Current Path : /compat/linux/proc/self/root/usr/local/share/doc/rkhunter/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //compat/linux/proc/self/root/usr/local/share/doc/rkhunter/CHANGELOG |
#################################################################### # # CHANGELOG # #################################################################### !! Important notices !!: - Dates in this file are formatted as DD/MM/YYYY (European format) - The rkhunter configuration file (default /etc/rkhunter.conf) will not be overwritten when using the rkhunter installer. Be sure you compare your existing configuration file against the one delivered in this package, in order to optimize the file for your machine. -- * 1.3.2 (27/02/2008) New: - Added support for the socklog and rsyslog (syslog) daemons. - Added support for IRIX/IRIX64 systems. - If the user wishes to force RKH to use the 'stat' or 'readlink' supplied scripts, then this can be set in the configuration file. The options STAT_CMD and READLINK_CMD, respectively, can be given the value of BUILTIN to achieve this. For the 'stat' script, perl must be present. Changes: - Improved the 'unsupported language' error message so that the user is told exactly what command to run in order to see the list of supported languages. Added a similar comment in the configuration file. - Errors from applications during the application version check are mostly now ignored. Improved checking that a valid version has been found. - The ALLOW_SSH_ROOT_USER and ALLOW_SSH_PROT_V1 options in the configuration file can now be set to 'unset' and '2' respectively. These values indicate that the SSH configuration file have no specific value set for the corresponding SSH option ('PermitRootLogin' and 'Protocol'). RKH will show the test result in green and as 'Not set'. - Application names, in the application check, can now be completely whitelisted. Previously only specific versions were whitelisted, and RKH had to run the application to find the version. By whitelisting the application completely, RKH does not have to run it. - The use of the 'pflog' network interface is now checked for on all *BSD systems (not just OpenBSD). - Allow i18n language filenames to contain characters other than just letters. Bugfixes: - Scanning the /dev directory in LAZY mode corrupted the pathname being tested. Also RKH now handles filenames (in /dev) with spaces correctly. - During the test of files in /dev, MAKEDEV was not being automatically whitelisted if it exists as an actual file (not a symlink). - Ensure the suspscan test removes any files it creates. - The MAIL-ON-WARNING configuration file option and the --no-verbose-logging command-line option, are now only logged if the system is being checked. - Root equivalent and passwordless account names are now shown correctly. Previously, names which contained spaces, for example if the account had been manually commented out, were only shown up to the first space character. - Whitelisted passwordless account names are now logged. - Suspscan warnings were being ignored by the rkhunter summary and return code. - Corrected obtaining process names in Solaris for the network ports and deleted files tests. Previously they did not report the name correctly, if at all. - Use of the '--debug' option with the Korn shell was not working correctly. - Reset the SIGPIPE handler to its default to avoid pipe output errors. - Language files may contain backticks. These are now escaped during processing. - Unset the MANPATH in the spec file to allow the RPM to be built on OpenSuSE systems. - The hidden files/directories test would try and run even if no 'file' command was present. - Cater for *BSD systems using the fdesc/fdescfs filesystem on /dev/fd. -- * 1.3.0 (22/09/2007) New: - Created an ACKNOWLEDGMENTS file. - Added configuration file option MAIL_CMD when MAIL-ON-WARNING is used. This can specify the 'mail' command to use and the subject line. - The log file can be appended to. This can be set in the config file or by using the --append-log command line option. - A second colour set has been added for users using rkhunter with black characters on a white screen. The command-line option --cs2 will enable it. - Added special config file and command-line option, -x/-X, to detect if X is in use. If detected then second colour set will be used. - Added '--propupd' option. This allows a user to create the rkhunter.dat file. This file contains the O/S name, file hash values and other bits of information. If the file hash values change, perhaps due to new versions of software, then the user simply runs rkhunter with the option again. If the user has not run rkhunter with this option, then the file properties checks are skipped. This option obsoletes the 'hashupd.sh' script previously recommended to users. If use of the '--propupd' option is suggested by the program, then the log file will contain a warning message to the user that they must ensure that the commands checked on their system must have been installed and verified as being genuine. The file properties check consists of two main parts - the file attributes (permissions, uid etc), and the hash value. Both are stored in rkhunter.dat. Either part, or both, can be disabled using the '--disable' option. - Added the '--hash' command-line option, and the HASH_FUNC option to the configuration file. This allows a user to select the hash function command they want to use for the file hash value check and the properties update. By default SHA1 will be used, or MD5 if SHA1 cannot be found. For prelinked systems the function must be either MD5 or SHA1. A value of NONE can be used to disable the hash check or to stop the hash values being recorded in the rkhunter.dat file. - Added the HASH_FLD_IDX option to the configuration file. This specifies the field of the HASH_FUNC command output which contains the hash value. A default of 1 is used, except for *BSD systems where 4 will be used. - The files for the file hash checks are now 'looked for'. The code will search the command directories, and check the relevant files in all the directories. Additional commands and directories are used for Solaris, MAC OS X, NetBSD and FreeBSD systems. Overall more commands will be checked. - Added support for Ubuntu, and the 'dash' and 'ash' shells. - If the O/S name, architecture or prelinking status changes from one rkhunter run to the next, then a warning message is written to the log file and the file properties prerequisite check will fail. The change may well cause the file hash checks to show false positives. (The user should rerun rkhunter with the --propupd option.) - Rkhunter will now check that certain commands are present before starting any checks. This avoids spurious 'command not found' type messages suddenly appearing. - Added basic internationalization (i18n) functionality. The messages displayed during test processing are obtained from an indexed file. This file can