#167 Feature request: Linux capability tests (getcap) and setuid

[K. de Jong]

rkhunter does many things really well. However, it would be nice if there were also checks included for root setuid executables or certain capabalities set. An example where rkhunter would come up short: https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/

For example: find / -xdev -type 'f' -uid 0 -perm '/u=s' -ls can list all setuid files with root as owner. The next step would then to white list these in the rkhunter.dat database. Something similar could be done with Linux capabalities, such as "CAP_SYS_ADMIN" and alike.

Just a feature request.