andreas Schwab <schwab@suse.de>
- Use correct SCRIPTDIR
* Tue Apr 12 2022 Marcus Meissner <meissner@suse.com>
- renable gpg verification, change to https urls.
- rkhunter.keyring: changed from keyserver
* Thu Jan 09 2020 Johannes Segitz <jsegitz@suse.de>
- Remove default cron job and install it with the documentation.
This way the user can decide if he needs rkhunter to run regularly
(bsc#1150553).
* Fri Aug 23 2019 Marcus Meissner <meissner@suse.com>
- package the /etc/cron.daily instead of buildrequire cron
* Tue Aug 20 2019 kukuk@suse.de
- BuildRequire cron, as this contains now the cron directories
* Thu Apr 11 2019 ecsos@opensuse.org
- Generate rkhunter.conf.local to prevent hash error for
rkhunter.conf.
- Remove some rpmlint-erros.
* Tue Sep 25 2018 Jan Engelhardt <jengelh@inai.de>
- Replace %__-type macro indirections.
- Avoid repeating name in summary.
* Mon Sep 24 2018 Mathias Homann <Mathias.Homann@opensuse.org>
- upgrade to version 1.4.6
* 1.4.6 (20/02/2018)
* New:
- Added support for Alpine Linux (busybox).
- Added the 'Diamorphine LKM' test.
- Added the ALLOWIPCPID configuration file option. This will allow
specific PIDs to be whitelisted from the shared memory check.
- Added the ALLOWIPCUSER configuration file option. This will allow
specific usernames to be whitelisted from the shared memory check.
- Added the IPC_SEG_SIZE configuration file option. This can be used
to set the minimum shared memory segment size to check. The default
value is 1048576 bytes (1MB).
- Added the SKIP_INODE_CHECK configuration file option. Setting this
option will disable the reporting of any changed inode numbers.
The default is to report inode changes. (This option may be useful
for filesystems such as Btrfs.)
- Added Ebury sshd backdoor test.
- Added a new SSH configuration test to check for various suspicious
configuration options. Currently there is only one check which
relates to the Ebury backdoor.
- Added basic test for Jynx2 rootkit.
- Added Komplex trojan test.
- Added basic test for KeRanger running process.
- Added test for Keydnap backdoor.
- Added basic test for Eleanor backdoor running process.
- Added basic tests for Mokes backdoor.
- Added tests for Proton backdoor.
- Added the SUSPSCAN_WHITELIST configuration file option. This
option can be used to whitelist file pathnames from the
'suspscan' test.
* Changes:
- The 'ipc_shared_mem' test will now log the minimum segment size
that will be checked. It will also log the size of any segments
which appear suspicious (that is, larger than the configured
allowed maximum size).
- If verbose logging is disabled, then generally only the test
name and the final result for the test will now be logged.
- Kernel symbol checks will now use the 'System.map' file, if it
exists, and no other kernel symbol file can be found.
* Bugfixes:
- For prelinked systems ensure that the default hash function is
SHA1 and not SHA256.
- The result from the 'hidden_procs' test was not being
calculated correctly.
- Checking the O/S version number could be missed in some cases.
- Minor improvement to the *BSD immutable files check.
- The 'OS_VERSION_FILE' configuration option pathname cannot be
a link, but this was not checked.
- Improved checks for the O/S name on Devuan systems.
- Handling of the '/etc/issue' file during O/S detection has now
improved. Escape sequences are either replaced or removed.
- Not all the linux kernel module names were being checked.
- The logging of detached memory segments tried to show the
process pathname. This has now been corrected, and where no
pathname is available, the segment owner and PID will be logged.
- It was possible for the return code to be lost when running the
'ipc_shared_mem' test. This has now been corrected.
- Some configuration options were still not being handled correctly
when specified more than once.
- The 'ipc_shared_mem' test did not correctly handle whitelisting
when a segment pathname was flagged as deleted. This has now
been corrected.
