ELBA-2022-15231
- ULN >
- Oracle Linux Errata repository >
- ELBA-2022-15231
ELBA-2022-15231 - rkhunter Bug Fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2022-06-21 |
Description
[1.4.6-7]
- Add patch to drop libkeys check, which is no longer needed on epel8 ( rhbz#2063310 )
[1.4.6-6]
- Add allow for podman's /dev/shm files (fixes bug #1828698 )
[1.4.6-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
[1.4.6-4]
- Drop ifup/ifdown since network-scripts is now deprecated. Fixes bug #1698920
[1.4.6-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
[1.4.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[1.4.6-1]
- Update to 1.4.6. Fixes bug #1547315
- Allow KRA vault log files. Fixes bug #1541472
- ipc_shared_mem warning fixed upstream. Fixes bug #1524456
[1.4.4-6]
- Escape macros in %changelog
[1.4.4-5]
- Add fix for new rpm queryformat and ARCH. Fixes bug #1517387
[1.4.4-4]
- Disable ipc_shared_mem test for now due to false positives. Bug #1472299
[1.4.4-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[1.4.4-2]
- perl dependency renamed to perl-interpreter
[1.4.4-1]
- Update to 1.4.4. Fixes bug #1466318
- Fix for logger and spaces. Fixes bug #1284403
[1.4.2-13]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
[1.4.2-12]
- Add /dev/shm/qb* files to whitelist. Fixes bug #1403602
- Add /dev/shm/squid-ssl_session_cache.shm to whitelist. Fixes bug #1411130
[1.4.2-11]
- Add /dev/shm/lldpad files to whitelist. Fixes bug #1293059
[1.4.2-10]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
[1.4.2-9]
- Add /dev/shm/squid files to whitelist. Fixes bug #1279632
[1.4.2-8]
- Change config patch to account for change in default SSH config
[1.4.2-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
[1.4.2-6]
- Add /etc/.updated systemd file to whitelist. Fixes bug #1173481
- Add patch to fix grep -a issue with too many arguments output.
[1.4.2-5]
- Set /var/lib/rkhunter to be mode 700. fixes bug #1154428
[1.4.2-4]
- Fix cron script to work with non bash shells. Fixes bug #1146717
[1.4.2-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
[1.4.2-2]
- Add patch to fix ipcs command in non en locales
- Add config to fix freeipa installs. Fixes bug #994567
[1.4.2-1]
- Update to 1.4.2
[1.4.0-9]
- Add patch for now to help spaces in allowdev file handling. Fixes bug #984180
[1.4.0-9]
- Perl 5.18 rebuild
[1.4.0-8]
- Fix for unversioned docs
- Requires: crontabs. Fixes bug #989110
[1.4.0-7]
- Perl 5.18 rebuild
[1.4.0-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
[1.4.0-5]
- Add /dev/md/autorebuild.pid to whitelist. Fixes bug #857315
[1.4.0-4]
- Add /var/log/pki-ca/system to whitelist for FreeIPA. Fixes bug #849251
[1.4.0-3]
- Fix /bin/ad false positive. Fixes bug #831989
[1.4.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
[1.4.0-1]
- Update to 1.4.0
[1.3.8-15]
- Add workaround for /lib/java false positive. Fixes bug #806972
[1.3.8-14]
- modutils are for Linux 2.4 and no longer provided; depend on kmod
[1.3.8-13]
- Drop net-tools, no longer needed. Fixes bug #784803
- Add /dev/shm/spice.* to whitelist. Fixes bug #784882
[1.3.8-12]
- Add /etc/.java to whitelist. Fixes bug #770972
[1.3.8-11]
- Add /usr/share/man/man5/.k5identity.5.gz to whitelisted hidden files.
[1.3.8-10]
- Update %files section so that some .dat files are marked %ghost
[1.3.8-9]
- Add patch to fix ALLOWPROCDELFILE config option. fixes bug #727524
[1.3.8-8]
- Fix typo
[1.3.8-7]
- Add patch to fix out of the box warning on rkhunter script.
