: Log in!


ウェブ 検索
トップ  >  Linux17歩  >  2017-06-30 rkhunter-1.4.4にupdate
20170630 rkhunter-1.4.4にupdateしました


* 1.4.4 (29/06/2017)

- Added the GLOBSTAR configuration file option. This will set the
  shells globstar option to allow recursive checks of directories.
  By default this option is disabled.
- Added a Japanese translation file.
- Added support for the 'BSDng' package manager option. This can
  be used by those *BSD systems which have the 'pkg' command
  available (currently later FreeBSD systems).
- The BSD package manager will now try the 'pkg_info' command '-W'
  option if the '-F' option fails.
- Added the LOCKDIR configuration option. It is now possible to
  specify the directory rkhunter will use to store the lock file
  (if USE_LOCKING has been set). The default is unset, and this
  will cause rkhunter to look for a directory to use. Details are
  in the configuration file.
- Added the ALLOWIPCPROC configuration file option. This can be
  used to whitelist suspicious processes using shared memory
  segments (found during the 'ipc_shared_mem' check).

- The DISABLE_UNHIDE option has been removed from the configuration
  file. It is no longer required as disabling the 'hidden_procs' or
  'hidden_ports' tests has the same effect.
- The installer now installs directories and executable files with
  mode 700, other files are set as mode 600. The man page is left
  at mode 644. The documentation directory is mode 755, and the
  files within it are mode 644. The 'rkhunter' program itself will
  set the mode of copied files to 600 (for example log files, and
  the passwd/group files).
- By default the 'apps' test is now disabled in the configuration
- The default hash function for the file properties test, given by
  the HASH_CMD option in the configuration file, has now changed
  to SHA256. It was previously SHA1, or MD5 if SHA1 was not found.
- Previously the lock file (if locking was used) was just an empty
  file. It now contains the PID of the running process.
- The 'system_configs' test name has now been changed into a test
  group consisting of the two tests 'system_configs_ssh' and
  'system_configs_syslog'. Each test may now be enabled or disabled
- The 'other_malware' test name has been removed, and replaced by
  the 'login_backdoors', 'sniffer_logs', 'tripwire', 'susp_dirs'
  and 'ipc_shared_mem' test names. These are now all part of the
  'malware' test group.

- Ensure that 'lsof' errors are not displayed.
- Ensure that 'ipcs' errors and the locale are handled correctly.
- Correct broken pipe errors in some commands.
- For Solaris users set the 'awk' command very early on so that
  option processing works correctly.
- The ALLOWPROCDELFILE option was not handling multiple pathnames
  or wildcards correctly. It was also not handling the option
  pathnames correctly.
- The SCANROOTKITMODE configuration option was never actually read
  as a configuration option.
- The '--config-check'/'-C' option could produce incorrect error
  messages in certain circumstances.
- Setting the ALLOW_SSH_PROT_V1 option to '2' could cause warning
  messages when SSH protocol 1 was allowed.
- Allow Linux 'grep' to work correctly with binary (i18n) files.
- Multiple UID0_ACCOUNTS and PWDLESS_ACCOUNTS options were not being
  handled correctly.
- Uppercase test names were not being handled correctly.
- Changed the 'logger' command tag from 'Rootkit Hunter' to 'rkhunter'
  to avoid problems with spaces.
- Ensure that 'fdescfs' filesystems are correctly detected.
- To try and avoid colour escape sequences being logged, both of
  the variables CLICOLOR and CLICOLOR_FORCE are unset for *BSD and
  SunOS systems.
- The 'startup_malware' and 'possible_rkt_strings' checks will now
  check systemd startup scripts if they are located in the 
  '/etc/systemd/system' directory.
- The 'sockstat' command output on BSD systems can become corrupted
  if a username is very long. This is now detected, and processed
- The 'shared_libs' test now recognises comments in the preload file.
- The ALLOWPROMISCIF configuration option was not handling multiple
  occurrences correctly. This has now been corrected.
- Tighten up the input verification check on the mirror file to
  ensure that only URL's are used as a mirror. (CVE-2017-7480)
- The BSD package manager seemed to be needlessly stripping out
  parts of package names on NetBSD systems. It no longer does this.
- In certain cases it was possible for certain tests to not display
  any output. This has now been corrected.
- The installer did not always add the 'rkhunter.d' directory, if
  it existed, to the main configuration file for monitoring.
投票数:47 平均点:3.83
2017-06-27 dovecot-2.2.31にupdate
2017-07-01 phpMyAdmin-4.7.2にupdate