Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: rkhunter | Distribution: SUSE Linux Enterprise 15 SP4 |
Version: 1.4.6 | Vendor: openSUSE |
Release: bp154.2.33 | Build date: Thu May 12 08:44:55 2022 |
Group: System/Monitoring | Build host: s390zl23 |
Size: 1194126 | Source RPM: rkhunter-1.4.6-bp154.2.33.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: http://rkhunter.sourceforge.net/ | |
Summary: A scanner for Rootkits, Backdoors, and Local Exploits |
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. This tool scans for rootkits, backdoors, and local exploits by running tests like: * Comparing MD5 hashes * Looking for default files used by rootkits * Checking for wrong file permissions for binaries * Looking for suspected strings in LKM and KLD modules * Looking for hidden files * Optionally scanning within plain text and binary files * Checking software versions * Testing applications
GPL-2.0-or-later
* Thu Jan 09 2020 Johannes Segitz <jsegitz@suse.de> - Remove default cron job and install it with the documentation. This way the user can decide if he needs rkhunter to run regularly (bsc#1150553). * Fri Aug 23 2019 Marcus Meissner <meissner@suse.com> - package the /etc/cron.daily instead of buildrequire cron * Tue Aug 20 2019 kukuk@suse.de - BuildRequire cron, as this contains now the cron directories * Thu Apr 11 2019 ecsos@opensuse.org - Generate rkhunter.conf.local to prevent hash error for rkhunter.conf. - Remove some rpmlint-erros. * Tue Sep 25 2018 Jan Engelhardt <jengelh@inai.de> - Replace %__-type macro indirections. - Avoid repeating name in summary. * Mon Sep 24 2018 Mathias Homann <Mathias.Homann@opensuse.org> - upgrade to version 1.4.6 * 1.4.6 (20/02/2018) * New: - Added support for Alpine Linux (busybox). - Added the 'Diamorphine LKM' test. - Added the ALLOWIPCPID configuration file option. This will allow specific PIDs to be whitelisted from the shared memory check. - Added the ALLOWIPCUSER configuration file option. This will allow specific usernames to be whitelisted from the shared memory check. - Added the IPC_SEG_SIZE configuration file option. This can be used to set the minimum shared memory segment size to check. The default value is 1048576 bytes (1MB). - Added the SKIP_INODE_CHECK configuration file option. Setting this option will disable the reporting of any changed inode numbers. The default is to report inode changes. (This option may be useful for filesystems such as Btrfs.) - Added Ebury sshd backdoor test. - Added a new SSH configuration test to check for various suspicious configuration options. Currently there is only one check which relates to the Ebury backdoor. - Added basic test for Jynx2 rootkit. - Added Komplex trojan test. - Added basic test for KeRanger running process. - Added test for Keydnap backdoor. - Added basic test for Eleanor backdoor running process. - Added basic tests for Mokes backdoor. - Added tests for Proton backdoor. - Added the SUSPSCAN_WHITELIST configuration file option. This option can be used to whitelist file pathnames from the 'suspscan' test. * Changes: - The 'ipc_shared_mem' test will now log the minimum segment size that will be checked. It will also log the size of any segments which appear suspicious (that is, larger than the configured allowed maximum size). - If verbose logging is disabled, then generally only the test name and the final result for the test will now be logged. - Kernel symbol checks will now use the 'System.map' file, if it exists, and no other kernel symbol file can be found. * Bugfixes: - For prelinked systems ensure that the default hash function is SHA1 and not SHA256. - The result from the 'hidden_procs' test was not being calculated correctly. - Checking the O/S version number could be missed in some cases. - Minor improvement to the *BSD immutable files check. - The 'OS_VERSION_FILE' configuration option pathname cannot be a link, but this was not checked. - Improved checks for the O/S name on Devuan systems. - Handling of the '/etc/issue' file during O/S detection has now improved. Escape sequences are either replaced or removed. - Not all the linux kernel module names were being checked. - The logging of detached memory segments tried to show the process pathname. This has now been corrected, and where no pathname is available, the segment owner and PID will be logged. - It was possible for the return code to be lost when running the 'ipc_shared_mem' test. This has now been corrected. - Some configuration options were still not being handled correctly when specified more than once. - The 'ipc_shared_mem' test did not correctly handle whitelisting when a segment pathname was flagged as deleted. This has now been corrected. - Commands disabled in the configuration file were being logged as not found. They are now logged as having been disabled. - Disabling