changelog

在网络安全中经常会遇到rootkit

 --

 * 1.1.8 (12/09/2004)
 
 New:
 - Added support for Red Hat 6.2 and hashes. Thanks to Sebastian Herbszt
 - Added support for Red Hat Enterprise Linux ES 3, Taroon update 3
 - Added support for Red Hat Enterprise Linux AS 3, Taroon update 1
 
 Changes:
 - Improved Suckit detection
 - Improved FreeBSD version detection. It now will skip MD5 check if sysctl
   contains 'release', but patches for primary binaries are installed (like
   ls, ps, top etc)
 - Added error redirection when performing lsattr checks
 - Added `find` to path search
 - Updated installer with portogues/brazilian language. Thanks to Douglas
 - Updated hashes for Red Hat Enterprise Linux 3
 - Updated hashes for Slackware 10
 - Cleaned up logging when checking for passwordless accounts
 - Show message when bad hashes are found. Some scared people began to worry
   inmediately after they found several bad hashes, without understanding the
   reason of it (reason: updated packages).
 - Improved output in logging which deals with updated packages / hashes
 - Improved logging (informational logging)
 - Improved output of hidden directories/files. Thanks to Greg Houlette
 - Corrected some parts of logging
 - Code cleanup
 
 Bugfixes:
 - Forgot to initialise LSATTRFOUND
 
 --

 * 1.1.7 (29/08/2004)
 
 New:
 - Added support for ADM Worm
 - Added support for MzOzD and spwn backdoor
 - Added LKM filename check (experimental)
 - Added passwordless user account test
 
 Changes:
 - Updated Mandrake 9.2 hashes. Thanks to Eric Gerbier
 - Updated application version list
 - Extended inetd.conf test (searches for shells)
 - Added total of vulnerable applications at report, if application scan was
   performed.
 
 Bugfixes:
 - Fixed a major bug in the installer when you install version 1.1.5 or newer. The
   sample configuration won't be copied and the due to that, the --update function
   won't work.

 --
 
 * 1.1.6 (18/08/2004)

 New:
 - Added support for RSHA's rootkit (rootkit)
 - Inspect files attributes (immutable detection)
 - Added '--update' to help text. Updater seems to be stable
 - Added FreeBSD packages database test (pkgdb). It performs an automatic
   fixup of the database and displays an error when problems were found.
 - Added '--skip-application-check' option. This skips the program version
   check. On some systems it's half useless, because they use patched
   (old) version numbers.
 
 Changes:
 - Improved report at end (hide line when no rootkits are found)
 - Updated hashes for SuSE 9.1 (i586)
 - Fixed double hash in database
 - Updated database with program versions
 - Added more help and informational messages

 Bugfixes:
 - Improved installer (when last line contains no newline char, the INSTALLDIR
   option was added on the wrong place)
   
 --
 
 * 1.1.5 (11/08/2004)
 
 New:
 - Added support for Ni0 Rootkit (rootkit)
 - Added 'open files' check
 - Added OpenSSL check
 - Added Solaris 9 support

 Changes:
 - Improved logging of application scan check
 - Improved xinetd.conf tests (disabled some parts, due false positives)
 - Improved logging on different places (more breaks etc)
 - Improved SunOS support. Thanks to Michael Gueting
 - Improved (POSIX compatible) applications support for SunOS
 - Fixed a typo (application version check)
 - Fixed a typo (SSH check)
 - Fixed small layout issue at application scan check
 - Removed an double declared variable (WARNING=0)
 
 Bugfixes:
 - Fixed missing lines in rkhunter.spec file
 - Installation script shouldn't be overwriting rkhunter.conf file..
 
 --
   
 * 1.1.4 (07/08/2004)
 
 New:
 - Added support for FreeBSD 4.10
 - Added support for White Box Enterprise Linux 3.0 
 - Added support for Debian 3.1 (Sid)
 - Added support for OpenBSD 3.5 (i386 and sparc64)
 - Added support for SunOS. Thanks to Michael Gueting
 - Added boot.local test for SuSE 9.x
 - Added Apache test
 - Added support for mod_rootme module (apache backdoor)
 - Added option '--display-logfile'. It displays the logfile you specified
   at the end of the output (don't forget to use --create-logfile)
 - Added application version checker
 
