[Bug 220765] [MAINTAINER] security/rkhunter: Update to 1.4.4
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Jul 16 14:50:47 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220765
Bug ID: 220765
Summary: [MAINTAINER] security/rkhunter: Update to 1.4.4
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: lukasz at wasikowski.net
Created attachment 184397
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=184397&action=edit
svn diff updating rkhunter to 1.4.4
Update rkhunter to the latest version.
CHANGELOG:
* 1.4.4 (29/06/2017)
New:
- Added the GLOBSTAR configuration file option. This will set the
shells globstar option to allow recursive checks of directories.
By default this option is disabled.
- Added a Japanese translation file.
- Added support for the 'BSDng' package manager option. This can
be used by those *BSD systems which have the 'pkg' command
available (currently later FreeBSD systems).
- The BSD package manager will now try the 'pkg_info' command '-W'
option if the '-F' option fails.
- Added the LOCKDIR configuration option. It is now possible to
specify the directory rkhunter will use to store the lock file
(if USE_LOCKING has been set). The default is unset, and this
will cause rkhunter to look for a directory to use. Details are
in the configuration file.
- Added the ALLOWIPCPROC configuration file option. This can be
used to whitelist suspicious processes using shared memory
segments (found during the 'ipc_shared_mem' check).
Changes:
- The DISABLE_UNHIDE option has been removed from the configuration
file. It is no longer required as disabling the 'hidden_procs' or
'hidden_ports' tests has the same effect.
- The installer now installs directories and executable files with
mode 700, other files are set as mode 600. The man page is left
at mode 644. The documentation directory is mode 755, and the
files within it are mode 644. The 'rkhunter' program itself will
set the mode of copied files to 600 (for example log files, and
the passwd/group files).
- By default the 'apps' test is now disabled in the configuration
file.
- The default hash function for the file properties test, given by
the HASH_CMD option in the configuration file, has now changed
to SHA256. It was previously SHA1, or MD5 if SHA1 was not found.
- Previously the lock file (if locking was used) was just an empty
file. It now contains the PID of the running process.
- The 'system_configs' test name has now been changed into a test
group consisting of the two tests 'system_configs_ssh' and
'system_configs_syslog'. Each test may now be enabled or disabled
individually.
- The 'other_malware' test name has been removed, and replaced by
the 'login_backdoors', 'sniffer_logs', 'tripwire', 'susp_dirs'
and 'ipc_shared_mem' test names. These are now all part of the
'malware' test group.
Bugfixes:
- Ensure that 'lsof' errors are not displayed.
- Ensure that 'ipcs' errors and the locale are handled correctly.
- Correct broken pipe errors in some commands.
- For Solaris users set the 'awk' command very early on so that
option processing works correctly.
- The ALLOWPROCDELFILE option was not handling multiple pathnames
or wildcards correctly. It was also not handling the option
pathnames correctly.
- The SCANROOTKITMODE configuration option was never actually read
as a configuration option.
- The '--config-check'/'-C' option could produce incorrect error
messages in certain circumstances.
- Setting the ALLOW_SSH_PROT_V1 option to '2' could cause warning
messages when SSH protocol 1 was allowed.
- Allow Linux 'grep' to work correctly with binary (i18n) files.
- Multiple UID0_ACCOUNTS and PWDLESS_ACCOUNTS options were not being
handled correctly.
- Uppercase test names were not being handled correctly.
- Changed the 'logger' command tag from 'Rootkit Hunter' to 'rkhunter'
to avoid problems with spaces.
- Ensure that 'fdescfs' filesystems are correctly detected.
- To try and avoid colour escape sequences being logged, both of
the variables CLICOLOR and CLICOLOR_FORCE are unset for *BSD and
SunOS systems.
- The 'startup_malware' and 'possible_rkt_strings' checks will now
check systemd startup scripts if they are located in the
'/etc/systemd/system' directory.
- The 'sockstat' command output on BSD systems can become corrupted
if a username is very long. This is now detected, and processed
correctly.
- The 'shared_libs' test now recognises comments in the preload file.
- The ALLOWPROMISCIF configuration option was not handling multiple
occurrences correctly. This has now been corrected.
- Tighten up the input verification check on the mirror file to
ensure that only URL's are used as a mirror. (CVE-2017-7480)
- The BSD package manager seemed to be needlessly stripping out
parts of package names on NetBSD systems. It no longer does this.
- In certain cases it was possible for certain tests to not display
any output. This has now been corrected.
- The installer did not always add the 'rkhunter.d' directory, if
it existed, to the main configuration file for monitoring.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list