- The 'ssh', 'sshd' and 'telnet' commands are now checked as part of
the file properties test.
- It is now possible to include configuration files found in a local
configuration directory. This directory, called 'rkhunter.d', must
be in the same directory as the main configuration file. Only files
ending in '.conf' will be treated as configuration files, all other
files will be ignored. The configuration options found in the files
will be merged with the options found in the main configuration file
and the local configuration file, if present. Both the local
configuration file, and the 'rkhunter.d' configuration files, will
only override a previously specified option if the option can only
be specified once, or, for list options, if the null string is given.
The installer will automatically include any configuration files to
the file properties test.
- A new configuration file option, 'SHOW_SUMMARY_WARNINGS_NUMBER',
can be set so that the summary will display the actual number of
warnings found, rather than the default message which simply states
that one or more warnings were found. If no warnings were found,
then it will be stated that '0' warnings were found.
- The tests to see if 'syslog' is running, and its configuration
file is present, have now been changed. The test has been renamed
to state 'system logging' rather than 'syslog', and will now detect
if 'systemd' logging is being used as well as, or instead of, syslog.
- Two new tests have been added to the 'filesystem' checks. The first
will check if any configured log files are missing, and the second
will check if any configured log files are empty. The second test will
also check if the log files are missing, but only report it if the
first test has not done so. For both tests the results are only shown
if the relevant test has been configured. To enable this there are
also two new configuration file options - MISSING_LOGFILES and
- Added the 'UNHIDETCP_OPTS' configuration option. This may be set to
options which are then used by the 'unhide-tcp' command. By default
no options are used.
- Added the SHOW_SUMMARY_TIME configuration option. This can be used
to specify where the summary scan time should be displayed, if at
all. The default (as before) is to display the time both on the
screen and in the log file.
- Added the PORT_PATH_WHITELIST configuration option to be used when
specifying a pathname. Other port whitelisting types use the
PORT_WHITELIST option as before.
- Added Turkish translation files.
- Added System V Shared Memory test for Linux.
- Added ClamAV-compatible signatures for an Apache DSO, pam_unix.so
backdoor, xsyslog, SHV4, SHV5, Kbeast, libncom, Jynx, Turtle,
Glupteba, trojaned OpenSSH daemon, improved libkeyutils.1.9.so and
common sniffer strings. These signatures are highly experimental,
prone to false positives and must be run manually using ClamAV.
Currently no update mechanism is provided and the rkhunter-users
mailing list may or may not provide support for any questions about