be translated in to other languages, keeping the index the same. To see which languages are provided use the new '--list languages' option. Chinese translation provided. - Added two new command-line and configuration file options, '--enable' and '--disable' to specify which tests are to be carried out and which are to be ignored. Use of either option will automatically assume '--check'. - To list the available test names, use the new '--list tests' option. - The '--update' and --versioncheck' options can now use commands other than wget to download files. Supported commands are now wget, curl, elinks, links, lynx, bget and GET. Once a command has been found, it will be used for all downloads. Since bget and GET are perl commands, checks will be made that any required perl modules are also present on the system. - (SF Tracker 1616395) Added '--syslog' cli option, configuration file option USE_SYSLOG. This will allow the --check option start and finish time to be logged via syslog. The facility/priority are user configurable. - Added --debug cli option, and allow commands to be configured in the configuration file. Both of these additions are for the developers, but may be used when debugging user problems. - Added command-line options '--summary/--nosummary' (--ns). These control whether the system checks summary is shown. By default it is shown. The '--summary' option, as well as the '--report-warnings-only' option, will override the '--quiet' option if they are specified. However, no other information will be displayed if '--quiet' is used. - Added SunOS SInAR rootkit check. - Added '--verbose-logging/--no-verbose-logging' options. This cuts down on some of the logging for some of the tests. By default verbose logging is enabled. - The inetd and xinetd configuration file pathnames can now be specified in the rkhunter configuration file. Also, enabled inetd and xinetd services can now be whitelisted. - Added support for Solaris 10 inetd mechanism (inetadm). - The directory containing the SSH configuration file can now be specified in the rkhunter config file. - The pathname to the syslog configuration file can now be specified in the rkhunter config file. - The use of syslog remote logging can be allowed in the configuration file. - The pathnames to the local system startup file (rc.local), and the startup directory (/etc/rc.d) can now be specified in the rkhunter config file. - Files in /dev can now be whitelisted. - Application version numbers can now be whitelisted. This caters for those distributions that may patch a 'known bad' version, but without updating the original version number. - Added 'suspscan' to malware tests. Suspscan attempts to scan files in directories containing temporary files for signs of malicious activity, and could be of use on (publicly accessable) web servers running for instance PHP-based applications. Please note that in it's current state suspscan is prone to reporting false positives, and is CPU and I/O intensive to boot. Therefore suspscan is disabled by default. Please do not enable suspscan unless you have good reasons to use it. Review the settings in the configu- ration file, and test before deploying it on production servers. - Added the command-line option '--pkgmgr', and the configuration file option PKGMGR. These provide support for package managers when using the '--propupd' and '--check' options. Currently supported package managers are 'RPM' for RedHat/RPM-based systems, 'DPKG' for Debian-based systems, and 'BSD' for *BSD systems. Additionally, 'NONE' can be used to indicate that no package manager is to be used. The default is 'NONE'. See the README file for more details. - It is now possible to configure rkhunter to use local or remote mirrors, rather than just the SourceForge one. This applies when either the '--update' or the '--versioncheck' option is used. The default is to use all defined mirrors. The README file has more details about this. - It is possible to configure rkhunter to not rotate the mirrors.dat file. It is also possible to configure the mirrors file not to be updated when the '--update' option is used. Both of these options can be useful when defining local mirrors. The README file has more details about this. - Added a file size check to the file properties checks. This will only occur for non-prelinked files, files not part of a package, or packaged files when the RPM package manager is being used. - Network ports listed in the backdoorports.dat file can now be whitelisted. Specific protocol/port pairs, or pathnames to allowed executables, may be used. Additionally, an asterisk may be used to indicate that trusted pathnames will be allowed. The configuration file has more details about this. - The O/S 'release' file pathname may now be configured. This option should only be necessary for those systems on which rkhunter cannot automatically determine the O/S name or version. - Rootkit files and directories, including those with spaces, may now be whitelisted in the configuration file. Changes: - Improved command-line and config file option checking. - The log file is now created by default, it can be disabled in the config file or by using the --nolog command line option. The log file is created with permissions 600. - The log file cannot be a symlink. - Multiple recipients may be specified with the MAIL-ON-WARNING config option. - Added BINDIR and ROOTDIR options to the config file. - Split out the README file in to README and FAQ files. - Solaris will now use the bash shell if available. - Expanded the command PATH used to include the /opt/sfw and /usr/sfw directories for Solaris users. - Expanded the command PATH used to include the /usr/pkg directory for NetBSD users. - Expanded the command PATH used to include the /System/Links/Executables directory for GoboLinux users. - Versioncheck now checks the versions numerically. - The HASHWHITELIST configuration file option has been removed. It is no longer required because users can now create their own file of hash values using the '--propupd' option. - The '--checkall' option has been changed to '--check'. The old option is still recognised, but will be deprecated at some time. - If a logfile is to be written, but not appended to, then the old log file is moved to '<logfile name>.old' now. The same happens to the rkhunter.dat file if the --propupd option is used. - The previous 'known good' hash check now also checks the files inode, uid, gid, permissions and modification date/time, for any changes. The latter is only for non-prelinked systems. As before, in all cases, the file hash is checked. (This is now the file properties check.) - Improved the O/S detection mechanism. Rather than requiring users to send us details, rkhunter actively looks at the 'release' file(s) to find the O/S name. Included support for some lesser-known Linuxes - GoboLinux, Lunar Linux, Rock Linux, Source Mage Linux, Kanotix, Sidux and Zenwalk. - If the --propupd or --update options are used, as well as the system check option --check, then the update checks are performed before the system is checked. Previously the update occurred after the system was checked. - Hidden file search now checks /usr/share/man directories. - Improved NetBSD support. - The supplied perl scripts, providing the stat, md5 and sha1 commands, can now be executed without perl being in the default directory (/usr/bin). - If a perl script is to be used, then a check is made that required modules are installed on the system. If they are not, then it is treated the same as if perl was not present. - Included the /usr/share/man directories when looking for hidden files. - Check for symbol entries in kallsyms file if ksyms does not exist. - Enabled sockstat/netstat test for all BSD variants (not just FreeBSD). - Enabled backdoor port test for all systems which have either the 'lsof' or 'netstat' command. However, if the netstat syntax is not understood on the O/S, then an error is shown. (The user can configure the test to be disabled to avoid the error.) - The TMPDIR configuration option and --tmpdir command-line option cannot be set to /tmp or /var/tmp because files will be copied and left there. It cannot be set to /etc either because files will be deleted from there. - Removed the '--scan-knownbad-files' option. This test was considered to be obsolete. - Removed the '--disable-md5-check' option. This is now the 'hashes' test name, and can be disabled by the '--disable' option. - Removed the '--allow-ssh-root-user' option from the command-line. This can still be set/unset in the configuration file. This option must now be set to the value of the 'PermitRootLogin' option in the SSH config file. This then allows root access to be set, but will check to see if the option has changed. A default value of "no" is used. - The --rootdir/ROOTDIR configuration option has been changed to be more intuitive. Previously the specified ROOTDIR had to end in a slash (e.g. '/abc/'). Now this is not necessary, a normal directory name can be used (e.g. '/abc'). - The '--versioncheck' option now rotates the mirror file. It also assumes program defaults if the mirror file is missing or empty, or if no mirrors are found within it. Additionally if the URL is missing from the configuration file, then a program default is used. This allows the option to work even if the files have become a bit corrupt. Any missing files or mirrors are logged to the log file. If a mirror fails, then the next mirror is used, until all the mirrors have been tried. Only then is a failure message displayed, and the return code set. The return code will be set to 0 if no error occurred, 1 if an error did occur, and 2 if no error occurred but a new version is available. - The '--update' option will use a default mirror if the mirror file is missing or empty. If a mirror fails then the next mirror is used. If a file has become corrupted such that the version number cannot be read, then a new copy will be downloaded. The return code will be set for this function. It will take the value of 0 for no error, 1 for an error, and 2 for no error but an update has occurred. This allows a user to use the --quiet option, but still check for the return code. - The version numbering of the '.dat' database files has changed. This makes them incompatable with previous versions of rkhunter, and as such files from previous versions will be overwritten if used with this version. - The displayed output and logged output are now similar. This allows checking the log file to be easier when looking for specific tests. The log file will, of course, log more information than is displayed on the screen. - Script replacement check now checks for any type of script (perl, awk, etc). Previous versions only checked for shell scripts. Commands which are supposed to be scripts can be whitelisted in the configuration file. The 'rkhunter' command itself is an exception, and the check will ensure that 'rkhunter' is a shell script. The script check will be automatically skipped if a package manager is being used, and the file has already passed the file size and hash checks. - File permissions check improved to check if 'other' has the 'w' bit set. Previous versions only checked if '777' ('rwxrwxrwx') was set. Merged this into the file properties checks. Soft links are ignored, as are packaged files when the RPM package manager is used. - The '--report-mode' option has been removed. It was not seen as being useful, and combinations of the other options will provide the same, if not better, reporting. - The xinetd.conf check now handles the 'include' directive. It also now handles the 'includedir' directive in all files, and not just in the initial xinetd configuration file. - The '--display-logfile' option can now be used after any option. Previously the log file was only shown after checking the system. - The checks on accounts and the password and shadow files, have been improved. The user can configure the pathname to the password and shadow files, as well as being able to whitelist accounts with no password or which are root equivalent. *BSD support improved. - Improved the hidden files and directories checks. Some directories are now searched more thoroughly, and checks against the file type are more robust. - Apache backdoor test now looks in more places. - The application version check no longer checks against known 'good' versions. Only a file of bad versions is kept. The previous method was impossible to maintain. - Enabled the immutable file test for *BSD systems. - Soft (symbolic) links for files and directories are now handled correctly. Previously the link was dealt with, but not what it pointed to. Soft links are dealt with when using the '--propupd' command, and when running the file properties checks. For those systems with no 'readlink' command (e.g. Solaris), or those in which readlink does not understand the '-f' option (e.g. NetBSD), a shell script is now provided to support this. - RPM spec file and installer now caters for x86_64 machines. Removing the RPM now more fully removes RKH; only the rkhunter.conf file should remain. Bugfixes: - Command-line options requiring an argument now work correctly under Solaris. - The -h/--help option now works as expected. - The 'ignoKit rootkit' check was not checking all the required files. - Some checks were not respecting the ROOTDIR option in their pathnames. This has now been corrected (possibly not completely though). Also, some tests were using ROOTDIR pathnames in grep/strings checks when they shouldn't have been. This has also been corrected. - The file hash prelink test should now work even if SELinux objects to the prelink command (provided the 'runcon' command exists). When the '--propupd' option is used, any file for which a hash cannot be obtained is logged as a warning. (Typically prelink may need to be run on the file.) Rkhunter will