chkrootkit 0.47 is now available! This version includes: * chkproc.c - some bug fixes, thanks to Lantz Moore - use of getpriority() to identify LKMs, thanks to Yjesus(unhide) and Slider/Flimbo (skdet) - new rootkit detected: - Enye LKM * chkrootkit - new test: - crontab - new rootkits/worms detected: - Enye LKM - Lupper.Worm - shv5 - more ports added to the bindshell test - some minor bug fixeschkrootkit is a tool to locally check for signs of a rootkit. Moreinformation about chkrootkit and rootkits can be found athttp://www.chkrootkit.org/.
The rkhunter developer has finally released a long awaited update:
- This release added support for RHEL WS/AS/ES 3 Taroon update 8, Fedora Core 5, and SuSE 10. Checks were added for packet capturing applications and processes using deleted files. The netstat check was enabled for AIX and the backdoor check was enabled for SunOS. Logfile specification and checks were added.
http://rkhunter.sourceforge.net/Unfortunately, it looks like they still don’t support the most popular OS’s md5sums, i.e. RHEv4/CentOSv4To upgrade:
I have released another new versiob of csf with the following changes:
Upgrade either through WHM or follow upgrade.txt in the tarball.
I’ve released a new version of csf with the following changes:
Follow the upgrade.txt file within the csf tarball – the last time you’ll need to do this manually if you use the new WHM upgrade feature 😉
Wow.I’m sure the forums will be a hive of activity with this news:
A new version of mod_security has been released with the following changes:
As many of you may be aware we have always provided a cPanel server recovery service when asked. We have now formalised this service for anyone who needs it should they have OS disk problems:
- Root compromise – if your server gets hacked and is therefore no longer trustworthy
- OS disk failing – if the OS disk is starting to log errors indicating an immenent drive failure
- OS corruption – if the file system is becoming corrupt
- OS upgrade – if you want to upgrade from an old unsupported OS to a new one
- Corrupt kernel – if you’ve upgraded the kernel and it has rendered the server unbootable of any kernel
- Any situation which leaves your main OS disk unbootable
More details on the Server Recovery Service page.
I have added the following to the Why you should use :fail: page on our site:
A new version of Logwatch has been released hereChanges:
Well, with the advent of courier-imap and multi-session login for IMAP now available we’ve decided to move our email@example.com joint mailbox from POP3 access using Public ShareFolder to using an IMAP account on our local server. I’ve moved over to Thunderbird and am enjoying using it. There are some important functions from Outlook that I miss, especially having it remember frequently used folders to move mail items to, though there is a workaround. I am enjoying being able to view emails in the format they arrived in rather than the bastardised format that Outlook stores email – it still amazes me how an email client can both store email bodies in a different format to which they were delivered and to also ruin email headers to make them next to useless. Unfortunately, Outlook is a well featured email client, but I’m not sad to see the back of it.The move was important to us. We keep all email, going back to before 1998 when we started this business and so it needs to be a robust solution. The main gotcha was that courier-imap doesn’t like you using either a slash or a dot in folder names, which meant for a lot of renaming for some parts of our folder structure. Other than that, the only real issue with Thunderbird/IMAP is the somewhat flaky new email detection, but I’m getting used to it 😉