rkhunter-1.4.2/0000755000000000000000000000000012310147330012050 5ustar rootrootrkhunter-1.4.2/files/0000755000000000000000000000000012310145053013152 5ustar rootrootrkhunter-1.4.2/files/LICENSE0000644000000000000000000004313210507005460014165 0ustar rootroot GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. rkhunter-1.4.2/files/README0000644000000000000000000010161412271026316014043 0ustar rootroot THE ROOTKIT HUNTER PROJECT ========================== Copyright (c) 2003-2014, Michael Boelen See the LICENSE file for conditions of use and distribution. It is recommended that all users of RootKit Hunter (RKH) join the rkhunter-users mailing list. Subscribing to the list can be done via the RKH website at http://rkhunter.sourceforge.net A copy of the RKH FAQ is also available from the web site. ROOTKIT HUNTER REQUIREMENTS =========================== Please note that RKH has some requirements: 1) Before RKH starts it will check that certain required commands are present on the system. These are typical commands such as 'cat', 'sed', 'head', 'tail', etc. If a command is missing then RKH will not run. 2) Some tests require commands such as stat, readlink, md5/md5sum or sha1/sha1sum. If these are not present, then RKH has perl scripts which will automatically be used instead. However, this requires perl, and certain modules, being present. If they are not, then the tests will be skipped. Readlink is provided as a script itself, and does not use perl. Other tests will use other commands. If the relevant command is not found on the system, then the test will be skipped. 3) A tool should be present with which to download file updates. Currently wget, curl, (e)links, lynx and GET are supported. If your system does not allow the possibility to install one of these applications, but does run perl, you can use 'bget' available from http://www.cpan.org/authors/id/E/EL/ELIJAH/. If you use another generic method of updating RKH then please let us know. Additionally, a non-standard command to be used for file downloads can be configured in the RKH configuration file. 4) Some tests require single-purpose tools. RKH does not depend on these, but it will use them if it finds them. They can enhance RKH's detection capabilities. The tools are: - Skdet Tests for SucKIT, Adore, Adore-NG, UNFshit, UNFkmem and frontkey. http://www.xs4all.nl/~dvgevers/ - Unhide and unhide-tcp (C versions) Finds hidden ports and processes. http://unhide.sourceforge.net - Unhide (Ruby version) Finds hidden processes. https://launchpad.net/unhide.rb If the relevant tool is not found, then the test is skipped. ROOTKIT HUNTER INSTALLATION =========================== Unpacking the tar file should produce a single directory called 'rkhunter-'. Where '' is the version number of rkhunter being installed. For example, the rkhunter-1.4.0.tar.gz tar file will produce the 'rkhunter-1.4.0' directory when unpacked. Within this directory is the installation script called 'installer.sh'. To perform a default installation of RKH simply unpack the tarball and, as root, run the installation script: tar zxf rkhunter-.tar.gz cd rkhunter- ./installer.sh --install Note: If some form of file permission error is shown, then check that the 'installer.sh' script is executable. RKH installation supports custom layouts. To show some examples run: ./installer.sh --examples The installer also has a help option: ./installer.sh --help The default installation process will install a configuration file, called 'rkhunter.conf', into the '/etc' directory or where you chose using the '--layout' switch. You can either edit the main configuration file itself, or create a 'local' configuration file for your own settings. This file, which must be called 'rkhunter.conf.local', must reside in the same directory as the main configuration file. Alternatively you can create a directory, named 'rkhunter.d', in the same directory as the main configuration file. Within 'rkhunter.d' you can then create further configuration files. The only restriction is that the file names end in '.conf'. You should edit the configuration file(s) according to your own system requirements. If the installer encounters an existing 'rkhunter.conf' file, it will not be overwritten. Instead the installer creates a new configuration file, but with a unique number as its suffix. Please inspect the new configuration file, and copy over any changes to the existing main configuration file or to your local configuration file(s). The main RKH script will be installed into the '/usr/local/bin' directory or where you chose using the '--layout' switch. Man pages will be installed into '/usr/local/share/man', and other documentation will be installed into the '/usr/local/share/doc' directory. RKH data files, language support, and a directory for temporary files will be installed into '/var/lib/rkhunter'. Finally, RKH support scripts will be installed into '/usr/local/lib/rkhunter/scripts', or, if using an x86_64 system, into '/usr/local/lib64/rkhunter/scripts'. All directories, except 'lib64', will be created where necessary. Before running RKH you will need to fill the file properties database by running the following command: rkhunter --propupd Note that if you want to use the package management tools provided by your distribution you will need to select a package manager. In the case of using RPM your command would be: rkhunter --propupd --pkgmgr RPM To run RKH, as root, simply enter the following command: rkhunter --check By default, the log file '/var/log/rkhunter.log' will be created. It will contain the results of the checks made by RKH. To see what other options can be used with rkhunter, enter: rkhunter --help or see the 'rkhunter' man page. NOTE: The first run of 'rkhunter' after installation may give some warning messages. Please see the FAQ file and the rkhunter mailing list archive posts for more details about this. STANDALONE INSTALLATION ======================= It is possible to run RKH standalone, that is, with it all being installed into one directory. To do this unpack RKH as described above, and then install it using the following command: ./installer.sh --layout custom . --install It is then necessary to change to the 'files' directory: cd files Within the directory will be a copy of the 'rkhunter.conf' configuration file. You can modify this file according to your requirements if you wish. To run RKH, as root simply enter the following command: ./rkhunter --propupd --check --sk TESTING RKHUNTER WITHOUT INSTALLING IT ====================================== It is perfectly understandable that new users may wish to try out rkhunter without having to fully install it. Similarly current users may want to test a new version of rkhunter, or a CVS version of it, without it affecting their current system or current installation of rkhunter. This is all perfectly possible, and quite easy, using a standalone installation. First, as the root user, it is suggested that a separate temporary directory is created, and then change to that directory. For example: mkdir /tmp/rkh cd /tmp/rkh It is now necessary to either copy or download a tarball of the version of rkhunter that you want to test. (Since you are reading this file, we assume you have already downloaded the relevant version.) For users wishing to try the latest CVS version, it is possible to download a tarball. For example: wget http://rkhunter.sourceforge.net/rkhunter-CVS.tar.gz Next, it is necessary to extract the files from the tarball. The simplest way is to use the 'tar' command, such as: tar xzf rkhunter-CVS.tar.gz Obviously, for official releases, you will need to use the correct tarball name. For example: tar xzf rkhunter-1.4.0.tar.gz For users of systems with alternative implementations of 'tar', for example Solaris users, you may need to break the extraction process into two steps (or use the 'gtar' command if you have it installed). For example: gunzip rkhunter-CVS.tar.gz tar xf rkhunter-CVS.tar Additionally it is possible to download from CVS directly using the command: cvs -d:pserver:anonymous@rkhunter.cvs.sourceforge.net:/cvsroot/rkhunter co -P rkhunter The extraction process will create a sub-directory containing all the rkhunter files. The sub-directory name will contain the rkhunter version number, or, for CVS tarballs, it will simply be called 'rkhunter'. Change into this directory: cd rkhunter-1.4.0 (for an official release tarball) or cd rkhunter (for CVS and CVS tarballs) Now, we can run the installer program as described in the section above about standalone installations: ./installer.sh --layout custom . --install Finally change to the 'files' sub-directory: cd files Within here will be all the files that rkhunter requires. The configuration file, './rkhunter.conf', will already have been configured for a standalone installation. So there is no need to modify it unless you want to. Any files created by rkhunter will be within this directory. So, as mentioned above, it is perfectly possible to run a check using this installation without affecting any other installation of rkhunter that may exist on your system. To run a check use this command: ./rkhunter --propupd --check --sk By default a log file (rkhunter.log) will be created, and that too will be within this directory. NOTE: If the rkhunter '--debug' option is used then this will, by default, create a file in the '/tmp' directory, and not within the current directory. Once you have finished testing rkhunter, simply delete the entire directory it was installed into: cd /tmp /bin/rm -rf rkh INSTALLATION INFORMATION FOR x86_64 SYSTEMS =========================================== The installation of RKH is largely independent of the system architecture. However, RKH does have some support scripts and these need to be installed into the appropriate library directory. When performing a default installation, or using one of the known layout options (for example, '/usr' or '/usr/local'), then the relevant 'lib64' directory will be used only if it already exists. For a 'custom' layout, the 'lib64' directory will be used and created if necessary. Standalone installations do not use any special library directory at all. RPM installations will use the relevant 'lib64' directory only if the system architecture is detected as being 'x86_64'. REMOVING AN INSTALLATION ======================== RKH supports uninstallation. To do this unpack the installation tarball, and then run the installer with the --remove option. If RKH was installed using a default installation, then run: tar zxf rkhunter-.tar.gz cd rkhunter- ./installer.sh --remove If you chose a different layout, for example '/usr', then run the installer using: ./installer.sh --layout /usr --remove Note: the installer will not remove files that were installed using RPM (use the 'rpm' command to remove the package). For a standalone uninstallation, specified by using '--layout custom .', the installer will remove the whole installation directory (the 'files' sub-directory). During uninstallation, the installer will remove the initial configuration file (usually '/etc/rkhunter.conf'). However, any other files beginning with 'rkhunter.conf' are not removed. These may be removed manually if wished. When installing RKH, some directories may have been created. However, RKH is unaware of this when being uninstalled. As such, and especially when having used a custom installation, some directories may be emptied of files, but the directories themselves may remain. Again, these can be removed manually if wished. In order to see where RKH installed its files during installation, the '--show' option can be used. For example: ./installer.sh --layout custom /opt --show USING TEST NAMES ================ Within RKH some of the tests have been given names. There are two types of test names - specific test names and grouped test names. A specific test name generally refers to one specific test within RKH. A grouped test name refers to a set, or group, of related tests. Within a group name there are usually one or more specific test names. To see the current list of test names use the 'rkhunter --list tests' command. The grouped names list will show the specific names that are within the group. So, for example, the file properties check has the grouped name of 'properties'. However, within that test the file hash value test is known as 'hashes'. Similarly, the file attributes check, which checks the file permissions, uid and gid values, and so on, is known as the 'attributes' test. Note that while it is possible to tell RKH to run the file properties check, but ignore the file hash value test, it is not possible to tell RKH to run the file attributes but to ignore the file permissions checks. RKH has no specific name for the file permissions test, and so it cannot be specifically enabled or disabled. RKH can be told to enable or disable one or more of the tests by using the '--enable' and '--disable' command-line options. Alternatively, the RKH configuration file options 'ENABLE_TESTS' and 'DISABLE_TESTS' can be used. By default, if the command-line '--disable' option is used, then the configuration file option 'DISABLE_TESTS' is also used to determine which tests to run. If only the command-line option is to be used to determine which tests to run, then the '--nocf' option must also be given. The program defaults, if no options are used at all, are to enable all tests and to disable no tests. For this purpose the enable options can use the special test name 'all', and the disable options can use the name 'none'. The enable options cannot use the name 'none', and the disable options cannot use the name 'all'. To specify more than one test name, specify them as a comma-separated list. For example: rkhunter --enable 'rootkits,hashes' Note that in the above example no disabled test list was specified. As such, it will default to the value of the configuration file option (DISABLE_TESTS), or ultimately to the program default value of 'none'. The command-line options '--enable' and '--disable' may be used more than once on the command-line. The supplied RKH configuration file will have some tests already disabled. These are generally CPU and/or I/O intensive tests, or ones which may be prone to giving false-positive results. They can, of course, be enabled by editing the DISABLE_TESTS list. To run the tests from the command line, either use the '--enable' command-line option with the specified test name, or use either '--enable all' or '--disable none'. If either of the '--enable' or '--disable' command-line options is used, and the '--propupd' option is not given, then '--check' is assumed. If the '--enable' option is used and only one test name, other than 'all', is given, then the '--skip-keypress' option is assumed as well. So, for example, to run all the rootkit tests just use: rkhunter --enable rootkits Similarly, to run all the tests except the rootkit tests, then use: rkhunter --disable rootkits In this example RKH will assume the value of the configuration file option (ENABLE_TESTS) for the enabled test list, or ultimately the program default of 'all'. In the previous example, the value of DISABLED_TESTS or, ultimately, 'none' will have been used for the disabled tests list. If a combination of enabled and disabled tests are specified, then RKH will disable a test if it is specified in the enable list. So, for example: rkhunter --enable 'rootkits,deleted_files' --disable malware In this example the 'malware' test is disabled because it is part of the 'rootkits' test. The fact that the 'deleted_files' test is specified to be run is ignored, because that is part of the 'malware' test. RKH will always look to see what tests to disable first. It will then run any enabled tests that are left. By default RKH will log what test names have been enabled and disabled. Additionally it will log each test name that it is about to execute. When initially run RKH may skip some tests due to missing commands or files. It is usually possible to omit these tests by including them in the DISABLE_TESTS list in the configuration file. The test name associated with these tests can be found by looking in the log file. It should be noted that not all the tests have been given names. As such some test names may execute more tests than expected. For example: rkhunter --enable group_changes The 'group_changes' test name refers to the check to see if the /etc/group file has been modified. However, running the above command will also cause several tests on the /etc/passwd file to be executed. This is because those tests are part of the 'local_host' grouped test name, as is the 'group_changes' test, but those other tests have no specific names. As such, RKH will start the 'local_host' tests, executing some of the /etc/passwd file tests and then the 'group_changes' test, but ignoring any other tests within 'local_host' which do have specific names (for example, 'filesystem' and 'passwd_changes'). USING PACKAGE MANAGERS ====================== The RKH file properties check, by default, performs a check of various current file properties against those that it has previously stored in the 'rkhunter.dat' file. This way RKH can warn the user if a file has changed. The file properties include items such as the files hash value, file permissions, uid, gid, inode number and so on. The properties are obtained and stored in the rkhunter.dat file when RKH is run with the '--propupd' option. Typically the file properties are obtained using commands such as 'stat', 'file', 'md5sum' and 'prelink'. However, it is also possible to specify that RKH should get whatever values it can by using a package manager. This can be done by using the '--pkgmgr' command-line option, or the 'PKGMGR' configuration file option. When the RPM package manager is specified, during the file properties check the results from the RPM verification command are used as the test results. For the other package managers, the values from the package manager database are compared against the current values for the files. By using a package manager, it is possible to avoid some false-positive reports that a file has changed when in fact it has been automatically updated by the system. The currently available package managers are 'RPM' for RedHat/RPM-based systems, 'DPKG' for Debian-based systems, 'BSD' for *BSD systems, and 'SOLARIS' for Solaris systems. It is also possible to specify 'NONE' to indicate not to use a package manager. The program default is 'NONE'. Any file which is not part of a package is treated as before, that is, the HASH_CMD configuration file option, or the '--hash' command-line option, will be used. It should be noted that all the package managers, except 'SOLARIS', provide an MD5 hash value for a file. However, the 'RPM' and 'SOLARIS' package managers can provide other file property values as well, such as the file permissions, uid, gid, modification time and so on. During the file properties check all of these values will be used, rather than the ones stored in the rkhunter.dat file. The Solaris package manager does store a 16-bit hash value, but this is not used by default. If it is wished to use the stored value, then the USE_SUNSUM configuration option must be enabled. It should also be noted that the 'DPKG' and 'BSD' package manager options only provide the files MD5 hash value. As such, during the file properties check, all the other current file properties will be re-calculated as before, and compared against the values in the rkhunter.dat file. Hence, only the 'RPM' and 'SOLARIS' package managers offer any real benefits in using a package manager. NOTE: It is possible for a package manager database to become maliciously corrupted. To that extent the use of the package manager options with RKH does not provide any increase in security. However, it may result in less false-positive warnings of files which have changed. As always RKH can only report on changes, but not on what has caused the change. USING LOCAL MIRRORS =================== When the '--update' or '--versioncheck' options are used, rkhunter uses a mirror site from the mirrors.dat file to obtain the required information. By default rkhunter will use any mirror listed in the file, and it will then rotate the list of mirrors. At the time of writing the supplied mirrors.dat file lists the Rootkit Hunter SourceForge site as a mirror. However, it is possible for users to define a local mirror if they wish to. This is done by simply editing the mirrors.dat file and inserting the mirror URL. The line should begin with the text 'local='. For example: local=http://www.example.com/rkhunter_data The required rkhunter files must be placed in a location, of the users choice, which is accessible by the clients. So in the above example, the rkhunter data files would have been placed in the 'rkhunter_data' directory. The required files consist of the '.dat' files supplied with rkhunter, and which will have been installed in the database directory. For a default installation this would have been in '/var/lib/rkhunter/db'. Additionally, the mirror directory must have an 'i18n' sub-directory which contains all the current language translation files for the various versions of rkhunter. Each version is put into its own sub-directory. So, for example, there would be a '1.4.0' sub-directory, a '1.4.2' sub-directory and so on, all within the 'i18n' directory. Again, the database directory will already have had the 'i18n' sub-directory installed in to it, but it will only contain the language files for the current version of rkhunter. There are no version sub-directories installed by default. As such, the mirror will need to have the various version sub-directories created, and the relevant language files put in to them, for the versions of rkhunter that the mirror is required to support. If a client tries to access the language files for a version of rkhunter that is not supported by the mirror, then the download will fail. Depending on how the client is configured, another, possibly remote, mirror may be tried, or rkhunter will give a warning. Within each rkhunter version sub-directory of the 'i18n' directory, it is necessary to have a file called 'i18n.ver'. This file simply contains a list of the available language files, and their version numbers. For example: cn:2009112801 en:2009112902 So, as an example, the mirror file structure will need to look similar to this: rkhunter_data || || =============================================== || || || || mirrors.dat rkhunter_latest.dat i18n suspscan.dat || || 1.3.8 ============ 1.4.0 ============ 1.4.2 / | \ / | \ / | \ / | \ / | \ / | \ cn en i18n.ver cn en i18n.ver cn en i18n.ver Finally, if the '--versioncheck' option is to be supported with the local mirror, then the directory, 'rkhunter_data' in the above example, must contain a file called 'rkhunter_latest.dat'. This file must contain the current rkhunter version number (for example, '1.4.0') and no other text. It is possible to similarly define 'remote' mirrors, which begin with the text 'remote='. At present though there is no real difference between a local or remote mirror. The supplied mirror site(s) in the mirrors.dat file begin with the text 'mirror=', and this should not be changed. In order to select whether all the mirrors or only the local or remote mirrors should be used, the rkhunter configuration file has an option in it called 'MIRRORS_MODE'. This option takes a numeric value, which by default is zero. The current values and meanings are: 0 - use any mirror (the default) 1 - use only local mirrors 2 - use only remote mirrors To further support local and remote mirrors there are two other configuration options available: The first is 'UPDATE_MIRRORS', which simply tells rkhunter whether the mirrors.dat file itself should be updated (i.e. overwritten) when the '--update' option is used. If local mirrors are listed in the file then you probably do not want the file automatically updated. The 'UPDATE_MIRRORS' option has a default value of one, indicating that the mirrors.dat file should be updated. Set this option to zero to disable this feature. The second option is 'ROTATE_MIRRORS'. This tells rkhunter whether it should rotate the list of mirrors whenever the '--update' or '--versioncheck' options are used. Again, with local mirrors you may want these accessed in a specific order, rather than rotated each time. The option has a default value of one indicating that the mirrors should be rotated. Set this option to zero to disable this feature. By default if a mirror fails for some reason, then rkhunter will use the next mirror, of the configured type, listed in the file. If there are no more mirrors left, then rkhunter will give a warning message. CREATING A NEW LANGUAGE FILE ============================ Creating a new language file to work with rkhunter is quite easy - the actual translating is the hard part! First, it is necessary to find out where the current language files are located. For a default installation this will be in the '/var/lib/rkhunter/db/i18n' directory. If this directory does not exist, then look in the rkhunter log file (usually located in /var/log) and there should be a line similar to 'Using... as the database directory'. Within that directory there should be the 'i18n' sub-directory. Once you have changed to that directory, you should then see the current language files. Next, take a copy of the 'en' language file and name it for your new language. We would suggest that you use something similar to the known ISO 639 language codes. For example, to create a generic French language file, then execute 'cp -p en