Linux @ CERN

CERN > IT > Linux

"SLC5X: Letter R: rkhunter

rkhunter - rkhunter scans for rootkits, backdoors and local exploits

Website: http://rkhunter.sourceforge.net/
License: GPL
Vendor: Scientific Linux CERN, http://cern.ch/linux
Description:
Rootkit scanner is [a] scanning tool to ensure you for about 99.9% you're
clean of nasty tools. This tool scans for rootkits, backdoors and local
exploits by running tests like:
	- MD5 hash compare
	- Look for default files used by rootkits
	- Wrong file permissions for binaries
	- Look for suspected strings in LKM and KLD modules
	- Look for hidden files
	- Optional scan within plaintext and binary files
	- Software version checks
	- Application tests

Rootkit Hunter is released as a GPL licensed project and free for
everyone to use.

  ********
This version has been customized/patched for CERN, and includes a
(patched) copy of "unhide" by yjesus AT security-projects.com

This version currently sends reports back to CERN, to evaluate for
false positives. If you do not want this, please don't install it.

Packages

rkhunter-1.3.4-6test.cern.i386 [750 KiB] Changelog by Jan Iven (2009-09-28):
- whitelist "fipscheck" hmac files
- turn off network port checks that give FPs
- minor tweaks for unhide output and patterns
rkhunter-1.3.4-5test.cern.i386 [747 KiB] Changelog by Jan Iven (2009-03-19):
- handle osinfo changes automatically, instead of carping
- unhide: multithreaded zombies don't show up in "ps axH" (but do in "ps ax", so are not hidden)
- network: only warn for connections *to* evil ports, not *from* them.
rkhunter-1.3.4-4test.cern.i386 [746 KiB] Changelog by Jan Iven (2009-03-09):
- fix xinetd another xinetd whitelisting bug - accept "bad timestamp but otherwise OK"
rkhunter-1.3.4-3test.cern.i386 [746 KiB] Changelog by Jan Iven (2009-01-29):
- fix xinetd whitelisting bug; still needs "properties" test to be run before
- add "uname" and rkhunter version to warning mail
rkhunter-1.3.4-2test.cern.i386 [751 KiB] Changelog by Jan Iven (2009-01-19):
- updated/patched "unhide"
- xinetd: trust RPM-added services
- missing "default" hashes - fall back to RPM
- accept stricter SSH-for-root configs without warning.
- rename cron job to "zz_" to give prelink a chance to run
- keep default config and use CERN-specific only for cronjob. and only at CERN.
rkhunter-1.3.4-1.cern.i386 [748 KiB] Changelog by Jan Iven (2009-01-05):
- go to 1.3.4

Listing created by repoview