still work as before, but the file properties check may show that the hash value has changed to or from a null value. - Corrected file attributes check - previously the immutable flag would never have been found. - Backdoor UDP port tests were not being done correctly. The TCP port tests have been made a bit more aggressive - TCP tests only look for TCP ports; they also look for established connections rather than just listeners. - Backdoor port data file (backdoorports.dat) is now part of the '--update' process. - The '--versioncheck' option did not set the return code. It now does so. However, note that if an update is available then the code will be set to '2'. This allows use of the '--quiet' option, but still being able to detect if an error occurred (code 1), an update is available (code 2) or if no error occurred and no update available (code 0). - Corrected bug in Solaris script replacement check. The tested output is never used on Solaris, so previously the test would never have worked. - The '--quiet' option now does what it says. No output is shown unless other options are specified by the user. E.g. using '--quiet' on its own produces no output, but sets the return code. If the '--report-warnings-only' option is used as well, then warnings will be shown despite '--quiet' being used. - Enabled the login backdoor check. It was coded, but used the wrong variable. It also checked for directory names rather than file names. This looked wrong, but I could not find any more info about it. As such we now check for their existence rather than whether they are files or directories. - Corrected the suspicious directories check. - The xinetd.conf check only occurred for Linux systems. It will now occur for all O/S's. Also, the check always reported the file was clean, regardless of whether this was true or not. - The hidden files and directories check was not working correctly for Gentoo users. - Small bug in T0rn rootkit file list. -- * 1.2.10 (Not released) New: - Enabled Ohhara Rootkit check Changes: - If duplicate configuration file options are seen, then only the last one seen is used Bugfixes: - Lsof resolution fix - Fixed Danny Boy's Abuse Kit check - Fixed SHV5/Tripwire check - Fixed ignoKit check -- * 1.2.9 (30/09/2006) New: - Rootkit Hunter is under new management so maintenance, development and support is assured - Added support for RHEL WS/AS/ES 3, Taroon update 8 - Added support for Fedora Core 5 - Added support for SuSE 10 - Added check for packet capturing applications (see rkhunter.conf for whitelisting) - Added check for processes using deleted files (see rkhunter.conf for whitelisting) - Enabled netstat check for AIX - Enabled backdoor check for SunOS - Enabled logfile specification and checks Changes: - Improved cAos support - Improved AIX rc.sysinit test - Improved second promiscuous mode check - Improved prelinking test - Improved binaries found check - Improved MD5 check and application scan - Improved FreeBSD/AIX grepping - Improved Solaris grep/ifconfig (FP's) - Improved reportmode report-warnings-only - Improved permitrootlogin check with forced-commands-only - Improved passwordless user accounts test - Improved file/module name checks (FP's) - Improved check-update: DBDIR vs temp dir and preserve DAC rights - Improved Solaris script replacements - Fix typos, grammatical changes, formatting/displaying - Added more examples to config - Change contact information Bugfixes: - Removed stale mirrors - Fix SF tracker issue 1449701 - Fix skdet test - Time uses Perl epoch - Error message about "group" file - Ksh 'shift' fix -- * 1.2.8 (24/02/2006) New: - Added '-sk' alias (instead of --skip-keypress) - Added support for Fedora core 4 - Added support for FreeBSD 4.11, 5.2, 5.3, 5.4, 6.0 - Added support for CentOS 3.3 ('final' and 'Final') - Added support for CentOS 3.5, 4.1 and 4.2 - Added support for Debian 3.1 (AMD64) - Added support for RHEL WS/AS/ES 3, Taroon update 6 - Added support for RHEL WS 4, Nahant Update 1 and 2 - Added support for Slackware 10.2 Changes: - Updated RHEL hashes - Updated Fedora Core 3 hashes - Updated SuSE 9.1 hashes - Updated software database - Update copyright line -- * 1.2.7 (24/05/2005) New: - Added support for CentOS 4.0 - Added support for Mandrake 10.2 - Added support for Gentoo (sparc/sparc64/x86) - Added additional support for E-smith (SME 6.0.1) - Added support for FreeBSD 4.5 and 4.6 Changes: - Improved support for Bind (thanks to Craig) - Improved support for RHEL AS release 3 - Updated hashes for SuSE 9.1 (core-utils) Bugfixes: - Fixed problem with the updater (file was retrieved, but not placed within the correct directory) -- * 1.2.6 (10/05/2005) New: - Added support for Tao Linux - Added support for Trustix 2.2 (Sunchild) Bugfixes: - Fixed problem with updater -- * 1.2.5 (03/05/2005) New: - Added support for FreeBSD 4.11 (i386) - Added support for RHEL AS release 3 - Added support for Cobalt (6.5.1) Changes: - Fixed permissions of check_update.sh - Fixed typo in help - Improved detection for some unknown rootkits/backdoors - Improved messages/logging - Some code cleanups - Important: fixed a security issue, related to temporary files -- * 1.2.4 (25/04/2005) New: - Added support for E-smith (SME 6.0) Changes: - Updated hashes for Fedora core 2 - Improved documentation of tools (see tools directory) - Removed logging from installer Bugfixes: - Fixed problem when using --allow-ssh-root-user (option was overwritten by configuration file option) -- * 1.2.3 (21/03/2005) New: - Added option to allow/whitelist hidden files and directories. See configuration file - Added support for SuSE 9.2 (x86-64) Changes: - Updated configuration file, to give more information about whitelisting of hidden files/directories - Updated Fedora core 3 hashes (procps package) - Updated packages: OpenSSH - Updated manpage - Improved logging - Added debugging info for named - Strip off patch version with PHP port (Debian) - Extended support for Fink (MacOS), added /sw/bin to BINPATHS in check_update.sh - Improved installer when /usr/local/bin is missing Bugfixes: - Fixed problem with unquoted variable (passwordless accounts) -- * 1.2.2 (18/03/2005) New: - Added support for Mandrake 10.1 - Added hashes for Mandrake 10.1. Thanks to Roderick B. Greening - Added support for RHEL WS release 3 - Added support for NIS when looking for passwordless accounts - Added support for beX2 (evil code) Changes: - Updated Debian hashes - Changed permissions of installer (0755 instead of 0750) - Changed installer so normal users can install rkhunter. This is experimental, so check is commented in installer - Updated packages: Bind, Exim, OpenSSL - Improved logging - Small layout fixes - Code cleanup - Updated mirror list - Updated copyright message (2005) Bugfixes: - Changed symbols when one or more groups are added/removed -- * 1.2.1 (21/02/2005) New: - Added support for Mandrake 8.1 (i586, no hashes) - Added support for FreeBSD 5.3 (i386, with hashes for release version) - Added support for Slackware 10.1 - Added Turkish translation to installer (note: language support temporarily disabled) - Added support for Fink (MacOS), added /sw/bin to BINPATHS - Added contrib directory - Added script (contrib) run_rkhunter, by Andy Spiegel Changes: - Updated hashes for SuSE 9.1, Mandrake 10.0 - Updated installer (changed copyright line, comments and disabled version number, because it can be confusing when installer version is another version than main version.) - Perform extra check before checking configuration file (to see if it exists) - Improved logging (show temporary directory, improve output when scanning for default rootkit files/directories) - Improved output when system is unsupported - Stop program when temporary directory doesn't exist instead of creating it - Updated packages: Apache, Bind, GnuPG, OpenSSL - Fixed some typos Bugfixes: - BINPATHS got overwritten when performing software version check - Fixed bug when checking for ssh root user. Thanks to Andy Spiegel - Clean up temporary prelink file Website: - Added notification list - Fixed some XHTML bugs -- * 1.2.0 (10/02/2005) New: - Added support for CentOS 3.4 - Added new configuration option 'ALLOW_SSH_ROOT_USER' and program parameter '--allow-ssh-root-user' to allow directly login of a `root` user, in your SSH configuration file. Changes: - Updated hashes for Fedora Core 1, Core 2, Core 3 - Changed RHEL 3, so taroon 4 uses the hashes of taroon 3 - Updated Debian hashes - Removed ClamAV from application scan. It warns the user now when it runs an too old version. - Updated manpage - Changed detection for SuSE versions. SuSE Linux Enterprise Server didn't work, because of the capitals (instead of the usual name) - Warn if user uses /tmp as temporary directory (possible security issue) - Updated wishlist/todo and manpage. Bugfixes: - Fixed wrong message when group was added/deleted from /etc/groups -- * 1.1.9 (28/12/2004) New: - Added RH-Sharpe's rootkit (rootkit) - Added SHV5 rootkit (rootkit) - Added special test for tripwire - Added support for metalog (syslog daemon) - Added support for ALTLinux 2.2 and 2.4 - Added support for CentOS 3.3 - Added support for Gentoo 1.6 - Added support for FreeBSD 4.10 (alpha platform) - Added support for SuSE SLES8. Thanks to Mario Lenz - Added support for SuSE 9.2 (i586) - Added support for Fedora Core 3 - Added support for Red Hat Enterprise Linux ES/WS release 4 - Added hashes for Fedora Core 3. Thanks to Steph - Official port is now available for ALTLinux - Change text when an old software package has been found. This will happen with backporting operating systems (Red Hat, Fedora etc) Changes: - Improved logging for lsof test - Updated hashes for Fedora Core 1 - Updated hashes for Debian woody - Updated hashes for Red Hat Enterprise Linux ES/WS release 3 - Updated hashes for Slackware 9 - Updated hashes for Slackware 10 - Updated hashes for SuSE 9.1 - Updated wishlist/todo, updated readme and manpage. - Code cleanup (added more remarks, cleanup of old/buggy things).. - Improved logging Bugfixes: - Changed binary search path due typo. Thanks to Bertrand -- * 1.1.8 (12/09/2004) New: - Added support for Red Hat 6.2 and hashes. Thanks to Sebastian Herbszt - Added support for Red Hat Enterprise Linux ES 3, Taroon update 3 - Added support for Red Hat Enterprise Linux AS 3, Taroon update 1 Changes: - Improved Suckit detection - Improved FreeBSD version detection. It now will skip MD5 check if sysctl contains 'release', but patches for primary binaries are installed (like ls, ps, top etc) - Added error redirection when performing lsattr checks - Added `find` to path search - Updated installer with portogues/brazilian language. Thanks to Douglas - Updated hashes for Red Hat Enterprise Linux 3 - Updated hashes for Slackware 10 - Cleaned up logging when checking for passwordless accounts - Show message when bad hashes are found. Some scared people began to worry inmediately after they found several bad hashes, without understanding the reason of it (reason: updated packages). - Improved output in logging which deals with updated packages / hashes - Improved logging (informational logging) - Improved output of hidden directories/files. Thanks to Greg Houlette - Corrected some parts of logging - Code cleanup Bugfixes: - Forgot to initialise LSATTRFOUND -- * 1.1.7 (29/08/2004) New: - Added support for ADM Worm - Added support for MzOzD and spwn backdoor - Added LKM filename check (experimental) - Added passwordless user account test Changes: - Updated Mandrake 9.2 hashes. Thanks to Eric Gerbier - Updated application version list - Extended inetd.conf test (searches for shells) - Added total of vulnerable applications at report, if application scan was performed. Bugfixes: - Fixed a major bug in the installer when you install version 1.1.5 or newer. The sample configuration won't be copied and the due to that, the --update function won't work. -- * 1.1.6 (18/08/2004) New: - Added support for RSHA's rootkit (rootkit) - Inspect files attributes (immutable detection) - Added '--update' to help text. Updater seems to be stable - Added FreeBSD packages database test (pkgdb). It performs an automatic fixup of the database and displays an error when problems were found. - Added '--skip-application-check' option. This skips the program version check. On some systems it's half useless, because they use patched (old) version numbers. Changes: - Improved report at end (hide line when no rootkits are found) - Updated hashes for SuSE 9.1 (i586) - Fixed double hash in database - Updated database with program versions - Added more help and informational messages Bugfixes: - Improved installer (when last line contains no newline char, the INSTALLDIR option was added on the wrong place) -- * 1.1.5 (11/08/2004) New: - Added support for Ni0 Rootkit (rootkit) - Added 'open files' check - Added OpenSSL check - Added Solaris 9 support Changes: - Improved logging of application scan check - Improved xinetd.conf tests (disabled some parts, due false positives) - Improved logging on different places (more breaks etc) - Improved SunOS support. Thanks to Michael Gueting - Improved (POSIX compatible) applications support for SunOS - Fixed a typo (application version check) - Fixed a typo (SSH check) - Fixed small layout issue at application scan check - Removed an double declared variable (WARNING=0) Bugfixes: - Fixed missing lines in rkhunter.spec file - Installation script shouldn't be overwriting rkhunter.conf file.. -- * 1.1.4 (07/08/2004) New: - Added support for FreeBSD 4.10 - Added support for White Box Enterprise Linux 3.0 - Added support for Debian 3.1 (Sid) - Added support for OpenBSD 3.5 (i386 and sparc64) - Added support for SunOS. Thanks to Michael Gueting - Added boot.local test for SuSE 9.x - Added Apache test - Added support for mod_rootme module (apache backdoor) - Added option '--display-logfile'. It