Rkhunter have released a new version of the root kit scanner:http://sourceforge.net/forum/forum.php?forum_id=1050043Upgrade for our service package:
wget http://prdownloads.sourceforge.net/rkhunter/rkhunter-1.3.6.tar.gztar -xzf rkhunter*cd rkhunter-*./installer.sh –layout default –install
It does appear to currently throw a false-positive on CentOS v4.8 systems, but you should check this:
Warning: Checking for possible rootkit strings
Changes:
- Further improvements to ICMP rule filters
- Added backup mod_security log viewer for non-cPanel servers
Changes:
- Fixed broken image icon in the WHM header
- Switched to a proportional font to display the mod_security log entries to better fit the browser window
- Increased the lines per mod_security log lines to display from 40 to 200
- Fixed a display formatting issue with the mod_security log entries
Changes:
- Mod_security log viewer removed from csf in favour of cmc
- Improved ICMP rule filtering. This could help some hosts that experience connection issues with csf
- Added ICMP regex checking to Port Scan Tracking. Add ICMP to PS_PORTS to include this, i.e. to Port Scan for all ports use:PS_PORTS = “0:65535,ICMP”This is now the default on new installations
Changes:
- Improved licensing code tolerance on network failure for web and ftp scanning on servers that are behind NAT
- Exploit regex definitions database updates
- Exploit fingerprint definitions database updates
- Ftp and web scanning speedups
Changes:
- Updated exploit definitions database
- Exploit fingerprint definitions database additions