fr'. Once you have done this, your new language file will be recognised by rkhunter. You can check this by using the command 'rkhunter --list lang'. Note that if you use the 'rkhunter --update' command, the new language file will not be touched in any way. Also note that you must not remove the 'en' file, rkhunter will not work without it. The next part is to actually translate the messages. Each language file starts with a line containing the version number of that file. The actual messages start with a keyword, which must not be changed at all, followed by a colon (:), and then the actual message. It is the actual message which you need to translate. Some messages may contain variables such as '$1' or '$2'. Again, these must not be changed. Once you have translated the messages you can test them by using the command 'rkhunter --lang fr ...' - substituting 'fr' for whatever name you gave to your language file. If you want to have your new language translation made available as part of rkhunter, then please submit a feature request on the rkhunter SourceForge web site. However, please be aware that the language file is a fundamental part of rkhunter, and as such is continuously changing. You should endeavour to keep your translation up to date with the current version of rkhunter. ROOTKIT HUNTER GENERAL SUPPORT ============================== If a problem is found with RKH, it is recommended that users initially try and resolve the problem themselves. This can be done by first checking the FAQ file, which is present in your installation if the distributed tarball is used as source. The FAQ will contain answers to many common problems. The latest version of the FAQ can always be found at RKH's project pages on SourceForge, in the 'Documentation' section. If the problem has occurred directly after upgrading RKH, then please check the CHANGELOG file. It will contain information about changes made since the previous version of RKH, and may indicate why you are now experiencing a problem. Users should also check the rkhunter-users mailing list archives (available on the web site). The problem will be investigated by the RKH development team, and, where appropriate, a solution posted on the mailing list. Hence the mailing list archives may well contain a solution to the problem. Additionally, users should check the RKH tracker system (available at http://sourceforge.net/tracker/?group_id=155034). It is quite possible that the problem has already been reported to us as a bug or support request. It is also possible that a fix for the problem has been provided in the tracker log. Depending upon the nature of the problem it may be worthwhile trying an Internet search (for example using google), to see if anyone else has experienced a similar problem. Finally, if you have still not found an answer to the problem, then mail it to the rkhunter-users mailing list. Please provide as much information as possible about the problem, but do not make the message excessively long! Information such as your operating system and version of RKH should always be included. Please be advised that while you are free to ask for advice in your favourite IRC channel, all-purpose forum or distribution mailing list, the demonstrated level of general and security knowledge and experience, and therefore the quality of responses, may vary (very much). If you are sure the problem is a bug, or want it considered as a support request, then please submit it directly into the tracker system. ROOTKIT HUNTER REPORTS SIGNS OF A POTENTIAL BREACH OF SECURITY ============================================================== When you think you have a (potential) security problem it is advised to think and inform yourself thoroughly before you act. Please consider checking the FAQ, the rkhunter-users mailing list archives, your distribution documentation about security and security issues and the CERT Intruder Detection Checklist, formerly located at http://www.cert.org/tech_tips/intruder_detection_checklist.html, and archived at http://web.archive.org/web/20080109214340/\ http://www.cert.org/tech_tips/intruder_detection_checklist.html. If you do not have the required knowledge and experience to deal with security issues then please ensure yourself that the people who respond do and have. - Logging in, killing processes, deleting files, powering down, rebooting the machine, removing or installing software may signal the intruder and may destroy vital information. If you need to communicate with people or compile software then do use a different machine to work on. - If usage of the machine is governed by rules and regulations consider alerting the designated security officer or team, systems or network administrators or IT department before doing anything else. - In your initial email or post include as much information and make it as detailed as possible. The more details you provide the more efficient the troubleshooting or incident response process will be. - Do not be easily satisfied or mistake "don't worry" type of replies for qualitatively good answers: read the FAQ, ask for specific steps to take and commands to run so you can verify things yourself. - Please act timely and responsibly. (Potential) security problems should be prioritized and acted on at the time of reporting, not days or weeks later. ROOTKIT HUNTER AS PART OF YOUR SECURITY STRATEGY ================================================ Rootkit Hunter is a host-based, passive, post-incident, path-based tool. - Host-based means it only diagnoses the host you run it on. - Passive means it has to be scheduled or run manually. - Post-incident means it can only be effective when a breach of security is suspected, is in progress or has already occurred. Due to the nature of software that hides processes and files it may be beneficial to run Rootkit Hunter from a bootable medium if a breach of security is suspected and the machine can be booted from a bootable medium. - Path-based means RKH will check for filenames. It does not include or use heuristics or signatures like for instance an antivirus product could. Do understand that the SCANROOTKITMODE configuration option and "suspscan" functionality are just crude attempts to try and bridge that gap. Rootkit Hunter is best deployed as part of your security strategy. - Most breaches of security are preceded by reconnaissance. Regular system and log file auditing provides the necessary "early warning" capabilities. - RKH does not replace, or absolve you from performing, proper host hardening. Common administration errors that may result in a breach of security includes failing to apply updates when they are released, misconfiguration, lack of access restrictions and lack of auditing. Please see your distribution documentation and search the 'net. - Do not rely on one tool or one class of tools. Consider installing same- class tools like Chkrootkit or OSSEC-HIDS and consider overlap as a Good Thing. Additionally it is suggested you install and use a separate filesystem integrity scanner like Samhain, Aide, Integrit, Osiris (or even tripwire) to provide you with a second opinion. - Like with all data used for verifying integrity it is recommended to regularly save a copy of your RKH data files off-site. rkhunter-1.4.2/files/ACKNOWLEDGMENTS0000644000000000000000000000256512265065147015350 0ustar rootroot ROOTKIT HUNTER ACKNOWLEDGMENTS ============================== Michael Boelen Initial Rootkit Hunter developer John Horne Current Rootkit Hunter developer Aus9 For Wiki and documentation support Gary Bak For enhancing AIX support and testing Andrej Ricnik For patching and testing konsolebox For loads of suggestions and testing Sibtay Abbas For testing Constantin Stefan For ideas Iain Roberts AIX and OpenBSD support Doncho N. Gunchev Steph For testing unSpawn Current Rootkit Hunter developer KNOWN CONTRIBUTORS ================== Macemoneta FUSE support B. Donnachie cAos support intrigeri Parallel run support jabel FreeBSD 6.1 cli vs cron baddcarma ProFTPd 1.3.0 on SuSE 10.0 linux_fqh Chinese translations Ryan Beckett For IRIX support Marc Becker German translation Mark Dominik Bürkle German translation (updated) Julien Valroff Bug reports, ideas and fixes Dick Gevers For packaging and hosting skdet Jan Iven Bug reports, ideas and fixes CaPaCuL Turkish translations And thanks to all others who contributed to Rootkit Hunter: the regulars on the Rootkit Hunter users mailing list, bug reporters, package maintainers, end-users and those promoting Rootkit Hunter usage. rkhunter-1.4.2/files/rkhunter.80000644000000000000000000004645112261625362015132 0ustar rootroot.\" rkhunter - RootKit Hunter .TH rkhunter 8 "January 2014" .SH NAME rkhunter \- RootKit Hunter .SH SYNOPSIS \fBrkhunter\fP {--check | --unlock | --update | --versioncheck | --propupd [{filename | directory | package name},...] | --list [tests | {lang | languages} | rootkits | perl | propfiles] | --config\-check | --version | --help} [options] .SH DESCRIPTION \fBrkhunter\fP is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications. \fBrkhunter\fP has been written to be as generic as possible, and so should run on most Linux and UNIX systems. It is provided with some support scripts should certain commands be missing from the system, and some of these are perl scripts. \fBrkhunter\fP does require certain commands to be present for it to be able to execute. Additionally, some tests require specific commands, but if these are not present then the test will be skipped. \fBrkhunter\fP needs to be run under a Bourne\-type shell, typically \fBbash\fP or \fBksh\fP. \fBrkhunter\fP can be run as a cron job or from the command\-line. .PP .SH COMMAND OPTIONS If no command option is given, then \fB\-\-help\fP is assumed. \fBrkhunter\fP will return a non-zero exit code if any error or warning occurs. .PP .IP "\fB\-c, \-\-check\fP" This command option tells \fBrkhunter\fP to perform various checks on the local system. The result of each test will be displayed on stdout. If anything suspicious is found, then a warning will be displayed. A log file of the tests and the results will be automatically produced. It is suggested that this command option is run regularly in order to ensure that the system has not been compromised. .IP .IP "\fB\-\-unlock\fP" This command option simply unlocks (removes) the lock file. If this option is used on its own, then no log file is created. .IP .IP \fB\-\-update\fP This command option causes \fBrkhunter\fP to check if there is a later version of any of its text data files. A command\-line web browser, for example \fBwget\fP or \fBlynx\fP, must be present on the system when using this option. It is suggested that this command option is run regularly in order to ensure that the data files are kept up to date. If this option is used via cron, then it is recommended that the \fB\-\-nocolors\fP option is also used. An exit code of zero for this command option means that no updates were available. An exit code of one means that a download error occurred, and a code of two means that no error occurred but updates were available and have been installed. .IP .IP "\fB\-\-propupd [{filename | directory | package name},...]\fP" One of the checks \fBrkhunter\fP performs is to compare various current file properties of various commands, against those it has previously stored. This command option causes \fBrkhunter\fP to update its data file of stored values with the current values. If the \fIfilename\fP option is used, then it must either be a full pathname, or a plain file name (for example, 'awk'). When used, then only the entry in the file properties database for that file will be updated. If the \fIdirectory\fP option is used, then only those files listed in the database that are in the given directory will be updated. Similarly, if the \fIpackage name\fP option is used, then only those files in the database which are part of the specified package will be updated. The package name must be the base part of the name, no version numbers should be included - for example, 'coreutils'. Package names will, of course, only be stored in the file properties database if a package manager is being used. If a package name is the same as a file name - for example, 'file' could refer to the 'file' command or to the RPM 'file' package (which contains the 'file' command) - the package name will be used. If no specific option is given, then the entire database is updated. \fIWARNING:\fP It is the users responsibility to ensure that the files on the system are genuine and from a reliable source. \fBrkhunter\fP can only report if a file has changed, but not on what has caused the change. Hence, if a file has changed, and the \fB\-\-propupd\fP command option is used, then \fBrkhunter\fP will assume that the file is genuine. .IP .IP \fB\-\-versioncheck\fP This command option causes \fBrkhunter\fP to check if there is a later version of the program. A command\-line web browser must be present on the system when using this option. If this option is used via cron, then it is recommended that the \fB\-\-nocolors\fP option is also used. An exit code of zero for this command option means that no new version was available. An exit code of one means that an error occurred downloading the latest version number, and a code of two means that no error occurred but a new version is available. .IP .IP "\fB\-\-list [tests | {lang | languages} | rootkits | perl | propfiles]\fP" This command option will list some of the supported capabilities of the program, and then exit. The \fItests\fP option lists the currently available test names (see the README file for more details about test names). The \fIlanguages\fP option lists the currently available languages, and the \fIrootkits\fP option lists the rootkits that are searched for by \fBrkhunter\fP. The \fIperl\fP option lists the installation status of the perl command and perl modules that may be used by some of the tests. Note that it is not \fIrequired\fP to install these modules. However, if \fBrkhunter\fP is forced to use perl to execute a test then the module must be present. The \fIpropfiles\fP option will list the file names that are used to generate the file properties database. If no specific option is given, then all the lists, except for the file properties database, are displayed. .IP .IP "\fB\-C, \-\-config\-check\fP" This command option causes \fBrkhunter\fP to check its configuration file(s), and then exit. The program will run through its normal configuration checks as specified by the enable and disable options on the command\-line and in the configuration files. That is, only the configuration options for tests which would normally run are checked. In order to check all the configured options, then use the \fB--enable all --disable none\fP options on the command line. Additionally, the program will check to see if there are any unrecognised configuration options. If any configuration problems are found, then they will be displayed and the return code will be set to 1. It is suggested that this option is used whenever the configuration file(s) have been changed. .IP .IP "\fB\-V, \-\-version\fP" This command option causes \fBrkhunter\fP to display its version number, and then exit. .IP .IP "\fB\-h, \-\-help\fP" .br This command option displays the help screen menu, and then exits. .IP .SH OPTIONS \fBrkhunter\fP uses a configuration file, named \fIrkhunter.conf\fP, for many of its configuration options. It will also use a local configuration file, named \fIrkhunter.conf.local\fP, if it is present. However, some options can also be specified on the command\-line, and these will override the configuration file options. The configuration file options are well documented within the main configuration file itself. The following are the command\-line options. The defaults mentioned here are the program defaults, unless explicitly stated as the configuration file default. .PP .IP \fB\-\-appendlog\fP By default a new log file will be created when \fBrkhunter\fP runs, and the previous log file will be renamed by having \fI.old\fP appended to its name. This option tells \fBrkhunter\fP to append to the existing log file. If the log file does not exist, then it will be created. .IP "\fB\-\-bindir ...\fP" This option modifies which directories \fBrkhunter\fP looks in to find the various commands it requires (that is, its PATH). The default is the root PATH, and an internal list of some common command directories. By default a specified directory will be appended to the default list. However, if the directory name begins with the '+' character, then it will be prepended to the list (that is, it will be put at the start of the list). .IP "\fB\-\-cs2, \-\-color\-set2\fP" By default \fBrkhunter\fP will display its test results in color. The colors used are green for successful tests, red for failed tests (warnings), and yellow for skipped tests. These colors are visible when a black background is used, but are difficult to see on a white background. This option tells \fBrkhunter\fP to use a different color set which is more suited to a white background. .IP "\fB\-\-configfile \fP" The installation process will automatically tell \fBrkhunter\fP where its configuration file is located. However, if necessary, this option can be used to specify a different pathname. If a local configuration file is to be used, then it must reside in the same directory as the configuration file specified by this option. .IP \fB\-\-cronjob\fP This is similar to the \fB\-\-check\fP command option, but it disables several of the interactive options. When this option is used \fB\-\-check\fP, \fB\-\-nocolors\fP and \fB\-\-skip-keypress\fP are assumed. By default no output is sent to stdout, so the \fB\-\-report\-warnings\-only\fP option may be useful with this option. .IP "\fB\-\-dbdir \fP" The installation process will automatically configure where the data files are stored for \fBrkhunter\fP. However, if necessary, this option can be used to specify a different directory. The directory can be read-only, after installation, provided that neither of the \fB\-\-update\fP or \fB\-\-propupd\fP options are specified, and that the \fB\-\-versioncheck\fP option is not specified if ROTATE_MIRRORS is set to 1 in the configuration file. .IP \fB\-\-debug\fP This is a special option mainly for the developers. It produces no output on stdout. Regular logging will continue as per default or as specified by the \fB\-\-logfile\fP option, and the debug output will be in a randomly generated filename which starts with \fI/tmp/rkhunter\-debug\fP. .IP "\fB\-\-disable [,...]\fP" This option tells \fBrkhunter\fP not to run the specified tests. Read the README file for more information about test names. By default no tests are disabled. .IP \fB\-\-display\-logfile\fP This option will cause the logfile to be displayed on the screen once \fBrkhunter\fP has finished. .IP "\fB\-\-enable [,...]\fP" This option tells \fBrkhunter\fP to only run the specified tests. If only one test name, other than \fIall\fP, is given, then the \fB\-\-skip\-keypress\fP option is assumed. Read the README file for more information about test names. By default all tests are enabled. All the test names are listed below under TESTS. .IP "\fB\-\-hash {MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 |\fP" \fB NONE | }\fP .br Both the file properties check and the \fB\-\-propupd\fP command option will use a hash function to determine a files current hash value. This option tells \fBrkhunter\fP which hash function to use. The \fIMD5\fP and \fISHA\fP options will look for the relevant command, and, if not found, a perl support script will then be used to see if a perl module supporting the function has been installed. Alternatively, a specific \fIcommand\fP may be specified. A value of \fINONE\fP can be used to indicate that the hash values should not be obtained or used as part of the file properties check. The default is \fISHA1\fP, or \fIMD5\fP if no SHA1 command can be found. Systems using prelinking must use either MD5, SHA1 or NONE. .IP "\fB\-\-lang, \-\-language \fP" This option specifies which language to use for the displayed tests and results. The currently supported languages can be seen by the \fB\-\-list\fP command option. The default is \fIen\fP (English). If a message to be displayed cannot be found in the language file, then the English version will be used. As such, the English language file must always be present. The \fB\-\-update\fP command option will update the language files when new versions are available. .IP "\fB\-l, \-\-logfile [file]\fP" By default \fBrkhunter\fP will write out a log file. The default location of the file is \fI/var/log/rkhunter.log\fP. However, this location can be changed by using this option. If \fI/dev/null\fP is specified as the log file, then no log file will be written. If no specific \fIfile\fP is given, then the default will be used. By default \fBrkhunter\fP will create a new log file each time it is run. Any previously existing logfile is moved out of the way, and has \fI.old\fP appended to it. .IP \fB\-\-noappend\-log\fP This option reverts \fBrkhunter\fP to its default behaviour of creating a new log file rather than appending to it. .IP \fB\-\-nocf\fP .br This option is only valid when the command\-line \fB\-\-disable\fP option is used. When the \fB\-\-disable\fP option is used, by default, the configuration file option to disable tests is also used to determine which tests to run. If only the \fB\-\-disable\fP option is to be used to determine which tests to run, then \fB\-\-nocf\fP must be given. .IP \fB\-\-nocolors\fP This option causes the result of each test to not be displayed in a specific color. The default color, usually the reverse of the background color, will be used (typically this is just black and white). .IP \fB\-\-nolog\fP This option tells \fBrkhunter\fP not to write anything to a log file. .IP "\fB\-\-nomow, \-\-no\-mail\-on\-warning\fP" The configuration file has an option which will cause a simple email message to be sent to a user should \fBrkhunter\fP detect any warnings during system checks. This command\-line option overrides the configuration file option, and prevents an email message from being sent. The configuration file default is not to email a message. .IP "\fB\-\-ns, \-\-nosummary\fP" When the \fB\-\-check\fP command option is used, by default a short summary of results is displayed at the end. This option prevents the summary from being displayed. .IP "\fB\-\-novl, \-\-no\-verbose\-logging\fP" During some tests \fBrkhunter\fP will log a lot of information. Use of this option reduces the amount of logging, and so can improve the performance of \fBrkhunter\fP. However, the log file will contain less information should any warnings occur. By default verbose logging is enabled. .IP "\fB\-\-pkgmgr {RPM | DPKG | BSD | SOLARIS | NONE}\fP" This option is used during the file properties check or when the \fB\-\-propupd\fP command option is given. It tells \fBrkhunter\fP that the current file property values should be obtained from the relevant package manager. See the README file for more details of this option. The default is \fINONE\fP, which means not to use a package manager. .IP "\fB\-q, \-\-quiet\fP" This option tells \fBrkhunter\fP not to display any output. It can be useful when only the exit code is going to be checked. Other options may be used with this one, to force only specific items to be displayed. .IP "\fB\-\-rwo, \-\-report\-warnings\-only\fP" This option causes only warning messages to be displayed. This can be useful when \fBrkhunter\fP is run via cron. Other options may be used to force other items of information to be displayed. .IP "\fB\-\-sk, \-\-skip\-keypress\fP" When the \fB\-\-check\fP command option is used, after certain sections of tests, the user will be prompted to press the \fIreturn\fP key in order to continue. This option disables that feature, and \fBrkhunter\fP will run until all the tests have completed. If this option has not been given, and the user is prompted to press the \fIreturn\fP key, a single '\fIs\fP' character, in upper\- or lowercase, may be given followed by the \fIreturn\fP key. \fBrkhunter\fP will then continue the tests without prompting the user again (as if this option had been given). .IP \fB\-\-summary\fP This option will cause the summary of test results to be displayed. This is the default. .IP "\fB\-\-syslog [facility.priority]\fP" When the \fB\-\-check\fP command option is used, this option will cause the start and finish times to be logged to syslog. The default is not to log anything to syslog, but if the option is used, then the default level is \fIauthpriv.notice\fP. .IP "\fB\-\-tmpdir \fP" The installation process will automatically configure where temporary files are to be created. However, if necessary, this option can be used to specify a different directory. The directory must not be a symbolic link, and must be secure (root access only). .IP "\fB\-\-vl, \-\-verbose\-logging\fP" This option tells \fBrkhunter\fP that when it runs some tests, it should log as much information as possible. This can be useful when trying to diagnose why a warning has occurred, but it obviously also takes more time. The default is to use verbose logging. .IP "\fB\-x, \-\-autox\fP" When this option is used, \fBrkhunter\fP will try and detect if the X Window system is in use. If it is in use, then the second color set will automatically be used (see the \fB\-\-color\-set2\fP option). This allows \fBrkhunter\fP to be run on, for example, a server console (where X is not present, so the default color set should be used), and on a users terminal (where X is in use, so the second color set should be used). In both cases \fBrkhunter\fP will use the correct color set. The configuration file default is to try and detect X. .IP "\fB\-X, \-\-no\-autox\fP" This option prevents \fBrkhunter\fP from automatically detecting if the X Window system is being used. See the \fB\-\-autox\fP option. .SH TESTS [This section to be written] .IP "\fBadditional_rkts\fP" This test is for SHORT_EXPLANATION. It works as part of GROUP. Corresponding configuration file entries: ONE=one, TWO=two and for white-listing THREE=three,three. Simple globbing (/dev/shm/file-*) works. .IP \fBall\fP .IP \fBapps\fP .IP \fBattributes\fP .IP \fBavail_modules\fP .IP \fBdeleted_files\fP .IP \fBfilesystem\fP .IP \fBgroup_accounts\fP .IP \fBgroup_changes\fP .IP \fBhashes\fP .IP \fBhidden_ports\fP .IP \fBhidden_procs\fP .IP \fBimmutable\fP .IP \fBknown_rkts\fP .IP \fBloaded_modules\fP .IP \fBlocal_host\fP .IP \fBmalware\fP .IP \fBnetwork\fP .IP \fBnone\fP .IP \fBos_specific\fP .IP \fBother_malware\fP .IP \fBpacket_cap_apps\fP .IP \fBpasswd_changes\fP .IP \fBports\fP .IP \fBpossible_rkt_files\fP .IP \fBpossible_rkt_strings\fP .IP \fBpromisc\fP .IP \fBproperties\fP .IP \fBrootkits\fP .IP \fBrunning_procs\fP .IP \fBscripts\fP .IP \fBshared_libs\fP .IP \fBshared_libs_path\fP .IP \fBstartup_files\fP .IP \fBstartup_malware\fP .IP \fBstrings\fP .IP \fBsuspscan\fP .IP \fBsystem_commands\fP .IP \fBsystem_configs\fP .IP \fBtrojans\fP .SH FILES (For a default installation) .br /etc/rkhunter.conf .br /var/log/rkhunter.log .SH SEE ALSO See the CHANGELOG file for recent changes. .br The README file has information about installing \fBrkhunter\fP, as well as specific sections on test names and using package managers. .br The FAQ file should also answer some questions. .SH LICENSING RootKit Hunter is licensed under the GPL, copyright Michael Boelen. See the LICENSE file for details of GPL licensing. .SH CONTACT INFORMATION RootKit Hunter is under active development by the RootKit Hunter project team. For reporting bugs, updates, patches, comments and questions, please go to http://rkhunter.sourceforge.net/ .fi rkhunter-1.4.2/files/suspscan.dat0000644000000000000000000000356011304471415015515 0ustar rootrootVersion:2009112901 a:0x..,.0x.., a:add? a:asm+10 a:%:bh a:decb a:decl a:disasm+10 a:%e[bp,di,sp] a:%e[cx,si] a:%e?x a:%hi a:inc[b,l] a:jmp a:jmpcode ajuda a:jump a:%?l a:mov? a:nasm+10 a:ndisasm+10 a:nopsize+10 a:notb a:offset+10 a:opcode+10 a:p[op,ush] a:reassembl a:ret a:ro[r,l]b a:sub? a:xor c:%..