displays the logfile you specified at the end of the output (don't forget to use --create-logfile) - Added application version checker Changes: - Don't quit when wget cannot be found during install - Updated installer (for new update function) - Updated MD5 hashes for Mandrake 9.1 - Updated MD5 hashes for Slackware 9.1 - Updated MD5 hashes for FreeBSD 5.2.1 - Improved logging in quiet mode - Improved key pauses when in 'interactive' mode - Improved xinetd check - Improved report-mode option (--report-mode). If you want a small amount of information (ie. if you scan a lot of servers), use this option. - Updated document location in installer - Updated the wishlist. A lot of issues are solved now. - Updated changelog (had some little typos) Bugfixes: - Fixed false positive when using Debian - Fixed support for PLD Linux and CPUBuilders Linux - Fixed a typo in the installer -- * 1.1.3 (20/07/2004) New: - Added support for SuSE Linux Enterprise Server 8. Thanks to Daniel Berlin - Added support for SuSE Linux Openexchange Server 4.1.1. Thanks to Daniel Berlin - Added support for Fedora Core 2 with 64 bits support - Added support for TDB database (/dev related) - Added hashes for FreeBSD 5.2.1 * Added tools directory in tarball with a experimal auto-updater. Use it on your own risk and check the script before you run it! Changes: - Improved Suckit support (rootkit) - Improved user detection (the check will now handle NIS users fine when checking for UID 0 alike users) - Improved logging on multiple sections - Updated parameter list (--help), to reflect changes (--quiet) - Updated hashes for Mandrake 10 - Updated installer. With a SunOS improvement by Michael Gueting. Bugfixes: - Quiet-option is now really quiet (xinetd line still appeared when running in quiet mode) - Fixed a problem with the binary UPX scan (multiple error lines appeared) -- * 1.1.2 (14/05/2004) New: - Added string check. This checks some binaries which often get trojaned. - Added '--quiet' option. Very usefull when running Rootkit Hunter as a cronjob and don't want to see all the output (EXCEPT when warnings/errors has been found) - Added xinet daemon test. Thanks to unSpawn and Andrea - Added test for binaries (UPX) - Added alias '--create-logfile' for '--createlogfile' - Added support for Mandrake 8.2 - Added support for Mandrake 9.0 - Added support for Mandrake 9.1 - Added support for Redhat Enterprise Linux AS (Taroon update 2). Thanks to Yann Le Guennec - Added support for Slackware 10. Thanks to Fred Bulthuis - Added support for Gentoo 1.5. Thanks to Nicolas Kaiser - Added support for some Gentoo ppc versions - Added hashes for Slackware 10 Changes: - Improved support for AIX and OpenBSD. Thanks to Iain Roberts - Improved support for rootkits (Dica, Dreams, Fuckit, MRK, Ohhara, Sin, SunOS Rootkit and TBD Rootkit) - Updated hashes for Fedora Core 2 - Updated hashes for SuSE 8.2. Thanks to Jack Denman - Updated installer Bugfixes: - Fixed another problem in the installer - Fixed a problem with the updater (not yet in use) - Changed output of `ps` when checking for syslog daemon (should fix a problem on some systems where the output was too long) -- * 1.1.1 Bugfixes: - Fixed a problem with the installer.. (wrong shell) -- * 1.1.0 New: - Added support for Red Hat Linux Advanced Server 2.1 - Added support for Slackware 9.0. Thanks to Stan Cosmin - Added support for Slackware 9.1. Thanks to Fred Bulthuis - Added support for Trustix 2.0. Thanks to Agung Ud - Added support for Debian with sparc64 architecture (testing/unstable) - Added hashes for Slackware 9.0 - Added hashes for Slackware 9.1 Changes: - Updated SuSE 9.1 hashes - Updated Mandrake 10 hashes - Updated Fedora Core 1 hashes - Updated Fedora Core 2 hashes - Updated OpenBSD 3.3 hashes - Updated Suckit (rootkit), multiple improvements - Updated rkhunter.spec file. Thanks to Craig Orsinger - Updated installer. Thanks to Iain Roberts - Added mirrors.dat to file checks Bugfixes: - Fixed WHITELIST option again (it stripped the wrong characters: when a hash contains a '5', it got stripped) - Updated sockstat/netstat check for FreeBSD - Skipping of MD5 didn't work anymore (due a forcefully check when Perl module Digest::MD5 was found). Thanks to Zac -- * 1.0.9 New: - Added support for Balaur Rootkit (rootkit) - Added installdir option to the installer - Added INSTALLDIR option to configuration file - Added support for SuSE 9.1 (pro) - Added support for Fedora Core 2 - Added support for RHEL 3 Taroon update 2 - Added support for PCLinuxOS (HD-install) - Added hashes for SuSE 9.1 - Added hashes for Fedora Core 2 - Added hashes for Mandrake 10 Changes: - Updated hashes for Fedora Core 1 (updating prelinked hashes is no good idea..) Thanks to Doncho. - Updated hashes for SuSE 8.2 - Updated hashes for Mandrake 9.2 - Updated hashes for RHEL 3 Taroon update 1 and update 2. Thanks to Tom and Eilko - Improved hidden file detection Bugfixes: - Added prelink check, to resolve some problems with a few Fedora Core 1 installations. Thanks to Mike Haslam for pointing out this problem. - Changed detection of syslog daemon - Fixed a problem with the MD5WHITELIST option (see rkhunter.conf). Thanks to John P. New - Updated installer (added /usr/local/etc to directory check, because some systems don't have this directory by default) -- * 1.0.8 New: - Added support for Mandrake 10 (official release). Thanks to Dave Edwards - Added support for Slackware 9.1.0. Thanks to Zebul666 - Added hashes for Red Hat Enterprise Linux 2.1 (Panama). Thanks to Duke (mastre). (+1 beer for me) Changes: - Updated hashes for Red Hat Enterprise Linux 3 - Updated hashes for Fedora Core 1. Thanks to Greg Houlette - Updated rkhunter.spec file by Doncho - Improved extra Suckit tests. Check the presence of `stat`, before performing the scans. Reported by Pasi. -- * 1.0.7 New: - Added support for Irix Rootkit (rootkit) - Added support for URK (Universal Root Kit) (rootkit) - Added 'whitelist support' for MD5 hashes. See configuration file for more information about this new option. - Added improved support for Yellowdog 3.0 (Sirius). Thanks to P. Hopkins Changes: - Improved Suckit detection (multiple improvements). Thanks to unSpawn! - Fixed problem when running a special listener under FreeBSD (i.e. a DHCP daemon). Thanks to Yann Nottara - Fixed wrong text with 'rootdir' option. Thanks to Doncho N. Gunchev - Fixed typo with '--dbdir' parameter. Thanks to unSpawn. - Fixed rkhunter.spec file. md5blacklist.dat was missing. Thanks to Masanari Iida - Fixed a problem with the $rootdir - Improved rkhunter.spec file. Thanks to Doncho N. Gunchev - Improved Perl version detection. Thanks to Doncho N. Gunchev - Updated installer to support dynamic paths soon. - Layout improvements for installer - Changed copyright text in main binary and installer (as required/suggested by GPL) - Updated website (FAQ, documentation) -- * 1.0.6 New: - Added support for FreeBSD 4.9 and 5.2.1 - Added