- Commands disabled in the configuration file were being logged
as not found. They are now logged as having been disabled.
- Disabling verbose logging could hide some warning messages.
- The 'shared_libs' test now caters for simple filenames, as well
as pathnames which contain the '$LIB', '$ORIGIN' or '$PLATFORM'
variables.
- -
* Thu Nov 23 2017 rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
/etc/logrotate.d/rkhunter /etc/rkhunter.conf /etc/rkhunter.conf.local /etc/rkhunter.d /etc/rkhunter.d/00-opensuse.conf /usr/bin/rkhunter /usr/lib64/rkhunter /usr/lib64/rkhunter/scripts /usr/lib64/rkhunter/scripts/check_modules.pl /usr/lib64/rkhunter/scripts/filehashsha.pl /usr/lib64/rkhunter/scripts/readlink.sh /usr/lib64/rkhunter/scripts/stat.pl /usr/share/doc/packages/rkhunter-1.4.6 /usr/share/doc/packages/rkhunter-1.4.6/ACKNOWLEDGMENTS /usr/share/doc/packages/rkhunter-1.4.6/CHANGELOG /usr/share/doc/packages/rkhunter-1.4.6/FAQ /usr/share/doc/packages/rkhunter-1.4.6/LICENSE /usr/share/doc/packages/rkhunter-1.4.6/README /usr/share/doc/packages/rkhunter-1.4.6/README.SUSE /usr/share/doc/packages/rkhunter-1.4.6/rkhunter.cron /usr/share/doc/packages/rkhunter-1.4.6/rkhunter.service /usr/share/doc/packages/rkhunter-1.4.6/rkhunter.timer /usr/share/fillup-templates/sysconfig.rkhunter /usr/share/man/man8/rkhunter.8.gz /var/lib/rkhunter /var/lib/rkhunter/db /var/lib/rkhunter/db/backdoorports.dat /var/lib/rkhunter/db/i18n /var/lib/rkhunter/db/i18n/cn /var/lib/rkhunter/db/i18n/de /var/lib/rkhunter/db/i18n/en /var/lib/rkhunter/db/i18n/ja /var/lib/rkhunter/db/i18n/tr /var/lib/rkhunter/db/i18n/tr.utf8 /var/lib/rkhunter/db/i18n/zh /var/lib/rkhunter/db/i18n/zh.utf8 /var/lib/rkhunter/db/mirrors.dat /var/lib/rkhunter/db/programs_bad.dat /var/lib/rkhunter/db/signatures /var/lib/rkhunter/db/signatures/RKH_BillGates.ldb /var/lib/rkhunter/db/signatures/RKH_Glubteba.ldb /var/lib/rkhunter/db/signatures/RKH_MMD-0028-2014.ldb /var/lib/rkhunter/db/signatures/RKH_dso.ldb /var/lib/rkhunter/db/signatures/RKH_iptablex.ldb /var/lib/rkhunter/db/signatures/RKH_jynx.ldb /var/lib/rkhunter/db/signatures/RKH_kbeast.ldb /var/lib/rkhunter/db/signatures/RKH_libkeyutils.ldb /var/lib/rkhunter/db/signatures/RKH_libkeyutils1.ldb /var/lib/rkhunter/db/signatures/RKH_libncom.ldb /var/lib/rkhunter/db/signatures/RKH_pamunixtrojan.ldb /var/lib/rkhunter/db/signatures/RKH_shv.ldb /var/lib/rkhunter/db/signatures/RKH_sniffer.ldb /var/lib/rkhunter/db/signatures/RKH_sshd.ldb /var/lib/rkhunter/db/signatures/RKH_turtle.ldb /var/lib/rkhunter/db/signatures/RKH_xsyslog.ldb /var/lib/rkhunter/db/suspscan.dat /var/lib/rkhunter/tmp /var/log/rkhunter.log
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Mar 9 12:50:11 2024