%..%..% d:flood+100 d:nuke+100 f:abort f:access f:AF_INET f:atoi@ f:buf[fe,si] f:call f:changeown f:exec.* f:fopen@ f:malloc f:memcpy f:memset f:mmap f:'system(' i:bounc+10 i:dalnet i:eggbot+10 i:eggshell+10 i:invite+10 i:irc\.+100 i:iroffer+100 i:dalnet i:efnet i:undernet i:nick+10 i:pbsync+100 i:psybnc+100 i:vhost+100 i:xdcc+100 n:bind n:connect+100 n:'inet_aton(' n:listen+100 n:remote+10 n:resolv+10 n:sendfile+10 n:server+10 n:setsockopt+10 n:'(?sock' n:sockaddr n:'sockaddr_in(' n:sock[ad,et,fd] n:socket n:socklen n:'sockopen(' s:?0x[a-z0-9]\{2\}.* s:backdoor+10 s:/bin/sh+100 s:chmod s:chown s:logclean s:login s:password+10 s:/ptmx+100 s:/pty+100 s:setgid+100 s:setreuid+100 s:setuid+100 s:shellcode+100 s:tmp/sh+100 s:/tty+100 s:\"/\x[a-z0-9]\{2\}.* t:'0^wN' t:[O,0,P,p]wn.d+100 t:adviso+100 t:attack+10 t:authent t:bogus t:brute+100 t:crypt t:decode t:destruct t:device t:/dev/kmem+100 t:/dev/mem+100 t:disclos+10 t:discov+10 t:distrib+10 t:download t:elf-init t:elflbl t:evasion+10 t:exception t:exclusiv+10 t:existant t:ploit+100 t:fatal+10 t:fragment t:h[a4]x[oO0]r t:hardcod+100 t:heap+100 t:hexdump+10 t:hidden+10 t:hide+100 t:host t:hostile t:infect+10 t:inject+100 t:invisibl+10 t:javascr+50 t:kernel+100 t:leak t:'log(' t:mech+10 t:modif[yi] t:mprot t:nvalid+10 t:overwrit+10 t:patch t:payload+100 t:pointer+100 t:priv[a8] t:process t:scam+10 t:segment t:sent t:sniff+10 t:spoof+10 t:stealth+10 t:terminat t:transpar t:victim t:violat t:vuln t:worm t:rootkit t:banner t:portsc x:apache x:mambo x:openssl x:samba x:sshd x:openssh x:xhide x:joomla x:webmin x:wwwadmin x:telnet x:ftpd rkhunter-1.4.2/files/filehashsha.pl0000755000000000000000000000126111450440272015776 0ustar rootroot#!/usr/bin/perl die "Usage: $0 " if ($#ARGV != 2); my $sha = ''; my $mod = $ARGV[0]; my $size = $ARGV[1]; my $file = $ARGV[2]; eval "use $mod"; die "Invalid module: $mod" if ($@); if ($mod eq 'Digest::SHA1' || $mod eq 'Digest::Whirlpool' || $mod eq 'Crypt::RIPEMD160' || $mod eq 'Digest::MD5') { $sha = $mod -> new; } elsif ($mod eq 'Digest::SHA256') { $sha = Digest::SHA256::new($size); } else { $sha = $mod -> new($size); } # Open file in binary mode open(FILE, $file) or die "Can't open file '$file'"; binmode(FILE); # Hash file contents $sha -> add($_) while (); close(FILE); $_ = $sha -> hexdigest; s/ //g; print $_, "\n"; exit; rkhunter-1.4.2/files/programs_bad.dat0000644000000000000000000000620311471046777016331 0ustar rootrootVersion:2010111601 httpd: 1.3a1 1.3b1 1.3b3 1.3b4 1.3b5 1.3b6 1.3b7 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.6 1.3.9 1.3.10 1.3.11 1.3.12 1.3.14 1.3.17 1.3.19 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.25 1.3.26 1.3.27 1.3.28 1.3.29 1.3.30 1.3.31 1.3.32 1.3.33 1.3.34 1.3.35 1.3.36 1.3.37 1.3.39 1.3.40 2.0a1 2.0a2 2.0a3 2.0a4 2.0a5 2.0a6 2.0a7 2.0a8 2.0a9 2.0.11 2.0.12 2.0.13 2.0.14 2.0.15 2.0.16 2.0.17 2.0.18 2.0.19 2.0.20 2.0.21 2.0.22 2.0.23 2.0.24 2.0.25 2.0.26 2.0.27 2.0.28 2.0.29 2.0.30 2.0.31 2.0.32 2.0.33 2.0.34 2.0.35 2.0.36 2.0.37 2.0.38 2.0.39 2.0.40 2.0.41 2.0.42 2.0.43 2.0.44 2.0.45 2.0.46 2.0.47 2.0.48 2.0.49 2.0.50 2.0.51 2.0.52 2.0.53 2.0.54 2.0.55 2.0.56 2.0.57 2.0.58 2.0.59 2.0.61 2.0.62 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.6 2.2.8 2.2.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16 sshd: 2.1.1p4 2.2.0p1 2.3.0p1 2.5.1p1 2.5.1p2 2.5.2p1 2.5.2p2 2.9.9p1 2.9.9p2 2.9p1 2.9p2 3.0.1p1 3.0.2p1 3.0p1 3.1p1 3.2.2p1 3.2.3p1 3.3p1 3.4p1 3.5p1 3.6.1p1 3.6.1p2 3.6p1 3.7.1p1 3.7.1p2 3.7p1 3.8.1p1 3.8p1 3.9p1 4.0p1 4.1p1 4.2p1 4.3p1 4.3p2 4.4p1 4.5p1 4.6p1 4.7p1 4.9p1 5.0p1 5.1p1 5.2p1 5.5p1 exim: 4.20 4.21 4.22 4.23 4.24 4.30 4.31 4.32 4.33 4.34 4.40 4.41 4.42 4.43 4.44 4.50 4.51 4.52 4.53 4.54 4.60 4.61 4.62 4.63 4.64 4.65 4.66 4.67 4.68 4.69 4.70 4.71 php: 4.1.2 4.3.0 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.3.7 4.3.8 4.3.9 4.3.10 4.3.9RC2 5.0.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.2.0 5.2.1 5.2.2 5.2.3 5.2.4 5.2.5 5.2.6 5.2.7 5.2.8 5.2.9 5.2.10 5.3.0 5.3.1 5.3.2 gpg: 1.0.2 1.0.4 1.0.6 1.0.7 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.3 1.3.4 1.4.0 1.4.1 1.4.2 2.0.12 2.0.11 2.0.10 2.0.8 1.4.8 2.0.7 2.0.6 2.0.5 2.0.4 2.0.3 2.0.1 2.0 1.4.4 1.4.3 1.9.19 1.4.2 1.9.17 1.9.16 1.4.9 1.4.10 named: 8.1 8.1.1 8.1.2 8.2 8.2.1 8.2.2 8.2.2-P3 8.2.2-P5 8.2.2-P7 8.2.3 8.2.4 8.2.5 8.2.6 8.2.7 8.3.0 8.3.1 8.3.2 8.3.3 8.3.4 8.3.5 8.3.6 8.3.7 8.4.0 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.4.6 8.4.7 8.4.7-P1 9.0.0 9.0.0b1 9.0.0b2 9.0.0b3 9.0.0b4 9.1.0b1 9.1.0b2 9.2.0a1 9.2.0a2 9.2.0a3 9.2.0b1 9.2.0b2 9.2.0rc1 9.5.0a1 9.5.0a2 9.5.0a3 9.5.0a4 9.5.0a5 9.5.0a6 9.5.0a7 9.5.0b1 9.6.0a1 9.6.0b1 9.6.0rc1 9.7.0a1 9.7.0a2 9.7.0a3 9.7.0b1 9.7.0b2 9.7.0b3 9.7.0rc1 9.7.0rc2 9.7.0 9.7.1b1 9.7.1rc1 9.7.1 9.7.2b1 9.7.2rc1 9.7.2 9.7.2-P1 procmail: 1.00 1.01 1.02 1.10 1.20 1.21 1.30 1.35 1.99 2.00 2.01 2.02 2.03 2.10 2.11 2.30 2.31 2.40 2.50 2.60 2.61 2.70 2.71 2.80 2.81 2.90 2.91 3.00 3.01 3.02 3.03 3.04 3.05 3.06 3.10 3.11pre3 3.11pre4 3.11pre7 3.12 3.13 3.14 3.15 3.20 3.21 proftpd: 1.2.10rc1 1.2.10rc2 1.2.10rc3 1.2.5 1.2.6 1.2.8p 1.2.9 1.3.0a 1.3.1 1.3.1rc1 1.3.1rc2 1.3.1rc3 1.3.2 1.3.2rc1 1.3.2rc2 1.3.2rc3 1.3.2rc4 1.3.2 1.3.2a 1.3.2b 1.3.2c 1.3.2d 1.3.3rc1 1.3.3rc2 1.3.3rc3 1.3.3rc4 1.3.3 1.3.3a 1.3.3b openssl: 0.9.3 0.9.3a 0.9.4 0.9.5 0.9.5a 0.9.6 0.9.6a 0.9.6a 0.9.6b 0.9.6b 0.9.6c 0.9.6c 0.9.6d 0.9.6d 0.9.6e 0.9.6e 0.9.6f 0.9.6f 0.9.6g 0.9.6g 0.9.6h 0.9.6h 0.9.7 0.9.6i 0.9.6i 0.9.7a 0.9.6j 0.9.6j 0.9.7b 0.9.6k 0.9.6k 0.9.7c 0.9.6l 0.9.6l 0.9.6m 0.9.6m 0.9.7d 0.9.7e 0.9.7f 0.9.7g 0.9.8 0.9.7h 0.9.8a 0.9.7i 0.9.7j 0.9.8b 0.9.7k 0.9.8c 0.9.7l 0.9.8d 0.9.7m 0.9.8e 0.9.8f 0.9.8g 0.9.8h 0.9.8i 0.9.8j 0.9.8k 0.9.8l 0.9.8m 0.9.8n 0.9.8o 0.9.8n 1.0.0 1.0.0a rkhunter-1.4.2/files/i18n/0000755000000000000000000000000012310145053013731 5ustar rootrootrkhunter-1.4.2/files/i18n/zh0000644000000000000000000005730111254021420014300 0ustar rootrootVersion:2009091601 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:T MSG_TYPE_WARNING:ĵi # # This is the list of message results. # MSG_RESULT_OK:` MSG_RESULT_BAD:la MSG_RESULT_SKIPPED:L MSG_RESULT_WARNING:!`N! MSG_RESULT_FOUND:o{ MSG_RESULT_NOT_FOUND:So{ MSG_RESULT_NONE_FOUND:So{ MSG_RESULT_ALLOWED:iH MSG_RESULT_NOT_ALLOWED:iH MSG_RESULT_UPD: s MSG_RESULT_NO_UPD: Ss MSG_RESULT_UPD_FAILED: s MSG_RESULT_VCHK_FAILED: ˬd # # The messages. # VERSIONLINE:[ $1 $2 ] VERSIONLINE2:bD $3 $1 $2 VERSIONLINE3: $1 $2 RKH_STARTDATE:}lɶO $1 RKH_ENDDATE:ɶO $1 OPSYS:쪺tάO '$1' UNAME:Uname XO '$1' CONFIG_CHECK_START:ˬd]wɤΩROCﶵ... CONFIG_CMDLINE:ROCO $1 CONFIG_ENVSHELL:SHELL{O $1; rkhunter bϥ $2 CONFIG_CONFIGFILE:rkhunter]wɬO '$1' CONFIG_INSTALLDIR:w˥ؿO'$1' CONFIG_LANGUAGE:ϥΪyO '$1' CONFIG_DBDIR:Ʈwؿ '$1' CONFIG_SCRIPTDIR:scriptؿ '$1' CONFIG_BINDIR:ɥؿ '$1' CONFIG_ROOTDIR:ڥؿ '$1' CONFIG_TMPDIR:Ȧsɥؿ '$1' CONFIG_NO_MAIL_ON_WARN:S]mĵiHl} CONFIG_MOW_DISABLED:ھڨϥΪ̳]wAϥĵiH CONFIG_MAIL_ON_WARN:ϥΩRO'$2' '$1' oĵiH CONFIG_SSH_ROOT:Rkhunter ﶵ ALLOW_SSH_ROOT_USERQ]m '$1'. CONFIG_SSH_PROTV1:Rkhunter ﶵQ]miHϥΪ1SSHw CONFIG_X_AUTO:۰ˬdX CONFIG_CLRSET2:ϥβĤGӰtk CONFIG_NO_SHOW_SUMMARY:ھڨϥΪ̳]wAܨt`i CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEVQ]m'$1' CONFIG_NO_VL:ھڨϥΪ̳]wAԲӰO CONFIG_XINETD_PATH:ϥ $1 ]w '$2' CONFIG_SOL10_INETD:ϥSolaris 10 ΥH᪺inetd CONFIG_LOCAL_RC_DIR:ϥΨtΪҰʥؿ: $1 CONFIG_LOCAL_RC_FILE:ϥΥaҰʥؿɮ: $1 CONFIG_ROTATE_MIRRORS:ƴɮױNHm ONFIG_NO_ROTATE_MIRRORS:ƴɮױNQm CONFIG_UPDATE_MIRRORS:ƴɮױNQs CONFIG_NO_UPDATE_MIRRORS:ƴɮױNQs CONFIG_MIRRORS_MODE0:aMݳƴɮױNQϥ CONFIG_MIRRORS_MODE1:uϥΥaƴɮ CONFIG_MIRRORS_MODE2:uϥλݳƴɮ FOUND_CMD: '$1' RO: $2 NOT_FOUND_CMD:Lk'$1' RO SYS_PRELINK:tΥbϥprelinking SYS_NO_PRELINK:tΤϥprelinking HASH_FUNC_PRELINK:Fɮת hash ˬdӨϥ prelink RO (a $1) HASH_FUNC_PERL:ϥ perl $1 Ҳըˬdɮhash HASH_FUNC:checksum{ '$1' HASH_FUNC_NONE:Lkˬdɮhash : Sw HASH_FUNC_NONE_PKGMGR:Swɮhash: uϥήM޲z{ HASH_FUNC_DISABLED:HashƳ]m'NONE': ۰ʨɮhashˬdL HASH_FUNC_OLD:ϥhash '$1'xshash HASH_FUNC_OLD_DISABLED:ªhashƵL: ShashȳQxs HASH_PKGMGR_OLD::ϥήM޲z{'$1'xshash HASH_PKGMGR_OLD_NONMD5:ϥήM޲z{'$1'(md5 function)xshash HASH_PKGMGR_OLD_UNSET:ϥήM޲z{xshash HASH_PKGMGR:ϥήM޲z{ '$1' ˬdɮݩ HASH_PKGMGR_MD5:ϥ MD5 hash ƩRO '$1' UM޲z{i HASH_PKGMGR_NOT_SPEC:SwM޲z{: ϥ hash '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:SwM޲z{: ϥαa '$1' prelink RO HASH_PKGMGR_USE_VRFY:M޲z{ұNΩɮݩʪˬdG HASH_PKGMGR_NO_USE_VRFY:M޲z{ұNΩɮݩʪˬdG HASH_FIELD_INDEX:hash ƪ޳Q]m $1 HASHUPD_DISABLED:Hash ˬd: ثeɮhashȱN|xs HASHUPD_PKGMGR:ϥήM޲z{ '$1' ӧsɮhash HASHUPD_PKGMGR_NONE:SwM޲z{: ϥhash '$1' HASHUPD_PKGMGR_NONE_PRELINKED:SwM޲z{: ϥαa'$1'prelinkRO HASHUPD_PKGMGR_NOT_SPEC:Swɮ hash sM޲z{: ϥ hash '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:Swɮ hash sM޲z{: ϥαa '$1' prelink RO HASHUPD_PKGMGR_MD5:ϥMD5 hashƩRO'$1'@M޲z{ HASHUPD_PKGMGR_MD5_PRELINK:ϥprelinkRO (a $1)@M޲z{ ATTRUPD_DISABLED:ɮݩˬd: ثeɮݩʱN|xs ATTRUPD_NOSTAT:ɮݩˬd: So{'stat'RO:ثeɮݩʱN|xs ATTRUPD_OK:ثeɮݩʱNQxs ATTRUPD_OLD_DISABLED:ªɮݩʵL: Sɮݩxs ATTRUPD_OLD_NOSTAT:ªɮݩʵL: So{'stat'RO: SɮݩʳQxs ATTRUPD_OLD_OK:xsªɮݩ GRSECINSTALLED:o{wGRSEC SYSLOG_ENABLED:ҥ syslog - facility/priority ŬO '$1'. SYSLOG_DISABLED:ھڨϥΪ̳]wAϥ syslog . SYSLOG_NO_LOGGER:Lkϥ syslog - Lk 'logger' RO. NAME:$1 PRESSENTER:[ ~] TEST_SKIPPED_OS:] OS: $2ALˬd '$1' SUMMARY_TITLE1:tˬdG SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:ˬdɮݩ... SUMMARY_PROP_REQCMDS:nDˬdRO SUMMARY_PROP_COUNT:ˬdɮ: $1 SUMMARY_PROP_FAILED:iɮ: $1 SUMMARY_CHKS_SKIPPED:LҦˬd SUMMARY_RKT_SCAN:ˬdRootkit... SUMMARY_RKT_COUNT:ˬdRootkits : $1 SUMMARY_RKT_FAILED:isb rootkits: $1 SUMMARY_RKT_NAMES:Rootkit W : $1 SUMMARY_APPS_SCAN:ε{ˬd... SUMMARY_APPS_COUNT:ε{ˬd: $1 SUMMARY_APPS_FAILED:iêε{: $1 SUMMARY_SCAN_TIME:ˬdtήɶ: $1 SUMMARY_NO_SCAN_TIME:ˬdtήɶ: Lkptήɶ SUMMARY_LOGFILE:ҦGwQgJtΰO($1) SUMMARY_NO_LOGFILE:SإߨtΰO. CREATED_TEMP_FILE:إ߼Ȧsɥؿ '$1' MIRRORS_NO_FILE:ƴɮ'$1'sb MIRRORS_NO_MIRRORS:ƴɮ '$1' Sݭnƴ. MIRRORS_NO_VERSION:ƴɮ '$1'Ss - s]m0. MIRRORS_ROTATED:ƴɮ '$1' wQs. MIRRORS_SF_DEFAULT:ϥ SourceForge ƴ: $1 DOWNLOAD_CMD:URO '$1' DOWNLOAD_FAIL:U - $1 ƴɮ׵L. VERSIONCHECK_START:bˬd rkhunter ... VERSIONCHECK_FAIL_ALL:U: LkTw̷s{. VERSIONCHECK_CURRENT:ثe : $1 VERSIONCHECK_LATEST:̷s: $1 VERSIONCHECK_LATEST_FAIL:̷s: U VERSIONCHECK_UPDT_AVAIL:s VERSIONCHECK_CONV_FAIL:Lks: {: '$1' Latest: '$2' UPDATE_START:bˬdrkhunter ɮ... UPDATE_CHECKING_FILE:bˬdɮ$1 UPDATE_FILE_NO_VERS:ɮ '$1' SĪs. U@ӷsƥ. UPDATE_FILE_MISSING:ɮ '$1' 򥢩ά. U@ӷsƥ. UPDATE_DOWNLOAD_FAIL:'$1'U: LkTw̷ss. UPDATE_I18N_NO_VERS:Lko{i18nyɮתs. OSINFO_START:ˬdۤWˬdtάO_Qܧ... OSINFO_END:So{ܧ OSINFO_HOST_CHANGE1:۱qWˬdADW٤w OSINFO_HOST_CHANGE2:ªDW: $1 sDW: $2 OSINFO_OSVER_CHANGE1:ۤWˬdAtΦW٩Ϊw OSINFO_OSVER_CHANGE2:ª@~t: $1 s@~t: $2 OSINFO_PRELINK_CHANGE:ۤWˬdAϥprelinkingtΥiwܬ${1} OSINFO_ARCH_CHANGE1:tΪCPUiw OSINFO_ARCH_CHANGE2:ªCPU: $1 sCPU: $2 OSINFO_MSG1:]oǧܡAɮݩˬdi঳~G. OSINFO_MSG2:Aiݭn'--propupd' ﶵsrkhunter SET_FILE_PROP_START: file propertiesboɮݩ... SET_FILE_PROP_DIR_FILE_COUNT:b$2o{$1 ɮ SET_FILE_PROP_FILE_COUNT:ɮ $1: jMF $2 ɮ, o{ $3 SET_FILE_PROP_FILE_COUNT_NOHASH:Fɮ $1: jMF $2 ɮ, o{ $3, hashes $4 PROPUPD_START:}lsɮݩʸ... PROPUPD_OSINFO_START:b@~tΪT... PROPUPD_ARCH_FOUND:o{tά[c: $1 PROPUPD_REL_FILE:o{ release ɮ: $1 PROPUPD_NO_REL_FILE:release ɮ: LS X: PROPUPD_OSNAME_FOUND:o{@~tΦW: $1 PROPUPD_ERROR:w˷s rkhunter.dat ɮ׵oͿ~. NX $1 PROPUPD_NEW_DAT_FILE:s rkhunter.dat ɮפww˦b '$1' PROPUPD_WARN:ĵi! ϥ '--propupd' ﶵɡAϥΪ̥ۦTw PROPUPD_WARN:tΤҦɮ׬OuꪺBw˪ɮרӷOia. PROPUPD_WARN:rkhunter '--check' ﶵNثeɮݩʻPe PROPUPD_WARN:xsȶi,åBiܰ. M, rkhunter PROPUPD_WARN:LkTwO]yFoܰʡAݫݨϥΪ̥hT{. ENABLED_TESTS:ҥΪլO: $1 DISABLED_TESTS:ҥΪլO: $1 KSYMS_FOUND:o{ ksym ɮ '$1' KSYMS_MISSING:Ҧ ksyms M kallsyms ˬdwQ - oɮצbtΤsb. STARTING_TEST:}l '$1' ˬd USER_DISABLED_TEST:ϥΪ̤w '$1' ˬd. CHECK_START:}lˬdt... CHECK_WARNINGS_NOT_FOUND:bˬdtιL{Sĵi. CHECK_WARNINGS_FOUND:ˬdtιL{o{@өΦhĵi. CHECK_WARNINGS_FOUND_RERUN:ЭsrkhunterAT{tΰOɤwإ. CHECK_WARNINGS_FOUND_CHK_LOG:ˬdtΰO ($1) CHECK_SYS_COMMANDS:ˬdtΩRO... STRINGS_CHECK_START: 'r' ROˬd STRINGS_SCANNING_OK:˦r $1 STRINGS_SCANNING_BAD:˦r $1 STRINGS_SCANNING_BAD:'r' ROLko{r STRINGS_CHECK:ˬd 'r' RO STRINGS_CHECK:Lˬd - So{ 'r' RO. FILE_PROP_START:ɮݩˬd FILE_PROP_CMDS:ˬdn򥻵{ FILE_PROP_IMMUT_OS:LҦ immutable-bit ˬd. ˬdȦb Linux tΤU. FILE_PROP_SKIP_ATTR:Lk 'stat' RO - ҦɮݩˬdNQL. FILE_PROP_SKIP_HASH:Ҧɮ hash ˬdNQLA] : FILE_PROP_SKIP_HASH_FUNC:ثe hash ($1) Ϊ̮M޲z{ ($2) P hash ($3)ۮeήM޲z{ ($4) QΩxsoǭ. FILE_PROP_SKIP_HASH_PRELINK:Lk 'prelink' RO. FILE_PROP_SKIP_HASH_SHA1:oӨtΨϥ prelinking, O hash ƩRO O SHA1 or MD5. FILE_PROP_SKIP_HASH_LIBSAFE:So{ Libsafe , oiɭP~. pGi, libsafe ð prelink RO. ̫, ϥ 'rkhunter --propupd'sإ hash . FILE_PROP_SKIP_IMMUT:Lk 'lsattr' RO - Ҧɮ immutable-bit ˬdNQL. FILE_PROP_SKIP_SCRIPT:Lk 'file' RO - ҦscriptNˬdNQL. FILE_PROP_DAT_MISSING:xsɮݩʪɮ (rkhunter.dat) sb, ҥHإߥ. JRO 'rkhunter --propupd'إ. FILE_PROP_DAT_EMPTY:xsɮݩʪɮ (rkhunter.dat) OŪ, ҥHإߥ. JRO 'rkhunter --propupd'إ. FILE_PROP_SKIP_ALL:ثeҦɮݩʪˬd. FILE_PROP_FILE_NOT_EXIST:tΤsb '$1' ɮ, Osb rkhunter.dat ɮ. FILE_PROP_WL:o{ɮ '$1': sbզW椤AΩ '$2' ˬd. FILE_PROP_NO_RKH_REC:tΤsbɮ '$1' , Osb the rkhunter.dat ɮ. FILE_PROP_HASH_WL_INVALID:o{ɮ '$1': զW檺 hash ($2) Pثe hash Ȥ۲. FILE_PROP_CHANGED:ɮݩʤw: FILE_PROP_CHANGED2:ɮ: $1 FILE_PROP_NO_PKGMGR_FILE:Lɮ '$1' hash : ɮפݩӮM FILE_PROP_NO_SYSHASH:So{ɮ '$1'hash FILE_PROP_NO_SYSHASH_CMD:Hash ROX: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:ըϥΩRO 'prelink $1' ״_̩ۨʿ~. FILE_PROP_SYSHASH_UNAVAIL:ثe hash: Lko FILE_PROP_SYSHASH:ثe hash: $1 FILE_PROP_RKHHASH:xs hash : $1 FILE_PROP_NO_RKHHASH:rkhunter.datɮ'$1' hash. FILE_PROP_NO_RKHPERM:rkhunter.datɮ'$1' v. FILE_PROP_PERM_UNAVAIL:ثev: Lko cvs -d:pserver:anonymous@rkhunter.cvs.sourceforge.net:/cvsroot/rkhunter xsv: $1 FILE_PROP_PERM:ثev: $1 xsv: $2 FILE_PROP_UID_UNAVAIL:ثe uid: Lko xs uid: $1 FILE_PROP_UID:ثe uid: $1 xs uid: $2 FILE_PROP_NO_RKHUID:bɮrkhunter.datSɮ '$1' user-id. FILE_PROP_GID_UNAVAIL:ثe gid: Lko xs gid: $1 FILE_PROP_GID:ثe gid: $1 xs gid: $2 FILE_PROP_NO_RKHGID:bɮrkhunter.datSɮ '$1' group-id. FILE_PROP_INODE_UNAVAIL:ثe inode: Lko xs inode: $1 FILE_PROP_INODE:ثe inode: $1 xs inode: $2 FILE_PROP_NO_RKHINODE:bɮrkhunter.datSɮ '$1' inode. FILE_PROP_SYSDTM_UNAVAIL:ثeɮ׭קɶ: Lko FILE_PROP_SYSDTM:ثeɮ׭קɶ: $1 FILE_PROP_RKHDTM:xsɮ׭קɶ : $1 FILE_PROP_NO_RKHDTM:bɮrkhunter.datSɮ '$1' קɶ. FILE_PROP_NO_SYSATTR:Lko '$1' ثeݩ FILE_PROP_WRITE:ɮ '$1'Q]mҦϥΪ̥ig. FILE_PROP_SYSPERM_UNAVAIL:Lkoɮ '$1' ثegv FILE_PROP_IMMUT:ɮ '$1' Q]mF immutable-bit . FILE_PROP_SCRIPT:RO '$1' wgQscript: $2 N FILE_PROP_VRFY:M޲z{Ҥw: FILE_PROP_VRFY_HASH:ɮhashȤw FILE_PROP_VRFY_PERM:ɮvw FILE_PROP_VRFY_UID:ɮת֦ݩʤw FILE_PROP_VRFY_GID:ɮײݩʤw FILE_PROP_VRFY_DTM:ɮתקɶw CHECK_ROOTKITS:bˬdrootkit... ROOTKIT_FILES_DIRS_START:}lˬdثewrootkitMؿ ROOTKIT_FILES_DIRS_NAME_LOG:ˬd ${1}... ROOTKIT_FILES_DIRS_FILE:ˬdɮ '$1' ROOTKIT_FILES_DIRS_DIR:ˬdؿ '$1' ROOTKIT_FILES_DIRS_KSYM:ˬd֤߲Ÿ '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:o{ɮ '$1' ROOTKIT_FILES_DIRS_DIR_FOUND:o{ؿ '$1' ROOTKIT_FILES_DIRS_KSYM_FOUND:o{֤߲Ÿ '$1' ROOTKIT_FILES_DIRS_STR:ˬdr '$1' ROOTKIT_FILES_DIRS_STR_FOUND:bɮ '$2'o{r'$1' ROOTKIT_FILES_DIRS_NOFILE:ɮ '$1' sb! ROOTKIT_FILES_DIRS_SINAR_DIR:ˬd '$1' ROOTKIT_FILES_DIRS_SINAR:b: $1o{SInAR ROOTKIT_ADD_START:䥦rootkitˬd ROOTKIT_ADD_SUCKIT:Suckit Rookit B~ˬd ROOTKIT_ADD_SUCKIT_LOG:Suckit Rookit B~ˬd ROOTKIT_ADD_SUCKIT_LINK:ˬd/sbin/init sƶq ROOTKIT_ADD_SUCKIT_LINK_NOCMD:ˬd /sbin/init sƶq: So{ 'stat' RO ROOTKIT_ADD_SUCKIT_LINK_ERR:ˬd /sbin/init sƶq: 'stat' RO~ ROOTKIT_ADD_SUCKIT_LINK_FOUND:ˬd /sbin/init sƶq: ƶqO $1, O 1 ROOTKIT_ADD_SUCKIT_EXT:ˬdɮ ROOTKIT_ADD_SUCKIT_EXT_FOUND:ˬdɮ: o{: $1 ROOTKIT_ADD_SUCKIT_SKDET: skdet RO ROOTKIT_ADD_SUCKIT_SKDET_FOUND: skdet RO: o{: $1 ROOTKIT_ADD_SUCKIT_SKDET_VER: skdet RO: : $1 ROOTKIT_POSS_FILES_DIRS:ˬdisbrootkitΨؿ ROOTKIT_POSS_FILES_DIRS_LOG:ˬdisbrootkitɮפΨؿ ROOTKIT_POSS_FILES_FILE_FOUND:o{ɮ '$1'. isbrootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:o{ؿ '$1'. isbrootkit: $2 ROOTKIT_POSS_STRINGS:ˬdPwrootkitisbr ROOTKIT_POSS_STRINGS_LOG:ˬdPwrootkitisbr ROOTKIT_POSS_STRINGS_FOUND:bɮ '$2'o{r'$1' . i٦brootkit: $3 ROOTKIT_MALWARE_START:cNnˬd ROOTKIT_MALWARE_SUSP_FILES:ˬd椤{O_iêɮ ROOTKIT_MALWARE_SUSP_FILES_FOUND:o{@өΦhӳo˪ɮ: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND:ˬd lsof RO 'lsof -F n -w -n' X ROOTKIT_MALWARE_HIDDEN_PROCS:ˬdæ{ ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:o{ê{: $1 ROOTKIT_MALWARE_DELETED_FILES:b{ˬd deleted ɮ ROOTKIT_MALWARE_DELETED_FILES_FOUND:HU{bϥ deleted ɮ: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:{: $1 PID: $2 ɮ: $3 ROOTKIT_MALWARE_LOGIN_BDOOR:ˬd login ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:ˬd login ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:ˬd '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:o{ login ɮ: $1 ROOTKIT_MALWARE_SUSP_DIR:ˬdiåؿ ROOTKIT_MALWARE_SUSP_DIR_LOG:iåؿˬd ROOTKIT_MALWARE_SUSP_DIR_FOUND:o{iêؿ: $1 ROOTKIT_MALWARE_SFW_INTRUSION:ˬdnJI ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:ɮ '$1' Mtr '$2'. isbrootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Lˬd - tripwire Sw ROOTKIT_MALWARE_SNIFFER:ˬd sniffer tΰO ROOTKIT_MALWARE_SNIFFER_LOG: sniffer tΰOɪˬd ROOTKIT_MALWARE_SNIFFER_FOUND:o{iêsniffer tΰO: $1 ROOTKIT_TROJAN_START:차{ˬd ROOTKIT_TROJAN_INETD:ˬdҰʪ inetd A ROOTKIT_TROJAN_INETD_SKIP:Lˬd - ɮ '$1' sb. ROOTKIT_TROJAN_INETD_FOUND:o{wҰʪ inetd A: $1 ROOTKIT_TROJAN_XINETD:ˬdҰʪ xinetd A ROOTKIT_TROJAN_XINETD_LOG:wҰʪ xinetd AȪˬd ROOTKIT_TROJAN_XINETD_ENABLED:b '$1' ˬdwҰʪA ROOTKIT_TROJAN_XINETD_INCLUDE:o{ 'include $1' O ROOTKIT_TROJAN_XINETD_INCLUDEDIR:o{ 'includedir $1' O ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:o{Ұʪ xinetd A: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:o{A '$1': $2 զW. ROOTKIT_TROJAN_APACHE:ˬd Apache ROOTKIT_TROJAN_APACHE_SKIPPED:LApache ˬd: So{Apache ҲթM]mؿ. ROOTKIT_TROJAN_APACHE_FOUND:o{Apache Ҳ 'mod_rootme' : $1 ROOTKIT_OS_START: $1 `Jˬd ROOTKIT_OS_SKIPPED:SiΪ`Jˬd ROOTKIT_OS_BSD_SOCKNET:ˬd sockstat M netstat RO ROOTKIT_OS_BSD_SOCKNET_FOUND: sockstat M netstat Xo{P: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 X: $2 ROOTKIT_OS_FREEBSD_KLD:ˬd KLD ROOTKIT_OS_FREEBSD_KLD_FOUND:o{iê FreeBSD KLD . 'kldstat -v' ROܦr '$1' ROOTKIT_OS_FREEBSD_PKGDB:ˬdMƮw ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:MƮwGD. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:oiणOwD, O 'pkgdb -F' i঳UE_D. ROOTKIT_OS_LINUX_LKM:ˬd֤߼ҲթRO ROOTKIT_OS_LINUX_LKM_FOUND: lsmod RO M /proc/modules ɮפo{Pa: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 X: $2 ROOTKIT_OS_LINUX_LKM_EMPTY: So{ lsmod RO M /proc/modules ɮתX: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:Ҳɮ '$1' w. ROOTKIT_OS_LINUX_LKMNAMES:ˬd֤߼ҲզW ROOTKIT_OS_LINUX_LKMNAMES_PATH:ϥμҲո|W '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:b '$1'o{wcN֤߼Ҳ: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:֤߼Ҳեؿ '$1' CHECK_LOCALHOST:ˬdaD... STARTUP_FILES_START:tζ}ˬd STARTUP_HOSTNAME:ˬdaDW STARTUP_NO_HOSTNAME:So{DW. STARTUP_LOCAL_RC_FILE:ˬdaҰɮ STARTUP_FOUND_LOCAL_RC_FILE:o{aҰɮ: $1 STARTUP_NO_LOCAL_RC_FILE:So{aҰɮ. STARTUP_CHECK_LOCAL_RC:ˬdaҰɮ׬O_AΦ`{ STARTUP_CHECK_SYSTEM_RC:ˬdtαҰɮ׬O_AΦ`{ STARTUP_CHECK_SYSTEM_RC_FOUND:o{tαҰʥؿ: $1 STARTUP_CHECK_SYSTEM_RC_NONE:So{tαҰɮ. ACCOUNTS_START:ϥΪ̸sթMbˬd ACCOUNTS_PWD_FILE_CHECK:ˬdKXɮ ACCOUNTS_FOUND_PWD_FILE:o{KXɮ: $1 ACCOUNTS_NO_PWD_FILE:KXɮ $1 sb. ACCOUNTS_UID0:ˬdProot (UID 0) b ACCOUNTS_UID0_WL:o{Proot b '$1': զW椤. ACCOUNTS_UID0_FOUND:b '$1' OProot (UID = 0) ACCOUNTS_SHADOW_FILE:o{ shadow ɮ: $1 ACCOUNTS_PWDLESS:ˬdűKXb ACCOUNTS_PWDLESS_FOUND:o{űKXb: $1 ACCOUNTS_NO_SHADOW_FILE:So{ shadow/password ɮ. PASSWD_CHANGES:ˬdKXɮתܤ PASSWD_CHANGES_NO_TMP:LkˬdKXɮת`: KXɮתƥsb. PASSWD_CHANGES_ADDED:ϥΪ̳Q[KXɮפ: PASSWD_CHANGES_REMOVED:ϥΪ̱qKXɮפ: GROUP_CHANGES:ˬdϥΪ̸sɮתܤ GROUP_CHANGES_NO_FILE:ϥΪ̸sɮ $1 sb. GROUP_CHANGES_NO_TMP:LkˬdϥΪ̸sɮתܤ: ϥΪ̸sɮתƥsb. GROUP_CHANGES_ADDED:ϥΪ̳Q[iΨϥΪ̸sɮ: GROUP_CHANGES_REMOVED:դwQqϥΪ̸sɮפR: HISTORY_CHECK:ˬdrootbshellvO HISTORY_CHECK_FOUND:Root b $1 shell vOO@ӲŸs: $2 SYSTEM_CONFIGS_START:tγ]wˬd SYSTEM_CONFIGS_FILE:ˬd $1 ]w SYSTEM_CONFIGS_FILE_FOUND:o{ $1 ]w: $2 SYSTEM_CONFIGS_SSH_ROOT:ˬdSSHO_irootnJ SYSTEM_CONFIGS_SSH_ROOT_FOUND: SSH M rkhunter ]wﳻۦP: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH ]wﶵ 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter ]wﶵ 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND: ٨S]mSSH ]wﶵ 'PermitRootLogin' . SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:w]ȥiO 'yes', irootnJ. SYSTEM_CONFIGS_SSH_PROTO:ˬdO_ϥ SSH v1w SYSTEM_CONFIGS_SSH_PROTO_FOUND:SSH]wSSH ($1)wϥSSH v1wͮ. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND: SSH ]wﶵ 'Protocol' ٨S]m. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:w]ȥiO '2,1', iHϥ v1w. SYSTEM_CONFIGS_SYSLOG:ˬdO_syslog daemon SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:syslog daemon S. SYSTEM_CONFIGS_SYSLOG_METALOG_RUNNING:The syslog daemon S, Owgo{@metalog daemon. SYSTEM_CONFIGS_SYSLOG_NO_FILE:syslog daemon b, OLko{]w. SYSTEM_CONFIGS_SYSLOG_REMOTE:ˬdO_iHϥ syslog ݰO SYSTEM_CONFIGS_SYSLOG_REMOTE_FOUND:Syslog ]wɥiHݵnJ: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter ]wﶵ 'ALLOW_SYSLOG_REMOTE_LOGGING' wgͮ. FILESYSTEM_START:ɮרtˬd....