- Fixes bug #719270
- Add etckeeper and tomboy files. Fixes bug #719265 and #719259
[1.3.8-6]
- Change ssh check back to 2 - bug #596775
- Drop hard Requires on prelink. It will be used if present - bug #714067
[1.3.8-5]
- Add /dev/.mount to ALLOW_HIDDENDIR - bug #697599
[1.3.8-4]
- Don't send warning emails anymore. They cause selinux issues and are not very helpful.
- Fixes bug #660544
[1.3.8-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
[1.3.8-2]
- Adjust config some - bug #596775
[1.3.8-1]
- Update to 1.3.8
[1.3.6-9]
- Drop /var/run as it's not used anymore - bug #656684
[1.3.6-8]
- Add patch to make rkhunter use unhide if installed - bug #636396
[1.3.6-7]
- Add ipsec.hmac exclude - bug #560594
[1.3.6-6]
- Add exclude for md-device-map - bug #596731
- Supress ssh version check - bug #596775
[1.3.6-5]
- Change config to not specify XINETD_PATH - bug #560562
[1.3.6-4]
- Change email to just root instead of root@localhost - bug #553179
- Add .k5login.5.gz to files whitelist - bug #553134
[1.3.6-3]
- Add some more ssh hmac files to whitelist - bug #552621
- Re-add /dev/.mdadm.map to whitelisted files - bug #539405
[1.3.6-2]
- Disable apps check by default - bug #543065
[1.3.6-1]
- Update to 1.3.6
[1.3.4-9]
- Add exception for /dev/.mdadm file - bug #539405
[1.3.4-8]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
[1.3.4-7]
- Add exception for software raid udev file - bug #509253
[1.3.4-6]
- Add /usr/bin/.fipscheck.hmac to ok files - bug #494096
[1.3.4-5]
- Fix typo in patch file
[1.3.4-4]
- Rework spec file
- Add check for the new hmac ssh files
[1.3.4-3]
- Update cron job to include hostname (thanks Manuel Wolfshant)
[1.3.4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
[1.3.4-1]
- Update to 1.3.4
- Use libdir as tmp dir - bug #456340
[1.3.2-6]
- Fix cron job sending as attachment - bug #472679
- Fix cron job trying to send with colors - bug #475916
[1.3.2-5]
- Patch debug tmp file issue - bug #460628
[1.3.2-4]
- Fix cron script to only mail on warn/error - bug #450703
- Fix conditional to account for fc10 rsyslog
[1.3.2-3]
- Change cron to run after prelink - bug #438622
[1.3.2-2]
- Move things to more standard locations for selinux - bug #438184
- Add exception for pulseaudio file - bug #438622
[1.3.2-1]
- Update to 1.3.2
- Fix cron script
[1.3.0-2]
- Use /etc/redhat-release for EPEL and /etc/fedora release for Fedora.
- Add conditionals to support EPEL
- Fix man page warning.
[1.3.0-1]
- Revive package, clean up spec
- Update to 1.3.0
[1.2.8-3]
- Made an RPM transparent change to move the sha1 canary check
file out of CVS and into the external lookaside cache (whose
filename changes with every new package release anyway...)
[1.2.8-2]
- Fixed architectural dependency during package creation eliminating
use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting)
[1.2.8-1]
- New package version release
- reworked the .spec file to support optional dist tag
- Updated the application check default patchfile (chunk failure)
- Changed to SHA1 for optional message digest (canary check)
- Added a couple of suggested skip entries to rkhunter.conf
[1.2.7-1]
- Added signature auto-updating to CRON scan (new script)
- Removed BOOTSCAN pending rewrite to full SysV Init scan in background
- Added the --append-log command line option
- Added Date Stamping to output
- Fixed bug in /etc/group missing report
- New package version release
[0:1.1.9-1]
- New package version release
- Added the --run-application-check command line option
to listing in command help
- Replaced 'Here' Doc editing of rkhunter.conf file
with in-place Perl edit
- tweaked rpmbuild -bb Autoclean
* Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited)
- Removed redundant buildrequires /bin/sh, coreutils and perl
- Revise postun scriptlet
- Added /usr/share/doc/rkhunter-1.1.8/ to files list
* Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1
- Changed Release Tag to 0.fdr.1 (testing) for QA
- Removed wget from dependencies
- Hid (temporarily) the --skip-application-check command
line option from being listed in help
- Fixed the spec files list, again!