support for SuSE 9.0 (i386 and i586). Thanks to multiple people - Added support for Trustix. Thanks to Joachim Holst - Added support for Whitebox Enterprise Linux 3.0. Thanks to Fire - Added support for CentOS 3.1. Thanks to Fire - Added support for Mandrake 10 (community release). Thanks to Ted Kline - Added support for CPUBuilders Linux. Thanks to Chris Locke - Added support for Gentoo's 'rc.local' file (local.start) - Added parameter '--bindir' to use another (binary) directory than the default ones (to select which binaries will be used to perform the tests). Requested by Joel. - Added parameter '--configfile' to use another configuration file. - Added parameter '--dbdir' to use another (dynamic) database directory - Added a check when dynamic parameters are used (like --dbdir, --bindir) to check the existance of these paths/files. - Added lsmod check (/proc/modules) for Linux distros. Thanks to Micah Anderson Changes: - Updated hashes for Mandrake 9.2. Thanks to John P. New and others. - Updated hashes for Red Hat Enterprise Linux Update 1. Thanks to Eilko - Added informational message, when 'PermitRootLogin' or SSH protocol 1 is found, into the logfile - Renamed .spec file to rkhunter.spec - Updated installer. Thanks to Uwe Hermann - Improved LKM check. Thanks to Joe Croft - Improved logging - Fixed a problem with ifconfig -- * 1.0.5 New: - Added 'ignoKit' (rootkit) - Added support for Red Hat Linux 8.0 (Psyche) - Added option '--disable-passwd-check', to disable passwd/group check. Suggested by Michael Niehren - Added option '--scan-knownbad-files', to scan besides the 'known good' MD5 checks, a lot of system binaries against a 'known bad' database. - Added option '--tmpdir', to specify a temporary directory instead of the static one (see below, at 'tmpdir' option within the configuration file). - Added a 'known bad' database with a lot of 'blacklisted' binaries and tools (like sniffers, rootkits, backdoored binaries, IRC tools etc) - Added hashes for Red Hat Enterprise Linux ES release 3 (unpatched). Thanks to Nico Morrison - Added a 'mail-on-warning' option to the configuration file. When the checker finds one or more warnings, it will send a warning to the system administrator (see the configuration file for more information) - Added 'tmpdir' option to the configuration. This optional value can be used instead of the default (/usr/local/rkhunter/tmp) directory and is one of the first steps to make rkhunter less static. - Rootkit Hunter now exists with an exit code of 1 when a rootkit is found or a MD5 checksum failed. Suggested by Michael Niehren Changes: - Updated support for Red Hat Enterprise Linux. Thanks to Nico Morrison - Improved/updated .spec file for RPM creation (improved cronjob script, updated file version, corrected packager value). Thanks to Joe Klemmer and Michael Niehren - Improved cronjob check (it contained a little bug, so it wasn't always non- interactive..) - Improved logging of sockstat/netstat tests - Fixed message when parameters are provided, but 'check' option is missing - Updated installer (0.0.6) -- * 1.0.4 New: - Added 'AjaKit' (rootkit) - Added 'Legion of Doom (LoD)' (rootkit) (note: uses almost every same file as AjaKit) - Added support for Red Hat Enterprise Linux. Thanks to Kevin Jarnot Changes: - Updated 'NSDAP' (rootkit) - Updated 'Dica' (rootkit) - Updated 'X-Org SunOS Rootkit' (rootkit) - Changed message 'not found' into 'OK' when no file redirection has been found. Thanks to Jens Gutzeit - Improved check for hidden files (empty files will be skipped, more directories added) - Corrected file scan counter. - Improved logging - Cleaned up tarball -- * 1.0.3 New: - Added support for SuSE Linux 8.1. Changes: - Updated 'Flea Linux Rootkit', because /lib/security is a legal path name. Thanks to Moritz Bunkus - Updated syslog-ng checking (checking remote logging in the configuration file). Thanks to Juri Memmert for reporting the problem -- * 1.0.2 New: - Added 'aPa Kit' (rootkit) - Added 'Danny-Boy's Abuse Kit' (rootkit) - Added 'Duarawkz' (rootkit) - Added 'Flea Linux Rootkit' (rootkit) - Added 'HjC kit' (rootkit) - Added 'Kitko' (rootkit) - Added 'R3dstorm Toolkit' (rootkit) - Added 'TeLeKiT' (rootkit) - Added 'VcKit' (rootkit) - Added support for Aurora Linux 1.0 (SPARC, named 'Ansel') - Added support for Red Hat Linux 7.0 - Added support for Mac OS X (Darwin kernel) - Added option '--report-mode' to remove footer and location of logfile - Added alias parameter '--createlog' for '--createlogfile' - Added alias parameter '--skipkeypress' for '--skip-keypress' - Added informational message when a user doesn't use '--checkall' or '--cronjob' Changes: - Updated hashes for Fedora Core 1. Thanks to Doncho N. Gunchev - Improved output of logfile - Changed warning message when a part of a rootkit has been found (show correct logfile instead of default file) - Changed footer message (and tell you guys you have to submit your undetected rootkits) Website: - Updated articles: Hyperlinks, Scanning Techniques -- * 1.0.1 New: - Added parameter '-h' (or --help, -?) to display the usage syntax (same thing when you give no options at all). Reported by Arthur E. Groen - Support for Linux SuSE 8.2 (i586 platform) Changes: - Improved scan for 'Suckit' (rootkit) - Updates hashes for Mandrake 9.2 - Fixed a problem with the installer (wrong function declaration). - Had to strip down all colors in the installer, because of the complaints :-) - Changed installer so it could be used as a non-interactive installer (like it was before).. Languages are still usuable, but will be used in later versions (with a interactive switch) - Fixed the LANG function (renamed it, because of the reserved name). - Added Swedish translation for the installer. Thanks to Daniel Olsson - Improved logging when Perl has been found - Undo 'skip MD5 test' (MD5CHECK_SKIP=0) when Digest::MD5 available, but md5(sum) isn't, so we can still scanning. - Fixed a wrong path name (deleting of temporary passwd file) Website / Documentation: - Updated FAQ - Updated Project information (updated supported OSes, rootkits, added date of last modification) - Updated README -- * 1.0.0 Special remarks: - New developer: Stephane Dudzinski (a.k.a. FRLinux) New: * Operating system support - Added support for Fedora (tested with Core 1, Yarrow) - Added support for Gentoo (tested with 1.4 release) - Added support for Red Hat 7.3 (Valhalla) - Added support for Sun Solaris (not working yet..) - Added OpenBSD 3.3 (i386) hashes - Added Fedora Core 1 (i386) hashes - Added special verify section when prelinked binaries are found (like Fedora Core 1 uses). Thanks to Michael G. Rozman - Added support for IBM AIX. A big thanks to Iain Roberts! Versions 4.3.2, 4.3.3, 5.1, 5.2, 5.3, 5.4 * Rootkit / backdoor support - Added 'Dreams' (rootkit). Thanks to Joshua Levitsky - Added 'Heroin' (LKM rootkit) - Added 'Sin' (rootkit) - Added 'Shutdown' (rootkit) - Added 'Sneakin' (rootkit) - Added 