verbose logging could hide some warning messages. - The 'shared_libs' test now caters for simple filenames, as well as pathnames which contain the '$LIB', '$ORIGIN' or '$PLATFORM' variables. - - * Thu Nov 23 2017 rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Mon Jul 03 2017 sven@uebelacker.net - upgrade to version 1.4.4 (29/06/2017) - Added the GLOBSTAR configuration file option. This will set the shells globstar option to allow recursive checks of directories. By default this option is disabled. - Added a Japanese translation file. - Added support for the 'BSDng' package manager option. This can be used by those *BSD systems which have the 'pkg' command available (currently later FreeBSD systems). - The BSD package manager will now try the 'pkg_info' command '-W' option if the '-F' option fails. - Added the LOCKDIR configuration option. It is now possible to specify the directory rkhunter will use to store the lock file (if USE_LOCKING has been set). The default is unset, and this will cause rkhunter to look for a directory to use. Details are in the configuration file. - Added the ALLOWIPCPROC configuration file option. This can be used to whitelist suspicious processes using shared memory segments (found during the 'ipc_shared_mem' check). * Fri Apr 07 2017 saigkill@opensuse.org - whitelist /dev/shm/CAPI20* and /dev/shm/sem.CAPI20* (boo#1030378) - whitelist /usr/bin/.fipscheck.hmac (boo#1030378) * Tue Oct 25 2016 meissner@suse.com - do not use /etc/SuSE-release anymore, fallback to generic /etc/os-release (bsc#1006382) * Sun Feb 28 2016 bwiedemann@suse.com - Add rkhunter-grep-fix.patch to fix a bogus warning (boo#968578) * Fri Dec 25 2015 mpluskal@suse.com - Add gpg signature * Sun May 10 2015 VolkerKuhlmann@gmx.de - Default config file changed so APPEND_LOG was no longer activated. Add to /etc/rkhunter.d/00-opensuse.conf * Sun May 10 2015 VolkerKuhlmann@gmx.de - Fix spec obliterating PKGMGR_NO_VRFY. This fixes bnc#926624 - Create /etc/rkhunter.d and put config added by rpm in a file in it. - Fix hideous way of spec adding config variables to a file. * Sun Apr 05 2015 arun@gmx.de - specfile: * added ALLOWHIDENFILE /dev/.blkid.tab, /dev/.blkid.tab.old, and /etc/.updated * Fri Oct 24 2014 Greg.Freemyer@gmail.com - update to v1.4.2 * See CHANGELOG at http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG - change Source: field to full URL - change the spelling of README.SuSE to README.SUSE - delete patch rkhunter-1.4.0-crontab.patch, now upstream - add +%{_var}/lib/%{name}/db/signatures to %files section * Tue Oct 14 2014 jengelh@inai.de - Remove bogus AutoReqProv: off - Remove ancient specfile tags and sections
/etc/logrotate.d/rkhunter /etc/rkhunter.conf /etc/rkhunter.conf.local /etc/rkhunter.d /etc/rkhunter.d/00-opensuse.conf /usr/bin/rkhunter /usr/lib64/rkhunter /usr/lib64/rkhunter/scripts /usr/lib64/rkhunter/scripts/check_modules.pl /usr/lib64/rkhunter/scripts/filehashsha.pl /usr/lib64/rkhunter/scripts/readlink.sh /usr/lib64/rkhunter/scripts/stat.pl /usr/share/doc/packages/rkhunter-1.4.6 /usr/share/doc/packages/rkhunter-1.4.6/ACKNOWLEDGMENTS /usr/share/doc/packages/rkhunter-1.4.6/CHANGELOG /usr/share/doc/packages/rkhunter-1.4.6/FAQ /usr/share/doc/packages/rkhunter-1.4.6/LICENSE /usr/share/doc/packages/rkhunter-1.4.6/README /usr/share/doc/packages/rkhunter-1.4.6/README.SUSE /usr/share/doc/packages/rkhunter-1.4.6/rkhunter.cron /usr/share/fillup-templates/sysconfig.rkhunter /usr/share/man/man8/rkhunter.8.gz /var/lib/rkhunter /var/lib/rkhunter/db /var/lib/rkhunter/db/backdoorports.dat /var/lib/rkhunter/db/i18n /var/lib/rkhunter/db/i18n/cn /var/lib/rkhunter/db/i18n/de /var/lib/rkhunter/db/i18n/en /var/lib/rkhunter/db/i18n/ja /var/lib/rkhunter/db/i18n/tr /var/lib/rkhunter/db/i18n/tr.utf8 /var/lib/rkhunter/db/i18n/zh /var/lib/rkhunter/db/i18n/zh.utf8 /var/lib/rkhunter/db/mirrors.dat /var/lib/rkhunter/db/programs_bad.dat /var/lib/rkhunter/db/signatures /var/lib/rkhunter/db/signatures/RKH_BillGates.ldb /var/lib/rkhunter/db/signatures/RKH_Glubteba.ldb /var/lib/rkhunter/db/signatures/RKH_MMD-0028-2014.ldb /var/lib/rkhunter/db/signatures/RKH_dso.ldb /var/lib/rkhunter/db/signatures/RKH_iptablex.ldb /var/lib/rkhunter/db/signatures/RKH_jynx.ldb /var/lib/rkhunter/db/signatures/RKH_kbeast.ldb /var/lib/rkhunter/db/signatures/RKH_libkeyutils.ldb /var/lib/rkhunter/db/signatures/RKH_libkeyutils1.ldb /var/lib/rkhunter/db/signatures/RKH_libncom.ldb /var/lib/rkhunter/db/signatures/RKH_pamunixtrojan.ldb /var/lib/rkhunter/db/signatures/RKH_shv.ldb /var/lib/rkhunter/db/signatures/RKH_sniffer.ldb /var/lib/rkhunter/db/signatures/RKH_sshd.ldb /var/lib/rkhunter/db/signatures/RKH_turtle.ldb /var/lib/rkhunter/db/signatures/RKH_xsyslog.ldb /var/lib/rkhunter/db/suspscan.dat /var/lib/rkhunter/tmp /var/log/rkhunter.log
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 16:14:43 2024