еy.... FILESYSTEM_DEV_CHECK:/dev iɮˬd FILESYSTEM_DEV_CHECK_NO_DEV:/dev sb. FILESYSTEM_DEV_FILE_WL:o{ɮ '$1': sbզW椤. FILESYSTEM_DEV_FILE_FOUND:b ${1}o{iɮ: FILESYSTEM_HIDDEN_DIR_WL:o{êؿ'$1': sbզW椤.W椤. FILESYSTEM_HIDDEN_FILE_WL:Found hidden file '$1': it is whitelisted. FILESYSTEM_HIDDEN_CHECK:ˬdêɮשMؿ FILESYSTEM_HIDDEN_DIR_FOUND:o{êؿ: $1 FILESYSTEM_HIDDEN_FILE_FOUND:o{êɮ: $1 CHECK_APPS:ˬdε{... APPS_NONE_FOUND:o{ε{ - LҦˬd. APPS_DAT_MISSING:LҦε{ˬd. APPS_DAT_MISSING:wε{ (programs_bad.dat) 򥢩ά. APPS_DAT_MISSING:pGwgQR, Ao 'rkhunter --update'. APPS_NOT_FOUND:So{ε{ '$1' . APPS_CHECK:ˬd $1 APPS_CHECK_VERSION_UNKNOWN:Lko '$1's. APPS_CHECK_VERSION_FOUND:o{ε{ '$1' s '$2' . APPS_CHECK_VERSION_WL:o{ε{ '$1' '$2': oӪզW. APPS_CHECK_WHOLE_VERSION_USED:Lko '$1's: ﶵ: $2 APPS_CHECK_FOUND:ε{ '$1', s '$2', wL, bwI. APPS_TOTAL_COUNT:ε{ˬd: b $2 ε{, $1 ӭn`N CHECK_NETWORK:ˬd... NETWORK_PORTS_START:qTˬd NETWORK_PORTS_FILE_MISSING:LҦqTˬd. NETWORK_PORTS_FILE_MISSING:wqTɮ (backdoorports.dat) 򥢩άť. NETWORK_PORTS_FILE_MISSING:pGwQRAARO 'rkhunter --update'. NETWORK_PORTS_FILE_NO_NETSTAT:LҦqTˬd. NETWORK_PORTS_FILE_NO_NETSTAT:Lk 'netstat' RO NETWORK_PORTS:ˬd $1 qT ${2} NETWORK_PORTS_FOUND: $1 qT $2 wQϥ. i઺rootkit: $3 NETWORK_PORTS_FOUND: 'netstat -an' ROhˬd. NETWORK_INTERFACE_START:ˬd NETWORK_PROMISC_CHECK:ˬd promiscuous NETWORK_PROMISC_NO_IFCONFIG:Promiscuous QL - Lk 'ifconfig' RO. NETWORK_PROMISC_NO_IP:ϥ'ip' ROˬdPromiscuous - Lk 'ip' RO. NETWORK_PROMISC_IF:i઺promiscuous : NETWORK_PROMISC_IF_1:'ifconfig' ROX: $1 NETWORK_PROMISC_IF_2:'ip' ROX: $1 NETWORK_PACKET_CAP_CHECK:ˬdʥ]dI{ NETWORK_PACKET_CAP_CHECK_NO_FILE:ʥ]dI{ˬdQL - ɮ '$1' . NETWORK_PACKET_CAP_FOUND:{ '$1' (PID $2) bWť. NETWORK_PACKET_CAP_WL:o{{ '$1': sbզW椤. SHARED_LIBS_START: '禡w' ˬd SHARED_LIBS_PRELOAD_VAR:ˬdwJܼ SHARED_LIBS_PRELOAD_VAR_FOUND:o{wJܼ: $1 SHARED_LIBS_PRELOAD_FILE:ˬdwJɮ SHARED_LIBS_PRELOAD_FILE_FOUND:o{library preload ɮ: $1 SHARED_LIBS_PATH:ˬd LD_LIBRARY_PATH ܼ SHARED_LIBS_PATH_BAD: LD_LIBRARY_PATH ܼƳQ]mA|vTGi{: Q]m: $1 SUSPSCAN_CHECK:ˬd㦳iäeɮ SUSPSCAN_DIR_NOT_EXIST:ؿ '$1' sb. SUSPSCAN_INSPECT:ɮ '$1' (score: $2) MtiêeANQˬd. SUSPSCAN_START:aiäeɮתˬd SUSPSCAN_DIRS:ˬdؿO: $1 SUSPSCAN_NO_DIRS:Swؿ: ϥΥιw] ($1) SUSPSCAN_TEMP:ϥμȦsɥؿ: $1 SUSPSCAN_NO_TEMP:SwȦsɮץؿ: ϥΥιw] ($1) SUSPSCAN_TEMP_NOT_EXIST:The suspscan Ȧsɥؿsb: $1 SUSPSCAN_TEMP_NO_WRITE:The suspscan ȦsؿLgJv: $1 SUSPSCAN_SIZE:iˬd̤jɮפjp (H줸լ): '$1' SUSPSCAN_NO_SIZE:Sw̤jɮפjp: ϥιw]($1) SUSPSCAN_SIZE_INVALID:Suspscan ̤jɮפjpL: $1 SUSPSCAN_THRESH:nW]m: $1 SUSPSCAN_NO_THRESH:SwnW: ϥιw] ($1) SUSPSCAN_THRESH_INVALID: Suspscan nWOLĪ: $1 SUSPSCAN_DIR_CHECK:ˬdؿ: '$1' SUSPSCAN_DIR_CHECK_NO_FILES:SAɮˬd. SUSPSCAN_FILE_CHECK:ɮˬd: Name: '$1' Score: $2 SUSPSCAN_FILE_CHECK_DEBUG:ɮˬd: Name: '$1' Score: $2 Hitcount: $3 Hits: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:ɮ: ť: '$1' SUSPSCAN_FILE_SKIPPED_LINK:ɮ: Ÿs: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:ɮ: ~: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:ɮ: Ӥj: '$1' SUSPSCAN_FILE_LINK_CHANGE:o{Ÿs: '$1' -> '$2' LIST_TESTS:ĪզW: LIST_GROUPED_TESTS:ˬdW: LIST_LANGS:iΪy: LIST_RTKTS:ˬdrootkit # #If any problem related with this zh version message,please mail to #ols3@lxer.idv.tw. I will fix them as soon as possible. #pGc餤媩½ĶDApô ols3@lxer.idv.tw #ڱN|ɧ֤Hץ. # #½ĶɰѦҦlinux_fqh@yahoo.com.cnĶ²骩,SP¥L. # rkhunter-1.4.2/files/i18n/tr0000644000000000000000000011530412310144637014314 0ustar rootrootVersion:2014030201 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:Bilgilendirme MSG_TYPE_WARNING:Uyar # # This is the list of message results. # MSG_RESULT_OK:Tamam MSG_RESULT_SKIPPED:Atland MSG_RESULT_WARNING:Uyar MSG_RESULT_FOUND:Bulundu MSG_RESULT_NOT_FOUND:Bulunamad MSG_RESULT_NONE_FOUND:Bulunamad MSG_RESULT_ALLOWED:zin verildi MSG_RESULT_NOT_ALLOWED:zin verilmedi MSG_RESULT_UNSET:Ayarlanmad MSG_RESULT_WHITELISTED:Beyaz listeye alnd MSG_RESULT_NONE_MISSING:Eksik yok MSG_RESULT_UPD:Gncellendi MSG_RESULT_NO_UPD:Gncelleme yok MSG_RESULT_UPD_FAILED:Gncelleme hatas MSG_RESULT_VCHK_FAILED:Srm kontrol hatas # # The messages. # VERSIONLINE:[ $1 srm $2 ] VERSIONLINE2:$3 zerinde $1 $2 srm alyor VERSIONLINE3:$1 $2 srm alyor RKH_STARTDATE:Balama tarihi $1 RKH_ENDDATE:Biti tarihi $1 OPSYS:Tespit edilen iletim sistemi: '$1' UNAME:Uname kts: '$1' CONFIG_CHECK_START:Yaplandrma dosyas ve komut-satr seenekleri kontrol ediliyor... CONFIG_CMDLINE:Komut satr: $1 CONFIG_DEBUGFILE:Hata ayklama dosyas: $1 CONFIG_ENVSHELL:evre deikeni kabuu $1; rkhunter, $2 kullanyor CONFIG_CONFIGFILE:'$1' yaplandrma dosyas kullanlyor CONFIG_LOCALCONFIGFILE:'$1' yerel yaplandrma dosyas kullanlyor CONFIG_LOCALCONFIGDIR:'$1' yerel yaplandrma dizini kullanlyor: $2 dosya bulundu CONFIG_INSTALLDIR:Kurulum dizini '$1' CONFIG_LANGUAGE:'$1' Dili kullanlyor CONFIG_DBDIR:Veritaban dizini olarak '$1' kullanlyor CONFIG_SCRIPTDIR:Destek eklentileri dizini olarak '$1' kullanlyor CONFIG_BINDIR:Komut dizinleri olarak '$1' kullanlyor CONFIG_TMPDIR:Geici dizin olarak '$1' kullanlyor CONFIG_NO_MAIL_ON_WARN:Uyarlarda postalama adresi yaplandrlmad CONFIG_MOW_DISABLED:Uyarlarda postalama, kullanc istei zerine devre d braklyor CONFIG_MAIL_ON_WARN:Uyarlar, '$2' komutuyla, '$1' adresine postalanyor CONFIG_SSH_ROOT:Rkhunter yaplandrmasndaki ALLOW_SSH_ROOT_USER seeneini '$1' olarak ayarlayn. CONFIG_SSH_PROTV1:Rkhunter yaplandrmasndaki ALLOW_SSH_PROT_V1 seeneini '$1' olarak ayarlayn. CONFIG_X_AUTO:X otomatik olarak alglanacaktr CONFIG_CLRSET2:kinci renk ayar kullanlyor CONFIG_NO_SHOW_SUMMARY:Sistem kontrol zeti, kullanc istei zerine devre d braklyor CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV zelliini '$1' olarak ayarlayn CONFIG_LOG_FILE:$1 gnlk/kayt dosyasna kaytlanyor CONFIG_NO_VL:Ayrntl gnlk, kullanc istei zerine devre d braklyor CONFIG_APPEND_LOG:Geerli gnlk, gnlk/kayt dosyasna eklenecek CONFIG_COPY_LOG:Herhangi bir hata varsa gnlk dosyas kopyalanacak CONFIG_XINETD_PATH:$1 yaplandrma dosyas olarak '$2' kullanlyor CONFIG_SOL10_INETD:Solaris 10 veya st bir inetd mekanizmas kullanlyor CONFIG_STARTUP_PATHS:Sistem balang yolu olarak unlar kullanlyor: $1 CONFIG_ROTATE_MIRRORS:Yans dosyas dndrlecek CONFIG_NO_ROTATE_MIRRORS:Yans dosyas dndrlmeyecek CONFIG_UPDATE_MIRRORS:Yans dosyas gncellenecek CONFIG_NO_UPDATE_MIRRORS:Yans dosyas gncellenmeyecek CONFIG_MIRRORS_MODE0:Yerel ve uzak yanslarn her ikiside kullanlacak CONFIG_MIRRORS_MODE1:Yalnzca yerel yanslar kullanlacak CONFIG_MIRRORS_MODE2:Yalnzca uzak yanslar kullanlacak FOUND_CMD:'$1' komutu bulundu: $2 NOT_FOUND_CMD:'$1' komutu bulunamyor CMD_ERROR:'$1' komutu '$2' hata kodunu verdi. SYS_PRELINK:Sistem prelinking (nbalant) kullanyor SYS_NO_PRELINK:Sistem prelinking (nbalant) kullanmyor SYS_SELINUX:SELinux etkin SYS_NO_SELINUX:SELinux devred HASH_FUNC_PRELINK:Dosya salama kontrol iin prelinking komutu ($1 ile) kullanlyor HASH_FUNC_PERL:Dosya salama kontrol iin perl $1 modl kullanlyor HASH_FUNC_PERL_SHA:Dosya salama kontrol iin perl $1 modl ($1 ile) kullanlyor HASH_FUNC:Dosya salama kontrol iin '$1' komutu kullanlyor HASH_FUNC_NONE:Dosya salama kontrol devred: NONE belirtilmi HASH_FUNC_NONE_PKGMGR:Dosya salama kontrol NONE belirtilmi: yalnzca paket yneticisi kullanlacak HASH_FUNC_DISABLED:Salama fonksiyonu 'NONE' olarak ayarland: dosya salama kontrol otomatikman devred HASH_FUNC_OLD:Depolanan salama verileri, '$1' salama fonksiyonunu kulland HASH_FUNC_OLD_DISABLED:nceki salama fonksiyonu devred braklm: depolanan salama verisi yok HASH_PKGMGR_OLD:Depolan dorulama verileri, '$1' paket yneticisini kulland HASH_PKGMGR_OLD_UNSET:Depolan dorulama verileri, bir paket yneticisi kullanmad HASH_PKGMGR:Dosya zellikleri kontrol iin '$1' paket yneticisi kullanlyor HASH_PKGMGR_MD5:Paket yneticisi dorulamasna yardmc olmas iin MD5 salama fonksiyonu komutu '$1' kullanlyor HASH_PKGMGR_SUM:Paket dorulamas iin depolanan 16-bit salama kullanlyor HASH_PKGMGR_NOT_SPEC:Paket yneticisi belirtilmedi: '$1' salama fonksiyonu kullanlyor HASH_PKGMGR_NOT_SPEC_PRELINKED:Paket yneticisi belirtilmedi: '$1' ile prelink komutu kullanlyor HASH_FIELD_INDEX:Salama fonksiyonu ksm ierii, $1 olarak ayarland HASHUPD_DISABLED:Salama kontrol devred: geerli dosya salama verileri depolanmayacak HASHUPD_PKGMGR:Dosya salama deerlerini gncellemek iin, '$1' paket yneticisi kullanlyor HASHUPD_PKGMGR_NOT_SPEC:Dosya salama deerlerini gncellemek iin paket yneticisi belirtilmemi: salama fonksiyonu olarak '$1' kullanlyor HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:Dosya salama deerlerini gncellemek iin paket yneticisi belirtilmemi: '$1' ile prelink komutu kullanlyor ATTRUPD_DISABLED:Dosya zniteliklerinin kontrol devred: geerli dosya znitelikleri depolanmayacak ATTRUPD_NOSTATCMD:Dosya zniteliklerinin kontrol devred: 'stat' komutu bulunamyor: geerli dosya znitelikleri depolanmayacak ATTRUPD_OK:Geerli dosya znitelikleri depolanacak ATTRUPD_OLD_DISABLED:nceki dosya znitelikleri devred: depolanm dosya znitelii yok ATTRUPD_OLD_NOSTATCMD:nceki dosya znitelikleri devred: 'stat' komutu bulunamyor: depolanm dosya znitelii yok ATTRUPD_OLD_OK:nceki dosya znitelikleri depoland RKHDAT_ADD_NEW_ENTRY:'rkhunter.dat' dosyasna, $1 dosya girdisi eklendi RKHDAT_DEL_OLD_ENTRY:'rkhunter.dat' dosyasndan, $1 varolmayan dosya girdisi silindi SYSLOG_ENABLED:Muhtelif gnlk/kaytlar iin 'syslog' kullanlyor - imkan/ncelik seviyesi '$1'. SYSLOG_DISABLED:Kullanclarn isteiyle syslog devred braklyor. SYSLOG_NO_LOGGER:syslog devred braklyor - 'logger' komutu bulunamyor. NAME:$1 PRESSENTER:[Devam etmek iin a basn] TEST_SKIPPED_OS:'$1' testi letim Sistemi: $2 nedeniyle atland SUMMARY_TITLE1:Sistem kontrol zeti SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:Dosya zellik kontrol... SUMMARY_PROP_REQCMDS:Gerekli komut kontrol baarsz SUMMARY_PROP_COUNT:Dosyalar kontrol edildi: $1 SUMMARY_PROP_FAILED:pheli dosyalar: $1 SUMMARY_CHKS_SKIPPED:Tm kontroller atland SUMMARY_RKT_SCAN:Rootkit kontrol... SUMMARY_RKT_COUNT:Rootkitler kontrol edildi : $1 SUMMARY_RKT_FAILED:Olas rootkitler: $1 SUMMARY_RKT_NAMES:Rootkit isimleri : $1 SUMMARY_APPS_SCAN:Uygulama kontrol... SUMMARY_APPS_COUNT:Kontrol edilen uygulamalar: $1 SUMMARY_APPS_FAILED:pheli uygulamalar: $1 SUMMARY_SCAN_TIME:Sistem kontrolleri alnd: $1 SUMMARY_NO_SCAN_TIME:Sistem kontrol alnd: Saat zaman belirlenemiyor SUMMARY_LOGFILE:Tm sonular gnlk/kayt dosyasna yazlmtr: $1 SUMMARY_NO_LOGFILE:Oluturulmu kayt dosyas yok. SUMMARY_LOGFILE_COPIED:Gnlk/kayt dosyas $1 eklinde kopyaland CREATED_TEMP_FILE:Geici dosya oluturuldu '$1' MIRRORS_NO_FILE:Hedef dosya mevcut deil: $1 MIRRORS_NO_MIRRORS:Yans dosyas iin gerekli yans iermiyor: $1 MIRRORS_NO_VERSION:Yans dosyas srm numaras iermiyor - sfra resetleniyor: $1 MIRRORS_ROTATED:Yans dosyas dndrlmtr: $1 MIRRORS_SF_DEFAULT:SourceForge yanss kullanlyor: $1 DOWNLOAD_CMD:ndirme komutu iletiliyor '$1' DOWNLOAD_FAIL:ndirme baarsz - $1 mirror(s) left. VERSIONCHECK_START:Rkhunter srm kontrol ediliyor... VERSIONCHECK_FAIL_ALL:ndirme baarsz: Programn son srm numaras belirlenemiyor. VERSIONCHECK_CURRENT:Bu srm : $1 VERSIONCHECK_LATEST:Son srm: $1 VERSIONCHECK_LATEST_FAIL:Son srm: ndirme baarsz VERSIONCHECK_UPDT_AVAIL:Gncelleme mevcut VERSIONCHECK_CONV_FAIL:Srm numaralar karlatrlamyor: Program: '$1' Son: '$2' UPDATE_START:rkhunter veri dosyalar kontrol ediliyor... UPDATE_CHECKING_FILE:Dosya kontrol ediliyor: $1 UPDATE_FILE_NO_VERS:'$1' dosyasnn geerli srm numaras yok. Yeni bir kopyas indiriliyor. UPDATE_FILE_MISSING:'$1' dosyas yok yada bo. Yeni bir kopyas indiriliyor. UPDATE_DOWNLOAD_FAIL:'$1' dosyasnn indirilmesi baarsz: Son srm numaras belirlenemiyor. UPDATE_I18N_NO_VERS:i18n dil dosyas srm numaralar bulunamad. UPDATE_SKIPPED:Kullanclarn istei zerine dil dosyas gncelleme ilemi atland. OSINFO_START:letim Sisteminin en son ne zaman deitii kontrol ediliyor... OSINFO_END:Deien birey yok gibi grnyor. OSINFO_HOST_CHANGE1:Son altrmadan bu yana hostname deimi gibi grnyor: OSINFO_HOST_CHANGE2:Eski host deeri: $1 Yeni host deeri: $2 OSINFO_OSVER_CHANGE1:Son altrmadan bu yana letim Sistemi ad veya srm deimi gibi grnyor: OSINFO_OSVER_CHANGE2:Eski /S deeri: $1 Yeni /S deeri: $2 OSINFO_PRELINK_CHANGE:Son altrmadan bu yana prelinking olarak ${1} eklinde deitirilmi gibi grnyor. OSINFO_ARCH_CHANGE1:Sistemin CPU tr deimi gibi grnyor: OSINFO_ARCH_CHANGE2:Eski CPU deeri: $1 Yeni deer: $2 OSINFO_MSG1:nk dosya zellii deiikliklerinin kontrol baz yanl-olumlu sonular verebilir. OSINFO_MSG2:'--propupd' seenei ile rkhunter tekrar altrmanz gerekebilir. OSINFO_DO_UPDT:Dosya zellikleri dosyas otomatik olarak gncellenecek. SET_FILE_PROP_START:Dosya zelliklerini alnyor... SET_FILE_PROP_DIR_FILE_COUNT:$2 dizininde $1 dosya bulundu SET_FILE_PROP_FILE_COUNT:Dosya $1: aranan $2 dosya, $3 tane bulundu SET_FILE_PROP_FILE_COUNT_BL:Dosya $1: aranan $2 dosya, $3 tane bulundu, krk link: $4 SET_FILE_PROP_FILE_COUNT_PROPOPT:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu SET_FILE_PROP_FILE_COUNT_PROPOPT_BL:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, krk link: $5 SET_FILE_PROP_FILE_COUNT_NOHASH:Dosya $1: aranan $2 dosya, $3 tane bulundu, kayp salama: $4 SET_FILE_PROP_FILE_COUNT_NOHASH_BL:Dosya $1: aranan $2 dosya, $3 tane bulundu, kayp salama: $4, krk link: $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kayp salama $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT_BL:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kayp salama: $5, krk link: $6 PROPUPD_START:Dosya zellikleri veri gncellemesi balatlyor... PROPUPD_OSINFO_START:letim Sistemi bilgisi toplanyor... PROPUPD_ARCH_FOUND:Sistem mimarisi bulundu: $1 PROPUPD_REL_FILE:Srm dosyas bulundu: $1 PROPUPD_NO_REL_FILE:Bir srm dosyas bulunamad: LS kts: PROPUPD_OSNAME_FOUND:Bulunan letim Sistemi: $1 PROPUPD_ERROR:Yeni rkhunter.dat dosyas kurulurken hata. Kod $1 PROPUPD_NEW_DAT_FILE:Yeni rkhunter.dat dosyas '$1' dizininde kuruldu PROPUPD_WARN:UYARI! Sistemlerindeki dosyalarn doru olup olmadndan ve gvenilir bir kaynaktan yklenip PROPUPD_WARN:yklenmediinden emin olmak iin '--propupd' seeneini kullanmalar, kullanclarn PROPUPD_WARN:sorumluluundadr. rkhunter geerli dosya zelliklerini daha nceden depolanm deerlerle PROPUPD_WARN:karlatrr ve herhangi bir deer farklln rapor eder. Bununla birlikte rkhunter, PROPUPD_WARN:deiikliklere neyin sebep olduunu belirleyemez, bunu sebepleri kullanc kendisi bulmaldr. ENABLED_TESTS:Etkin testler: $1 DISABLED_TESTS:Devred testler: $1 USER_FILE_LIST:Dosya zellikleri kontrolne kullanc dosyalar dahil ediliyor: USER_CMD_LIST:Dosya zellikleri kontrolne kullanc komutlar dahil ediliyor: USER_DIR_LIST:Dosya zellikleri kontrolne kullanc dizinleri dahil ediliyor: USER_EXCLUDE_PROP:Dosya zellikleri kontrolnden hari tutulanlar: KSYMS_FOUND:'$1' kysm dosyas bulundu KSYMS_UNAVAIL:Tm ksym ve kallsym kontrolleri atlanacak - dosya okunabilir deil. KSYMS_MISSING:Tm ksym ve kallsym kontrolleri atlanacak - hibir dosya sistemde mevcut deil. STARTING_TEST:'$1' testi balatlyor USER_DISABLED_TEST:Kullanc isteiyle '$1' testi devred brakld. CHECK_START:Sistem kontrolleri balatlyor... CHECK_WARNINGS_NOT_FOUND:Sistem kontrol edilirken herhangi bir uyar bulunamad. CHECK_WARNINGS_NOT_FOUND0:Sistem kontrol edilirken 0 uyar bulundu. CHECK_WARNINGS_FOUND:Sistem kontrol edilirken bir veya daha fazla uyar bulundu. CHECK_WARNINGS_FOUND_NUMBER:Sistem kontrol edilirken $1 uyar bulundu. CHECK_WARNINGS_FOUND_NUMBER1:Sistem kontrol edilirken 1 uyar bulundu. CHECK_WARNINGS_FOUND_RERUN:Bir gnlk/kayt dosyas oluturmak iin ltfen rkhunter tekrar altrn. CHECK_WARNINGS_FOUND_CHK_LOG:Ltfen gnlk/kayt dosyasn ($1) kontrol edin CHECK_SYS_COMMANDS:Sistem komutlar kontrol ediliyor... STRINGS_CHECK_START:'strings' komut kontrol iletiliyor STRINGS_SCANNING_OK:fade (OK) taranyor: $1 STRINGS_SCANNING_BAD:fade (BAD) taranyor: $1 STRINGS_SCANNING_BAD:'strings' komut kontrolnde (BAD) ifade bulunamad STRINGS_CHECK:'strings' komutu kontrol ediliyor STRINGS_CHECK:Kontrol atland - 'strings' komutu bulunamyor. FILE_PROP_START:Dosya zelliklerinin kontrolleri gerekletiriliyor FILE_PROP_CMDS:n koullar kontrol ediliyor FILE_PROP_IMMUT_OS:Tm immutable-bit kontrolleri atlanyor.Bu kontrol sadece Linux sistemleri iin kullanlabilir. FILE_PROP_IMMUT_SET:Immutable-bit kontrol tersine dnecek. FILE_PROP_SKIP_ATTR:'stat' komutu bulunamyor - tm dosya nitelik kontrolleri atlanacak. FILE_PROP_SKIP_HASH:Tm dosya salama kontrolleri atlanacak, nk: FILE_PROP_SKIP_HASH_FUNC:Geerli salama fonksiyonu ($1) ya da ($2) paket yneticisi salama fonksiyonu, deerleri saklamak iin kullanlan ($3) salama fonksiyonu veya ($4) paket yneticisi ile uyumsuz. FILE_PROP_SKIP_HASH_PRELINK:'prelink' komutu bulunamyor. FILE_PROP_SKIP_HASH_SHA1:Bu sistem prelinking kullanyor, fakat salama fonksiyonu komutu SHA1 yada MD5 gibi grnmyor. FILE_PROP_SKIP_HASH_LIBSAFE:Libsafe bulundu, bu durum hatalara neden olabilir. Mmknse, libsafe'i devre d brakn ve sonra prelink komutunu altrn. Son olarak, 'rkhunter --propupd' komutunu kullanarak salama deerlerini tekrar oluturun. FILE_PROP_SKIP_IMMUT:'lsattr' komutu bulunamyor - tm dosya immutable-bit kontrolleri atlanacak. FILE_PROP_SKIP_IMMUT_CMD:'$1' komutu sonras bir kt yok - tm dosya immutable-bit kontrolleri atlanacak. FILE_PROP_SKIP_SCRIPT:'file' komutu bulunamyor - Tm komut dosyas yedek kontrolleri atlanacak. FILE_PROP_SKIP_FILE_CMD:'file' komutu sonras bir kt yok - tm script deitirme kontrolleri atlanacak. FILE_PROP_NO_OS_WARNING:letim Sistemi deiiklik uyarlar kullanc istei zerine devred braklm. FILE_PROP_OS_CHANGED:Yerel host yaplandrmas yada iletim sistemi deimi. FILE_PROP_DAT_MISSING:Depolanan dosya zellikleri dosyas (rkhunter.dat) mevcut deil ve oluturulmas gerekiyor. Bunun iin 'rkhunter --propupd' komutunu altrn. FILE_PROP_DAT_EMPTY:Depolanan dosya zellikleri dosyas (rkhunter.dat) bo ve oluturulmas gerekiyor. Bunun iin 'rkhunter --propupd' komutunu altrn. FILE_PROP_SKIP_ALL:Tm dosya zellikleri kontrolleri atlanyor. FILE_PROP_DAT_MISSING_INFO:Dosya zellik kontrolleri, rkhunter.dat dosyas olmadan da yaplabilen kontrolleri yerine getirmek zere yine de alacaktr. FILE_PROP_FILE_NOT_EXIST:'$1' dosyas sistem zerinde bulunamad, ancak 'rkhunter.dat' dosyasnda mevcut. FILE_PROP_WL:'$1' dosyas bulundu: Bu dosya '$2' kontrol iin beyaz listede. FILE_PROP_WL_STR:'$1' dosyas ve '$2' dizisi bulundu: Bunlar '$3' kontrol iin beyaz listedeler. FILE_PROP_WL_DIR:'$1' dizini bulundu: Bu dizin '$2' kontrol iin beyaz listede. FILE_PROP_NO_RKH_REC:'$1' dosyas sistemde mevcut, fakat 'rkhunter.dat' dosyasnda mevcut deil. FILE_PROP_CHANGED:Dosya zellikleri deiti: FILE_PROP_CHANGED2:Dosya: $1 FILE_PROP_NO_PKGMGR_FILE:'$1' dosyas salama deeri atland: dosya bir pakete ait deil FILE_PROP_NO_SYSHASH:'$1' dosyas iin salama deeri yok FILE_PROP_NO_SYSHASH_BL:$1 dosyas bir krk link. FILE_PROP_BROKEN_LINK_WL_TGT:Krk link bulundu, fakat szkonusu hedeflerin varl beyaz listede: '$1' FILE_PROP_NO_SYSHASH_CMD:Salama komutu kts: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:Bamllk hatalarn gidermek iin 'prelink $1' komutunu deneyin. FILE_PROP_IGNORE_PRELINK_DEP_ERR:'$1' dosyas iin prelink bamllk hatas grmezden geliniyor FILE_PROP_SYSHASH_UNAVAIL:Geerli salama: Mevcut deil FILE_PROP_SYSHASH_UNAVAIL_BL:Geerli salama: Mevcut deil (muhtemelen krk link) FILE_PROP_SYSHASH:Geerli salama: $1 FILE_PROP_RKHHASH:Depolanan salama: $1 FILE_PROP_NO_RKHHASH:'rkhunter.dat' dosyasnda '$1' dosyas iin salama deeri yok. FILE_PROP_NO_RKHPERM:'rkhunter.dat' dosyasnda '$1' dosyas iin dosya izni deeri yok. FILE_PROP_PERM_UNAVAIL:Geerli dosya izni: Mevcut deil Depolanan dosya izni: $1 FILE_PROP_PERM:Geerli dosya izni: $1 Depolanan dosya izni: $2 FILE_PROP_UID_UNAVAIL:Geerli UID: Mevcut deil Depolanan UID: $1 FILE_PROP_UID:Geerli UID: $1 Depolanan UID: $2 FILE_PROP_NO_RKHUID:'rkhunter.dat' dosyasnda '$1' dosyas iin UID deeri yok. FILE_PROP_GID_UNAVAIL:Geerli GID: Mevcut deil Depolanan GID: $1 FILE_PROP_GID:Geerli GID: $1 Depolanan UID: $2 FILE_PROP_NO_RKHGID:'rkhunter.dat' dosyasnda '$1' dosyas iin GID deeri yok. FILE_PROP_INODE_UNAVAIL:Geerli inode: Mevcut deil Depolanan inode: $1 FILE_PROP_INODE:Geerli inode: $1 Depolanan inode: $2 FILE_PROP_NO_RKHINODE:'rkhunter.dat' dosyasnda '$1' dosyas iin inode deeri yok. FILE_PROP_SIZE_UNAVAIL:Geerli boyut: Mevcut deil Depolanan boyut: $1 FILE_PROP_SIZE:Geerli boyut: $1 Depolanan boyut: $2 FILE_PROP_NO_RKHSIZE:'rkhunter.dat' dosyasnda '$1' dosyas iin boyut deeri yok. FILE_PROP_SYSDTM_UNAVAIL:Geerli dosya deiiklik zaman: Mevcut deil FILE_PROP_SYSDTM:Geerli dosya deiiklik zaman: $1 FILE_PROP_RKHDTM:Depolanan dosya deiiklik zaman: $1 FILE_PROP_NO_RKHDTM:'rkhunter.dat' dosyasnda '$1' dosyas iin dosya deiiklik zaman deeri yok. FILE_PROP_SYSLNK:Geerli sembolik link hedefi: '$1' -> '$2' FILE_PROP_RKHLNK:Depolanan sembolik link hedefi : '$1' -> '$2' FILE_PROP_NO_RKHLNK:'$1' dosyas iin 'rkhunter.dat' dosyasnda sembolik link hedefi bulunamad. FILE_PROP_LINK_WL:Sembolik link hedefi deimi, fakat beyaz listede: '$1' -> '$2' FILE_PROP_NO_SYSATTR:'$1' dosyasnn geerli dosya zellikleri elde edilemiyor FILE_PROP_WRITE:'$1' dosyasnn yazma izni tm kullanclar iin ayarland. FILE_PROP_SYSPERM_UNAVAIL:'$1' dosyasnn geerli yazma izni elde edilemiyor FILE_PROP_IMMUT:'$1' dosyas immutable-bit ayarna sahip. FILE_PROP_IMMUT_NOT_SET:'$1' dosyas immutable-bit ayarna sahip deil. FILE_PROP_SCRIPT:'$1' komutu, '$2' scripti ile deitirilmitir. FILE_PROP_SCRIPT_RKH:'$1' komutu, '$2' ile deitirilmi olup bir script deildir. FILE_PROP_VRFY:Paket yneticisi dorulamas baarsz oldu: FILE_PROP_VRFY_HASH:Dosya hash deeri deimi FILE_PROP_VRFY_PERM:Dosya izinleri deimi FILE_PROP_VRFY_UID:Dosya sahibi deimi FILE_PROP_VRFY_GID:Dosya grubu deimi FILE_PROP_VRFY_DTM:Dosya deiiklik zaman deimi FILE_PROP_VRFY_LNK:Sembolik link hedefi deimi FILE_PROP_VRFY_SIZE:Dosya boyutu deimi FILE_PROP_EPOCH_DATE_CMD:kinci tur ilemi iin '$1' kullanlyor. CHECK_ROOTKITS:Rootkitler kontrol ediliyor... ROOTKIT_FILES_DIRS_START:Bilinen rootkit dosyalar ve dizinlerinin kontrol altrlyor ROOTKIT_FILES_DIRS_NAME_LOG:${1} iin kontrol ediliyor... ROOTKIT_FILES_DIRS_FILE:Dosya kontrol ediliyor '$1' ROOTKIT_FILES_DIRS_DIR:Dizin kontrol ediliyor '$1' ROOTKIT_FILES_DIRS_KSYM:Kernel sembol '$1' iin kontrol ediliyor ROOTKIT_FILES_DIRS_FILE_FOUND:'$1' dosyas bulundu ROOTKIT_FILES_DIRS_DIR_FOUND:'$1' dizini bulundu ROOTKIT_FILES_DIRS_KSYM_FOUND:Kernel sembol '$1' bulundu ROOTKIT_FILES_DIRS_STR:'$1' dizisi iin kontrol ediliyor ROOTKIT_FILES_DIRS_STR_FOUND:'$2' dosyasnda '$1' dizisi bulundu ROOTKIT_FILES_DIRS_NOFILE:'$1' dosyas mevcut deil! ROOTKIT_FILES_DIRS_SINAR_DIR:'$1' dizininde kontrol ediliyor ROOTKIT_FILES_DIRS_SINAR:'$1' dizininde SInAR bulundu ROOTKIT_LINK_COUNT:'$1' dizininde hard link says kontrol ediliyor ROOTKIT_LINK_COUNT_FAIL:'$1' komutundan hard link says: $2 ROOTKIT_LINK_COUNT_CMDERR:'$2' kontrol edildiinde '$2' komutundan hata dndrld ROOTKIT_PHALANX2_LINK_COUNT_FAIL:'$1' zerinde hard link kontrol baarsz oldu ROOTKIT_PHALANX2_PROC:'ata/0' ilemi iin ilem listesi kontrol ediliyor ROOTKIT_PHALANX2_PROC_FOUND:alan 'ata/0' ilemi bulundu ROOTKIT_PHALANX2_PROC_PPID:Beklenen 'kthread' parent PID'si '$1', bulunan parent PID'si '$2' ROOTKIT_PHALANX2_PROC_PS_ERR:'ps' altrlrken beklenmeyen sonular dndrld: muhtemelen desteklenmeyen komut satr argmanlar. ROOTKIT_ADD_START:Ek rootkit kontrolleri altrlyor ROOTKIT_ADD_SUCKIT:Suckit Rookit ek kontrolleri ROOTKIT_ADD_SUCKIT_LOG:Suckit Rookit ek kontrolleri altrlyor ROOTKIT_ADD_SUCKIT_LINK_NOCMD:'/sbin/init' link says kontrol ediliyor: 'stat' komutu bulunamad ROOTKIT_ADD_SUCKIT_LINK_FOUND:'/sbin/init' link says kontrol ediliyor: say $1, 1 olmaldr ROOTKIT_ADD_SUCKIT_EXT:Gizli dosya uzantlar kontrol ediliyor ROOTKIT_ADD_SUCKIT_EXT_FOUND:Gizli dosya uzantlar kontrol ediliyor: $1 tane bulundu ROOTKIT_ADD_SUCKIT_SKDET:'skdet' komutu altrlyor ROOTKIT_ADD_SUCKIT_SKDET_FOUND:'skdet' komutu altrlyor: $1 tane bulundu ROOTKIT_ADD_SUCKIT_SKDET_VER:'skdet' komutu altrlyor: bilinmeyen srm: $1 ROOTKIT_POSS_FILES_DIRS:Olas rootkit dosya ve klasrleri kontrol ediliyor ROOTKIT_POSS_FILES_DIRS_LOG:Olas rootkit dosya ve klasrlerinin kontrol altrlyor ROOTKIT_POSS_FILES_FILE_FOUND:'$1' dosyas bulundu. Olas rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:'$1' klasr bulundu. Olas rootkit: $2 ROOTKIT_POSS_STRINGS:Olas rootkit dizileri kontrol ediliyor ROOTKIT_POSS_STRINGS_LOG:Olas rootkit dizilerinin kontrol altrlyor ROOTKIT_POSS_STRINGS_FOUND:'$2' dosyasnda '$1' dizisi bulundu. Olas rootkit: $3 ROOTKIT_MALWARE_START:Zararl yazlm kontrol altrlyor ROOTKIT_MALWARE_SUSP_FILES:pheli dosyalar iin alan ilemler kontrol ediliyor ROOTKIT_MALWARE_SUSP_FILES_FOUND:Aadaki ilemler pheli dosya(lar) kullanyor: ROOTKIT_MALWARE_SUSP_FILES_FOUND_UID:UID: $1 PID: $2 ROOTKIT_MALWARE_SUSP_FILES_FOUND_CMD:Komut: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_PATH:Yol ismi: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_RTKT:Olas Rootkit: $1 ROOTKIT_MALWARE_HIDDEN_PROCS:Gizli ilemler kontrol ediliyor ROOTKIT_MALWARE_HIDDEN_PROCS_NOUNHIDE:Kullanc isteiyle, '$1' kullanm devred brakld ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_VERS:'unhide' komut srm bulundu: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_CMD:'$1' komutu kullanlyor ROOTKIT_MALWARE_HIDDEN_PROCS_UNH_ERR:'unhide' altrlabilir deil: geersiz yaplandrlm testler: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_RUBY_ERR:'unhide.rb' komutu bir hata verdi: ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:Gizli ilemler bulundu: ROOTKIT_MALWARE_DELETED_FILES:Silinen dosyalar iin alan ilemler kontrol ediliyor ROOTKIT_MALWARE_DELETED_FILES_FOUND:Aadaki ilemler silinen dosya(lar) kullanyor: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:lem: $1 PID: $2 Dosya: $3 ROOTKIT_MALWARE_DELETED_FILES_WL:Beyaz listedeki '$1' dosyasn kullanan '$1' ilemi bulundu. ROOTKIT_MALWARE_LOGIN_BDOOR:Arkakap girileri kontrol ediliyor ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:Arkakap girilerinin kontrol altrlyor ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:'$1' kontrol ediliyor ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:Arkakap giri dosyas bulundu: $1 ROOTKIT_MALWARE_SUSP_DIR:pheli klasrler kontrol ediliyor ROOTKIT_MALWARE_SUSP_DIR_LOG:pheli klasrlerin kontrol altrlyor ROOTKIT_MALWARE_SUSP_DIR_FOUND:pheli klasr bulundu: $1 ROOTKIT_MALWARE_SFW_INTRUSION:Yazlm ihlalleri kontrol ediliyor ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:'$1' dosyas '$2' dizisini ieriyor. Olas rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Kontrol atland - tripwire ykl deil ROOTKIT_MALWARE_SNIFFER:Alglayc gnlk/kayt dosyalar kontrol ediliyor ROOTKIT_MALWARE_SNIFFER_LOG:Alglayc gnlk/kayt dosyalarnn kontrol altrlyor ROOTKIT_MALWARE_SNIFFER_FOUND:Alglayc gnlk/kayt dosyas bulundu: $1 ROOTKIT_MALWARE_IPCS:pheli Paylalan Bellek segmentleri ROOTKIT_MALWARE_IPCS_DETAILS:lem: $1 PID: $2 Sahibi: $3 ROOTKIT_TROJAN_START:Spesifik trojan kontrolleri altrlyor ROOTKIT_TROJAN_INETD:Etkin inetd servisleri kontrol ediliyor ROOTKIT_TROJAN_INETD_SKIP:Kontrol atland - '$1' dosyas mevcut deil. ROOTKIT_TROJAN_INETD_FOUND:Etkin inetd servisi bulundu: $1 ROOTKIT_TROJAN_XINETD:Etkin xinetd servisleri kontrol ediliyor ROOTKIT_TROJAN_XINETD_LOG:Etkin xinetd servislerinin kontrol altrlyor ROOTKIT_TROJAN_XINETD_ENABLED:Etkin servisler iin, '$1' altrlyor ROOTKIT_TROJAN_XINETD_INCLUDE:'include $1' direktifi bulundu ROOTKIT_TROJAN_XINETD_INCLUDEDIR:'includedir $1' direktifi bulundu ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:Etkin xinetd servisi bulundu: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:'$1' servisi bulundu: $2 beyaz listesinde. ROOTKIT_TROJAN_APACHE:Apache arkakaps kontrol ediliyor ROOTKIT_TROJAN_APACHE_SKIPPED:Apache arkakaps kontrol atland: Apache modl ve yaplandrma klasrleri bulunamad. ROOTKIT_TROJAN_APACHE_FOUND:Apache arkakap modl 'mod_rootme' bulundu: $1 ROOTKIT_OS_START:Spesifik $1 kontrolleri altrlyor ROOTKIT_OS_SKIPPED:Spesifik test yok ROOTKIT_OS_BSD_SOCKNET:'sockstat' ve 'netstat' komutlar kontrol ediliyor ROOTKIT_OS_BSD_SOCKNET_FOUND:'sockstat' ve 'netstat' komutlar arasnda bulunan farkllklarn kts: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 kts (port kullanmda): $2 ROOTKIT_OS_FREEBSD_KLD:KLD arkakaplar kontrol ediliyor ROOTKIT_OS_FREEBSD_KLD_FOUND:Olas FreeBSD KLD arkakaps bulundu. 