Rootkit Hunter / News: Recent posts

Rootkit Hunter release 1.4.2

The Rootkit Hunter project team is pleased to announce the release of version 1.4.2.
Please see the changelog for details.

Posted by unSpawn 2014-02-24 Labels: release

Rootkit Hunter release 1.4.0

The Rootkit Hunter project team is pleased to announce the release of version 1.4.0.
New:

Added the '--list propfiles' command-line option. This will dump out the list of filenames that will be searched for when building the file properties database. By default the list is not shown if just '--list' is used.
Added Jynx rootkit check.
Added Turtle/Turtle2 rootkit check.
Added KBeast rootkit check.
The installer now supports the Slackware TXZ package layout option.... read more

Posted by unSpawn 2012-04-30

Rootkit Hunter release 1.3.8

The Rootkit Hunter project team is pleased to announce the release of version 1.3.8.

The change log lists 24 bug fixes, 29 changes and 18 new items. Naming a few:

* Whitelist rootkit strings (RTKT_FILE_WHITELIST).
* Whitelist items not always present (EXISTWHITELIST).
* Whitelist combined pathname and port number (PORT_WHITELIST).
* Added Whirlpool and Ripemd160 hashes to file properties check.
* Support for DragonFly BSD.
* Support for Solaris OS package management.
* The 'suspicious files' check display each item individually.
* The '--enable' and '--disable' command-line options may now be specified more than once.
* Grsecurity-enabled systems may now run the network 'ports' test.
* Allow test names for the 'unhide' command (UNHIDE_TESTS).
* Rootkit checks added: OS X Togroot and Boonana (Koobface.A) trojan, Solaris Wanuk backdoor and worm and Inqtana worm.
* Better support for *BSD commands and OS X.... read more

Posted by unSpawn 2010-11-17

Rootkit Hunter announces release 1.3.6

The Rootkit Hunter project team is pleased to announce the release of version 1.3.6 on 2009/11/29.

This release offers more ease of use and improved rootkit and malware checks. The change log lists 29 additions including 9 configuration options and details for 12 rootkits, 29 changes including improvements for 15 rootkit checks and 22 bugfixes. Naming a few:

* New IGNORE_PRELINK_DEP_ERR configuration option in case of persistent prelink dependency errors.
* New USER_FILEPROP_FILES_DIRS configuration option to add files and directories to the file properties check.
* New COPY_LOG_ON_ERROR configuration option to copy the log file if any errors or warnings have occurred.
* New WEBCMD configuration option to specify the command used to download data file updates from the Internet.
* Rkhunter will look for configuration options in the main configuration file, and then in the local configuration file if it exists.
* New SHARED_LIB_WHITELIST configuration option for whitelisting preloaded shared libraries.
* New WARN_ON_OS_CHANGE configuration option. If unset then no warnings will be shown.
* New UPDT_ON_OS_CHANGE configuration option. If set and the O/S has changed then rkhunter will automatically update properties ('rkhunter --propupd').
* Added support for hash functions SHA224, SHA256, SHA384 and SHA512 using CPAN perl modules Digest-SHA-PurePerl or SHA256.
* New UPDATE_LANG configuration option.
* New ALLOWPROMISCIF configuration option.
* New PKGMGR_NO_VRFY configuration option for fine-grained package manager verification process control.
* Rootkit checks added: Adore Rootkit (aka strings.o aka Dextenea) cb, CX, Fu, iLLogiC, ld-linuxv.so.1, 'Spanish', trNkit, Xzibit, ZK.
* Updated rootkit / malware checks: Ambient (ark), beX2, BOBkit, Dica-kit, Dreams, Enye LKM, evil strings test, Fleakit, FreeBSD, Phalanx2, SHV4, Universal (URK).... read more

Posted by unSpawn 2009-11-29

Rootkit Hunter announces release 1.3.4

The change log lists 4 additions, 8 changes and 9 bugfixes.
Naming a few:
- Added IntoXonia-NG rootkit check.
- Added Phalanx2 rootkit check.
- Added support for TCB shadow files.
- The '--propupd' option can now take an optional file, directory or package name after it.
- Revised file properties inode check.
- Tests against the SSH configuration file now accept the key/value pair.
- Improved the O/S name detection.
- The Linux 'os_specific' test has now been split into two separate tests.
- Improved ALLOWPROCDELFILE configuration option.
- Improved hidden files and directories check.
- The DBDIR directory can now be read-only, after installation.
- Improved debug file option.
- The system startup file and directory tests have now been merged.... read more

Posted by unSpawn 2008-12-30

Rootkit Hunter release 1.3.2

The Rootkit Hunter project team announces release 1.3.2.