* Fri Oct 08 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2
- Unified and disabled the md5 canary check in prep
(check is now optional) removing the sha1 cross-check
- Fixed the spec files list, adding the /var/rkhunter
directory and the /usr/bin/rkhunter executable
- Fixed missing dependencies (rkh uses runtime checks)
- Disabled 'auto-clean' for rpmbuild -bb
- Changed Application version scan default to
disabled awaiting backport fix in upstream sources
- Fixed shared_man_search.patch, configuration files
verify and added postun(install) cleanup
* Fri Oct 01 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1
- More cosmetic patchwork
- Changed Release Tag to beta1 (pre-release) for QA submit
* Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1
- Removed hidden_search.patch (1.1.7) after it was
merged into upstream source by Michael Boelen
- Removed .spec file from md5 and sha1 file checks
(it must be modifiable by Fedora QA release build)
- Added BOOTSCAN description file to documentation
- Restructured dynamic file creation ('Here' Docs)
moving them to the 'prep' stage so that *_ALL_*
files are available prior to the 'build' stage
(for inspection purposes)
- Added a /etc/sysconfig/rkhunter parameters file
* Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1
- Cosmetic patchwork
* Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1
- Moderate reworking of .spec file for packaging standards
- Added md5 and sha1 file checks to prep procedure for source .rpm
- Included an optional rc.local replacement for scan on boot (with full logging)
* Tue Aug 10 2004 Michael Boelen - 1.1.5
- Added update script
- Extended description
* Sun Aug 08 2004 Greg Houlette - 1.1.5
- Changed the install procedure eliminating the specification of
destination filenames (only needed if you are renaming during install)
- Changed the permissions for documentation files (root only overkill)
- Added the installation of the rkhunter Man Page
- Added the installation of the programs_{bad, good}.dat database files
- Added the installation of the LICENSE documentation file
- Added the chmod for root only to the /var/rkhunter/db directory
* Sun May 23 2004 Craig Orsinger (cjo)
- version 1.1.0-1.cjo
- changed installation in accordance with new rootkit installation
procedure
- changed installation root to conform to LSB. Use standard macros.
- added recursive remove of old build root as prep for install phase
* Wed Apr 28 2004 Doncho N. Gunchev - 1.0.9-0.mr700
- dropped Requires: perl - rkhunter works without it
- dropped the bash alignpatch (check the source or contact me)
- various file mode fixes (.../tmp/, *.db)
- optimized the %files section - any new files in the
current dirs will be fine - just %{__install} them.
* Mon Apr 26 2004 Michael Boelen - 1.0.8-0
- Fixed missing md5blacklist.dat
* Mon Apr 19 2004 Doncho N. Gunchev - 1.0.6-1.mr700
- added missing /usr/local/rkhunter/db/md5blacklist.dat
- patched to align results in --cronjob, I think rpm based
distros have symlink /bin/sh -> /bin/bash
- added --with/--without alignpatch for conditional builds
(in case previous patch breaks something)
* Sat Apr 03 2004 Michael Boelen / Joe Klemmer - 1.0.6-0
- Update to 1.0.6
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 8 (aarch64) | rkhunter-1.4.6-7.el8.src.rpm | fa9194c6c1da4888d8ad101dee5e9459 | - |
| rkhunter-1.4.6-7.el8.noarch.rpm | 123d361af6eb2d9249e295e045043f53 | - | |
| Oracle Linux 8 (x86_64) | rkhunter-1.4.6-7.el8.src.rpm | fa9194c6c1da4888d8ad101dee5e9459 | - |
| rkhunter-1.4.6-7.el8.noarch.rpm | 123d361af6eb2d9249e295e045043f53 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
