Release Notes: New tests were added for common SSH brute force scanners and suspicious PHP files. The tests for login, netstat, top, and backdoor were enhanced. Some minor bugs were fixed.
Release Notes: A chkutmp.c program that displays users that may have wiped themselves from the utmp log was added. chkproc.c now has better support for Linux threads. A new chkutmp test was added to chkrootkit, and Fu, Kenga3, and ESRK can now be detected.
No changes have been submitted for this release.
Release Notes: C++ comments have been removed from chkproc.c. New rootkits detected: AjaKit and zaRwT. New CGI backdoors are detected. ifpromisc.c has better detection of promiscuous mode on newer Linux kernels. There is a new command line option (-n) to skip NFS-mounted directories. There are minor bug corrections.
Release Notes: There is a fix for NPTL threading mechanisms, minor corrections, chkrootkit, a new test (vdir), detection of the worms 55808.A and TC2, and detection of the rootkits Volc, Gold2, Anonoying, Suckit (improved), and ZK (improved).
Release Notes: This release adds True64 support, chkproc.c bugfixes, an init test, new detection of rootkits, and minor corrections.
Release Notes: This release now detects more slapper variants, and includes some miscellaneous bugfixes.
Release Notes: This release detects the new "slapper B" worm as well as the LOC, Romanian, and other root kits. It includes a tcpdump trojan test, new ports in the bindshell test, chkdirs.c, and a detection tool for the Sebek kernel module. There were also minor bugfixes in the chkrootkit script and improvements to chkproc.c.
Release Notes: New rootkits and worms are now detected. Some minor bugfixes and improvements were made.
Release Notes: This version incorporates a chkproc.c patch and a new test, w. New rootkits and trojans are now detected, inluding Showtee, Optickit, T.R.K, MithRa's Rootkit, George, and SucKIT.