'kldstat -v' komutu '$1' dizisini gsteriyor ROOTKIT_OS_FREEBSD_PKGDB:Paket veritaban kontrol ediliyor ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Paket veritabannn tutarszlklar var gibi grnyor. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Bu bir gvenlik sorunu olmayabilir, ama 'pkgdb -F' komutunu altrmak sorunu tehis etmeye yardmc olabilir. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Paket veritabannn tutarszlklar var gibi grnyor. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Bu bir gvenlik sorunu olmayabilir, ama 'pkg_admin check' komutunu altrmak sorunu tehis etmeye yardmc olabilir. ROOTKIT_OS_LINUX_LKM:Ykl kernel modlleri kontrol ediliyor ROOTKIT_OS_LINUX_LKM_FOUND:'lsmod' komutu ve '/proc/modules' dosyas arasnda farkllklar bulundu: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 kts: $2 ROOTKIT_OS_LINUX_LKM_EMPTY:'lsmod' komutu ya da /proc/modules dosyasndan bir kt bulunamad: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:'$1' modl dosyas kayp. ROOTKIT_OS_LINUX_LKMNAMES:Kernek ekirdek modlleri kontrol ediliyor ROOTKIT_OS_LINUX_LKMNAMES_PATH:Modllerin yolu olarak '$1' kullanlyor ROOTKIT_OS_LINUX_LKMNAMES_FOUND:'$1' konumunda bilinen kt kernel modl bulundu: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:Kernel modl dizini '$1' kayp yada bo. CHECK_LOCALHOST:Yerel host kontrol ediliyor... STARTUP_FILES_START:Sistem boot kontrolleri altrlyor STARTUP_HOSTNAME:Yerel host ad kontrol ediliyor STARTUP_NO_HOSTNAME:Host ad bulunamad. STARTUP_CHECK_FILES_EXIST:Sistem balang dosyalar kontrol ediliyor STARTUP_NONE_GIVEN:Balang dosya yollar iin kullanc tercihi 'NONE' STARTUP_CHECK_FILES_MALWARE:Sistem balang dosyalar zararl yazlm iin kontrol ediliyor STARTUP_CHECK_NO_RC_FILES:Sistem balang dosyalar bulunamad. ACCOUNTS_START:Grup ve hesap kontrolleri altrlyor ACCOUNTS_PWD_FILE_CHECK:ifre dosyas kontrol ediliyor ACCOUNTS_FOUND_PWD_FILE:ifre dosyas bulundu: $1 ACCOUNTS_NO_PWD_FILE:ifre dosyas '$1' mevcut deil. ACCOUNTS_UID0:Rootla (UID 0) edeer hesaplar kontrol ediliyor ACCOUNTS_UID0_WL:Rootla (UID 0) edeer hesap '$1' bulundu: Beyaz listede. ACCOUNTS_UID0_FOUND:'$1' hesab rootla edeer (UID = 0) ACCOUNTS_SHADOW_FILE:Glge dosyas bulundu: $1 ACCOUNTS_SHADOW_TCB:TCB glge dosyas dizini bulundu: $1 ACCOUNTS_PWDLESS:ifresiz hesaplar kontrol ediliyor ACCOUNTS_PWDLESS_WL:ifresiz hesap bulundu: '$1': Beyaz listede. ACCOUNTS_PWDLESS_FOUND:'$1' dosyasnda ifresiz hesap bulundu: $2 ACCOUNTS_NO_SHADOW_FILE:Glge/ifre dosyas bulunamad. PASSWD_CHANGES:ifre dosyas deiiklikleri kontrol ediliyor PASSWD_CHANGES_NO_TMP:ifre dosyas farkllklar iin kontrol yaplamyor: Varolan ifre dosyasnn kopyas yok. PWD_CHANGES_IDADD:'$1' kullancs ifre dosyasna eklenmitir. PWD_CHANGES_IDREM:'$1' kullancs ifre dosyasndan kaldrlmtr. PWD_CHANGES_FOUND:ifre dosyasnda '$1' kullancsna ait deiiklikler bulundu: PWDGRP_CHANGES_UNK:$1 dosyasnda bilinmeyen alan bulundu: Eski alan: '$2' Yeni alan: '$3' PWD_CHANGES_PWD:ifre '$1' iken, '$2' eklinde deitirildi PWD_CHANGES_UID:UID '$1' iken, '$2' eklinde deitirildi PWD_CHANGES_GID:GID '$1' iken, '$2' eklinde deitirildi PWD_CHANGES_COMM:Hesap aklamas '$1' iken, '$2' eklinde deitirildi PWD_CHANGES_HOME:Hesap kk dizini '$1' iken, '$2' eklinde deitirildi PWD_CHANGES_SHL:Varsaylan kabuk '$1' iken, '$2' eklinde deitirildi GROUP_CHANGES:Grup dosyas deiiklikleri kontrol ediliyor GROUP_CHANGES_NO_FILE:Grup dosyas '$1' mevcut deil. GROUP_CHANGES_NO_TMP:Grup dosyas farkllklar iin kontrol yaplamyor: Varolan grup dosyasnn kopyas yok. GROUP_CHANGES_FOUND:'$1' grubu iin grup dosyasnda deiiklikler bulundu: GROUP_CHANGES_IDADD:'$1' grubu, grup dosyasna eklenmitir. GROUP_CHANGES_IDREM:'$1' grubu, grup dosyasndan kaldrlmtr. GROUP_CHANGES_PWD:Grup ifresi '$1' iken, '$2' eklinde deitirilmitir GROUP_CHANGES_GID:Grup numaras '$1' iken, '$2' eklinde deitirilmitir GROUP_CHANGES_GRPREM:'$1' kullancs, grup dosyasndan kaldrlmtr GROUP_CHANGES_GRPADD:'$1' kullancs, grup dosyasna eklenmitir HISTORY_CHECK:Root hesab komut gemii dosyalar kontrol ediliyor HISTORY_CHECK_FOUND:Root hesab komut gemii dosyas '$1', '$2' konumuna sembolik bir balant SYSTEM_CONFIGS_START:Sistem yaplandrma dosyalarnn kontrol altrlyor SYSTEM_CONFIGS_FILE:$1 yaplandrma dosyas kontrol ediliyor SYSTEM_CONFIGS_FILE_SSH:Bir SSH yaplandrma dosyas kontrol ediliyor SYSTEM_CONFIGS_FILE_FOUND:$1 '$2' yaplandrma dosyas bulundu: $3 SYSTEM_CONFIGS_SSH_ROOT:SSH root eriim durumu kontrol ediliyor SYSTEM_CONFIGS_SSH_ROOT_FOUND:SSH ve rkhunter yaplandrma aadaki gibi olmaldr: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH yaplandrma seenei 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter yaplandrma seenei 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:SSH yaplandrma seenei 'PermitRootLogin' ayarlanmam. SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:Varsaylan deer root eriimine izin vermek iin, 'yes' olabilir. SYSTEM_CONFIGS_SSH_PROTO:SSH protokol v1 durumu kontrol ediliyor SYSTEM_CONFIGS_SSH_PROTO_DIFF1:SSH yaplandrma seenei 'Protocol': $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF2:Rkhunter yaplandrma seenei 'ALLOW_SSH_PROT_V1': $1 SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:SSH yaplandrma seenei 'Protocol' henz ayarlanmam. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:Protokol srm 1'e izin vermek iin, varsaylan deer '2,1' olabilir. SYSTEM_CONFIGS_SYSLOG:alan bir sistem kaytlama sreci kontrol ediliyor SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:alan bir sistem kaytlama sreci bulunamad. SYSTEM_CONFIGS_SYSLOG_DAEMON:alan bir '$1' sreci bulundu. SYSTEM_CONFIGS_SYSLOG_NO_FILE:Syslog sreci alyor, fakat hibir yaplandrma dosyas bulunamad. SYSTEM_CONFIGS_SYSLOG_REMOTE:Syslog uzak gnlk/kaytlama durumu kontrol ediliyor SYSTEM_CONFIGS_SYSLOG_REMOTE_LOG:Yaplandrma dosyas uzak gnlk/kaytlamaya izin veriyor: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter yaplandrma seenei 'ALLOW_SYSLOG_REMOTE_LOGGING' etkinletirilmi. FILESYSTEM_START:Dosya sistemi kontrol altrlyor FILESYSTEM_DEV_CHECK:pheli dosya tipleri iin '/dev' kontrol ediliyor FILESYSTEM_DEV_CHECK_NO_DEV:'/dev' mevcut deil. FILESYSTEM_DEV_FILE_WL:'$1' dosyas bulundu: Beyaz listede. FILESYSTEM_DEV_FILE_FOUND:${1} dizininde pheli dosya trleri bulundu: FILESYSTEM_HIDDEN_DIR_WL:Gizli klasr bulundu: '$1': Beyaz listede. FILESYSTEM_HIDDEN_FILE_WL:Gizli dosya bulundu: '$1': Beyaz listede. FILESYSTEM_HIDDEN_CHECK:Gizli dosya ve klasrler kontrol ediliyor FILESYSTEM_HIDDEN_DIR_FOUND:Gizli klasr bulundu: '$1' FILESYSTEM_HIDDEN_FILE_FOUND:Gizli dosya bulundu: '$1' FILESYSTEM_LOGFILE_MISSING:Kayp kayt dosyalar kontrol ediliyor FILESYSTEM_LOGFILE_MISSING_FOUND:'$1' kayt dosyas eksik. FILESYSTEM_LOGFILE_EMPTY:Bo kayt dosyalar kontrol ediliyor FILESYSTEM_LOGFILE_EMPTY_FOUND:'$1' kayt dosyas bo. CHECK_APPS:Uygulama srmleri kontrol ediliyor... APPS_NONE_FOUND:Bilinen uygulamalar bulunamad - tm srm kontrolleri atland. APPS_DAT_MISSING:Gvensiz uygulama srmleri dosyas kayp yada bo: $1 APPS_DAT_MISSING:Varsaylan dosyay sfrlamak iin 'rkhunter --update' komutunu altrn. APPS_DAT_NOTAFILE:Gvensiz uygulama srmleri dosyas bir dosya deil: $1 APPS_NOT_FOUND:'$1' uygulamas bulunamad. APPS_CHECK:$1 srm kontrol ediliyor APPS_CHECK_WL:'$1' uygulamas bulundu: Beyaz listede. APPS_CHECK_VERSION_UNKNOWN:'$1' srm numaras alnamad. APPS_CHECK_VERSION_FOUND:'$1' uygulamas (srm: '$2') bulundu. APPS_CHECK_VERSION_WL:'$1' uygulamas (srm: '$2') bulundu: Bu srm beyaz listede. APPS_CHECK_WHOLE_VERSION_USED:'$1' srm numaras alnamad: Srm seenei '$2' veriyor APPS_CHECK_FOUND:'$1' uygulamas (srm: '$2'), gncel deil ve bu muhtemel bir gvenlik riski. APPS_TOTAL_COUNT:Uygulamalar kontrol edildi: $1, $2 dnda CHECK_NETWORK:A kontrol ediliyor... NETWORK_PORTS_START:An portlarnn kontrol altrlyor NETWORK_PORTS_BACKDOOR:Arkakap portlar kontrol ediliyor NETWORK_PORTS_BACKDOOR_LOG:Arkakap portlarnn kontrol altrlyor NETWORK_PORTS_FILE_MISSING:Arkakap portlar dosyas kayp yada bo: $1 NETWORK_PORTS_FILE_MISSING:Varsaylan dosyay sfrlamak iin 'rkhunter --update' komutunu altrn. NETWORK_PORTS_FILE_NOTAFILE:Bilinen arkakap portlar dosyas bir dosya deil: $1 NETWORK_PORTS_UNKNOWN_NETSTAT:Tm arkakap port kontrolleri atland. NETWORK_PORTS_UNKNOWN_NETSTAT:'netstat' komut biimi bu /S ile bilinmiyor. NETWORK_PORTS_ENABLE_TRUSTED:Port beyaz listesi iin gvenilir yollar etkinletiriliyor. NETWORK_PORTS_BACKDOOR_CHK:$2 nolu $1 portu kontrol ediliyor NETWORK_PORTS_PATH_WHITELIST:An $2 nolu $1 portu '$3' tarafndan kullanlyor: yol beyaz listede. NETWORK_PORTS_TRUSTED_WHITELIST:An $2 nolu $1 portu '$3' tarafndan kullanlyor: yol gvenilir. NETWORK_PORTS_PORT_WHITELIST:An $2 nolu $1 portu bulundu: port beyaz listede. NETWORK_PORTS_BKDOOR_FOUND:An $2 nolu $1 portu, [$3] tarafndan kullanlyor. Olas rootkit: $4 NETWORK_PORTS_BKDOOR_FOUND:Kontrol etmek iin 'lsof -i' ya da 'netstat -an' komutunu uygulayn. NETWORK_HIDDEN_PORTS:Gizli portlar kontrol ediliyor NETWORK_HIDDEN_PORTS_FOUND:Gizli portlar bulundu: NETWORK_HIDDEN_PORTS_CHK:$2 nolu $1 portu NETWORK_HIDDEN_PORTS_CHK_NAME:$2 nolu $1 portu $3 tarafndan kullanlyor NETWORK_HIDDEN_PORTS_PATH_WHITELIST:Gizli $2 nolu $1 portu $3 tarafndan kullanlyor: yol beyaz listede. NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:Gizli $2 nolu $1 portu '$3' tarafndan kullanlyor: yol gvenilir. NETWORK_HIDDEN_PORTS_PORT_WHITELIST:Gizli $2 nolu $1 portu bulundu: port beyaz listede. NETWORK_INTERFACE_START:A arayzlerinin kontrolleri altrlyor NETWORK_PROMISC_WLIST:A arayzleri kark modda kullanma izinli: $1 NETWORK_PROMISC_CHECK:Kark arayzler kontrol ediliyor NETWORK_PROMISC_NO_IFCONF_IP:Kark a arayz kontrol atland - 'ifconfig' yada 'ip' komutu bulunamyor. NETWORK_PROMISC_NO_CMD:'$1' komutu kullanlarak yaplan kark a arayz kontrol atland - '$1' komutu bulunamad. '$2' komutu kullanlyor. NETWORK_PROMISC_IF:Olas kark arayzler: NETWORK_PROMISC_IF_1:'ifconfig' komutu kts: NETWORK_PROMISC_IF_2:'ip' komutu kts: NETWORK_PACKET_CAP_CHECK:Paket yakalama uygulamalar kontrol ediliyor NETWORK_PACKET_CAP_CHECK_NO_FILE:Paket yakalama uygulama kontrol atland - '$1' dosyas kayp. NETWORK_PACKET_CAP_FOUND:'$1' ilemi (PID $2) a dinliyor. NETWORK_PACKET_CAP_WL:'$1' ilemi bulundu: Beyaz listede. SHARED_LIBS_START:'paylalan ktphaneler' kontrol altrlyor SHARED_LIBS_PRELOAD_VAR:nceden yklenmi deikenler kontrol ediliyor SHARED_LIBS_PRELOAD_VAR_FOUND:nceden yklenmi deiken(ler) bulundu: $1 SHARED_LIBS_PRELOAD_FILE:nceden yklenmi ktphaneler kontrol ediliyor SHARED_LIBS_PRELOAD_LIB_FOUND:nceden yklenmi paylalan ktphane bulundu: $1 SHARED_LIBS_PRELOAD_FILE_FOUND:nceden yklenmi dosya ktphanesi bulundu: $1 SHARED_LIBS_PRELOAD_LIB_WLIST:Fnceden yklenmi paylalan ktphane bulundu '$1': Beyaz listede. SHARED_LIBS_PATH:LD_LIBRARY_PATH deikeni kontrol ediliyor SHARED_LIBS_PATH_BAD:LD_LIBRARY_PATH evre deikeni ayarland ve bu durum ikili dosyalar etkileyebilir: $1 eklinde ayarland SUSPSCAN_CHECK:pheli ierikli dosyalar kontrol ediliyor SUSPSCAN_DIR_NOT_EXIST:'$1' dizini mevcut deil. SUSPSCAN_INSPECT:'$1' dosyas (skor: $2) biraz heli ierik ieriyor ve kontrol edilmeli. SUSPSCAN_START:pheli ierikli dosyalarn kontrol altrlyor SUSPSCAN_DIRS:Kontrol dizinleri: $1 SUSPSCAN_NO_DIRS:Belirlenen dizin yok: varsaylanlar kullanlyor ($1) SUSPSCAN_TEMP:Kullanlan geici dizin: $1 SUSPSCAN_NO_TEMP:Belirlenen geici dizin yok: varsaylan kullanlyor ($1) SUSPSCAN_SIZE:Kontrol iin maksimum dosya boyutu (byte olarak): $1 SUSPSCAN_NO_SIZE:Maksimum dosya boyutu belirlenmedi: varsaylan kullanlyor ($1) SUSPSCAN_THRESH:Skor eii $1 eklinde ayarland SUSPSCAN_NO_THRESH:Skor eii belirlenmedi: varsaylan kullanlyor ($1) SUSPSCAN_DIR_CHECK:Dizin kontrol ediliyor: '$1' SUSPSCAN_FILE_CHECK:Dosya kontrol edildi: Ad: '$1' Skor: $2 SUSPSCAN_FILE_CHECK_DEBUG:Dosya kontrol edildi: Ad: '$1' Skor: $2 Liste ba: $3 Hit: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:Dosya yok sayld: bo: '$1' SUSPSCAN_FILE_SKIPPED_LINK:Dosya yok sayld: sembolik balant: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:Dosya yok sayld: yanl tip: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:Dosya yok sayld: ok byk: '$1' SUSPSCAN_FILE_LINK_CHANGE:Sembolik balant bulundu: '$1' -> '$2' SUSPSCAN_DAT_MISSING:pheli ieriinin veri dosyas eksik veya bo: $1 SUSPSCAN_DAT_MISSING:Varsaylan dosyay onarmak iin 'rkhunter --update' komutunu altrn. SUSPSCAN_DAT_NOTAFILE:pheli ieriinin veri dosyas bir dosya deil: $1 LIST_TESTS:Test isimleri: LIST_GROUPED_TESTS:Testlerin gruplanm hali: LIST_LANGS:Geerli diller: LIST_PERL:Perl modl kurulum durumu: LIST_RTKTS:Kontrol edilen rootkitler: LOCK_USED:Kilitleme kullanmda: zaman am $1 saniye LOCK_UNUSED:Kilitleme kullanmda deil LOCK_WAIT:Kilit dosyas bekleniyor LOCK_FAIL:Kilit dosyas alnamad: rkhunter almad! rkhunter-1.4.2/files/i18n/de0000644000000000000000000012440012261627276014266 0ustar rootrootVersion:2014010301 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:Information MSG_TYPE_WARNING:Warnung # # This is the list of message results. # MSG_RESULT_OK:OK MSG_RESULT_SKIPPED:Übersprungen MSG_RESULT_WARNING:Warnung MSG_RESULT_FOUND:Gefunden MSG_RESULT_NOT_FOUND:Nicht gefunden MSG_RESULT_NONE_FOUND:Nichts gefunden MSG_RESULT_ALLOWED:Erlaubt MSG_RESULT_NOT_ALLOWED:Nicht erlaubt MSG_RESULT_UNSET:Nicht gesetzt MSG_RESULT_UPD:aktualisiert MSG_RESULT_NO_UPD:Keine Aktualisierung MSG_RESULT_UPD_FAILED:Aktualisierung fehlgeschlagen MSG_RESULT_VCHK_FAILED:Versions-Überprüfung fehlgeschlagen # # The messages. # VERSIONLINE:[ $1 Version $2 ] VERSIONLINE2:Running $1 in Version $2 auf $3 VERSIONLINE3:Running $1 in Version $2 RKH_STARTDATE:Start Datum ist $1 RKH_ENDDATE:Enddatum ist $1 OPSYS:Erkanntes Betriebssystem ist '$1' UNAME:Ausgabe des Befehls uname ist '$1' CONFIG_CHECK_START:Überprüfe Konfigurationsdatei und Kommandozeilen-Optionen... CONFIG_CMDLINE:Kommandozeile ist $1 CONFIG_DEBUGFILE:Debug-Datei ist $1 CONFIG_ENVSHELL:Umgebungsshell ist $1; rkhunter verwendet $2 CONFIG_CONFIGFILE:Verwende Konfigurationsdatei '$1' CONFIG_INSTALLDIR:Installationsverzeichnis ist '$1' CONFIG_LANGUAGE:Verwende die Sprache '$1' CONFIG_DBDIR:Verwende '$1' als Datenbank-Verzeichnis CONFIG_SCRIPTDIR:Verwende '$1' als Script-Verzeichnis CONFIG_BINDIR:Verwende '$1' als Kommando-Verzeichnis CONFIG_ROOTDIR:Verwende '$1' als Root-Verzeichnis CONFIG_ROOTDIR_DFLT:Verwende '/' standardmäßig als Root-Verzeichnis CONFIG_TMPDIR:Verwende '$1' als temporäres Verzeichnis CONFIG_NO_MAIL_ON_WARN:Keine E-Mail-Adresse für Benachrichtigungen konfiguriert CONFIG_MOW_DISABLED:Deaktiviere das Versenden von Benachrichtigungs-E-Mails aufgrund von Benutzer-Vorgaben CONFIG_MAIL_ON_WARN:Versenden von Benachrichtigungen von '$1' mittels dem Kommando '$2' CONFIG_SSH_ROOT:Rkhunter Option ALLOW_SSH_ROOT_USER wurde auf '$1' geändert. CONFIG_SSH_PROTV1:Rkhunter Option ALLOW_SSH_PROT_V1 wurde auf '$1' geändert. CONFIG_X_AUTO:X wird automatisch erkannt CONFIG_CLRSET2:Verwende zweites Farbset CONFIG_NO_SHOW_SUMMARY:Deaktiviere die Zusammenfassung der System-Überprüfung aufgrund von Benutzer-Vorgaben CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV gesetzt auf '$1' CONFIG_NO_VL:Deaktiviere erweiterte Ausgaben aufgrund von Benutzer-Vorgaben CONFIG_XINETD_PATH:Verwende $1 Konfigurations-Datei '$2' CONFIG_SOL10_INETD:Verwende Solaris 10 und spätere Inetd-Mechanismen CONFIG_STARTUP_PATHS:Verwende System-Pfade: $1 CONFIG_ROTATE_MIRRORS:Die Liste der Spiegel-Server wird rotiert CONFIG_NO_ROTATE_MIRRORS:Die Liste der Spiegel-Server wird nicht rotiert CONFIG_UPDATE_MIRRORS:Die Liste der Spiegel-Server wird upgedatet CONFIG_NO_UPDATE_MIRRORS:Die Liste der Spiegel-Server wird nicht upgedatet CONFIG_MIRRORS_MODE0:Sowohl lokale als auch entfernte Spiegel-Server werden verwendet CONFIG_MIRRORS_MODE1:Nur lokale Spiegel-Server werden verwendet CONFIG_MIRRORS_MODE2:Nur entfernte Spiegel-Server werden verwendet FOUND_CMD:Das Kommando '$1' wurde gefunden: $2 NOT_FOUND_CMD:Das Kommando '$1' konnte nicht gefunden werden CMD_ERROR:Das Kommando '$1' gab den Fehlercode '$2' zurück. SYS_PRELINK:System verwendet prelinking SYS_NO_PRELINK:System verwendet kein prelinking SYS_SELINUX:SELinux ist aktiviert SYS_NO_SELINUX:SELinux ist deaktiviert HASH_FUNC_PRELINK:Verwende prelink-Kommando (mit $1) für Datei-Hash Überprüfungen HASH_FUNC_PERL:Verwende das Perl-Modul $1 für Datei-Hash Überprüfungen HASH_FUNC:Verwende das Kommando '$1' für Datei-Hash Überprüfungen HASH_FUNC_NONE:Datei-Hash Überprüfungen deaktiviert: NONE konfiguriert HASH_FUNC_NONE_PKGMGR:Datei-Hash Überprüfungen mit NONE konfiguriert: es wird nur der Paketmanager verwendet HASH_FUNC_DISABLED:Hash-Funktion auf 'NONE' gesetzt: Datei-Hash Überprüfungen automatisch deaktiviert HASH_FUNC_OLD:Gespeicherte Hash-Werte erzeugt mit der Hash-Funktion '$1' HASH_FUNC_OLD_DISABLED:Vorangegangene Hash-Funktion wurde deaktiviert: keine Hash-Werte gespeichert HASH_PKGMGR_OLD:Gespeicherte Hash-Werte verwendeten den Paketmanager '$1' (md5-Funktion) HASH_PKGMGR_OLD_UNSET:Gespeicherte Hash-Werte verwendeten nicht den Paketmanager HASH_PKGMGR:Verwende den Paketmanager '$1' für die Überprüfung der Dateieigenschaften HASH_PKGMGR_MD5:Verwende MD5 Hash-Funktion mit dem Kommando '$1' zur Unterstützung der Paketmanager-Überprüfung HASH_PKGMGR_NOT_SPEC:Kein Paketmanager koniguriert: verwende die Hash-Funktion '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:Kein Paketmanager konfiguriert: verwende das prelink-Kommando mit '$1' HASH_FIELD_INDEX: Der Index der Hash-Funktion wurde auf $1 gesetzt HASHUPD_DISABLED:Hash-Überprüfung deaktiviert: Hash-Werte der aktuellen Dateien werden nicht gespeichert HASHUPD_PKGMGR:Verwende den Paketmanager '$1' zum Erneuern der Hash-Werte HASHUPD_PKGMGR_NOT_SPEC:Keine Hash-Update-Funktion für Dateien via Paketmanager konfiguriert: verwende die Hash-Funktion '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:Keine Hash-Update-Funktion für Dateien via Paketmanager konfiguriert: verwende prelink-Kommando mit '$1' ATTRUPD_DISABLED:Überprüfung der Datei-Attribute deaktiviert: aktuelle Datei-Attribute werden nicht gespeichert ATTRUPD_NOSTATCMD:Überprüfung der Datei-Attribute deaktiviert: kein 'stat'-Kommando gefunden: aktuelle Datei-Attribute werden nicht gespeichert ATTRUPD_OK:aktuelle Datei-Attribute werden gespeichert ATTRUPD_OLD_DISABLED:Vorherige Datei-Attribute waren deaktiviert: keine Speicherung der Attribute ATTRUPD_OLD_NOSTATCMD:Vorherige Datei-Attribute waren deaktiviert: kein 'stat'-Kommando gefunden: keine Speicherung der Attribute ATTRUPD_OLD_OK:Vorherige Datei-Attribute wurden gespeichert GRSECINSTALLED:Installation von grsecurity gefunden SYSLOG_ENABLED:Verwende syslog für das Logging - Prioritätsebene ist '$1'. SYSLOG_DISABLED:Deaktiviere die Benutzung von syslog aufgrund von Benutzer-Vorgaben SYSLOG_NO_LOGGER:Deaktiviere die Benutzung von syslog - das 'logger'-Kommando kann nicht gefunden werden. NAME:$1 PRESSENTER:[ um fortzufahren] TEST_SKIPPED_OS:Test '$1' übersprungen wegen des Betriebssystems: $2 SUMMARY_TITLE1:Zusammenfassung der Systemüberprüfung SUMMARY_TITLE2:===================================== SUMMARY_PROP_SCAN:Dateieigenschaften-Überprüfung... SUMMARY_PROP_REQCMDS:Überprüfung der erforderlichen Befehle fehlgeschlagen SUMMARY_PROP_COUNT:Dateien überprüft: $1 SUMMARY_PROP_FAILED:Verdächtige Dateien: $1 SUMMARY_CHKS_SKIPPED:Alle Überprüfungen übersprungen SUMMARY_RKT_SCAN:Rootkit-Überprüfungen... SUMMARY_RKT_COUNT:Rootkits überprüft : $1 SUMMARY_RKT_FAILED:Mögliche Rootkits: $1 SUMMARY_RKT_NAMES:Rootkit Namen : $1 SUMMARY_APPS_SCAN:Anwendungs-Überprüfungen... SUMMARY_APPS_COUNT:Anwendungen überprüft: $1 SUMMARY_APPS_FAILED:Verdächtige Anwendungen: $1 SUMMARY_SCAN_TIME:Dauer der System-Überprüfung: $1 SUMMARY_NO_SCAN_TIME:Dauer der System-Überprüfung: auslesen der Uhrzeit nicht möglich SUMMARY_LOGFILE:Alle Ergebnisse wurden in die Log-Datei geschrieben ($1) SUMMARY_NO_LOGFILE:Keine Log-Datei erstellt. CREATED_TEMP_FILE:Temporäre Datei '$1' erstellt MIRRORS_NO_FILE:Die Datei '$1' (Liste der Spiegel-Server) existiert nicht. MIRRORS_NO_MIRRORS:Die Datei '$1' enthält keine benötigten Spiegel-Server. MIRRORS_NO_VERSION:Die Datei '$1' (Liste der Spiegel-Server) enthält keine Versionsnummer - zurück gesetzt auf null. MIRRORS_ROTATED:Die Datei '$1' (Liste der Spiegel-Server) wurde rotiert. MIRRORS_SF_DEFAULT:Verwende den Sourceforge-Spiegel-Server: $1 DOWNLOAD_CMD:Ausführen des Download-Kommandos '$1' DOWNLOAD_FAIL:Download fehlgeschlagen - $1 Spiegel-Server übrig. VERSIONCHECK_START:Überprüfung der Version von rkhunter... VERSIONCHECK_FAIL_ALL:Download fehlgeschlagen: die neueste Versionsnummer des Programms kann nicht bestimmt werden. VERSIONCHECK_CURRENT:This version : $1 VERSIONCHECK_LATEST:Latest version: $1 VERSIONCHECK_LATEST_FAIL:Neueste Version: Download fehlgeschlagen VERSIONCHECK_UPDT_AVAIL:Update verfügbar VERSIONCHECK_CONV_FAIL:Vergleich der Versionsnummern nicht möglich: Programm: '$1' Neueste: '$2' UPDATE_START:Überprüfung der Daten-Dateien von rkhunter... UPDATE_CHECKING_FILE:Überprüfe Datei $1 UPDATE_FILE_NO_VERS:Datei '$1' enthält keine gültige Versionsnummer. Lade eine neue Kopie herunter. UPDATE_FILE_MISSING:Datei '$1' ist nicht vorhanden oder leer. Lade eine neue Kopie herunter. UPDATE_DOWNLOAD_FAIL:Download von '$1' fehlgeschlagen: die neueste Versionsnummer kann nicht bestimmt werden. UPDATE_I18N_NO_VERS:Keine Versionsnummern einer i18n-Sprachdatei gefunden. OSINFO_START:Überprüfung, ob sich das Betriebssystem seit der letzten Überprüfung geändert hat... OSINFO_END:Anscheinend hat sich nichts geändert OSINFO_HOST_CHANGE1:Der Hostname hat sich seit der letzten Überprüfung geändert: OSINFO_HOST_CHANGE2:ehemaliger Hostname: $1 neuer Hostname: $2 OSINFO_OSVER_CHANGE1:Das Betriebssystem hat sich seit der letzten Überprüfung geändert: OSINFO_OSVER_CHANGE2:ehemaliges Betriebssystem: $1 neues Betriebssystem: $2 OSINFO_PRELINK_CHANGE:Das System änderte sich zu ${1}using prelinking seit der letzten Überprüfung. OSINFO_ARCH_CHANGE1:Anscheinend hat sich der Prozessor-Typ geändert: OSINFO_ARCH_CHANGE2:ehemaliger Prozessor-Wert: $1 neuer Wert: $2 OSINFO_MSG1:Aufgrund der Änderung(en) kann die Dateieigenschaften-Überprüfung einige fehlerhafte Warnungsmeldungen erzeugen. OSINFO_MSG2:Eventuell müssen Sie rkhunter mit der Option '--propupd' erneut starten. SET_FILE_PROP_START:Auslesen der Datei-Eigenschaften... SET_FILE_PROP_DIR_FILE_COUNT:$1 Dateien in $2 gefunden SET_FILE_PROP_FILE_COUNT:Datei aktualisiert: gesucht wurden $2 Dateien, gefunden wurden $3 SET_FILE_PROP_FILE_COUNT_PROPOPT:Datei $1: gesucht nach $2 Dateien, gefunden wurden $3 von $4 SET_FILE_PROP_FILE_COUNT_NOHASH:Datei $1: gesucht nach $2 Dateien, gefunden wurden $3, keine Hash-Wert für $4 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT:Datei $1: gesucht nach $2 Dateien, gefunden wurden $3 von $4, keine Hash-Werte für $5 PROPUPD_START:Starte update der Dateieigenschaften... PROPUPD_OSINFO_START:Sammle Informationen zum Betriebsystem... PROPUPD_ARCH_FOUND:System-Architektur gefunden: $1 PROPUPD_REL_FILE:Release-Datei gefunden: $1 PROPUPD_NO_REL_FILE:Release-Datei konnte nicht gefunden werden: LS-Ausgabe zeigt: PROPUPD_OSNAME_FOUND:Name des Betriebssystems gefunden: $1 PROPUPD_ERROR:Fehler bei der Installation der neuen rkhunter.dat-Datei. Code $1 PROPUPD_NEW_DAT_FILE:Neue rkhunter.dat-Datei installiert in '$1' PROPUPD_WARN:WARNUNG! Es liegt in der Verantwortung des Benutzers, dafür zu sorgen, dass, wenn die '--propupd' Option PROPUPD_WARN:genutzt wird, alle Dateien auf dem System authentisch sind und aus einer verlässlichen Quelle PROPUPD_WARN:installiert wurden. Die rkhunter '--check' Option wird die Dateieigenschaften der derzeitigen Dateien PROPUPD_WARN:mit vorher gespeicherten Werten vergleichen und Unterschiede melden. Rkhunter kann nicht heraus PROPUPD_WARN:finden, was die Ursache für den Unterschied ist, dies liegt im Aufgabenbereich des Benutzers. ENABLED_TESTS:Aktivierte Tests: $1 DISABLED_TESTS:Deaktivierte Tests: $1 KSYMS_FOUND:ksym-Datei gefunden '$1' KSYMS_MISSING:Alle ksyms und kallsyms Überprüfungen werden übersprungen - keine der Dateien exisitert auf dem System. STARTING_TEST:Beginne mit dem Test '$1' USER_DISABLED_TEST:Test '$1' deaktiviert aufgrund von Benutzer-Vorgaben CHECK_START:Starte System-Überprüfungen... CHECK_WARNINGS_NOT_FOUND:Keine Warnungen während der System-Überprüfung gefunden. CHECK_WARNINGS_FOUND:Eine oder mehrere Warnungen während der System-Überprüfung gefunden. CHECK_WARNINGS_FOUND_RERUN:Bitte starten Sie rkhunter erneut, um sicherzustellen, dass die Log-Datei erstellt wird. CHECK_WARNINGS_FOUND_CHK_LOG:Bitte überprüfen Sie die Log-Datei ($1) CHECK_SYS_COMMANDS:Überprüfen der System-Kommandos... STRINGS_CHECK_START:Überprüfung des 'strings'-Kommando STRINGS_SCANNING_OK:Suche nach der Zeichenkette $1 STRINGS_SCANNING_BAD:Suche nach der Zeichenkette $1 STRINGS_SCANNING_BAD:Zeichenkette nicht gefunden im 'strings'-Kommando STRINGS_CHECK:Überprüfen des 'strings'-Kommando STRINGS_CHECK:Überprüfung übersprungen - kein 'strings'-Kommando gefunden. FILE_PROP_START:Überprüfung der Dateieigenschaften FILE_PROP_CMDS:Überprüfen der Abhängigkeiten FILE_PROP_IMMUT_OS:Überspringe alle immutable-bit Überprüfungen. Diese Überprüfung ist nur für Linux-Systeme verfügbar. FILE_PROP_SKIP_ATTR:'stat'-Kommando nicht gefunden - alle Überprüfungen der Dateieigenschaften werden übersprungen. FILE_PROP_SKIP_HASH:Alle Überprüfungen der Hash-Werte werden übersprungen weil: FILE_PROP_SKIP_HASH_FUNC:Die derzeitige Hash-Funktion ($1) oder der Paketmanager ($2) sind nicht kompatibel mit der Hash-Funktion ($3) oder dem Paketmananger ($4), die benutzt wurden um die Werte zu speichern. FILE_PROP_SKIP_HASH_PRELINK:'prelink'-Kommando wurde nicht gefunden. FILE_PROP_SKIP_HASH_SHA1:Dieses System benutzt