– Added the ‘–list propfiles’ command-line option. This will dump out
the list of filenames that will be searched for when building the file
properties database. By default the list is not shown if just ‘–list’
– Added Jynx rootkit check.
– Added Turtle/Turtle2 rootkit check.
– Added KBeast rootkit check.
– The installer now supports the Slackware TXZ package layout option.
– Allow the ALLOWDEVFILE, ALLOWHIDDENFILE and ALLOWHIDDENDIR options to
use ‘%’ as the space character. (Note: This is a temporary fix).
– The ALLOWPROCDELFILE option can now use wildcards in the file names.
– The ‘–list perl’ command-line option now shows whether the perl
command itself is installed or not.
– The ‘shared_libs’ test now allows whitelisting of the preloading
– The ‘-r/–rootdir’ command-line options, and the ROOTDIR
configuration option are now deprecated. If they are used then an
error message will be displayed. The options will have no effect,
but rkhunter will continue. The options will be completely removed
at the next release.
– The ‘hidden_ports’ test will now show if a found port is TCP or UDP.
– It is now possible to whitelist ports in the ‘hidden_ports’ test
using the PORT_WHITELIST configuration option.
– Allow the ALLOWPROCDELFILE option to work again.
– Correct the check of the ProFTPD version number.
– Fix the FreeBSD ‘sockstat’ command check to ensure that the correct
fields are used.
– Fix for newer version of the ‘file’ command when reporting scripts.
– Fix the ALLOWHIDDENFILE option to allow hidden symbolic links.
– The ‘filesystem’ check now handles files and directories with spaces
in their names correctly.
– The ‘startup_files’ test was displaying file names with spaces in
them incorrectly. Also the test was not checking files which were
in hidden directories.
– Ensure that the ALLOWDEVFILE, ALLOWHIDDENFILE and ALLOWHIDDENDIR
options re-evaluate their whitelisting lists to ensure that any
wildcard entries are the most recent. (A time window previously
existed which meant that the list was processed, but new files
could be created before the test was run. As such they were reported
as false-positive warnings, when they should have been whitelisted.)
– Allow the EXISTWHITELIST option to work with symbolic links.
– The test of whether prelinking is being used or not was sometimes
causing the file properties hash test to be skipped, without the
real reason being stated. Now the hash test will proceed but the
user will still get a warning (because it detects that prelinking was
used and is not now, or vice-versa).
– Rkhunter will now check to see if the ‘head’ and ‘tail’ commands
understand the ‘-n’ option. If they do, then it will be used. If they
do not, then the older ‘head -1’ and ‘tail -1’ commands will be used.
For How To Usage and Installation Please visit : http://sourceforge.net/apps/trac/rkhunter/wiki/SPRKH