The changelog lists 3 additions, 6 changes and 14 bugfixes. Naming a few:
- Socklog and rsyslog daemons support.
- IRIX/IRIX64 support.
- Application version check errors mostly ignored.
- Unset ALLOW_SSH_ROOT_USER and ALLOW_SSH_PROT_V1.
- Application check whitelisting.
- 'pflog' checked for all *BSD now.
- Correct scanning of /dev in LAZY mode.
- Whitelisted passwordless account names logged.
- Corrected obtaining process names in Solaris.
- Unset MANPATH for .spec (OpenSuSE).
- Correct hidden files/directories test behaviour.
- Cater for those using fdesc/fdescfs.... read more

Posted by unSpawn 2008-02-27

Rootkit Hunter announces final release 1.3.0

The Rootkit Hunter project is pleased to announce all the hard work and testing culminated
in the final release of version 1.3.0

The changelog for this release is packed listing over 30 new features, 47 changes and
16 bugfixes. To name a few:

- New command-line option '--propupd' replaces 'hashupd.sh'.
- New command-line option '--pkgmgr' supporting RPM, Dpkg and BSD-style package managers.
- New command-line option '--hash' to select the hash function command for the file hash
value check and the properties update.
- Added support for Ubuntu, and the 'dash' and 'ash' shells.
- Added basic internationalization (i18n) functionality.
- Added two new command-line and configuration file options, '--enable' and '--disable'
to specify which tests are to be carried out and which are to be ignored.
- Added support for Solaris 10 inetd mechanism (inetadm).
- Application version numbers can now be whitelisted. This caters for those distributions
that may patch a 'known bad' version, but without updating the original version number.
- Fixes since rkhunter-1.3.0-beta 2... read more

Posted by unSpawn 2007-09-22

Rootkit Hunter announces release 1.3.0 beta 2

The Rootkit Hunter team is pleased to announce Rootkit Hunter version 1.3.0 beta 2.

Given the timeframe between releases the changelog is packed with features, changes and bugfixes since the last beta release.

To name a few:
- New command-line option '--propupd' replaces 'hashupd.sh'.
- New command-line option '--pkgmgr' supporting RPM, Dpkg and BSD-style package managers.
- New command-line option '--hash' to select the hash function command for the file hash
value check and the properties update.
- Added support for Ubuntu, and the 'dash' and 'ash' shells.
- Added basic internationalization (i18n) functionality.
- Added two new command-line and configuration file options, '--enable' and '--disable'
to specify which tests are to be carried out and which are to be ignored.
- Added support for Solaris 10 inetd mechanism (inetadm).
- Application version numbers can now be whitelisted. This caters for those distributions
that may patch a 'known bad' version, but without updating the original version number.... read more

Posted by unSpawn 2007-09-01

Rootkit Hunter announces beta release 1.3.0

To attract more testers the Rootkit Hunter project team is happy to announce
the beta release of 1.3.0.

Given the timeframe between releases the changelog is packed listing 34 new features,
47 changes and 16 bugfixes. To name a few:

- New command-line option '--propupd' replaces 'hashupd.sh'.
- New command-line option '--pkgmgr' supporting RPM, Dpkg and BSD-style package managers.
- New command-line option '--hash' to select the hash function command for the file hash
value check and the properties update.
- Added support for Ubuntu, and the 'dash' and 'ash' shells.
- Added basic internationalization (i18n) functionality.
- Added two new command-line and configuration file options, '--enable' and '--disable'
to specify which tests are to be carried out and which are to be ignored.
- Added support for Solaris 10 inetd mechanism (inetadm).
- Application version numbers can now be whitelisted. This caters for those distributions
that may patch a 'known bad' version, but without updating the original version number.... read more

Posted by unSpawn 2007-07-22

Rootkit Hunter re-release 1.2.9 (non-critical)

The Rootkit Hunter project team announces the re-release of 1.2.9.

When upgrading rkhunter.conf is intentionally not replaced to preserve local changes. The new configuration file is not installed as an example however. This means changes between earlier versions and 1.2.9 can not be noticed by users. While this is a non-critical issue we find it is important enough to issue a re-release of 1.2.9. This re-release also fixes the defective .spec file.... read more

Posted by unSpawn 2006-10-02

Rootkit Hunter announces release 1.2.9

The Rootkit Hunter project team is happy to announce the release of 1.2.9.

For download please see: http://sourceforge.net/projects/rkhunter/

>From the changelog:
New:
- Added support for RHEL WS/AS/ES 3, Taroon update 8
- Added support for Fedora Core 5
- Added support for SuSE 10
- Added check for packet capturing applications
(see rkhunter.conf for whitelisting)
- Added check for processes using deleted files
(see rkhunter.conf for whitelisting)
- Enabled netstat check for AIX
- Enabled backdoor check for SunOS
- Enabled logfile specification and checks... read more

Posted by unSpawn 2006-09-30