prelinking, aber die das Kommando für die Hash-Funktion sieht nicht nach SHA1 oder MD5 aus. FILE_PROP_SKIP_HASH_LIBSAFE:Libsafe wurde gefunden, dies kann Fehler verursachen. Deaktivieren Sie, sofern möglich, libsafe und starten das prelink-Kommando erneut. Abschließend die Hash-Werte erneuern mittels 'rkhunter --propupd'. FILE_PROP_SKIP_IMMUT:'lsattr'-Kommando wurde nicht gefunden - alle immutable-bit Überprüfungen werden übersprungen. FILE_PROP_SKIP_SCRIPT:'file'-Kommando wurde nicht gefunden - Alle Skript-Ersetzungs-Überprüfungen werden übersprungen. FILE_PROP_OS_CHANGED:Die lokale Host-Konfiguration oder das Betriebssystem hat sich geändert. FILE_PROP_DAT_MISSING:Die Datei mit den gespeicherten Dateieigenschaften (rkhunter.dat) existiert nicht und muss erstellt werden. Um dies zu veranlassen führen Sie 'rkhunter --propupd' aus. FILE_PROP_DAT_EMPTY:Die Datei mit den gespeicherten Dateieigenschaften (rkhunter.dat) ist leer und muss erstellt werden. Um dies zu veranlassen führen Sie 'rkhunter --propupd' aus. FILE_PROP_SKIP_ALL:Alle Überprüfungen der Dateieigenschaften werden von nun an übersprungen. FILE_PROP_FILE_NOT_EXIST:Die Datei '$1' existiert nicht auf dem System, ist jedoch in der Datei rkhunter.dat erfasst. FILE_PROP_WL:Datei '$1' gefunden: diese ist mittels Whitelist freigegeben für '$2' Überprüfung. FILE_PROP_WL_DIR:Verzeichnis '$1' gefunden: dieses ist mittels Whitelist freigegeben für '$2' Überprüfung. FILE_PROP_NO_RKH_REC:Die Datei '$1' existiert auf dem System, aber nicht in der rkhunter.dat Datei. FILE_PROP_CHANGED:Dateieigenschaften haben sich geändert: FILE_PROP_CHANGED2:Datei: $1 FILE_PROP_NO_PKGMGR_FILE:Datei '$1' Hash-Wert übersprungen: Datei gehört nicht zum Paket FILE_PROP_NO_SYSHASH:Kein Hash-Wert für Datei '$1' gefunden FILE_PROP_NO_SYSHASH_CMD:Hash-Kommando Ausgabe: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:Versuche das 'prelink'-Kommando auszuführen um Abhängigkeits-Fehler zu aufzulösen. FILE_PROP_SYSHASH_UNAVAIL:Aktueller Hash-Wert: nicht verfügbar FILE_PROP_SYSHASH:Aktueller Hash-Wert: $1 FILE_PROP_RKHHASH:Gespeicherter Hash-Wert: $1 FILE_PROP_NO_RKHHASH:Kein Hash-Wert gefunden für die Datei '$1' in der rkhunter.dat Datei. FILE_PROP_NO_RKHPERM:Keinen Wert für die Dateiberechtigungen der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_PERM_UNAVAIL:Aktuelle Dateiberechtigungen: nicht verfügbar Gespeicherte Berechtigungen: $1 FILE_PROP_PERM:Aktuelle Dateiberechtigungen: $1 Gespeicherte Berechtigungen: $2 FILE_PROP_UID_UNAVAIL:Aktuelle UID: nicht verfügbar Gespeicherte UID: $1 FILE_PROP_UID:Aktuelle UID: $1 Gespeicherte UID: $2 FILE_PROP_NO_RKHUID:Kein Wert für die Benutzer-ID (UID) der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_GID_UNAVAIL:Aktuelle GID: nicht verfügbar Gespeicherte GID: $1 FILE_PROP_GID:Aktuelle GID: $1 Gespeicherte GID: $2 FILE_PROP_NO_RKHGID:Kein Wert für die Gruppen-ID (GID) der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_INODE_UNAVAIL:Aktueller Knoten (inode): nicht verfügbar Gespeicherter Knoten (inode): $1 FILE_PROP_INODE:Aktueller Knoten (inode): $1 Gespeicherter Knoten (inode): $2 FILE_PROP_NO_RKHINODE:Kein Wert für den Knoten (inode) der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_SIZE_UNAVAIL:Aktuelle Dateigröße: nicht verfügbar Gespeicherte Dateigröße: $1 FILE_PROP_SIZE:Aktuelle Dateigröße: $1 Gespeicherte Dateigröße: $2 FILE_PROP_NO_RKHSIZE:Keinen Wert für die Größe der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_SYSDTM_UNAVAIL:Aktuelle Zeit der letzten Dateiänderung: nicht verfügbar FILE_PROP_SYSDTM:Aktuelle Zeit der letzten Dateiänderung: $1 FILE_PROP_RKHDTM:Gespeicherte Zeit der letzten Dateiänderung : $1 FILE_PROP_NO_RKHDTM:Keinen Wert für die Zeit der letzten Dateiänderung in der Datei rkhunter.dat gefunden. FILE_PROP_NO_SYSATTR:Aktuelle Dateieigenschaften der Datei '$1' konnten nicht ausgelesen werden FILE_PROP_WRITE:Schreibberechtigung der Datei '$1' gilt für alle Benutzer. FILE_PROP_SYSPERM_UNAVAIL:Aktuelle Schreibberechtigung der Datei '$1' konnte nicht ausgelesen werden FILE_PROP_IMMUT:Die Datei '$1' hat das immutable-bit gesetzt. FILE_PROP_SCRIPT:Das Kommando '$1' wurde durch ein Skript ersetzt: $2 FILE_PROP_SCRIPT_RKH:Das Kommando '$1' wurde ersetzt und ist kein Skript: $2 FILE_PROP_VRFY:Prüfung mittels Paketmanager fehlgeschlagen: FILE_PROP_VRFY_HASH:Der Hash-Wert der Datei hat sich geändert FILE_PROP_VRFY_PERM:Die Dateiberechtigungen haben sich geändert FILE_PROP_VRFY_UID:Der Besitzer der Datei hat sich geändert FILE_PROP_VRFY_GID:Die Gruppe der Datei hat sich verändert FILE_PROP_VRFY_DTM:Zeit des letzten Zugriffs hat sich geändert FILE_PROP_VRFY_SIZE:Dateigröße hat sich geändert CHECK_ROOTKITS:Überprüfe auf Rootkits... ROOTKIT_FILES_DIRS_START:Führe die Überprüfung auf bekannte Rootkit-Dateien und -Verzeichnisse aus ROOTKIT_FILES_DIRS_NAME_LOG:Überprüfe auf ${1}... ROOTKIT_FILES_DIRS_FILE:Überprüfe auf Datei '$1' ROOTKIT_FILES_DIRS_DIR:Überprüfe auf Verzeichnis '$1' ROOTKIT_FILES_DIRS_KSYM:Überprüfe auf Kernel-Symbol '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:Datei'$1' gefunden ROOTKIT_FILES_DIRS_DIR_FOUND:Verzeichnis '$1' gefunden ROOTKIT_FILES_DIRS_KSYM_FOUND:Kernel-Symbol '$1' gefunden ROOTKIT_FILES_DIRS_STR:Überprüfe auf Zeichenkette '$1' ROOTKIT_FILES_DIRS_STR_FOUND:Zeichenkette '$1' in Datei '$2' gefunden ROOTKIT_FILES_DIRS_NOFILE:Die Datei '$1' existiert nicht! ROOTKIT_FILES_DIRS_SINAR_DIR:Überprüfe in '$1' ROOTKIT_FILES_DIRS_SINAR:SInAR gefunden in: $1 ROOTKIT_LINK_COUNT:Überprüfung des "hard link"-Zählers von '$1' ROOTKIT_LINK_COUNT_FAIL:"Hard link"-Zähler von '$1' Kommando: $2 ROOTKIT_LINK_COUNT_CMDERR:Fehler von '$1' Kommando während der Überprüfung '$2' ROOTKIT_PHALANX2_LINK_COUNT_FAIL:"Hard link"-Überprüfung von '$1' fehlgeschlagen ROOTKIT_ADD_START:Führe zusätzliche Rootkit-Tests aus ROOTKIT_ADD_SUCKIT: erweiterte "Suckit Rookit"-Tests ROOTKIT_ADD_SUCKIT_LOG:Führe erweiterte "Suckit Rookit"-Tests ROOTKIT_ADD_SUCKIT_LINK_NOCMD:Überprüfe '/sbin/init' link-Anzahl: kein 'stat'-Kommando gefunden ROOTKIT_ADD_SUCKIT_LINK_FOUND:Überprüfe '/sbin/init' link-Anzahl: Anzahl ist $1, sollte aber 1 sein ROOTKIT_ADD_SUCKIT_EXT:Überprüfung auf versteckte Datei-Erweiterung ROOTKIT_ADD_SUCKIT_EXT_FOUND:Überprüfe auf versteckte Datei-Erweiterungen: $1 gefunden ROOTKIT_ADD_SUCKIT_SKDET:Führe skdet-Kommando aus ROOTKIT_ADD_SUCKIT_SKDET_FOUND:Führe skdet-Kommando aus: $1 gefunden ROOTKIT_ADD_SUCKIT_SKDET_VER:Führe skdet-Kommando aus: unbekannte Version: $1 ROOTKIT_POSS_FILES_DIRS:Überprüfe auf mögliche Rootkit-Dateien und -Verzeichnisse ROOTKIT_POSS_FILES_DIRS_LOG:Führe Überprüfung auf mögliche Rootkit-Dateien und -Verzeichnisse aus ROOTKIT_POSS_FILES_FILE_FOUND:Datei '$1' gefunden. Mögliches Rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:Verzeichnis '$1' gefunden. Mögliches Rootkit: $2 ROOTKIT_POSS_STRINGS:Überprüfe auf mögliche Rootkit-Zeichenketten ROOTKIT_POSS_STRINGS_LOG:Führe Überprüfung auf mögliche Rootkit-Zeichenketten aus ROOTKIT_POSS_STRINGS_FOUND:Zeichenkette '$1' gefunden in Datei '$2'. Mögliches Rootkit: $3 ROOTKIT_MALWARE_START:Führe Überprüfung auf Malware aus ROOTKIT_MALWARE_SUSP_FILES:Überprüfe laufende Prozesse auf verdächtige Dateien ROOTKIT_MALWARE_SUSP_FILES_FOUND:Eine oder mehrere Datei(en) wurden gefunden: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND:Überprüfen Sie die Ausgabe des lsof-Kommandos 'lsof -F n -w -n' ROOTKIT_MALWARE_HIDDEN_PROCS:Überprüfe auf versteckte Prozesse ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:Versteckte Prozesse gefunden: $1 ROOTKIT_MALWARE_DELETED_FILES:Überprüfe laufende Prozesse auf gelöschte Dateien ROOTKIT_MALWARE_DELETED_FILES_FOUND:Die folgenden Prozesse nutzen gelöschte Dateien: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:Prozess: $1 PID: $2 Datei: $3 ROOTKIT_MALWARE_DELETED_FILES_WL:Prozess '$1' benutzt Datei '$2': erlaubt mittels Whitelist. ROOTKIT_MALWARE_LOGIN_BDOOR:Überprüfung auf Backdoors, die der Anmeldung dienen ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:Führe Überprüfungen auf Backdoors für die Anmeldung aus ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:Überprüfe auf '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:Backdoor-Datei für Anmeldung gefunden: $1 ROOTKIT_MALWARE_SUSP_DIR:Überprüfung auf verdächtige Verzeichnisse ROOTKIT_MALWARE_SUSP_DIR_LOG:Führe Überprüfung auf verdächtige Verzeichnisse aus ROOTKIT_MALWARE_SUSP_DIR_FOUND:Verdächtiges Verzeichnis gefunden: $1 ROOTKIT_MALWARE_SFW_INTRUSION:Überprüfung auf Eingriff in Software ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:Die Datei '$1' enthält die Zeichenkette '$2'. Mögliches Rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Überprüfung übersprungen - tripwire ist nicht installiert ROOTKIT_MALWARE_SNIFFER:Überprüfung auf Log-Files von Sniffern ROOTKIT_MALWARE_SNIFFER_LOG:Führe Überprüfung auf Log-Files von Sniffern aus ROOTKIT_MALWARE_SNIFFER_FOUND:Mögliche Sniffer-Log-Datei gefunden: $1 ROOTKIT_TROJAN_START:Führe Überprüfung auf Trojaner aus ROOTKIT_TROJAN_INETD:Überprüfe auf aktivierte Inetd-Dienste ROOTKIT_TROJAN_INETD_SKIP:Überprüfung übersprungen - Datei '$1' existiert nicht. ROOTKIT_TROJAN_INETD_FOUND:Aktivierten Inetd-Dienst gefunden: $1 ROOTKIT_TROJAN_XINETD:Überprüfe auf aktivierte Xinetd-Dienste ROOTKIT_TROJAN_XINETD_LOG:Überprüfe auf aktivierte Xinetd-Dienste ROOTKIT_TROJAN_XINETD_ENABLED:Überprüfe '$1' auf aktivierte Dienste ROOTKIT_TROJAN_XINETD_INCLUDE:'include $1'-Anweisung gefunden ROOTKIT_TROJAN_XINETD_INCLUDEDIR:'includedir $1'-Anweisung gefunden ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:Aktivierten Xinetd-Dienst gefunden: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:Dienst '$1' gefunden: erlaubt in $2 mittels Whitelist. ROOTKIT_TROJAN_APACHE:Überprüfe auf Apache-Backdoor ROOTKIT_TROJAN_APACHE_SKIPPED:Überprüfung auf Apache-Backdoor übersprungen: Apache-Module und Konfigurations-Verzeichnis nicht gefunden. ROOTKIT_TROJAN_APACHE_FOUND:Apache-Backdoor Modul 'mod_rootme' gefunden: $1 ROOTKIT_OS_START:Führe $1 Überprüfungen aus ROOTKIT_OS_SKIPPED:Keine speziellen Test verfügbar ROOTKIT_OS_BSD_SOCKNET:Überprüfe sockstat und netstat Kommandos ROOTKIT_OS_BSD_SOCKNET_FOUND:Unterschiede zwischen sockstat und netstat Ausgaben: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 Ausgabe: $2 ROOTKIT_OS_FREEBSD_KLD:Überprüfe auf KLD-Backdoors ROOTKIT_OS_FREEBSD_KLD_FOUND:Mögliche FreeBSD KLD-Backdoor gefunden. 'kldstat -v' Kommando zeigt Zeichenkette '$1' ROOTKIT_OS_FREEBSD_PKGDB:Überprüfe Paketdatenbank ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Die Paketdatenbank enthält möglicherweise widersprüchliche Daten. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Dies könnte kein Sicherheitsproblem sein, aber das Ausführen von 'pkgdb -F' könnte bei der Diagnose helfen. ROOTKIT_OS_LINUX_LKM:Überprüfe geladene Kernel-Module ROOTKIT_OS_LINUX_LKM_FOUND:Unterschiede zwischen dem lsmod-Kommando und der Datei /proc/modules: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 Ausgabe: $2 ROOTKIT_OS_LINUX_LKM_EMPTY:Keine Ausgabe des lsmod-Kommandos oder aus der Datei /proc/modules erhalten: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:Die Modul-Datei '$1' fehlt. ROOTKIT_OS_LINUX_LKMNAMES:Überprüfe Namen der Kernel-Module ROOTKIT_OS_LINUX_LKMNAMES_PATH:Verwende Modul-Pfadname von '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:Als schädlich bekanntes Kernel-Modul gefunden in '$1': $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:Das Kernel-Modul-Verzeichnis '$1' fehlt oder ist leer. CHECK_LOCALHOST:Überprüfe lokalen Host... STARTUP_FILES_START:Führe Überprüfung des System-Boot aus STARTUP_HOSTNAME:Überprüfe auf lokalen Hostnamen STARTUP_NO_HOSTNAME:Kein Hostname gefunden. STARTUP_CHECK_FILES_EXIST:Überprüfung der System-Start-Dateien STARTUP_NONE_GIVEN:Benutzer-Vorgabe 'NONE' für System-Start Pfadnamen STARTUP_CHECK_FILES_MALWARE:Überprüfe System-Start-Dateien auf Malware STARTUP_CHECK_NO_RC_FILES:Keine System-Start-Dateien gefunden. ACCOUNTS_START:Führe Überprüfungen auf Gruppen und Konten aus ACCOUNTS_PWD_FILE_CHECK:Überprüfe auf passwd-Datei ACCOUNTS_FOUND_PWD_FILE:password-Datei gefunden: $1 ACCOUNTS_NO_PWD_FILE:Passwort-Datei $1 existiert nicht. ACCOUNTS_UID0:Überprüfung auf root-ähnliche (UID 0) Konten ACCOUNTS_UID0_WL:root-ähnliches Konto '$1' gefunden: erlaubt mittels Whitelist. ACCOUNTS_UID0_FOUND:Konto '$1' ist root-ähnlich (UID = 0) ACCOUNTS_SHADOW_FILE:Shadow-Datei gefunden: $1 ACCOUNTS_SHADOW_TCB:TCB-Shadow-Datei Verzeichnis: $1 ACCOUNTS_PWDLESS:Überprüfung auf Konten ohne Passwort ACCOUNTS_PWDLESS_WL:Konto '$1' ohne Passwort gefunden: erlaubt mittels Whitelist. ACCOUNTS_PWDLESS_FOUND:Konto ohne Passwort gefunden: $1 ACCOUNTS_NO_SHADOW_FILE:Keine shadow/passwd-Datei gefunden. PASSWD_CHANGES:Checking for passwd file changes PASSWD_CHANGES_NO_TMP:Überprüfung auf Unterschiede in der passwd-Datei nicht möglich: es existiert keine Kopie der Datei. PASSWD_CHANGES_ADDED:Konten wurden der passwd-Datei hinzugefügt: PASSWD_CHANGES_REMOVED:Konten wurden aus der passwd-Datei entfernt: GROUP_CHANGES:Überprüfung auf Änderungen der Gruppen-Datei GROUP_CHANGES_NO_FILE:Gruppen-Datei $1 existiert nicht. GROUP_CHANGES_NO_TMP:Überprüfung auf Unterschiede in der group-Datei nicht möglich: es existiert keine Kopie der Datei. GROUP_CHANGES_ADDED:Gruppen wurden der group-Datei hinzugefügt: GROUP_CHANGES_REMOVED:Gruppen wurden aus der group-Datei entfernt: HISTORY_CHECK:Überprüfung der Historie der Shell des Root-Kontos HISTORY_CHECK_FOUND:Historie der Shell des Root-Kontos $1 ist ein symbolischer Link: $2 SYSTEM_CONFIGS_START:Führe Überprüfung der System-Konfigurations-Dateien aus SYSTEM_CONFIGS_FILE:Überprüfung auf Konfigurations-Datei von $1 SYSTEM_CONFIGS_FILE_FOUND:$1 Konfigurations-Datei gefunden: $2 SYSTEM_CONFIGS_SSH_ROOT:Überprüfung ob Zugang des Root-Kontos mittels SSH erlaubt ist SYSTEM_CONFIGS_SSH_ROOT_FOUND:Die SSH- und rkhunter-Konfigurationvariablen sollten übereinstimmen: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH-Konfigurationvariable 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter-Konfigurationvariable 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:Die SSH-Konfigurationsvariable 'PermitRootLogin' has not been set. SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:Der Standard-Wert kann 'yes' enthalten, um Root-Zugang zu erlauben. SYSTEM_CONFIGS_SSH_PROTO:Überprüfung, ob das SSH-Protokoll Version 1 erlaubt ist SYSTEM_CONFIGS_SSH_PROTO_FOUND:SSH-Protokoll Version 1 ist aktiviert in der SSH-Konfiguration ($1). SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:Die SSH-Konfigurationsvariable 'Protocol' wurde nicht gesetzt. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:Der Standard-Wert kann '2,1' enthalten, um die Benutzung des Protokolls in Version 1 zu nutzen. SYSTEM_CONFIGS_SYSLOG:Überprüfung, ob der syslog-Daemon asugeführt wird SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:Der syslog-Daemon wird nicht ausgeführt nicht. SYSTEM_CONFIGS_SYSLOG_METALOG_RUNNING:Der syslog-Daemon wird nicht ausgeführt, aber ein Metalog-Daemon wurde gefunden. SYSTEM_CONFIGS_SYSLOG_SOCKLOG_RUNNING:Der syslog-Daemon wird nicht ausgeführt, aer ein socklog-Daemon wurde gefunden. SYSTEM_CONFIGS_SYSLOG_NO_FILE:Der syslog-Daemon wird ausgeführt, aber es kann keine Konfigurations-Datei gefunden werden. SYSTEM_CONFIGS_SYSLOG_REMOTE:Überprüfung, ob entferntes Logging via syslog erlaubt ist SYSTEM_CONFIGS_SYSLOG_REMOTE_FOUND:Syslog-Konfiguration erlaubt entferntes Logging: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter-Konfigurationsvariable 'ALLOW_SYSLOG_REMOTE_LOGGING' ist aktiviert. FILESYSTEM_START:Führe Dateisystem-Tests aus FILESYSTEM_DEV_CHECK:Überprüfe /dev auf verdächtige Dateien FILESYSTEM_DEV_CHECK_NO_DEV:/dev existiert nicht. FILESYSTEM_DEV_FILE_WL:Datei '$1' gefunden: erlaubt mittels Whitelist. FILESYSTEM_DEV_FILE_FOUND:Verdächtige Dateitypen in ${1} gefunden: FILESYSTEM_HIDDEN_DIR_WL:Verstecktes Verzeichnis '$1' gefunden: erlaubt mittels Whitelist. FILESYSTEM_HIDDEN_FILE_WL:Versteckte Datei '$1' gefunden: erlaubt mittels Whitelist. FILESYSTEM_HIDDEN_CHECK:Überprüfe auf versteckte Dateien und Verzeichnisse FILESYSTEM_HIDDEN_DIR_FOUND:Verstecktes Verzeichnis gefunden: $1 FILESYSTEM_HIDDEN_FILE_FOUND:Versteckte Datei gefunden: $1 CHECK_APPS:Überprüfe Versionsnummern der Anwendungen... APPS_NONE_FOUND:Keine bekannten Anwendungen gefunden - alle Tests übersprungen. APPS_DAT_MISSING:Alle Anwendungs-Tests übersprungen. APPS_DAT_MISSING:Die Datei mit der Liste der unsicheren Anwendungsversionen (programs_bad.dat) fehlt oder ist leer. APPS_DAT_MISSING:Wenn diese Datei gelöscht wurde müssen Sie 'rkhunter --update' ausführen. APPS_NOT_FOUND:Anwendung '$1' nicht gefunden. APPS_CHECK:Überprüfe Version von $1 APPS_CHECK_WL:Anwendung '$1' gefunden: erlaubt mittels Whitelist. APPS_CHECK_VERSION_UNKNOWN:Versionsnummer kann nicht ausgelesen werden für '$1'. APPS_CHECK_VERSION_FOUND:Anwendung '$1' in Version '$2' gefunden. APPS_CHECK_VERSION_WL:Anwendung '$1' in Version '$2' gefunden: diese Version ist erlaubt mittels Whitelist. APPS_CHECK_WHOLE_VERSION_USED:Versionsnummer kann nicht ausgelesen werden für '$1': Versions-Option gibt folgendes zurück: $2 APPS_CHECK_FOUND:Anwendung '$1', Version '$2', ist veraltet und ein mögliches Sicherheitsrisiko. APPS_TOTAL_COUNT:Anwendungen überprüft: $1 von $2 CHECK_NETWORK:Überprüfe das Netzwerk... NETWORK_PORTS_START:Führe Überprüfungen auf Backdoor-Ports aus NETWORK_PORTS_FILE_MISSING:Alle Backdoor-Port-Test übersprungen. NETWORK_PORTS_FILE_MISSING:Die Datei mit den bekannten Backdoor-Ports (backdoorports.dat) fehlt oder ist leer. NETWORK_PORTS_FILE_MISSING:Wenn diese Datei gelöscht wurde müssen Sie 'rkhunter --update' ausführen. NETWORK_PORTS_UNKNOWN_NETSTAT:Alle Überprüfungen auf Backdoor-Ports übersprungen. NETWORK_PORTS_UNKNOWN_NETSTAT:Unbekannte netstat-Kommando Formatierung in diesem Betriebssystem. NETWORK_PORTS_DISABLE_PATHS:Deaktiviere Pfadnamen und '*' in Port-Whitelist-Einstellungen: kein 'lsof'-Kommando verfügbar NETWORK_PORTS_ENABLE_TRUSTED:Vertrauenswürdige Pfadnamen sind aktiviert für Port-Whitelisting. NETWORK_PORTS:Überprüfe auf $1 Port $2 NETWORK_PORTS_PATH_WHITELIST:Netzwerk $1 Port $2 wird verwendet von $3: der Pfadname ist erlaubt mittels Whitelist. NETWORK_PORTS_TRUSTED_WHITELIST:Netzwerk $1 Port $2 wird verwendet von $3: der Pfadname ist vertrauenswürdig. NETWORK_PORTS_PORT_WHITELIST:Netzwerk $1 Port $2 wird verwendet: der Port ist erlaubt mittels Whitelist. NETWORK_PORTS_FOUND:Netzwerk $1 Port $2 wird verwendet ${3}. Mögliches Rootkit: $4 NETWORK_PORTS_FOUND:Verwenden Sie das 'lsof -i' oder 'netstat -an'-Kommando um dies zu überprüfen. NETWORK_INTERFACE_START:Führe Überprüfungen der Netzwerk-Schnittstellen durch NETWORK_PROMISC_CHECK:Überprüfe auf Netzwerk-Schnittstellen im promiscuous-Modus NETWORK_PROMISC_NO_IFCONFIG:Überprüfung auf Netzwerk-Schnittstellen im promiscuous-Modus übersprungen - 'ifconfig'-Kommando wurde nicht gefunden. NETWORK_PROMISC_NO_IP:Überprüfung der Netzwerk-Schnittstelle im promiscuous-Modus mit dem 'ip'-Kommando übersprungen - 'ip'-Kommando wurde nicht gefunden. NETWORK_PROMISC_IF:Mögliche Netzwerk-Schnittstellen im promiscuous-Modus: NETWORK_PROMISC_IF_1:'ifconfig'-Kommando Ausgabe: $1 NETWORK_PROMISC_IF_2:'ip'-Kommando Ausgabe: $1 NETWORK_PACKET_CAP_CHECK:Überprüfe auf Anwendungen, die Pakete abfangen NETWORK_PACKET_CAP_CHECK_NO_FILE:Überprüfung auf Anwendungen, die Pakete abfangen, übersprungen - die Datei '$1' fehlt. NETWORK_PACKET_CAP_FOUND:Prozess '$1' (PID $2) ist in offen in das Netzwerk. NETWORK_PACKET_CAP_WL:Prozess '$1' gefunden: erlaubt mittels Whitelist. SHARED_LIBS_START:Führe 'shared libraries' Überprüfung aus SHARED_LIBS_PRELOAD_VAR:Überprüfe auf 'preloading' Variablen SHARED_LIBS_PRELOAD_VAR_FOUND:Bibliothek gefunden die Variablen vorlädt: $1 SHARED_LIBS_PRELOAD_FILE:Überprüfe Dateien, die vorgeladen werden SHARED_LIBS_PRELOAD_FILE_FOUND:Bibliothek gefunden die Datei(en) vorlädt: $1 SHARED_LIBS_PATH:Überprüfe LD_LIBRARY_PATH Variable SHARED_LIBS_PATH_BAD:Die LD_LIBRARY_PATH Umgebungs-Variable ist gesetzt und beinflusst ausführbare Dateien: gesetzt auf: $1 SUSPSCAN_CHECK:Überprüfe auf Dateien mit verdächtigem Inhalt SUSPSCAN_DIR_NOT_EXIST:Das Verzeichnis '$1' existiert nicht. SUSPSCAN_INSPECT:Datei '$1' (Wertung: $2) enthält einigen verdächtigen Inhalt und sollte überprüft werden. SUSPSCAN_START:Führe Überprüfung auf Dateien mit verdächtigem Inhalt aus SUSPSCAN_DIRS:Zu überprüfende Verzeichnisse: $1 SUSPSCAN_NO_DIRS:Keine Verzeichnisse angegeben: verwende Standard-Einstellungen ($1) SUSPSCAN_TEMP:Verwende temporäres Verzeichnis: $1 SUSPSCAN_NO_TEMP:Kein temporäres Verzeichnis angegeben: verwende Standard-Einstellungen ($1) SUSPSCAN_TEMP_NOT_EXIST:Das zu nutzende temporäre Verzeichnis existiert nicht: $1 SUSPSCAN_TEMP_NO_WRITE:In das zu nutzende temporäre Verzeichnis kann nicht geschrieben werden: $1 SUSPSCAN_SIZE:Maximale Größe für Dateien, die zu überprüfen sind (in Bytes): '$1' SUSPSCAN_NO_SIZE:Keine maximale Größe für zu untersuchende Dateien angegeben: verwende Standard-Einstellungen ($1) SUSPSCAN_SIZE_INVALID:Die konfigurierte maximale Größe für Dateien ist fehlerhaft: $1 SUSPSCAN_THRESH:Grenzwert für Bewertung ist gesetzt auf: $1 SUSPSCAN_NO_THRESH:Kein Grenzwert für Bewertungen konfiguriert: verwende Standard-Einstellungen ($1) SUSPSCAN_THRESH_INVALID:Der konfigurierte Grenzwert für Bewertungen ist fehlerhaft: $1 SUSPSCAN_DIR_CHECK:Überprüfe Verzeichnis: '$1' SUSPSCAN_DIR_CHECK_NO_FILES:Keine passenden Dateien für die Überprüfung gefunden. SUSPSCAN_FILE_CHECK:Datei überprüft: Name: '$1' Bewertung: $2 SUSPSCAN_FILE_CHECK_DEBUG:Datei überprüft: Name: '$1' Bewertung: $2 Treffersumme: $3 Treffer: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:Datei ignoriert: leer: '$1' SUSPSCAN_FILE_SKIPPED_LINK:Datei ignoriert: symbolischer Link: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:Datei ignoriert: falscher Typ: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:Datei ignoriert: zu groß: '$1' SUSPSCAN_FILE_LINK_CHANGE:Symbolischer Link wurde nicht gefunden: '$1' -> '$2' LIST_TESTS:Verfügbare Überprüfungen lauten: LIST_GROUPED_TESTS:Gruppierte Überprüfungen lauten: LIST_LANGS:Verfügbare Sprachen: LIST_RTKTS:Rootkits überprüft für: APPS_DAT_NOTAFILE:Die Datei der unsicheren Anwendungsversionen ist keine Datei: $1 CONFIG_LOCALCONFIGFILE:Verwende lokale Konfigurationsdatei '$1' FILE_PROP_BROKEN_LINK_WL_TGT:Gebrochene Verknüpfung gefunden, aber die Existenz des Ziels ist mittels Whitelist freigegeben: '$1' FILE_PROP_DAT_MISSING_INFO:Die Dateieigenschaften-Prüfung wird ausgeführt da Prüfungen auch ohne die rkhunter.dat Datei ausgeführt werden können. FILE_PROP_EPOCH_DATE_CMD:Benutze '$1' um Epochen-Zeitstempel umzurechnen. FILE_PROP_IGNORE_PRELINK_DEP_ERR:Ignoriere Prelink-Abhängigkeit für Datei '$1' FILE_PROP_IMMUT_NOT_SET:Datei '$1' hat das immutable-bit nicht gesetzt. FILE_PROP_IMMUT_SET:Die immutable-bit Prüfung wird invertiert. FILE_PROP_NO_OS_WARNING:Warnungen über Betriebssystem-Änderungen wurden deaktiviert nach Anwenderwunsch. FILE_PROP_NO_SYSHASH_BL:Die Datei ist eine gebrochene Verknüpfung: $1 FILE_PROP_SKIP_FILE_CMD:Keine Ausgabe vom 'file' Kommando - alle Skript-Ersetzungs-Überprüfungen werden übersprungen. FILE_PROP_SKIP_IMMUT_CMD:Keine Ausgabe vom '$1' Kommando - alle immutable-bit Überprüfungen werden übersprungen. FILE_PROP_SYSHASH_UNAVAIL_BL:derzeitiger Hash-Wert: nicht verfügbar (mögliche gebrochene Verknüpfung) FILE_PROP_WL_STR:Datei '$1' und Zeichenkette '$2' gefunden: sie sind mittels Whitelist freigegeben für '$3' Überprüfung. GROUP_CHANGES_FOUND:Änderungen gefunden in ger group-Datei für Gruppe '$1': GROUP_CHANGES_GID:Die Gruppen-Nummer wurde geändert von '$1' nach '$2' GROUP_CHANGES_GRPADD:Benutzer '$1' wurde der Gruppe hinzugefügt GROUP_CHANGES_GRPREM:Benutzer '$1' wurde aus der Gruppe entfernt GROUP_CHANGES_IDADD:Gruppe '$1' wurde der group-Datei hinzugefügt. GROUP_CHANGES_IDREM:Gruppe '$1' wurde aus der group-Datei entfernt. GROUP_CHANGES_PWD:Der Gruppen-Name wurde geändert von '$1' nach '$2' HASH_FUNC_PERL_SHA:Benutze das perl-Modul $1 (mit $2) für die Datei-Hash Prüfungen HASH_PKGMGR_SUM:Benutze die gespeicherten 16-bit Prüfsummen für die Paketverifikation KSYMS_UNAVAIL:Alle ksyms und kallsyms Prüfungen werden übersprüngen - die Datei ist nicht lesbar. LIST_PERL:Perl Modul Installations Status: LOCK_FAIL:Unfähig die Sperrdatei zu sperren: rkhunter ist nicht gelaufen! LOCK_UNUSED:Sperrungen werden nicht verwendet LOCK_USED:Sperren wird verwendet: timeout beträgt $1 Sekunden LOCK_WAIT:Warte auf Sperrdatei MSG_RESULT_WHITELISTED:durch Whitelisting erlaubt NETWORK_HIDDEN_PORTS_CHK_NAME:Tor Nummer: $1:$2 wird benutzt von $3 NETWORK_HIDDEN_PORTS_CHK:Tor Nummer: $1:$2 NETWORK_HIDDEN_PORTS_FOUND:Versteckte Tore gefunden: NETWORK_HIDDEN_PORTS_PATH_WHITELIST:Verstecktes $1 port $2 wird benutzt von $3: der Pfadname ist mittels Whitelist erlaubt. NETWORK_HIDDEN_PORTS_PORT_WHITELIST:Verstecktes $1 port $2 gefunden: das Tor ist mittels Whitelist erlaubt. NETWORK_HIDDEN_PORTS:Prüfe auf versteckte ports NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:Verstecktes $1 Tor $2 wird benutzt von $3: der Pfadname ist vertrauenswürdig. NETWORK_PORTS_BACKDOOR_CHK:Prüfe auf $1 Tor $2 NETWORK_PORTS_BACKDOOR_LOG:Führe Prüfung auf Hintertüren-ports aus NETWORK_PORTS_BACKDOOR:Prüfe auf Hintertüren-ports NETWORK_PORTS_BKDOOR_FOUND:Netzwerk $1 Tor $2 wird benutzt${3}. Mögliches Rootkit: $4 NETWORK_PORTS_BKDOOR_FOUND:Nutzen Sie das 'lsof -i' oder 'netstat -an' Kommando um dies zu prüfen. NETWORK_PORTS_FILE_NOTAFILE:Die Datei der bekannten Hintertüren-ports ist keine Datei: $1 NETWORK_PROMISC_WLIST:Netzwerk-Schnittstellen, die im promiscuous-Modus betrieben werden dürfen: $1 OSINFO_DO_UPDT:Die Dateieigenschaften-Datei wird automatisch auf den neuesten Stand gebracht. PWD_CHANGES_COMM:Der Konto-Kommentar wurde von '$1' nach '$2' geändert. PWD_CHANGES_FOUND:Änderungen gefunden in der passwd Datei für Benutzer '$1': PWD_CHANGES_GID:Die GID wurde geändert von '$1' nach '$2' PWD_CHANGES_HOME:Das Heimatverzeichnis wurde geändert von '$1' nach '$2' PWD_CHANGES_IDADD:Benutzer '$1' wurde der passwd-Datei hinzugefügt. PWD_CHANGES_IDREM:Benutzer '$1' wurde aus der passwd-Datei entfernt. PWD_CHANGES_PWD:Das Passwort wurde geändert von '$1' nach '$2' PWD_CHANGES_SHL:Die login shell wurde geändert von '$1' nach '$2' PWD_CHANGES_UID:Die UID wurde geändert von '$1' nach '$2' PWDGRP_CHANGES_UNK:Unbekanntes Feld gefunden in der $1 Datei: altes Feld: '$2', neues Feld: '$3' RKHDAT_ADD_NEW_ENTRY:Füge neuen Dateieintrag zur 'rkhunter.dat' Datei hinzu: $1 RKHDAT_DEL_OLD_ENTRY:Lösche nicht existierenden Dateieintrag aus der 'rkhunter.dat' Datei: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_NOUNHIDE:Die Nutzung von '$1' wurde unterdrückt auf Benutzerwunsch. ROOTKIT_MALWARE_HIDDEN_PROCS_RUBY_ERR:Das 'unhide.rb' Kommand ergab einen Fehler: ROOTKIT_MALWARE_HIDDEN_PROCS_UNH_ERR:'unhide' nicht ausgeführt: ungültiger konfigurierter Testname: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_CMD:Benutze Kommando '$1' ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_VERS:Gefundene 'unhide' Kommando-Version: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_CMD:Kommando: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_PATH:Pfadname: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_RTKT:Mögliches Rootkit: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_UID:UID: $1 PID: $2 ROOTKIT_OS_DFLY_PKGDB_NOTOK:Die Paketdatenbank scheint inkonsistent zu sein. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Dies mag kein Sicherheitsproblem sein, aber 'pkg_admin check' auszuführen könnte helfen, das Problem zu diagnostizieren. ROOTKIT_PHALANX2_PROC_FOUND:Laufenden Prozess 'ata/0' gefunden ROOTKIT_PHALANX2_PROC_PPID:Erwarte 'kthread' Eltern-PID '$1', fand Eltern-PID '$2' ROOTKIT_PHALANX2_PROC:Prüfe Prozessliste auf Prozess 'ata/0' ROOTKIT_PHALANX2_PROC_PS_ERR:Ausführung von 'ps' ergab unerwartete Ergebnisse: möglicherweise nicht unterstützte Kommandozeilen-Argumente. SET_FILE_PROP_FILE_COUNT_BL:Datei $1: suchte nach $2 Dateien, fand $3, gebrochene Verknüpfungen $4 SET_FILE_PROP_FILE_COUNT_NOHASH_BL:Datei $1: suchte nach $2 Dateien, fand $3, fehlende Hashwerte $4, gebrochene Verknüpfungen $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT_BL:Datei $1: suchte nach $2 Dateien, fand $3 von $4, fehlende Hashwerte $5, gebrochene Verknüpfungen $6 SET_FILE_PROP_FILE_COUNT_PROPOPT_BL:Datei $1: suchte nach $2 Dateien, fand $3 von $4, gebrochene Verknüpfungen $5 SHARED_LIBS_PRELOAD_LIB_FOUND:Fand vorabgeladene geteilte Bibliothek: $1 SHARED_LIBS_PRELOAD_LIB_WLIST:Fand vorabgeladene geteilte Bibliothek '$1': sie ist mittels Whitelist erlaubt. SUMMARY_LOGFILE_COPIED:Logdatei kopiert nach $1 SUSPSCAN_DAT_MISSING:Die Datendatei der verdächtigen Inhalte fehlt oder ist leer: $1 SUSPSCAN_DAT_MISSING:Führen Sie 'rkhunter --update' aus, um die Vorgabe-Datei wieder herzustellen. SUSPSCAN_DAT_NOTAFILE:Die Datendatei der verdächtigen Inhalte ist keine Datei: $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF1:SSH Konfigurations-Option 'Protocol': $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF2:Rkhunter Konfigurations-Option 'ALLOW_SSH_PROT_V1': $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_LOG:Konfigurationsdatei erlaubt Logging über das Netzwerk: $1 UPDATE_SKIPPED:Sprachdateien-Update übersprungen auf Benutzerwunsch. USER_CMD_LIST:Schliesse Benutzer-Kommandos für Dateieigenschaften-Prüfung ein: USER_DIR_LIST:Schliesse Benutzer-Verzeichnisse für Dateieigenschaften-Prüfung ein: USER_EXCLUDE_PROP:Schliesse von Dateieigenschaften-Prüfung aus: USER_FILE_LIST:Schliesse Benutzer-Dateien für Dateieigenschaften-Prüfung ein: rkhunter-1.4.2/files/i18n/cn0000644000000000000000000007007711254021420014264 0ustar rootrootVersion:2009091601 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:信息 MSG_TYPE_WARNING:警告 # # This is the list of message results. # MSG_RESULT_OK:正常 MSG_RESULT_SKIPPED:跳过 MSG_RESULT_WARNING:警告 MSG_RESULT_FOUND:发现 MSG_RESULT_NOT_FOUND:没发现 MSG_RESULT_NONE_FOUND:没发现 MSG_RESULT_ALLOWED:允许 MSG_RESULT_NOT_ALLOWED:不允许 MSG_RESULT_UNSET:没设置 MSG_RESULT_UPD: 更新的 MSG_RESULT_NO_UPD: 没更新 MSG_RESULT_UPD_FAILED: 更新失败 MSG_RESULT_VCHK_FAILED: 版本检查失败 # # The messages. # VERSIONLINE:[ $1 版本 $2 ] VERSIONLINE2:运行 $1 版本 $2 在 $3 VERSIONLINE3:运行 $1 版本 $2 RKH_STARTDATE:开始时间是 $1 RKH_ENDDATE:结束时间是 $1 OPSYS:探测到的系统是 '$1' UNAME:Uname 输出是 '$1' CONFIG_CHECK_START:检查配置文件及命令行选项... CONFIG_CMDLINE:命令行是 $1 CONFIG_ENVSHELL:环境 shell 是 $1; rkhunter 正在使用 $2 CONFIG_CONFIGFILE:正在使用配置文件 '$1' CONFIG_INSTALLDIR:安装目录是'$1' CONFIG_LANGUAGE:使用语言是 '$1' CONFIG_DBDIR:使用 '$1' 作为数据库目录 CONFIG_SCRIPTDIR:使用 '$1' 支持脚本目录 CONFIG_BINDIR:使用 '$1' 作为命令目录 CONFIG_ROOTDIR:使用 '$1' 作为root 目录 CONFIG_TMPDIR:使用 '$1' 作为临时文件夹 CONFIG_NO_MAIL_ON_WARN:没有配置警告信的地址 CONFIG_MOW_DISABLED:根据用户要求,不使用警告信 CONFIG_MAIL_ON_WARN:使用命令'$2'给 '$1' 发警告信 CONFIG_SSH_ROOT:Rkhunter 的选项 ALLOW_SSH_ROOT_USER被设置成 '$1'. CONFIG_SSH_PROTV1:Rkhunter 选项 ALLOW_SSH_PROT_V1 设置为 '$1'. CONFIG_X_AUTO:自动检测X CONFIG_CLRSET2:使用第二配色方案 CONFIG_NO_SHOW_SUMMARY:根据用户要求不检测系统总况 CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV被设置为'$1' CONFIG_NO_VL:根据用户要求不记录详细的日志 CONFIG_XINETD_PATH:使用 $1 配置文件 '$2' CONFIG_SOL10_INETD:使用Solaris 10 及以后的inetd机制 CONFIG_LOCAL_RC_DIR:使用系统的启动目录: $1 CONFIG_LOCAL_RC_FILE:使用本地的启动目录文件: $1 CONFIG_ROTATE_MIRRORS:镜像文件将被 rotated ONFIG_NO_ROTATE_MIRRORS:镜像文件将不被rotated CONFIG_UPDATE_MIRRORS:镜像文件将被更新 CONFIG_NO_UPDATE_MIRRORS:镜像文件将不被更新 CONFIG_MIRRORS_MODE0:本地和远程镜像文件将都被使用 CONFIG_MIRRORS_MODE1:只使用本地镜像文件 CONFIG_MIRRORS_MODE2:只使用远程镜像文件 FOUND_CMD:找到 '$1' 命令: $2 NOT_FOUND_CMD:无法找到'$1' 命令 CMD_ERROR:命令 '$1' 遇到错误码 $2. SYS_PRELINK:系统正在使用prelinking SYS_NO_PRELINK:系统没用prelinking SYS_SELINUX:SELinux 已启用 SYS_NO_SELINUX:SELinux 没启用 HASH_FUNC_PRELINK:为了文件的 hash 检测而使用 prelink 命令 (带 $1) HASH_FUNC_PERL:使用 perl $1 模块来检查文件hash HASH_FUNC:使用 '$1'命令检查文件hash HASH_FUNC_NONE:无法检查文件hash : 没指定 HASH_FUNC_NONE_PKGMGR:没有指定文件hash函数: 只能使用包管理器 HASH_FUNC_DISABLED:Hash函数设置为'NONE': 自动使文件hash检查无效 HASH_FUNC_OLD:使用hash函数 '$1'储存hash值 HASH_FUNC_OLD_DISABLED:原先的hash函数无效: 没有hash值值被保存 HASH_PKGMGR_OLD:使用包管理器'$1'(md5 function)存储hash值 HASH_PKGMGR_OLD_UNSET:没使用包管理器存储hash值 HASH_PKGMGR:使用包管理器 '$1' 检查文件属性 HASH_PKGMGR_MD5:使用 MD5 hash 函数命令 '$1' 辅助包管理器的验证 HASH_PKGMGR_NOT_SPEC:没有指定包管理器: 使用 hash 函数 '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:没有指定包管理器: 使用带 '$1' 的 prelink 命令 HASH_FIELD_INDEX:hash 函数的域索引被设置为 $1 HASHUPD_DISABLED:Hash 检测失效: 当前文件hash值将不会保存 HASHUPD_PKGMGR:使用包管理器 '$1' 来更新文件hash值 HASHUPD_PKGMGR_NOT_SPEC:没有指定文件 hash 更新包管理器: 使用 hash 函数 '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:没有指定文件 hash 更新包管理器: 使用带 '$1'的 prelink 命令 ATTRUPD_DISABLED:文件属性检测失效: 当前文件属性将不会保存 ATTRUPD_NOSTATCMD:文件属性检测失效: 没有发现'stat'命令:当前文件属性将不会保存 ATTRUPD_OK:当前文件属性将被保存 ATTRUPD_OLD_DISABLED:原先文件属性无效: 没有文件属性保存 ATTRUPD_OLD_NOSTATCMD:原先文件属性无效: 没有发现'stat'命令: 没有文件属性被保存 ATTRUPD_OLD_OK:原先文件属性被保存 GRSECINSTALLED:发现安装有grsecurity SYSLOG_ENABLED:因为一些logging使用 syslog - facility/priority 级别是 '$1'. SYSLOG_DISABLED:根据用户要求不使用 syslog . SYSLOG_NO_LOGGER:无法使用 syslog - 无法找到 'logger' 命令. NAME:$1 PRESSENTER:[敲 键继续] TEST_SKIPPED_OS:因为 O/S: $2,检测 '$1' 被跳过 SUMMARY_TITLE1:系统检测概要 SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:检测文件属性... SUMMARY_PROP_REQCMDS:请求的检测命令失败 SUMMARY_PROP_COUNT:检测文件: $1 SUMMARY_PROP_FAILED:可疑文件: $1 SUMMARY_CHKS_SKIPPED:跳过所有检测 SUMMARY_RKT_SCAN:检测Rootkit... SUMMARY_RKT_COUNT:检测Rootkits : $1 SUMMARY_RKT_FAILED:可能存在 rootkits: $1 SUMMARY_RKT_NAMES:Rootkit 名称 : $1 SUMMARY_APPS_SCAN:应用程序检测... SUMMARY_APPS_COUNT:应用程序检测: $1 SUMMARY_APPS_FAILED:可疑的应用程序: $1 SUMMARY_SCAN_TIME:检查系统用时: $1 SUMMARY_NO_SCAN_TIME:检查系统用时: 无法计算时钟时间 SUMMARY_LOGFILE:所有结果已被写入到日志文件($1) SUMMARY_NO_LOGFILE:没有创建日志文件. CREATED_TEMP_FILE:创建临时文件夹 '$1' MIRRORS_NO_FILE:镜象文件'$1'不存在 MIRRORS_NO_MIRRORS:镜像文件 '$1' 中没有需要的镜像. MIRRORS_NO_VERSION:镜象文件 '$1'中没有版本号 - 重新设置为0. MIRRORS_ROTATED:镜象文件 '$1' 已被更新. MIRRORS_SF_DEFAULT:使用 SourceForge 镜像: $1 DOWNLOAD_CMD:执行下载命令 '$1' DOWNLOAD_FAIL:下载失败 - $1 镜象文件无效. VERSIONCHECK_START:正在检查 rkhunter 版本... VERSIONCHECK_FAIL_ALL:下载失败: 无法确定最新的程序版本. VERSIONCHECK_CURRENT:本版本 : $1 VERSIONCHECK_LATEST:最新的版本: $1 VERSIONCHECK_LATEST_FAIL:最新版本: 下载失败 VERSIONCHECK_UPDT_AVAIL:更新有效 VERSIONCHECK_CONV_FAIL:无法比较版本号: 程序: '$1' Latest: '$2' UPDATE_START:正在检查rkhunter 的数据文件... UPDATE_CHECKING_FILE:正在检查文件$1 UPDATE_FILE_NO_VERS:文件 '$1' 没有有效的版本号. 正下载一个新的副本. UPDATE_FILE_MISSING:文件 '$1' 丢失或为空. 正下载一个新的副本. UPDATE_DOWNLOAD_FAIL:'$1'下载失败: 无法确定最新的版本号. UPDATE_I18N_NO_VERS:无法发现i18n语言文件版本号. OSINFO_START:检查自上次检测后系统是否已改变... OSINFO_END:没发现任何东西已变化 OSINFO_HOST_CHANGE1:自上检测后,host名称已改变: OSINFO_HOST_CHANGE2:旧的host值: $1 新的值: $2 OSINFO_OSVER_CHANGE1:自上次检测后,系统名称或版本已改变: OSINFO_OSVER_CHANGE2:旧的O/S值: $1 新的值: $2 OSINFO_PRELINK_CHANGE:自上次检测后,使用prelinking系统可能已改变为${1}: OSINFO_ARCH_CHANGE1:系统的CPU类型可能已变化: OSINFO_ARCH_CHANGE2:旧的CPU值: $1 新的值: $2 OSINFO_MSG1:因为这些改变,文件属性检测可能得出错误的结果. OSINFO_MSG2:你可能需要用'--propupd' 选项重新运行rkhunter SET_FILE_PROP_START: file properties正在获取文件属性... SET_FILE_PROP_DIR_FILE_COUNT:在$2发现$1 个文件 SET_FILE_PROP_FILE_COUNT:文件 $1: 搜索了 $2 个文件, 发现 $3 SET_FILE_PROP_FILE_COUNT_NOHASH:F文件 $1: 搜索了 $2 个文件, 发现 $3, 丢失 hashes $4 PROPUPD_START:开始更新文件属性数据... PROPUPD_OSINFO_START:正在收集 O/S 信息... PROPUPD_ARCH_FOUND:发现系统体系: $1 PROPUPD_REL_FILE:发现 release 文件: $1 PROPUPD_NO_REL_FILE:不能找到release 文件: LS output shows: PROPUPD_OSNAME_FOUND:发现 O/S 名称: $1 PROPUPD_ERROR:安装新的 rkhunter.dat 文件发生错误. 代码 $1 PROPUPD_NEW_DAT_FILE:新的 rkhunter.dat 文件已安装在 '$1' PROPUPD_WARN:警告! 当使用 '--propupd' 选项时用户必须负责确保 PROPUPD_WARN:系统中所有的文件已知是真实的, 并且是安装于可靠的 PROPUPD_WARN:源文件. rkhunter '--check' 选项将当前文件属性与先前 PROPUPD_WARN:保存的值进行对比,并且报告任何变化的值. 然而, rkhunter PROPUPD_WARN:无法确定是什么导致了这个变化,它有待用户去确认. ENABLED_TESTS:生效的测试是: $1 DISABLED_TESTS:失效的测试是: $1 KSYMS_FOUND:发现 ksym 文件 '$1' KSYMS_MISSING:所有的 ksyms 和 kallsyms 检测已被取消 - 这两种文件在系统中都不存在. STARTING_TEST:开始 '$1' 检测 USER_DISABLED_TEST:用户已取消 '$1' 检测t. CHECK_START:开始检测系统... CHECK_WARNINGS_NOT_FOUND:在检测系统过程中没有报警产生. CHECK_WARNINGS_FOUND:检测系统过程中发现一个或多个报警. CHECK_WARNINGS_FOUND_RERUN:请重新运行rkhunter,确认日志文件已创建. CHECK_WARNINGS_FOUND_CHK_LOG:请检查日志文件 ($1) CHECK_SYS_COMMANDS:检查系统命令... STRINGS_CHECK_START:执行 '字符串' 命令检测 STRINGS_SCANNING_OK:扫描字符串 $1 STRINGS_SCANNING_BAD:扫描字符串 $1 STRINGS_SCANNING_BAD:'字符串' 命令中无法发现字符串 STRINGS_CHECK:检测 '字符串' 命令 STRINGS_CHECK:跳过检测 - 没有发现 '字符串' 命令. FILE_PROP_START:执行文件属性检测 FILE_PROP_CMDS:检测先决条件 FILE_PROP_IMMUT_OS:跳过所有的 immutable-bit 检测. 该检测仅仅在 Linux 系统下有效. FILE_PROP_SKIP_ATTR:无法找到 'stat' 命令 - 所有的文件属性检测将被跳过. FILE_PROP_SKIP_HASH:所有的文件 hash 检测将被跳过,因为 : FILE_PROP_SKIP_HASH_FUNC:当前的 hash 函数 ($1) 或者包管理器 ($2) 与 hash 函数 ($3)不兼容或包管理器 ($4) 被用于保存这些值. FILE_PROP_SKIP_HASH_PRELINK:无法找到 'prelink' 命令. FILE_PROP_SKIP_HASH_SHA1:这个系统使用 prelinking, 但是 hash 函数命令 不像是 SHA1 or MD5. FILE_PROP_SKIP_HASH_LIBSAFE:没发现 Libsafe , 这可能导致错误. 如果可能, 让 libsafe 失效并运行 prelink 命令. 最后, 使用 'rkhunter --propupd'重新创建 hash 值. FILE_PROP_SKIP_IMMUT:无法找到 'lsattr' 命令 - 所有的文件 immutable-bit 检测将被跳过. FILE_PROP_SKIP_SCRIPT:无法找到 'file' 命令 - 所有脚本代替检测将被跳过. FILE_PROP_OS_CHANGED:本地host配置或操作系统已经改变. FILE_PROP_DAT_MISSING:保存文件属性的文件 (rkhunter.dat) 不存在, 所以必须创建它. 输入命令 'rkhunter --propupd'创建. FILE_PROP_DAT_EMPTY:保存文件属性的文件 (rkhunter.dat) 是空的, 所以必须创建它. 输入命令 'rkhunter --propupd'创建. FILE_PROP_SKIP_ALL:现忽略所有文件属性的检测. FILE_PROP_FILE_NOT_EXIST:系统中不存在 '$1' 文件, 但是它列于 rkhunter.dat 文件. FILE_PROP_WL:发现文件 '$1': 它列于白名单中用于 '$2' 检测. FILE_PROP_WL_DIR:发现目录 '$1': 针对于 '$2' 检测,它列于白名单. FILE_PROP_NO_RKH_REC:系统中存在文件 '$1' , 但是它不列于 the rkhunter.dat 文件. FILE_PROP_CHANGED:文件属性已改变: FILE_PROP_CHANGED2:文件: $1 FILE_PROP_NO_PKGMGR_FILE:跳过文件 '$1' hash 值: 文件不属于该包 FILE_PROP_NO_SYSHASH:没发现文件 '$1'的hash值 FILE_PROP_NO_SYSHASH_CMD:Hash 命令输出: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:尝试使用命令 'prelink $1' 修复依赖错误. FILE_PROP_SYSHASH_UNAVAIL:当前 hash: 无法获取 FILE_PROP_SYSHASH:当前 hash: $1 FILE_PROP_RKHHASH:保存 hash : $1 FILE_PROP_NO_RKHHASH:不能找到rkhunter.dat中文件'$1' 的hash值. FILE_PROP_NO_RKHPERM:不能找到rkhunter.dat中文件'$1' 的权限值. FILE_PROP_PERM_UNAVAIL:当前权限: 无法获取 储存的权限: $1 FILE_PROP_PERM:当前权限: $1 储存的权限: $2 FILE_PROP_UID_UNAVAIL:当前 uid: 无法获取 储存的 uid: $1 FILE_PROP_UID:当前 uid: $1 储存的 uid: $2 FILE_PROP_NO_RKHUID:在文件rkhunter.dat中没有找到文件 '$1' 的user-id值. FILE_PROP_GID_UNAVAIL:当前的 gid: 无法获取 保存的 gid: $1 FILE_PROP_GID:当前的 gid: $1 保存的 gid: $2 FILE_PROP_NO_RKHGID:在文件rkhunter.dat中没有找到文件 '$1' 的group-id值. FILE_PROP_INODE_UNAVAIL:当前的 inode: 无法获取 保存的 inode: $1 FILE_PROP_INODE:当前的 inode: $1 保存的 inode: $2 FILE_PROP_NO_RKHINODE:在文件rkhunter.dat中没有找到文件 '$1' 的inode值. FILE_PROP_SIZE_UNAVAIL:当前大小: 无法获取 存储的大小: $1 FILE_PROP_SIZE:当前大小: $1 存储的大小: $2 FILE_PROP_NO_RKHSIZE:在 rkhunter.dat 文件中没发现文件 '$1' 的大小值. FILE_PROP_SYSDTM_UNAVAIL:当前的文件修改时间: 无法获取 FILE_PROP_SYSDTM:当前文件修改时间: $1 FILE_PROP_RKHDTM:保存的文件修改时间 : $1 FILE_PROP_NO_RKHDTM:在文件rkhunter.dat中没有找到文件 '$1' 的修改时间值. FILE_PROP_NO_SYSATTR:无法获取 '$1' 的当前属性 FILE_PROP_WRITE:文件 '$1'被设置为对所有用户可写. FILE_PROP_SYSPERM_UNAVAIL:无法获取文件 '$1' 的当前写权限 FILE_PROP_IMMUT:文件 '$1' 被设置了 immutable-bit . FILE_PROP_SCRIPT:命令 '$1' 已经被脚本: $2 代替 FILE_PROP_SCRIPT_RKH:命令 '$1' 已被替换, 不是脚本: $2 FILE_PROP_VRFY:包管理器验证已失效: FILE_PROP_VRFY_HASH:文件hash值已改变 FILE_PROP_VRFY_PERM:文件权限已改变 FILE_PROP_VRFY_UID:文件的拥有者属性已改变 FILE_PROP_VRFY_GID:文件组属性已改变 FILE_PROP_VRFY_DTM:文件的修改时间已改变 FILE_PROP_VRFY_SIZE:文件大小已经改变 CHECK_ROOTKITS:正在检查rootkit... ROOTKIT_FILES_DIRS_START:执行已知rootkit和目录的检查 ROOTKIT_FILES_DIRS_NAME_LOG:检查 ${1}... ROOTKIT_FILES_DIRS_FILE:检查文件 '$1' ROOTKIT_FILES_DIRS_DIR:检查目录 '$1' ROOTKIT_FILES_DIRS_KSYM:检查内核符号 '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:发现文件 '$1' ROOTKIT_FILES_DIRS_DIR_FOUND:发现目录 '$1' ROOTKIT_FILES_DIRS_KSYM_FOUND:发现内核符号 '$1' ROOTKIT_FILES_DIRS_STR:检查字符串 '$1' ROOTKIT_FILES_DIRS_STR_FOUND:在文件 '$2'中发现字符串'$1' ROOTKIT_FILES_DIRS_NOFILE:文件 '$1' 不存在! ROOTKIT_FILES_DIRS_SINAR_DIR:检查 '$1' ROOTKIT_FILES_DIRS_SINAR:在: $1中发现SInAR ROOTKIT_ADD_START:执行辅助的rootkit检测 ROOTKIT_ADD_SUCKIT:Suckit Rookit 辅助检测 ROOTKIT_ADD_SUCKIT_LOG:执行Suckit Rookit 辅助检测 ROOTKIT_ADD_SUCKIT_LINK:检测/sbin/init 链接数量 ROOTKIT_ADD_SUCKIT_LINK_NOCMD:检测 /sbin/init 链接数量: 没发现 'stat' 命令 ROOTKIT_ADD_SUCKIT_LINK_ERR:检测 /sbin/init 链接数量: 'stat' 命令错误 ROOTKIT_ADD_SUCKIT_LINK_FOUND:检测 /sbin/init 链接数量: 数量是 $1, 它应当是 1 ROOTKIT_ADD_SUCKIT_EXT:检测隐藏文件扩展 ROOTKIT_ADD_SUCKIT_EXT_FOUND:检测隐藏文件扩展: 发现: $1 ROOTKIT_ADD_SUCKIT_SKDET:运行 skdet 命令 ROOTKIT_ADD_SUCKIT_SKDET_FOUND:运行 skdet 命令: 发现: $1 ROOTKIT_ADD_SUCKIT_SKDET_VER:运行 skdet 命令: 未知版本: $1 ROOTKIT_POSS_FILES_DIRS:检查可能存在的rootkit及其目录 ROOTKIT_POSS_FILES_DIRS_LOG:执行检查可能存在的rootkit文件及其目录 ROOTKIT_POSS_FILES_FILE_FOUND:发现文件 '$1'. 可能存在rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:发现目录 '$1'. 可能存在rootkit: $2 ROOTKIT_POSS_STRINGS:检测判定rootkit可能存在的字符串 ROOTKIT_POSS_STRINGS_LOG:执行检测判定rootkit可能存在的字符串 ROOTKIT_POSS_STRINGS_FOUND:在文件 '$2'中发现字符串'$1' . 可能还在rootkit: $3 ROOTKIT_MALWARE_START:执行恶意软件检测 ROOTKIT_MALWARE_SUSP_FILES:检测正在运行进程的可疑文件 ROOTKIT_MALWARE_SUSP_FILES_FOUND:发现一个或多个这样的文件: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND:检测 lsof 命令 'lsof -F n -w -n' 的输出 ROOTKIT_MALWARE_HIDDEN_PROCS:检测隐藏进程 ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:发现隐藏的进程: $1 ROOTKIT_MALWARE_DELETED_FILES:在正运行进程中检测 deleted 文件 ROOTKIT_MALWARE_DELETED_FILES_FOUND:以下进程正在使用 deleted 文件: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:进程: $1 PID: $2 文件: $3 ROOTKIT_MALWARE_LOGIN_BDOOR:检测 login 后门 ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:执行检测 login 后门 ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:检测 '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:发现 login 后门文件: $1 ROOTKIT_MALWARE_SUSP_DIR:检测可疑目录 ROOTKIT_MALWARE_SUSP_DIR_LOG:执行可疑目录的检测 ROOTKIT_MALWARE_SUSP_DIR_FOUND:发现可疑的目录: $1 ROOTKIT_MALWARE_SFW_INTRUSION:检测软件入侵 ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:文件 '$1' 中包含有字符串 '$2'. 可能存在rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:跳过检测 - tripwire 没有安装 ROOTKIT_MALWARE_SNIFFER:检测 sniffer 日志文件 ROOTKIT_MALWARE_SNIFFER_LOG:执行 sniffer 日志文件的检测 ROOTKIT_MALWARE_SNIFFER_FOUND:发现可疑的sniffer 日志文件: $1 ROOTKIT_TROJAN_START:执行木马详细检测 ROOTKIT_TROJAN_INETD:检测启动的 inetd 服务 ROOTKIT_TROJAN_INETD_SKIP:跳过检测 - 文件 '$1' 不存在. ROOTKIT_TROJAN_INETD_FOUND:发现已启动的 inetd 服务: $1 ROOTKIT_TROJAN_XINETD:检测启动的 xinetd 服务 ROOTKIT_TROJAN_XINETD_LOG:执行已启动的 xinetd 服务的检测 ROOTKIT_TROJAN_XINETD_ENABLED:在 '$1' 中检测已启动的服务 ROOTKIT_TROJAN_XINETD_INCLUDE:发现 'include $1' 指令 ROOTKIT_TROJAN_XINETD_INCLUDEDIR:发现 'includedir $1' 指令 ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:发现启动的 xinetd 服务: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:发现服务 '$1': 它位于 $2 白名单. ROOTKIT_TROJAN_APACHE:检测 Apache 的后门 ROOTKIT_TROJAN_APACHE_SKIPPED:跳过Apache 后门的检测: 没发现Apache 模块和配置目录. ROOTKIT_TROJAN_APACHE_FOUND:发现Apache 后门模块 'mod_rootme' : $1 ROOTKIT_OS_START:执行 $1 详细的检测 ROOTKIT_OS_SKIPPED:没有可用的详细检测 ROOTKIT_OS_BSD_SOCKNET:检测 sockstat 和 netstat 命令 ROOTKIT_OS_BSD_SOCKNET_FOUND: sockstat 和 netstat 的输出发现不同: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 输出: $2 ROOTKIT_OS_FREEBSD_KLD:检测 KLD 后门 ROOTKIT_OS_FREEBSD_KLD_FOUND:发现可疑的 FreeBSD KLD 后门. 'kldstat -v' 命令显示字符串 '$1' ROOTKIT_OS_FREEBSD_PKGDB:检测包数据库 ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:包数据库似乎有矛盾. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:这可能不是安全问题, 但是运行 'pkgdb -F' 可能有助于诊断问题. ROOTKIT_OS_LINUX_LKM:检测内核模块命令 ROOTKIT_OS_LINUX_LKM_FOUND: lsmod 命令 和 /proc/modules 文件之间发现不同的地方: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 输出: $2 ROOTKIT_OS_LINUX_LKM_EMPTY: 没有发现 lsmod 命令 和或 /proc/modules 文件的输出: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:模块文件 '$1' 已丢失. ROOTKIT_OS_LINUX_LKMNAMES:检测内核模块名称 ROOTKIT_OS_LINUX_LKMNAMES_PATH:使用模块路径名 '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:在 '$1'中发现已知的恶意内核模块: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:内核模块目录 '$1' 丢失 CHECK_LOCALHOST:检测本地host... STARTUP_FILES_START:执行系统boot检测 STARTUP_HOSTNAME:检测本地host名称 STARTUP_NO_HOSTNAME:没发现host名. STARTUP_LOCAL_RC_FILE:检测本地启动文件 STARTUP_FOUND_LOCAL_RC_FILE:发现本地启动文件: $1 STARTUP_NO_LOCAL_RC_FILE:没发现本地启动文件. STARTUP_CHECK_LOCAL_RC:检测本地启动文件是否涉及有害程序 STARTUP_CHECK_SYSTEM_RC:检测系统启动文件是否涉及有害程序 STARTUP_CHECK_SYSTEM_RC_FOUND:发现系统启动目录: $1 STARTUP_CHECK_SYSTEM_RC_NONE:没发现系统启动文件. ACCOUNTS_START:执行用户组和帐户检测 ACCOUNTS_PWD_FILE_CHECK:检测密码文件 ACCOUNTS_FOUND_PWD_FILE:发现密码文件: $1 ACCOUNTS_NO_PWD_FILE:密码文件 $1 不存在. ACCOUNTS_UID0:检测等效root (UID 0) 帐户 ACCOUNTS_UID0_WL:发现等效root 帐户 '$1': 它位于白名单中. ACCOUNTS_UID0_FOUND:帐户 '$1' 是等效root (UID = 0) ACCOUNTS_SHADOW_FILE:发现 shadow 文件: $1 ACCOUNTS_PWDLESS:检测空密码的帐户 ACCOUNTS_PWDLESS_WL:发现空密码帐户 '$1': 它列于白名单. ACCOUNTS_PWDLESS_FOUND:发现空密码帐户: $1 ACCOUNTS_NO_SHADOW_FILE:没发现 shadow/password 文件. PASSWD_CHANGES:检测密码文件的变化 PASSWD_CHANGES_NO_TMP:无法检测密码文件的异常: 密码文件的副本不存在. PASSWD_CHANGES_ADDED:有用户被加到密码文件中: PASSWD_CHANGES_REMOVED:有用户从密码文件中移除: GROUP_CHANGES:检测用户组文件的变化 GROUP_CHANGES_NO_FILE:用户组文件 $1 不存在. GROUP_CHANGES_NO_TMP:无法检测用户组文件的变化: 用户组文件的副本不存在. GROUP_CHANGES_ADDED:有用户被加进用用户组文件: GROUP_CHANGES_REMOVED:组已被从用户组文件中删除: HISTORY_CHECK:检测root帐户的shell历史文件 HISTORY_CHECK_FOUND:Root 帐户 $1 shell 历史文件是一个符号链接: $2 SYSTEM_CONFIGS_START:执行系统配置文件检测 SYSTEM_CONFIGS_FILE:检测配置文件 $1 SYSTEM_CONFIGS_FILE_FOUND:发现 $1 配置文件: $2 SYSTEM_CONFIGS_SSH_ROOT:检测SSH是否允许root访问 SYSTEM_CONFIGS_SSH_ROOT_FOUND: SSH 和 rkhunter 的配置选顶应当相同: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH 配置选项 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter 配置选项 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND: 还没设置SSH 配置选项 'PermitRootLogin' . SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:默认值可能是 'yes', 允许root访问. SYSTEM_CONFIGS_SSH_PROTO:检测是否允许 SSH v1版协议 SYSTEM_CONFIGS_SSH_PROTO_FOUND:SSH的配置文件SSH ($1)已让SSH 版本1协议生效. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND: SSH 配置选项 'Protocol' 还没设置. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:默认值可能是 '2,1', 允许使用 版本11协议. SYSTEM_CONFIGS_SYSLOG:检测是否运行syslog daemon SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:syslog daemon 没有运行. SYSTEM_CONFIGS_SYSLOG_METALOG_RUNNING:syslog daemon 没有运行, 但是已经发现一个metalog daemon. SYSTEM_CONFIGS_SYSLOG_SOCKLOG_RUNNING:syslog daemon 没有运行, 但是已经发现一个socklog daemon. SYSTEM_CONFIGS_SYSLOG_NO_FILE:syslog daemon 正在运行, 但是无法发现配置文件. SYSTEM_CONFIGS_SYSLOG_REMOTE:检测是否允许 syslog remote logging SYSTEM_CONFIGS_SYSLOG_REMOTE_FOUND:Syslog 配置文件允许远程登陆: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter 配置选项 'ALLOW_SYSLOG_REMOTE_LOGGING' 已经生效. FILESYSTEM_START:执行文件系统检测 FILESYSTEM_DEV_CHECK:/dev 作为可疑文件类型检测 FILESYSTEM_DEV_CHECK_NO_DEV:/dev 不存在. FILESYSTEM_DEV_FILE_WL:发现文件 '$1': 它列于白名单中. FILESYSTEM_DEV_FILE_FOUND:在 ${1}中发现可疑文件类型: FILESYSTEM_HIDDEN_DIR_WL:发现隐藏的目录'$1': 它列于白名单中. FILESYSTEM_HIDDEN_FILE_WL:发现隐藏文件 '$1': 它列于白名单中. FILESYSTEM_HIDDEN_CHECK:检测隐藏的文件和目录 FILESYSTEM_HIDDEN_DIR_FOUND:发现隐藏的目录: $1 FILESYSTEM_HIDDEN_FILE_FOUND:发现隐藏的文件: $1 CHECK_APPS:检测应用程序的版本... APPS_NONE_FOUND:发现末知应用程序 - 跳过所有的检测. APPS_DAT_MISSING:跳过所有的应用程序版本检测. APPS_DAT_MISSING:不安全应用程序版本 (programs_bad.dat) 丢失或为空. APPS_DAT_MISSING:如果它已经被删除, 你得运行 'rkhunter --update'. APPS_NOT_FOUND:没发现应用程序 '$1' . APPS_CHECK:检测版本 $1 APPS_CHECK_WL:发现应用程序 '$1': 它列于白名单中. APPS_CHECK_VERSION_UNKNOWN:无法获取 '$1'的版本号. APPS_CHECK_VERSION_FOUND:发现应用程序 '$1' 版本号 '$2' . APPS_CHECK_VERSION_WL:发现应用程序 '$1' 版本 '$2': 这个版本位于白名单. APPS_CHECK_WHOLE_VERSION_USED:无法获取 '$1'的版本号: 版本选项赋予: $2 APPS_CHECK_FOUND:应用程序 '$1', 版本号 '$2', 已过时, 有潜在的安全风险. APPS_TOTAL_COUNT:应用程序检测: $1 out of $2 CHECK_NETWORK:检测网络... NETWORK_PORTS_START:执行后门端口的检测 NETWORK_PORTS_FILE_MISSING:跳过所有后门端口的检测. NETWORK_PORTS_FILE_MISSING:已知后门端口文件 (backdoorports.dat) 丢失或为空白. NETWORK_PORTS_FILE_MISSING:如果它已被删除,你必须运行命令 'rkhunter --update'. NETWORK_PORTS_UNKNOWN_NETSTAT:跳过所有后门端口的检测. NETWORK_PORTS_UNKNOWN_NETSTAT:此操作系统中无法识别该netstat命令格式. NETWORK_PORTS_DISABLE_PATHS:在PORT_WHITELIST 设置中'*' 和路径名无效: 'lsof' 命令不存在. NETWORK_PORTS_ENABLE_TRUSTED:可信任的路径名已在端口白名单中启用. NETWORK_PORTS:为 $1 检测端口 $2 NETWORK_PORTS_PATH_WHITELIST:网络 $1 端口 $2 正在被 $3 使用: 路径名列于白名单. NETWORK_PORTS_TRUSTED_WHITELIST:网络 $1 端口 $2 正在被 $3 使用: 路径名是可信任的. NETWORK_PORTS_PORT_WHITELIST:网络 $1 端口 $2 正在被使用: 端口列于白名单中. NETWORK_PORTS_FOUND:网络 $1 端口 $2 正在被使用${3}. 可能是rootkit: $4 NETWORK_PORTS_FOUND:使用 'lsof -i' 或 'netstat -an' 命令检测它. NETWORK_INTERFACE_START:执行网络接口的检测 NETWORK_PROMISC_CHECK:检测 promiscuous 接口 NETWORK_PROMISC_NO_IFCONFIG:Promiscuous 网络接口被跳过 - 无法找到 'ifconfig' 命令. NETWORK_PROMISC_NO_IP:使用'ip' 命令检测Promiscuous 网络接口 - 无法找到 'ip' 命令. NETWORK_PROMISC_IF:可能promiscuous 接口: NETWORK_PROMISC_IF_1:'ifconfig' 命令输出: $1 NETWORK_PROMISC_IF_2:'ip' 命令输出: $1 NETWORK_PACKET_CAP_CHECK:检测 数据报捕捉程序 NETWORK_PACKET_CAP_CHECK_NO_FILE:数据包检测程序检测被跳过 - 文件 '$1' 丢失. NETWORK_PACKET_CAP_FOUND:进程 '$1' (PID $2) 正在网络上监听. NETWORK_PACKET_CAP_WL:发现进程 '$1': 它列于白名单中. SHARED_LIBS_START:执行 '共享库' 的检测 SHARED_LIBS_PRELOAD_VAR:检测预装载变量 SHARED_LIBS_PRELOAD_VAR_FOUND:发现预装载变量: $1 SHARED_LIBS_PRELOAD_FILE:检测预装文件 SHARED_LIBS_PRELOAD_FILE_FOUND:发现library preload 文件: $1 SHARED_LIBS_PATH:检测 LD_LIBRARY_PATH 变量 SHARED_LIBS_PATH_BAD: LD_LIBRARY_PATH 环境变量被设置,它会影响二进制程序: 被设置为: $1 SUSPSCAN_CHECK:检测具有可疑 contents 的文件 SUSPSCAN_DIR_NOT_EXIST:目录 '$1' 不存在. SUSPSCAN_INSPECT:文件 '$1' (score: $2) 包含一些可疑的内容,它将被检测. SUSPSCAN_START:执行带有可疑contents文件的检测 SUSPSCAN_DIRS:待检测目录是: $1 SUSPSCAN_NO_DIRS:没有指定目录: 使用用默认 ($1) SUSPSCAN_TEMP:使用临时文件夹: $1 SUSPSCAN_NO_TEMP:没指定临刊文件夹: 使用用默认的 ($1) SUSPSCAN_TEMP_NOT_EXIST:suspscan 临时目录不存在: $1 SUSPSCAN_TEMP_NO_WRITE:suspscan 临时目录不可写: $1 SUSPSCAN_SIZE:检测的最大文件大小(byte为单位): '$1' SUSPSCAN_NO_SIZE:没指定最大的文件大小: 使用默认值($1) SUSPSCAN_SIZE_INVALID:The suspscan 最大文件大小无效: $1 SUSPSCAN_THRESH:Score 上限被设置为: $1 SUSPSCAN_NO_THRESH:没有指定 score 上限: 使用默认值 ($1) SUSPSCAN_THRESH_INVALID:The suspscan score 上限是无效的: $1 SUSPSCAN_DIR_CHECK:检查目录: '$1' SUSPSCAN_DIR_CHECK_NO_FILES:没有合适的文件检查. SUSPSCAN_FILE_CHECK:文件检测: Name: '$1' Score: $2 SUSPSCAN_FILE_CHECK_DEBUG:文件检测: Name: '$1' Score: $2 Hitcount: $3 Hits: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:忽略文件: 空白: '$1' SUSPSCAN_FILE_SKIPPED_LINK:忽略文件: 符号连接: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:忽略文件: 错误类型: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:忽略文件: 太大: '$1' SUSPSCAN_FILE_LINK_CHANGE:发现符号连接: '$1' -> '$2' LIST_TESTS:有效的测试名: LIST_GROUPED_TESTS:分组检测名称: LIST_LANGS:可用的语言: LIST_RTKTS:检测rootkit # #If any problem related with this cn version message,please mail to #linux_fqh@yahoo.com.cn.I will fix them as soon as possible. #如果有任何关于本中文版信息的问题,请联系linux_fqh@yahoo.com.cn #我将尽快修正它们 # rkhunter-1.4.2/files/i18n/zh.utf80000644000000000000000000006770311254021420015174 0ustar rootrootVersion:2009091601 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:訊息 MSG_TYPE_WARNING:警告 # # This is the list of message results. # MSG_RESULT_OK:正常 MSG_RESULT_BAD:損壞 MSG_RESULT_SKIPPED:跳過 MSG_RESULT_WARNING:!