'Superkit' (rootkit) - Added 'T0rn' (rootkit) - Added 'Trojanit Kit' (rootkit) - Added 'zaRwT.KiT' (rootkit) - Added 'Volc' (rootkit) * Linux support - Added extra kernel check (2.4/2.6) when OS is Linux - Added Linux 2.6 kernel support. - Added extra check when using a RPM based distro, to display the package name in the logfile when filehashes are different. Thanks to Michael G. Rozman * Rootkit Hunter options - Added option '--quick'. Can be used with newly added scans and will use some tweaks to scan quicker (be carefull: can hide some usefull information at first scan, i.e. hidden files with trojaned binaries) - Added option '--skip-keypress'. Make rkhunter non-interactive, so you don't have to press [enter] after every test. Requested by Michael G. Rozman - Added option '--version'. Displays version and quits. - Added extra check for promiscuous interfaces, when 'ip' command is available - Added check for (rootdir)etc/conf.d/local.start file (Gentoo) - Added ksyms check to rootkitscan section - Added check for binaries like nmap, ls, lsof, ps (for future use) - Added Perl Digest::SHA1 module check - Added SSH 'PermitRootLogin without-password' (as an unsafe option). Thanks to Doncho - Added check for sniffer logfiles detection - Added support for grsec enabled Linux kernel. Thanks Steph ;-) Changes: - Improved installation - Splitted version number (from 1.00 --> 1.0.0) due future minor releases - Updated 'Ambient' - Updated 'BOBkit' - Updated 'Knark' - Updated 'Sebek' - Updated hashes for Red Hat 7.1 (fileutils, util-linux, SysVinit and xinetd). Thanks to Michael G. Rozman - Updated hashes for Debian 3.0 (IPv6 enabled version of tcpd). Thanks to Steph - Changed LKM check when kernelversion of Linux is the new 2.6 - Improved support for other rootdirs (instead of '/') - Added check for empty files when searching for hidden files - Added check for real device fiels when searching for hidden files - Added colored layout, when performing file checks (for i.e. hidden files) - Little bugfix when perform LKM checking - Bugfix when scanning sshd_config for file if file isn't available in /etc/ssh - Improved logging for selftests - Improved logging when performing MD5 hash test - Improved logging for scanning of rootkits and malware - Improved logging of rootkitscan section (files and directories) - Improved logging for detection of binaries and Perl modules - Improved SSH 'root login allowed', to decrease false positives - Changed detection of users with an UID of 0 (zero) - Improved rootkitscan section for files and directories with spaces - Fixed wrong detection of Debian version (unstable/testing). Thanks to Daniel Olsson - Fixed wrong use of parameters when using --quick option, but not using -c. Thanks to Joost Peters - Added missing 'full OS' string, when RH doesn't recognise the operating system. - Fixed bad logging of rootkits (and files) - Fixed a problem when using --skip-keypress and a rootkit was found (skip keypress didn't work, and user input was required). - Fixed installer for NetBSD and MacOS X, by commenting whereis functions (will be soon replaced) - A lot of code cleanups.. Website: - Updated website (FAQ / Changelog, Project information) - Fixed a problem with the contact form (-moz-opacity CSS property failed with some browsers). -- * 1.00 RC3 New: - Added option --disable-md5-check to skip checking MD5 hashes (if you run customized binaries/tools) - Added option --rootdir (or -r), to use with chrooted systems. Note: not completely integrated yet. Requested by Henk Wevers - Added functions logtext and displaytext to make script more powerfull and easier to use (for example with a new 'quiet' option) - Added support for OpenBSD 3.3 and OpenBSD 3.4 (MD5 fix added, due the missing of the -q (quiet) option of MD5). Thanks to Stefan Changes: - Updated 'Beastkit' - Updated 'BOBkit' - Updated hashes for Red Hat 9.0 (coreutils update). Thanks to Andrew Matthews - Fixed a little problem with support for multiple file hashes (see 1.00 RC2). When more than one hash was available, only the first one was checked. Thanks to Andrew Matthews for testing. - Solved two little issues with netstat check. Check reported possible backdoor if portnumber was present in another portnumber (like string '2001' is available in '20010'). Also the portnumber was found when the remote connection had the same portnumber as a possible backdoor (like a dynamic port 2001 was assigned to a SSH client). Thanks to Michael Firkins - Changed text when a possible backdoored file is found (because --debug option is not a valid). Thanks to Anton Pirnat - Changed check for OpenSSH sshd_config file (it will search now for more than 1 place). Thanks to Jeroen Griede - Added extra check for file retrieval utilities (i.e. to do version checking) - Changed string at beginning of RH output (Determing OS... Ready) - Made some tweaks to the layout of the logfile (with --createlogfile option) -- * 1.00 RC2 New: - Added check for syslog-ng (instead of only checking for the presence of syslogd). Thanks to Chris Vaughan - Added check to allow more than one MD5/SHA1 for a single file. When a 'base' file will be updated, it's possible to add a second hash. Thanks to James Clark and Greg Bell - Added AIX check. Thanks to Val Baranov - Added hashes for SuSE 8.2 (i386) - Added hashes for Red Hat 9.0 - Added hashes for Mandrake 9.2 - Added hashes for Debian 3.0 (tested with release 2) - Added support for Mandrake (i.e. /dev/.devfsd file) - Added section to check the file type of every hidden file found - Added parameter 'nocolors' to disable colored output - Added support to run RH as a cronjob (parameter '--cronjob') - Added check to removed layout when running as cronjob - Added option to create a logfile (parameter '--createlogfile') - Added changelog on website (rootkit.nl) Changes: - Updated hashes for Red Hat 7.2 - Cleanup logfile at startup - Just check /dev directory once for hidden files - Deleted unused consistency check (on Debian it showed several warnings) - Fixed a little problem with querying the default hashes database (added a slash to the query, to resolve the problem) - Layout fix for Linux distros - Fixed an error for Debian (where /etc/rc.d files not always exists..) by adding an extra check for the presence of this files. - Tweaked section to scan /dev directory. Scan is faster now (scan for unknown shellscripts and files) - Some little layout changes - Updated 'Beastkit' due false positive. Thanks to Dunay - Updated 'Suckit' (more checks added) - Changed FAQ -- * 1.00 RC1 Remarks: First release New: - Database: backdoor ports (DB:backdoorports.dat) - Added filtering for network connections - Added OS support for SuSE Linux: - Added OS support for Debian: 2.2/3.0/testing - Added OS support for FreeBSD 5.x: version 5.0/5.1 - Added OS support for FreeBSD 4.x: version 4.3/4.7 - Added OS support for Red Hat Linux 7.1/7.2 - Added KLD tests (FreeBSD) - All other options...