 Changes:
 - Don't quit when wget cannot be found during install   
 - Updated installer (for new update function)
 - Updated MD5 hashes for Mandrake 9.1
 - Updated MD5 hashes for Slackware 9.1
 - Updated MD5 hashes for FreeBSD 5.2.1
 - Improved logging in quiet mode
 - Improved key pauses when in 'interactive' mode
 - Improved xinetd check
 - Improved report-mode option (--report-mode). If you want a small amount of
   information (ie. if you scan a lot of servers), use this option.
 - Updated document location in installer   
 - Updated the wishlist. A lot of issues are solved now.
 - Updated changelog (had some little typos)
   
 Bugfixes:
 - Fixed false positive when using Debian 
 - Fixed support for PLD Linux and CPUBuilders Linux
 - Fixed a typo in the installer
 
 --  
   
 * 1.1.3 (20/07/2004)
 
 New:
 - Added support for SuSE Linux Enterprise Server 8. Thanks to Daniel Berlin
 - Added support for SuSE Linux Openexchange Server 4.1.1. Thanks to Daniel Berlin
 - Added support for Fedora Core 2 with 64 bits support
 - Added support for TDB database (/dev related)
 - Added hashes for FreeBSD 5.2.1
 * Added tools directory in tarball with a experimal auto-updater. Use it on your
   own risk and check the script before you run it!
 
 Changes:
 - Improved Suckit support (rootkit)
 - Improved user detection (the check will now handle NIS users fine when
   checking for UID 0 alike users)
 - Improved logging on multiple sections
 - Updated parameter list (--help), to reflect changes (--quiet)
 - Updated hashes for Mandrake 10
 - Updated installer. With a SunOS improvement by Michael Gueting.
 
 Bugfixes:
 - Quiet-option is now really quiet (xinetd line still appeared when running in
   quiet mode)
 - Fixed a problem with the binary UPX scan (multiple error lines appeared)
 
 --
 
 * 1.1.2 (14/05/2004)

 New:
 - Added string check. This checks some binaries which often get trojaned.
 - Added '--quiet' option. Very usefull when running Rootkit Hunter as a cronjob
   and don't want to see all the output (EXCEPT when warnings/errors has been
   found)
 - Added xinet daemon test. Thanks to unSpawn and Andrea
 - Added test for binaries (UPX)
 - Added alias '--create-logfile' for '--createlogfile'  
 - Added support for Mandrake 8.2
 - Added support for Mandrake 9.0
 - Added support for Mandrake 9.1
 - Added support for Redhat Enterprise Linux AS (Taroon update 2). Thanks to Yann Le Guennec
 - Added support for Slackware 10. Thanks to Fred Bulthuis
 - Added support for Gentoo 1.5. Thanks to Nicolas Kaiser
 - Added support for some Gentoo ppc versions
 - Added hashes for Slackware 10

 Changes:
 - Improved support for AIX and OpenBSD. Thanks to Iain Roberts
 - Improved support for rootkits (Dica, Dreams, Fuckit, MRK, Ohhara, Sin, SunOS Rootkit
   and TBD Rootkit)
 - Updated hashes for Fedora Core 2 
 - Updated hashes for SuSE 8.2. Thanks to Jack Denman
 - Updated installer
  
 Bugfixes:
 - Fixed another problem in the installer
 - Fixed a problem with the updater (not yet in use)
 - Changed output of `ps` when checking for syslog daemon (should fix a problem on some
   systems where the output was too long)
 
 --
 
 * 1.1.1
 
 Bugfixes:
 - Fixed a problem with the installer.. (wrong shell)  
   
 --

 * 1.1.0

 New:
 - Added support for Red Hat Linux Advanced Server 2.1
 - Added support for Slackware 9.0. Thanks to Stan Cosmin
 - Added support for Slackware 9.1. Thanks to Fred Bulthuis
 - Added support for Trustix 2.0. Thanks to Agung Ud
 - Added support for Debian with sparc64 architecture (testing/unstable)
 - Added hashes for Slackware 9.0
 - Added hashes for Slackware 9.1

 Changes:
 - Updated SuSE 9.1 hashes
 - Updated Mandrake 10 hashes
 - Updated Fedora Core 1 hashes
 - Updated Fedora Core 2 hashes
 - Updated OpenBSD 3.3 hashes
 - Updated Suckit (rootkit), multiple improvements
 - Updated rkhunter.spec file. Thanks to Craig Orsinger
 - Updated installer. Thanks to Iain Roberts
 - Added mirrors.dat to file checks
  
