Rootkit Hunter free download, Rootkit Hunter download on software download

Scanning tool to ensure you that you're clean of nasty tools Rootkit Hunter is a free and open source tool that scans your system for backdoors, rootkits, and local exploits by running tests like:· MD5 hash compare· Look for default files used by rootkits· Wrong file permissions for binaries· Look for suspected strings in LKM and KLD modules· Look for hidden files· Optional scan within plaintext and binary files What's New in This Release: New: · Added IntoXonia-NG rootkit check. · Added Vampire rootkit check. · Added support for TCB shadow files. · Added Phalanx2 rootkit check. Changes: · The MAIL-ON-WARNING option must now exist in the configuration file. This avoids it being accidentally misspelt, and rkhunter then not notifying the user of any warnings. · The DBDIR directory can now be read-only, after installation, provided that neither of the '--propupd' or '--update' options are specified, and that the '--versioncheck' option is not specified if ROTATE_MIRRORS is set to 1 in the configuration file. · Renamed the cron job file created by the RPM spec file from '01-rkhunter' to 'rkhunter'. This will then run 'rkhunter' after a prelink cron job (if one exists), and avoid some of the 'run prelink' errors. · The system startup file and directory tests have now been merged. The configuration file options LOCAL_RC_PATH and SYSTEM_RC_DIR have been replaced by the STARTUP_PATHS option, but, for compatability, they will still be recognised. · The ALLOWPROCDELFILE configuration option, used to whitelist specific processes from the deleted files test, can now be followed by a colon-separated list of pathnames. The given process will then only be whitelisted if it is using one of the given pathnames. · The '--propupd' option can now take an optional file, directory or package name after it. The argument can be a list of names. When used, then only the given file names will be updated in the rkhunter.dat file. Hopefully this will make things a bit quicker on slower machines. See the man page for more details. If using a package manager, then you must run 'rkhunter --propupd' first. · The Linux 'os_specific' test has now been split into two separate tests - 'loaded_modules' and 'avail_modules'. The tests, however, are the same as before, they check the currently loaded kernel modules and the names of the available modules. A new configuration file option has been added, called MODULES_DIR, so that users can specify which directory, and sub-directories, are checked for bad module names, should rkhunter be unable to work out the correct location. · The pathname of the debug file, if used, is now written to the log file. Bugfixes: · Cater for when ROOTDIR is explicitly set to '/'. · Added an infinite loop check to the readlink.sh supplied scriptonly 64 levels of symbolic links are allowed now. Also cater better for top-level names and links, and file names with spaces. · Improved the rsyslog remote logging check. · The wrong error message was shown if the English (en) language file was missing. · The hidden files and directories check wasn't checking for directories! · Improved the O/S name detection. Previously the lsb-release file would have preference to any other file. This could result in some gibberish being given as the O/S name, rather than continuing to look for other release files. This has now been fixed. · The tests against the SSH configuration file now accept the key/value pair to be separated by an equals sign as well as spaces and/or tabs. · The file properties inode check did not work correctly when used on non-prelinked systems with the RPM package manager. The test is now only performed when prelinking is not being used, and the inode data is always obtained from the disk. This is a partial fix, as the test should run for scripts regardless of whether prelinking is used or not. · The debug file is now created with a random name, and the file permissions are set to 600.

Rootkit Hunter Related Software