 Bugfixes:
 - Fixed WHITELIST option again (it stripped the wrong characters: when a hash
   contains a '5', it got stripped)
 - Updated sockstat/netstat check for FreeBSD
 - Skipping of MD5 didn't work anymore (due a forcefully check when Perl module
   Digest::MD5 was found). Thanks to Zac

 -- 

 * 1.0.9
 
 New:
 - Added support for Balaur Rootkit (rootkit)
 - Added installdir option to the installer
 - Added INSTALLDIR option to configuration file
 - Added support for SuSE 9.1 (pro)
 - Added support for Fedora Core 2
 - Added support for RHEL 3 Taroon update 2 
 - Added support for PCLinuxOS (HD-install) 
 - Added hashes for SuSE 9.1
 - Added hashes for Fedora Core 2
 - Added hashes for Mandrake 10
 
 Changes:
 - Updated hashes for Fedora Core 1 (updating prelinked hashes is no good
   idea..) Thanks to Doncho.
 - Updated hashes for SuSE 8.2
 - Updated hashes for Mandrake 9.2
 - Updated hashes for RHEL 3 Taroon update 1 and update 2. Thanks to Tom and Eilko
 - Improved hidden file detection
   
 Bugfixes:
 - Added prelink check, to resolve some problems with a few Fedora Core 1
   installations. Thanks to Mike Haslam for pointing out this problem.
 - Changed detection of syslog daemon 
 - Fixed a problem with the MD5WHITELIST option (see rkhunter.conf). Thanks to
   John P. New
 - Updated installer (added /usr/local/etc to directory check, because some
   systems don't have this directory by default)
 
 --

 * 1.0.8

 New:
 - Added support for Mandrake 10 (official release). Thanks to Dave Edwards
 - Added support for Slackware 9.1.0. Thanks to Zebul666
 - Added hashes for Red Hat Enterprise Linux 2.1 (Panama). Thanks to Duke
   (mastre). (+1 beer for me)
 
 Changes:
 - Updated hashes for Red Hat Enterprise Linux 3
 - Updated hashes for Fedora Core 1. Thanks to Greg Houlette
 - Updated rkhunter.spec file by Doncho
 - Improved extra Suckit tests. Check the presence of `stat`, before performing
   the scans. Reported by Pasi.
 
 -- 

 * 1.0.7

 New:
 - Added support for Irix Rootkit (rootkit)
 - Added support for URK (Universal Root Kit) (rootkit)
 - Added 'whitelist support' for MD5 hashes. See configuration file for more
   information about this new option.
 - Added improved support for Yellowdog 3.0 (Sirius). Thanks to P. Hopkins
 
 Changes:
 - Improved Suckit detection (multiple improvements). Thanks to unSpawn!
 - Fixed problem when running a special listener under FreeBSD (i.e. a DHCP
   daemon). Thanks to Yann Nottara
 - Fixed wrong text with 'rootdir' option. Thanks to Doncho N. Gunchev
 - Fixed typo with '--dbdir' parameter. Thanks to unSpawn.
 - Fixed rkhunter.spec file. md5blacklist.dat was missing. Thanks to Masanari
   Iida
 - Fixed a problem with the $rootdir
 - Improved rkhunter.spec file. Thanks to Doncho N. Gunchev
 - Improved Perl version detection. Thanks to Doncho N. Gunchev
 - Updated installer to support dynamic paths soon.
 - Layout improvements for installer 
 - Changed copyright text in main binary and installer (as required/suggested
   by GPL)
 - Updated website (FAQ, documentation)

 --

 * 1.0.6
 
 New:
 - Added support for FreeBSD 4.9 and 5.2.1
 - Added support for SuSE 9.0 (i386 and i586). Thanks to multiple people
 - Added support for Trustix. Thanks to Joachim Holst
 - Added support for Whitebox Enterprise Linux 3.0. Thanks to Fire
 - Added support for CentOS 3.1. Thanks to Fire
 - Added support for Mandrake 10 (community release). Thanks to Ted Kline
 - Added support for CPUBuilders Linux. Thanks to Chris Locke
 - Added support for Gentoo's 'rc.local' file (local.start)
 - Added parameter '--bindir' to use another (binary) directory than the default
   ones (to select which binaries will be used to perform the tests). Requested
   by Joel.
 - Added parameter '--configfile' to use another configuration file.
 - Added parameter '--dbdir' to use another (dynamic) database directory
 - Added a check when dynamic parameters are used (like --dbdir, --bindir) to
   check the existance of these paths/files.
 - Added lsmod check (/proc/modules) for Linux distros. Thanks to Micah Anderson