注意! MSG_RESULT_FOUND:發現 MSG_RESULT_NOT_FOUND:沒發現 MSG_RESULT_NONE_FOUND:沒發現 MSG_RESULT_ALLOWED:可以 MSG_RESULT_NOT_ALLOWED:不可以 MSG_RESULT_UPD: 更新的 MSG_RESULT_NO_UPD: 沒更新 MSG_RESULT_UPD_FAILED: 更新失敗 MSG_RESULT_VCHK_FAILED: 版本檢查失敗 # # The messages. # VERSIONLINE:[ $1 版本 $2 ] VERSIONLINE2:在主機 $3 執行 $1 版本 $2 VERSIONLINE3:執行 $1 版本 $2 RKH_STARTDATE:開始時間是 $1 RKH_ENDDATE:結束時間是 $1 OPSYS:偵測到的系統是 '$1' UNAME:Uname 輸出是 '$1' CONFIG_CHECK_START:檢查設定檔及命令列選項... CONFIG_CMDLINE:命令列是 $1 CONFIG_ENVSHELL:SHELL程式是 $1; rkhunter 正在使用 $2 CONFIG_CONFIGFILE:rkhunter設定檔是 '$1' CONFIG_INSTALLDIR:安裝目錄是'$1' CONFIG_LANGUAGE:使用的語言是 '$1' CONFIG_DBDIR:資料庫目錄 '$1' CONFIG_SCRIPTDIR:script目錄 '$1' CONFIG_BINDIR:執行檔目錄 '$1' CONFIG_ROOTDIR:根目錄 '$1' CONFIG_TMPDIR:暫存檔目錄 '$1' CONFIG_NO_MAIL_ON_WARN:沒有設置警告信的郵件位址 CONFIG_MOW_DISABLED:根據使用者設定,不使用警告信 CONFIG_MAIL_ON_WARN:使用命令'$2'給 '$1' 發警告信 CONFIG_SSH_ROOT:Rkhunter 的選項 ALLOW_SSH_ROOT_USER被設置成 '$1'. CONFIG_SSH_PROTV1:Rkhunter 選項被設置成可以使用版本1的SSH協定 CONFIG_X_AUTO:自動檢查X CONFIG_CLRSET2:使用第二個配色方法 CONFIG_NO_SHOW_SUMMARY:根據使用者設定,不顯示系統總結報告 CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV被設置為'$1' CONFIG_NO_VL:根據使用者設定,不詳細記錄 CONFIG_XINETD_PATH:使用 $1 設定檔 '$2' CONFIG_SOL10_INETD:使用Solaris 10 及以後的inetd機制 CONFIG_LOCAL_RC_DIR:使用系統的啟動目錄: $1 CONFIG_LOCAL_RC_FILE:使用本地的啟動目錄檔案: $1 CONFIG_ROTATE_MIRRORS:備援檔案將予以轉置 ONFIG_NO_ROTATE_MIRRORS:備援檔案將不被轉置 CONFIG_UPDATE_MIRRORS:備援檔案將被更新 CONFIG_NO_UPDATE_MIRRORS:備援檔案將不被更新 CONFIG_MIRRORS_MODE0:本地和遠端備援檔案將都被使用 CONFIG_MIRRORS_MODE1:只使用本地備援檔案 CONFIG_MIRRORS_MODE2:只使用遠端備援檔案 FOUND_CMD:找到 '$1' 命令: $2 NOT_FOUND_CMD:無法找到'$1' 命令 SYS_PRELINK:系統正在使用prelinking SYS_NO_PRELINK:系統不使用prelinking HASH_FUNC_PRELINK:為了檔案的 hash 檢查而使用 prelink 命令 (帶 $1) HASH_FUNC_PERL:使用 perl $1 模組來檢查檔案hash HASH_FUNC:checksum程式 '$1' HASH_FUNC_NONE:無法檢查檔案hash : 沒有指定 HASH_FUNC_NONE_PKGMGR:沒有指定檔案hash函數: 只能使用套件管理程式 HASH_FUNC_DISABLED:Hash函數設置為'NONE': 自動使檔案hash檢查無效 HASH_FUNC_OLD:使用hash函數 '$1'儲存hash值 HASH_FUNC_OLD_DISABLED:舊的的hash函數無效: 沒有hash值被儲存 HASH_PKGMGR_OLD::使用套件管理程式'$1'儲存hash值 HASH_PKGMGR_OLD_NONMD5:使用套件管理程式'$1'(md5 function)儲存hash值 HASH_PKGMGR_OLD_UNSET:不使用套件管理程式而儲存hash值 HASH_PKGMGR:使用套件管理程式 '$1' 檢查檔案屬性 HASH_PKGMGR_MD5:使用 MD5 hash 函數命令 '$1' 幫助套件管理程式進行驗證 HASH_PKGMGR_NOT_SPEC:沒有指定套件管理程式: 使用 hash 函數 '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:沒有指定套件管理程式: 使用帶 '$1' 的 prelink 命令 HASH_PKGMGR_USE_VRFY:套件管理程式驗證將用於檔案屬性的檢查結果 HASH_PKGMGR_NO_USE_VRFY:套件管理程式驗證將不用於檔案屬性的檢查結果 HASH_FIELD_INDEX:hash 函數的欄位索引被設置為 $1 HASHUPD_DISABLED:Hash 檢查失效: 目前的檔案hash值將不會儲存 HASHUPD_PKGMGR:使用套件管理程式 '$1' 來更新檔案hash值 HASHUPD_PKGMGR_NONE:沒有指定套件管理程式: 使用hash函數 '$1' HASHUPD_PKGMGR_NONE_PRELINKED:沒有指定套件管理程式: 使用帶'$1'的prelink命令 HASHUPD_PKGMGR_NOT_SPEC:沒有指定檔案 hash 更新套件管理程式: 使用 hash 函數 '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:沒有指定檔案 hash 更新套件管理程式: 使用帶 '$1'的 prelink 命令 HASHUPD_PKGMGR_MD5:使用MD5 hash函數命令'$1'作為套件管理程式 HASHUPD_PKGMGR_MD5_PRELINK:使用prelink命令 (帶 $1)作為套件管理程式 ATTRUPD_DISABLED:檔案屬性檢查失效: 目前的檔案屬性將不會儲存 ATTRUPD_NOSTAT:檔案屬性檢查失效: 沒有發現'stat'命令:目前的檔案屬性將不會儲存 ATTRUPD_OK:目前的檔案屬性將被儲存 ATTRUPD_OLD_DISABLED:舊的檔案屬性無效: 沒有檔案屬性儲存 ATTRUPD_OLD_NOSTAT:舊的檔案屬性無效: 沒有發現'stat'命令: 沒有檔案屬性被儲存 ATTRUPD_OLD_OK:儲存舊的檔案屬性 GRSECINSTALLED:發現有安裝GRSEC SYSLOG_ENABLED:啟用 syslog - facility/priority 等級是 '$1'. SYSLOG_DISABLED:根據使用者設定,不使用 syslog . SYSLOG_NO_LOGGER:無法使用 syslog - 無法找到 'logger' 命令. NAME:$1 PRESSENTER:[按 鍵繼續] TEST_SKIPPED_OS:因為 OS: $2,跳過檢查 '$1' SUMMARY_TITLE1:系統檢查結果 SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:檢查檔案屬性... SUMMARY_PROP_REQCMDS:要求的檢查命令失敗 SUMMARY_PROP_COUNT:檢查檔案: $1 SUMMARY_PROP_FAILED:可疑檔案: $1 SUMMARY_CHKS_SKIPPED:跳過所有檢查 SUMMARY_RKT_SCAN:檢查Rootkit... SUMMARY_RKT_COUNT:檢查Rootkits : $1 SUMMARY_RKT_FAILED:可能存在 rootkits: $1 SUMMARY_RKT_NAMES:Rootkit 名稱 : $1 SUMMARY_APPS_SCAN:應用程式檢查... SUMMARY_APPS_COUNT:應用程式檢查: $1 SUMMARY_APPS_FAILED:可疑的應用程式: $1 SUMMARY_SCAN_TIME:檢查系統時間: $1 SUMMARY_NO_SCAN_TIME:檢查系統時間: 無法計算系統時間 SUMMARY_LOGFILE:所有結果已被寫入到系統記錄檔($1) SUMMARY_NO_LOGFILE:沒有建立系統記錄檔. CREATED_TEMP_FILE:建立暫存檔目錄 '$1' MIRRORS_NO_FILE:備援檔案'$1'不存在 MIRRORS_NO_MIRRORS:備援檔案 '$1' 中沒有需要的備援. MIRRORS_NO_VERSION:備援檔案 '$1'中沒有版本編號 - 重新設置為0. MIRRORS_ROTATED:備援檔案 '$1' 已被更新. MIRRORS_SF_DEFAULT:使用 SourceForge 備援: $1 DOWNLOAD_CMD:執行下載命令 '$1' DOWNLOAD_FAIL:下載失敗 - $1 備援檔案無效. VERSIONCHECK_START:正在檢查 rkhunter 版本... VERSIONCHECK_FAIL_ALL:下載失敗: 無法確定最新的程式版本. VERSIONCHECK_CURRENT:目前的版本 : $1 VERSIONCHECK_LATEST:最新的版本: $1 VERSIONCHECK_LATEST_FAIL:最新版本: 下載失敗 VERSIONCHECK_UPDT_AVAIL:更新有效 VERSIONCHECK_CONV_FAIL:無法比較版本編號: 程式: '$1' Latest: '$2' UPDATE_START:正在檢查rkhunter 的資料檔案... UPDATE_CHECKING_FILE:正在檢查檔案$1 UPDATE_FILE_NO_VERS:檔案 '$1' 沒有有效的版本編號. 正下載一個新的副本. UPDATE_FILE_MISSING:檔案 '$1' 遺失或為空檔. 正下載一個新的副本. UPDATE_DOWNLOAD_FAIL:'$1'下載失敗: 無法確定最新的版本編號. UPDATE_I18N_NO_VERS:無法發現i18n語言檔案版本編號. OSINFO_START:檢查自上次檢查後系統是否有被變更... OSINFO_END:沒有發現任何變更 OSINFO_HOST_CHANGE1:自從上次檢查後,主機名稱已改變 OSINFO_HOST_CHANGE2:舊的主機名稱: $1 新的主機名稱: $2 OSINFO_OSVER_CHANGE1:自上次檢查後,系統名稱或版本已改變 OSINFO_OSVER_CHANGE2:舊的作業系統: $1 新的作業系統: $2 OSINFO_PRELINK_CHANGE:自上次檢查後,使用prelinking系統可能已改變為${1} OSINFO_ARCH_CHANGE1:系統的CPU類型可能已改變 OSINFO_ARCH_CHANGE2:舊的CPU: $1 新的CPU: $2 OSINFO_MSG1:因為這些改變,檔案屬性檢查可能有錯誤的結果. OSINFO_MSG2:你可能需要用'--propupd' 選項重新執行rkhunter SET_FILE_PROP_START: file properties正在取得檔案屬性... SET_FILE_PROP_DIR_FILE_COUNT:在$2發現$1 個檔案 SET_FILE_PROP_FILE_COUNT:檔案 $1: 搜尋了 $2 個檔案, 發現 $3 SET_FILE_PROP_FILE_COUNT_NOHASH:F檔案 $1: 搜尋了 $2 個檔案, 發現 $3, 遺失 hashes $4 PROPUPD_START:開始更新檔案屬性資料... PROPUPD_OSINFO_START:正在收集作業系統的訊息... PROPUPD_ARCH_FOUND:發現系統架構: $1 PROPUPD_REL_FILE:發現 release 檔案: $1 PROPUPD_NO_REL_FILE:不能找到release 檔案: LS 輸出顯示: PROPUPD_OSNAME_FOUND:發現作業系統名稱: $1 PROPUPD_ERROR:安裝新的 rkhunter.dat 檔案發生錯誤. 代碼 $1 PROPUPD_NEW_DAT_FILE:新的 rkhunter.dat 檔案已安裝在 '$1' PROPUPD_WARN:警告! 當使用 '--propupd' 選項時,使用者必須自行確定 PROPUPD_WARN:系統中所有的檔案是真實的、安裝的檔案來源是可靠的. PROPUPD_WARN:rkhunter '--check' 選項將目前的檔案屬性與先前 PROPUPD_WARN:儲存的值進行對比,並且報告任何的變動. 然而, rkhunter PROPUPD_WARN:無法確定是什麼原因造成了這些變動,需待使用者去確認. ENABLED_TESTS:啟用的測試是: $1 DISABLED_TESTS:不啟用的測試是: $1 KSYMS_FOUND:發現 ksym 檔案 '$1' KSYMS_MISSING:所有的 ksyms 和 kallsyms 檢查已被取消 - 這兩種檔案在系統中都不存在. STARTING_TEST:開始 '$1' 檢查 USER_DISABLED_TEST:使用者已取消 '$1' 檢查. CHECK_START:開始檢查系統... CHECK_WARNINGS_NOT_FOUND:在檢查系統過程中沒有警告產生. CHECK_WARNINGS_FOUND:檢查系統過程中發現一個或多個警告. CHECK_WARNINGS_FOUND_RERUN:請重新執行rkhunter,確認系統記錄檔已建立. CHECK_WARNINGS_FOUND_CHK_LOG:請檢查系統記錄檔 ($1) CHECK_SYS_COMMANDS:檢查系統命令... STRINGS_CHECK_START:執行 '字串' 命令檢查 STRINGS_SCANNING_OK:掃瞄字串 $1 STRINGS_SCANNING_BAD:掃瞄字串 $1 STRINGS_SCANNING_BAD:'字串' 命令中無法發現字串 STRINGS_CHECK:檢查 '字串' 命令 STRINGS_CHECK:跳過檢查 - 沒有發現 '字串' 命令. FILE_PROP_START:執行檔案屬性檢查 FILE_PROP_CMDS:檢查重要的基本程式 FILE_PROP_IMMUT_OS:跳過所有的 immutable-bit 檢查. 該檢查僅在 Linux 系統下有效. FILE_PROP_SKIP_ATTR:無法找到 'stat' 命令 - 所有的檔案屬性檢查將被跳過. FILE_PROP_SKIP_HASH:所有的檔案 hash 檢查將被跳過,因為 : FILE_PROP_SKIP_HASH_FUNC:目前的的 hash 函數 ($1) 或者套件管理程式 ($2) 與 hash 函數 ($3)不相容或套件管理程式 ($4) 被用於儲存這些值. FILE_PROP_SKIP_HASH_PRELINK:無法找到 'prelink' 命令. FILE_PROP_SKIP_HASH_SHA1:這個系統使用 prelinking, 但是 hash 函數命令 不像是 SHA1 or MD5. FILE_PROP_SKIP_HASH_LIBSAFE:沒發現 Libsafe , 這可能導致錯誤. 如果可能, 關閉 libsafe 並執行 prelink 命令. 最後, 使用 'rkhunter --propupd'重新建立 hash 值. FILE_PROP_SKIP_IMMUT:無法找到 'lsattr' 命令 - 所有的檔案 immutable-bit 檢查將被跳過. FILE_PROP_SKIP_SCRIPT:無法找到 'file' 命令 - 所有script代替檢查將被跳過. FILE_PROP_DAT_MISSING:儲存檔案屬性的檔案 (rkhunter.dat) 不存在, 所以必須建立它. 輸入命令 'rkhunter --propupd'建立. FILE_PROP_DAT_EMPTY:儲存檔案屬性的檔案 (rkhunter.dat) 是空的, 所以必須建立它. 輸入命令 'rkhunter --propupd'建立. FILE_PROP_SKIP_ALL:目前忽略所有檔案屬性的檢查. FILE_PROP_FILE_NOT_EXIST:系統中不存在 '$1' 檔案, 但是它存在於 rkhunter.dat 檔案. FILE_PROP_WL:發現檔案 '$1': 它存在於白名單中,用於 '$2' 檢查. FILE_PROP_NO_RKH_REC:系統中存在檔案 '$1' , 但是它不存在於 the rkhunter.dat 檔案. FILE_PROP_HASH_WL_INVALID:發現檔案 '$1': 白名單的 hash 值 ($2) 與目前的的 hash 值不相符. FILE_PROP_CHANGED:檔案屬性已改變: FILE_PROP_CHANGED2:檔案: $1 FILE_PROP_NO_PKGMGR_FILE:跳過檔案 '$1' hash 值: 檔案不屬於該套件 FILE_PROP_NO_SYSHASH:沒發現檔案 '$1'的hash值 FILE_PROP_NO_SYSHASH_CMD:Hash 命令輸出: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:嘗試使用命令 'prelink $1' 修復相依性錯誤. FILE_PROP_SYSHASH_UNAVAIL:目前的 hash: 無法取得 FILE_PROP_SYSHASH:目前的 hash: $1 FILE_PROP_RKHHASH:儲存 hash : $1 FILE_PROP_NO_RKHHASH:不能找到rkhunter.dat中檔案'$1' 的hash值. FILE_PROP_NO_RKHPERM:不能找到rkhunter.dat中檔案'$1' 的權限值. FILE_PROP_PERM_UNAVAIL:目前的權限: 無法取得 cvs -d:pserver:anonymous@rkhunter.cvs.sourceforge.net:/cvsroot/rkhunter 儲存的權限: $1 FILE_PROP_PERM:目前的權限: $1 儲存的權限: $2 FILE_PROP_UID_UNAVAIL:目前的 uid: 無法取得 儲存的 uid: $1 FILE_PROP_UID:目前的 uid: $1 儲存的 uid: $2 FILE_PROP_NO_RKHUID:在檔案rkhunter.dat中沒有找到檔案 '$1' 的user-id值. FILE_PROP_GID_UNAVAIL:目前的的 gid: 無法取得 儲存的 gid: $1 FILE_PROP_GID:目前的的 gid: $1 儲存的 gid: $2 FILE_PROP_NO_RKHGID:在檔案rkhunter.dat中沒有找到檔案 '$1' 的group-id值. FILE_PROP_INODE_UNAVAIL:目前的的 inode: 無法取得 儲存的 inode: $1 FILE_PROP_INODE:目前的的 inode: $1 儲存的 inode: $2 FILE_PROP_NO_RKHINODE:在檔案rkhunter.dat中沒有找到檔案 '$1' 的inode值. FILE_PROP_SYSDTM_UNAVAIL:目前的的檔案修改時間: 無法取得 FILE_PROP_SYSDTM:目前的檔案修改時間: $1 FILE_PROP_RKHDTM:儲存的檔案修改時間 : $1 FILE_PROP_NO_RKHDTM:在檔案rkhunter.dat中沒有找到檔案 '$1' 的修改時間值. FILE_PROP_NO_SYSATTR:無法取得 '$1' 的目前的屬性 FILE_PROP_WRITE:檔案 '$1'被設置為對所有使用者可寫. FILE_PROP_SYSPERM_UNAVAIL:無法取得檔案 '$1' 的目前的寫權限 FILE_PROP_IMMUT:檔案 '$1' 被設置了 immutable-bit . FILE_PROP_SCRIPT:命令 '$1' 已經被script: $2 代替 FILE_PROP_VRFY:套件管理程式驗證已失效: FILE_PROP_VRFY_HASH:檔案hash值已改變 FILE_PROP_VRFY_PERM:檔案權限已改變 FILE_PROP_VRFY_UID:檔案的擁有者屬性已改變 FILE_PROP_VRFY_GID:檔案組屬性已改變 FILE_PROP_VRFY_DTM:檔案的修改時間已改變 CHECK_ROOTKITS:正在檢查rootkit... ROOTKIT_FILES_DIRS_START:開始檢查目前已知的rootkit種類和相關目錄 ROOTKIT_FILES_DIRS_NAME_LOG:檢查 ${1}... ROOTKIT_FILES_DIRS_FILE:檢查檔案 '$1' ROOTKIT_FILES_DIRS_DIR:檢查目錄 '$1' ROOTKIT_FILES_DIRS_KSYM:檢查核心符號 '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:發現檔案 '$1' ROOTKIT_FILES_DIRS_DIR_FOUND:發現目錄 '$1' ROOTKIT_FILES_DIRS_KSYM_FOUND:發現核心符號 '$1' ROOTKIT_FILES_DIRS_STR:檢查字串 '$1' ROOTKIT_FILES_DIRS_STR_FOUND:在檔案 '$2'中發現字串'$1' ROOTKIT_FILES_DIRS_NOFILE:檔案 '$1' 不存在! ROOTKIT_FILES_DIRS_SINAR_DIR:檢查 '$1' ROOTKIT_FILES_DIRS_SINAR:在: $1中發現SInAR ROOTKIT_ADD_START:執行其它的rootkit檢查 ROOTKIT_ADD_SUCKIT:Suckit Rookit 額外的檢查 ROOTKIT_ADD_SUCKIT_LOG:執行Suckit Rookit 額外的檢查 ROOTKIT_ADD_SUCKIT_LINK:檢查/sbin/init 連結數量 ROOTKIT_ADD_SUCKIT_LINK_NOCMD:檢查 /sbin/init 連結數量: 沒發現 'stat' 命令 ROOTKIT_ADD_SUCKIT_LINK_ERR:檢查 /sbin/init 連結數量: 'stat' 命令錯誤 ROOTKIT_ADD_SUCKIT_LINK_FOUND:檢查 /sbin/init 連結數量: 數量是 $1, 它應當是 1 ROOTKIT_ADD_SUCKIT_EXT:檢查隱藏檔案 ROOTKIT_ADD_SUCKIT_EXT_FOUND:檢查隱藏檔案: 發現: $1 ROOTKIT_ADD_SUCKIT_SKDET:執行 skdet 命令 ROOTKIT_ADD_SUCKIT_SKDET_FOUND:執行 skdet 命令: 發現: $1 ROOTKIT_ADD_SUCKIT_SKDET_VER:執行 skdet 命令: 未知版本: $1 ROOTKIT_POSS_FILES_DIRS:檢查可能存在的rootkit及其目錄 ROOTKIT_POSS_FILES_DIRS_LOG:執行檢查可能存在的rootkit檔案及其目錄 ROOTKIT_POSS_FILES_FILE_FOUND:發現檔案 '$1'. 可能存在rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:發現目錄 '$1'. 可能存在rootkit: $2 ROOTKIT_POSS_STRINGS:檢查判定rootkit可能存在的字串 ROOTKIT_POSS_STRINGS_LOG:執行檢查判定rootkit可能存在的字串 ROOTKIT_POSS_STRINGS_FOUND:在檔案 '$2'中發現字串'$1' . 可能還在rootkit: $3 ROOTKIT_MALWARE_START:執行惡意軟體檢查 ROOTKIT_MALWARE_SUSP_FILES:檢查執行中的行程是否為可疑的檔案 ROOTKIT_MALWARE_SUSP_FILES_FOUND:發現一個或多個這樣的檔案: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND:檢查 lsof 命令 'lsof -F n -w -n' 的輸出 ROOTKIT_MALWARE_HIDDEN_PROCS:檢查隱藏行程 ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:發現隱藏的行程: $1 ROOTKIT_MALWARE_DELETED_FILES:在正執行行程中檢查 deleted 檔案 ROOTKIT_MALWARE_DELETED_FILES_FOUND:以下行程正在使用 deleted 檔案: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:行程: $1 PID: $2 檔案: $3 ROOTKIT_MALWARE_LOGIN_BDOOR:檢查 login 後門 ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:執行檢查 login 後門 ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:檢查 '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:發現 login 後門檔案: $1 ROOTKIT_MALWARE_SUSP_DIR:檢查可疑目錄 ROOTKIT_MALWARE_SUSP_DIR_LOG:執行可疑目錄的檢查 ROOTKIT_MALWARE_SUSP_DIR_FOUND:發現可疑的目錄: $1 ROOTKIT_MALWARE_SFW_INTRUSION:檢查軟體入侵 ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:檔案 '$1' 中套件含有字串 '$2'. 可能存在rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:跳過檢查 - tripwire 沒有安裝 ROOTKIT_MALWARE_SNIFFER:檢查 sniffer 系統記錄檔 ROOTKIT_MALWARE_SNIFFER_LOG:執行 sniffer 系統記錄檔的檢查 ROOTKIT_MALWARE_SNIFFER_FOUND:發現可疑的sniffer 系統記錄檔: $1 ROOTKIT_TROJAN_START:執行木馬程式的檢查 ROOTKIT_TROJAN_INETD:檢查啟動的 inetd 服務 ROOTKIT_TROJAN_INETD_SKIP:跳過檢查 - 檔案 '$1' 不存在. ROOTKIT_TROJAN_INETD_FOUND:發現已啟動的 inetd 服務: $1 ROOTKIT_TROJAN_XINETD:檢查啟動的 xinetd 服務 ROOTKIT_TROJAN_XINETD_LOG:執行已啟動的 xinetd 服務的檢查 ROOTKIT_TROJAN_XINETD_ENABLED:在 '$1' 中檢查已啟動的服務 ROOTKIT_TROJAN_XINETD_INCLUDE:發現 'include $1' 指令 ROOTKIT_TROJAN_XINETD_INCLUDEDIR:發現 'includedir $1' 指令 ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:發現啟動的 xinetd 服務: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:發現服務 '$1': 它位於 $2 白名單. ROOTKIT_TROJAN_APACHE:檢查 Apache 的後門 ROOTKIT_TROJAN_APACHE_SKIPPED:跳過Apache 後門的檢查: 沒發現Apache 模組和設置目錄. ROOTKIT_TROJAN_APACHE_FOUND:發現Apache 後門模組 'mod_rootme' : $1 ROOTKIT_OS_START:執行 $1 深入的檢查 ROOTKIT_OS_SKIPPED:沒有可用的深入檢查 ROOTKIT_OS_BSD_SOCKNET:檢查 sockstat 和 netstat 命令 ROOTKIT_OS_BSD_SOCKNET_FOUND: sockstat 和 netstat 的輸出發現不同: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 輸出: $2 ROOTKIT_OS_FREEBSD_KLD:檢查 KLD 後門 ROOTKIT_OS_FREEBSD_KLD_FOUND:發現可疑的 FreeBSD KLD 後門. 'kldstat -v' 命令顯示字串 '$1' ROOTKIT_OS_FREEBSD_PKGDB:檢查套件資料庫 ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:套件資料庫似乎有問題. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:這可能不是安全問題, 但是執行 'pkgdb -F' 可能有助於診斷問題. ROOTKIT_OS_LINUX_LKM:檢查核心模組命令 ROOTKIT_OS_LINUX_LKM_FOUND: lsmod 命令 和 /proc/modules 檔案之間發現不同的地方: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 輸出: $2 ROOTKIT_OS_LINUX_LKM_EMPTY: 沒有發現 lsmod 命令 和或 /proc/modules 檔案的輸出: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:模組檔案 '$1' 已遺失. ROOTKIT_OS_LINUX_LKMNAMES:檢查核心模組名稱 ROOTKIT_OS_LINUX_LKMNAMES_PATH:使用模組路徑名 '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:在 '$1'中發現已知的惡意核心模組: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:核心模組目錄 '$1' 遺失 CHECK_LOCALHOST:檢查本地主機... STARTUP_FILES_START:執行系統開機檢查 STARTUP_HOSTNAME:檢查本地主機名稱 STARTUP_NO_HOSTNAME:沒發現主機名稱. STARTUP_LOCAL_RC_FILE:檢查本地啟動檔案 STARTUP_FOUND_LOCAL_RC_FILE:發現本地啟動檔案: $1 STARTUP_NO_LOCAL_RC_FILE:沒發現本地啟動檔案. STARTUP_CHECK_LOCAL_RC:檢查本地啟動檔案是否涉及有害程式 STARTUP_CHECK_SYSTEM_RC:檢查系統啟動檔案是否涉及有害程式 STARTUP_CHECK_SYSTEM_RC_FOUND:發現系統啟動目錄: $1 STARTUP_CHECK_SYSTEM_RC_NONE:沒發現系統啟動檔案. ACCOUNTS_START:執行使用者群組和帳號檢查 ACCOUNTS_PWD_FILE_CHECK:檢查密碼檔案 ACCOUNTS_FOUND_PWD_FILE:發現密碼檔案: $1 ACCOUNTS_NO_PWD_FILE:密碼檔案 $1 不存在. ACCOUNTS_UID0:檢查等同於root (UID 0) 帳號 ACCOUNTS_UID0_WL:發現等同於root 帳號 '$1': 它位於白名單中. ACCOUNTS_UID0_FOUND:帳號 '$1' 是等同於root (UID = 0) ACCOUNTS_SHADOW_FILE:發現 shadow 檔案: $1 ACCOUNTS_PWDLESS:檢查空密碼的帳號 ACCOUNTS_PWDLESS_FOUND:發現空密碼帳號: $1 ACCOUNTS_NO_SHADOW_FILE:沒發現 shadow/password 檔案. PASSWD_CHANGES:檢查密碼檔案的變化 PASSWD_CHANGES_NO_TMP:無法檢查密碼檔案的異常: 密碼檔案的副本不存在. PASSWD_CHANGES_ADDED:有使用者被加到密碼檔案中: PASSWD_CHANGES_REMOVED:有使用者從密碼檔案中移除: GROUP_CHANGES:檢查使用者群組檔案的變化 GROUP_CHANGES_NO_FILE:使用者群組檔案 $1 不存在. GROUP_CHANGES_NO_TMP:無法檢查使用者群組檔案的變化: 使用者群組檔案的副本不存在. GROUP_CHANGES_ADDED:有使用者被加進用使用者群組檔案: GROUP_CHANGES_REMOVED:組已被從使用者群組檔案中刪除: HISTORY_CHECK:檢查root帳號的shell歷史記錄 HISTORY_CHECK_FOUND:Root 帳號 $1 shell 歷史記錄是一個符號連結: $2 SYSTEM_CONFIGS_START:執行系統設定檔檢查 SYSTEM_CONFIGS_FILE:檢查 $1 設定檔 SYSTEM_CONFIGS_FILE_FOUND:發現 $1 設定檔: $2 SYSTEM_CONFIGS_SSH_ROOT:檢查SSH是否可用root登入 SYSTEM_CONFIGS_SSH_ROOT_FOUND: SSH 和 rkhunter 的設定選頂應當相同: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH 設定選項 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter 設定選項 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND: 還沒設置SSH 設定選項 'PermitRootLogin' . SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:預設值可能是 'yes', 可用root登入. SYSTEM_CONFIGS_SSH_PROTO:檢查是否使用 SSH v1版協定 SYSTEM_CONFIGS_SSH_PROTO_FOUND:SSH的設定檔SSH ($1)已使用SSH v1協定生效. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND: SSH 設定選項 'Protocol' 還沒設置. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:預設值可能是 '2,1', 可以使用 v1協定. SYSTEM_CONFIGS_SYSLOG:檢查是否執行syslog daemon SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:syslog daemon 沒有執行. SYSTEM_CONFIGS_SYSLOG_METALOG_RUNNING:The syslog daemon 沒有執行, 但是已經發現一個metalog daemon. SYSTEM_CONFIGS_SYSLOG_NO_FILE:syslog daemon 正在執行, 但是無法發現設定檔. SYSTEM_CONFIGS_SYSLOG_REMOTE:檢查是否可以使用 syslog 遠端記錄 SYSTEM_CONFIGS_SYSLOG_REMOTE_FOUND:Syslog 設定檔可以遠端登入: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter 設定選項 'ALLOW_SYSLOG_REMOTE_LOGGING' 已經生效. FILESYSTEM_START:執行檔案系統檢查中....請稍待.... FILESYSTEM_DEV_CHECK:/dev 可疑檔案類型檢查 FILESYSTEM_DEV_CHECK_NO_DEV:/dev 不存在. FILESYSTEM_DEV_FILE_WL:發現檔案 '$1': 它存在於白名單中. FILESYSTEM_DEV_FILE_FOUND:在 ${1}中發現可疑檔案: FILESYSTEM_HIDDEN_DIR_WL:發現隱藏的目錄'$1': 它存在於白名單中.名單中. FILESYSTEM_HIDDEN_FILE_WL:Found hidden file '$1': it is whitelisted. FILESYSTEM_HIDDEN_CHECK:檢查隱藏的檔案和目錄 FILESYSTEM_HIDDEN_DIR_FOUND:發現隱藏的目錄: $1 FILESYSTEM_HIDDEN_FILE_FOUND:發現隱藏的檔案: $1 CHECK_APPS:檢查應用程式的版本... APPS_NONE_FOUND:發現未知的應用程式 - 跳過所有的檢查. APPS_DAT_MISSING:跳過所有的應用程式版本檢查. APPS_DAT_MISSING:不安全應用程式版本 (programs_bad.dat) 遺失或為空. APPS_DAT_MISSING:如果它已經被刪除, 你得執行 'rkhunter --update'. APPS_NOT_FOUND:沒發現應用程式 '$1' . APPS_CHECK:檢查 $1 的版本 APPS_CHECK_VERSION_UNKNOWN:無法取得 '$1'的版本編號. APPS_CHECK_VERSION_FOUND:發現應用程式 '$1' 版本編號 '$2' . APPS_CHECK_VERSION_WL:發現應用程式 '$1' 版本 '$2': 這個版本位於白名單. APPS_CHECK_WHOLE_VERSION_USED:無法取得 '$1'的版本編號: 版本選項顯示: $2 APPS_CHECK_FOUND:應用程式 '$1', 版本編號 '$2', 已過時, 有潛在的安全風險. APPS_TOTAL_COUNT:應用程式檢查: 在 $2 個應用程式中, 有 $1 個要注意 CHECK_NETWORK:檢查網路... NETWORK_PORTS_START:執行後門通訊埠的檢查 NETWORK_PORTS_FILE_MISSING:跳過所有後門通訊埠的檢查. NETWORK_PORTS_FILE_MISSING:已知後門通訊埠檔案 (backdoorports.dat) 遺失或為空白. NETWORK_PORTS_FILE_MISSING:如果它已被刪除,你必須執行命令 'rkhunter --update'. NETWORK_PORTS_FILE_NO_NETSTAT:跳過所有後門通訊埠的檢查. NETWORK_PORTS_FILE_NO_NETSTAT:無法找到 'netstat' 命令 NETWORK_PORTS:檢查 $1 通訊埠 ${2} NETWORK_PORTS_FOUND:網路 $1 通訊埠 $2 已被使用. 可能的rootkit: $3 NETWORK_PORTS_FOUND:執行 'netstat -an' 命令去檢查它. NETWORK_INTERFACE_START:執行網路介面的檢查 NETWORK_PROMISC_CHECK:檢查 promiscuous 介面 NETWORK_PROMISC_NO_IFCONFIG:Promiscuous 網路介面被跳過 - 無法找到 'ifconfig' 命令. NETWORK_PROMISC_NO_IP:使用'ip' 命令檢查Promiscuous 網路介面 - 無法找到 'ip' 命令. NETWORK_PROMISC_IF:可能的promiscuous 介面: NETWORK_PROMISC_IF_1:'ifconfig' 命令輸出: $1 NETWORK_PROMISC_IF_2:'ip' 命令輸出: $1 NETWORK_PACKET_CAP_CHECK:檢查封包攔截程式 NETWORK_PACKET_CAP_CHECK_NO_FILE:封包攔截程式的檢查被跳過 - 檔案 '$1' 遺失. NETWORK_PACKET_CAP_FOUND:行程 '$1' (PID $2) 正在網路上監聽. NETWORK_PACKET_CAP_WL:發現行程 '$1': 它存在於白名單中. SHARED_LIBS_START:執行 '函式庫' 的檢查 SHARED_LIBS_PRELOAD_VAR:檢查預先載入的變數 SHARED_LIBS_PRELOAD_VAR_FOUND:發現預先載入的變數: $1 SHARED_LIBS_PRELOAD_FILE:檢查預先載入的檔案 SHARED_LIBS_PRELOAD_FILE_FOUND:發現library preload 檔案: $1 SHARED_LIBS_PATH:檢查 LD_LIBRARY_PATH 變數 SHARED_LIBS_PATH_BAD: LD_LIBRARY_PATH 環境變數被設置,它會影響二進位程式: 被設置為: $1 SUSPSCAN_CHECK:檢查具有可疑內容的檔案 SUSPSCAN_DIR_NOT_EXIST:目錄 '$1' 不存在. SUSPSCAN_INSPECT:檔案 '$1' (score: $2) 套件含有可疑的內容,它將被檢查. SUSPSCAN_START:執行帶有可疑內容檔案的檢查 SUSPSCAN_DIRS:待檢查的目錄是: $1 SUSPSCAN_NO_DIRS:沒有指定目錄: 使用用預設 ($1) SUSPSCAN_TEMP:使用暫存檔目錄: $1 SUSPSCAN_NO_TEMP:沒指定暫存檔案目錄: 使用用預設的 ($1) SUSPSCAN_TEMP_NOT_EXIST:The suspscan 暫存檔目錄不存在: $1 SUSPSCAN_TEMP_NO_WRITE:The suspscan 暫存目錄無寫入權: $1 SUSPSCAN_SIZE:可檢查的最大檔案大小 (以位元組為單位): '$1' SUSPSCAN_NO_SIZE:沒指定最大的檔案大小: 使用預設值($1) SUSPSCAN_SIZE_INVALID:此Suspscan 最大的檔案大小無效: $1 SUSPSCAN_THRESH:積分上限設置為: $1 SUSPSCAN_NO_THRESH:沒有指定積分上限: 使用預設值 ($1) SUSPSCAN_THRESH_INVALID:此 Suspscan 積分上限是無效的: $1 SUSPSCAN_DIR_CHECK:檢查目錄: '$1' SUSPSCAN_DIR_CHECK_NO_FILES:沒有適當的檔案檢查. SUSPSCAN_FILE_CHECK:檔案檢查: Name: '$1' Score: $2 SUSPSCAN_FILE_CHECK_DEBUG:檔案檢查: Name: '$1' Score: $2 Hitcount: $3 Hits: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:忽略檔案: 空白: '$1' SUSPSCAN_FILE_SKIPPED_LINK:忽略檔案: 符號連接檔: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:忽略檔案: 錯誤類型: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:忽略檔案: 太大: '$1' SUSPSCAN_FILE_LINK_CHANGE:發現符號連接檔: '$1' -> '$2' LIST_TESTS:有效的測試名稱: LIST_GROUPED_TESTS:分組檢查名稱: LIST_LANGS:可用的語言: LIST_RTKTS:檢查rootkit # #If any problem related with this zh version message,please mail to #ols3@lxer.idv.tw. I will fix them as soon as possible. #如果有任何關於繁體中文版本翻譯的問題,請聯繫 ols3@lxer.idv.tw #我將會盡快予以修正. # #本翻譯檔參考自linux_fqh@yahoo.com.cn所譯的簡體版本,特此感謝他. # rkhunter-1.4.2/files/i18n/en0000644000000000000000000011043312302517332014264 0ustar rootrootVersion:2013112401 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:Info MSG_TYPE_WARNING:Warning # # This is the list of message results. # MSG_RESULT_OK:OK MSG_RESULT_SKIPPED:Skipped MSG_RESULT_WARNING:Warning MSG_RESULT_FOUND:Found MSG_RESULT_NOT_FOUND:Not found MSG_RESULT_NONE_FOUND:None found MSG_RESULT_ALLOWED:Allowed MSG_RESULT_NOT_ALLOWED:Not allowed MSG_RESULT_UNSET:Not set MSG_RESULT_WHITELISTED:Whitelisted MSG_RESULT_NONE_MISSING:None missing MSG_RESULT_UPD:Updated MSG_RESULT_NO_UPD:No update MSG_RESULT_UPD_FAILED:Update failed MSG_RESULT_VCHK_FAILED:Version check failed # # The messages. # VERSIONLINE:[ $1 version $2 ] VERSIONLINE2:Running $1 version $2 on $3 VERSIONLINE3:Running $1 version $2 RKH_STARTDATE:Start date is $1 RKH_ENDDATE:End date is $1 OPSYS:Detected operating system is '$1' UNAME:Uname output is '$1' CONFIG_CHECK_START:Checking configuration file and command-line options... CONFIG_CMDLINE:Command line is $1 CONFIG_DEBUGFILE:Debug file is $1 CONFIG_ENVSHELL:Environment shell is $1; rkhunter is using $2 CONFIG_CONFIGFILE:Using configuration file '$1' CONFIG_LOCALCONFIGFILE:Using local configuration file '$1' CONFIG_LOCALCONFIGDIR:Using local configuration directory '$1': $2 file$3 found CONFIG_INSTALLDIR:Installation directory is '$1' CONFIG_LANGUAGE:Using language '$1' CONFIG_DBDIR:Using '$1' as the database directory CONFIG_SCRIPTDIR:Using '$1' as the support script directory CONFIG_BINDIR:Using '$1' as the command directories CONFIG_TMPDIR:Using '$1' as the temporary directory CONFIG_NO_MAIL_ON_WARN:No mail-on-warning address configured CONFIG_MOW_DISABLED:Disabling use of mail-on-warning at users request CONFIG_MAIL_ON_WARN:Emailing warnings to '$1' using command '$2' CONFIG_SSH_ROOT:Rkhunter option ALLOW_SSH_ROOT_USER set to '$1'. CONFIG_SSH_PROTV1:Rkhunter option ALLOW_SSH_PROT_V1 set to '$1'. CONFIG_X_AUTO:X will be automatically detected CONFIG_CLRSET2:Using second color set CONFIG_NO_SHOW_SUMMARY:Disabling system check summary at users request CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV set to '$1' CONFIG_LOG_FILE:Logging to log file: $1 CONFIG_NO_VL:Disabling verbose logging at users request CONFIG_APPEND_LOG:Current logging will be appended to the log file CONFIG_COPY_LOG:The log file will be copied if there are any errors CONFIG_XINETD_PATH:Using $1 configuration file '$2' CONFIG_SOL10_INETD:Using Solaris 10 and later inetd mechanism CONFIG_STARTUP_PATHS:Using system startup paths: $1 CONFIG_ROTATE_MIRRORS:The mirrors file will be rotated CONFIG_NO_ROTATE_MIRRORS:The mirrors file will not be rotated CONFIG_UPDATE_MIRRORS:The mirrors file will be updated CONFIG_NO_UPDATE_MIRRORS:The mirrors file will not be updated CONFIG_MIRRORS_MODE0:Both local and remote mirrors will be used CONFIG_MIRRORS_MODE1:Only local mirrors will be used CONFIG_MIRRORS_MODE2:Only remote mirrors will be used FOUND_CMD:Found the '$1' command: $2 NOT_FOUND_CMD:Unable to find the '$1' command CMD_ERROR:The command '$1' gave error code $2. SYS_PRELINK:System is using prelinking SYS_NO_PRELINK:System is not using prelinking SYS_SELINUX:SELinux is enabled SYS_NO_SELINUX:SELinux is disabled HASH_FUNC_PRELINK:Using the prelink command (with $1) for the file hash checks HASH_FUNC_PERL:Using the perl $1 module for the file hash checks HASH_FUNC_PERL_SHA:Using the perl $1 module (with $2) for the file hash checks HASH_FUNC:Using the '$1' command for the file hash checks HASH_FUNC_NONE:File hash checks disabled: NONE specified HASH_FUNC_NONE_PKGMGR:File hash function NONE specified: only package manager will be used HASH_FUNC_DISABLED:Hash function set to 'NONE': automatically disabling file hash checks HASH_FUNC_OLD:Stored hash values used hash function '$1' HASH_FUNC_OLD_DISABLED:Previous hash function was disabled: no hash values were stored HASH_PKGMGR_OLD:Stored hash values used package manager '$1' HASH_PKGMGR_OLD_UNSET:Stored hash values did not use a package manager HASH_PKGMGR:Using package manager '$1' for file property checks HASH_PKGMGR_MD5:Using MD5 hash function command '$1' to assist package manager verification HASH_PKGMGR_SUM:Using the stored 16-bit checksum for package verification HASH_PKGMGR_NOT_SPEC:No package manager specified: using hash function '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:No package manager specified: using prelink command with '$1' HASH_FIELD_INDEX:The hash function field index is set to $1 HASHUPD_DISABLED:Hash checks disabled: current file hash values will not be stored HASHUPD_PKGMGR:Using package manager '$1' to update the file hash values HASHUPD_PKGMGR_NOT_SPEC:No file hash update package manager specified: using hash function '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:No file hash update package manager specified: using prelink command with '$1' ATTRUPD_DISABLED:File attribute checks disabled: current file attributes will not be stored ATTRUPD_NOSTATCMD:File attribute checks disabled: no 'stat' command found: current file attributes will not be stored ATTRUPD_OK:Current file attributes will be stored ATTRUPD_OLD_DISABLED:Previous file attributes were disabled: no file attributes were stored ATTRUPD_OLD_NOSTATCMD:Previous file attributes were disabled: no 'stat' command found: no file attributes were stored ATTRUPD_OLD_OK:Previous file attributes were stored RKHDAT_ADD_NEW_ENTRY:Adding file entry to the 'rkhunter.dat' file: $1 RKHDAT_DEL_OLD_ENTRY:Deleting non-existent file entry from the 'rkhunter.dat' file: $1 SYSLOG_ENABLED:Using syslog for some logging - facility/priority level is '$1'. SYSLOG_DISABLED:Disabling use of syslog at users request. SYSLOG_NO_LOGGER:Disabling use of syslog - unable to find 'logger' command. NAME:$1 PRESSENTER:[Press to continue] TEST_SKIPPED_OS:Test '$1' skipped due to O/S: $2 SUMMARY_TITLE1:System checks summary SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:File properties checks... SUMMARY_PROP_REQCMDS:Required commands check failed SUMMARY_PROP_COUNT:Files checked: $1 SUMMARY_PROP_FAILED:Suspect files: $1 SUMMARY_CHKS_SKIPPED:All checks skipped SUMMARY_RKT_SCAN:Rootkit checks... SUMMARY_RKT_COUNT:Rootkits checked : $1 SUMMARY_RKT_FAILED:Possible rootkits: $1 SUMMARY_RKT_NAMES:Rootkit names : $1 SUMMARY_APPS_SCAN:Applications checks... SUMMARY_APPS_COUNT:Applications checked: $1 SUMMARY_APPS_FAILED:Suspect applications: $1 SUMMARY_SCAN_TIME:The system checks took: $1 SUMMARY_NO_SCAN_TIME:The system check took: Unable to determine clock time SUMMARY_LOGFILE:All results have been written to the log file: $1 SUMMARY_NO_LOGFILE:No log file created. SUMMARY_LOGFILE_COPIED:Log file copied to $1 CREATED_TEMP_FILE:Created temporary file '$1' MIRRORS_NO_FILE:The mirrors file does not exist: $1 MIRRORS_NO_MIRRORS:The mirrors file has no required mirrors in it: $1 MIRRORS_NO_VERSION:The mirrors file has no version number - resetting to zero: $1 MIRRORS_ROTATED:The mirrors file has been rotated: $1 MIRRORS_SF_DEFAULT:Using the SourceForge mirror: $1 DOWNLOAD_CMD:Executing download command '$1' DOWNLOAD_FAIL:Download failed - $1 mirror(s) left. VERSIONCHECK_START:Checking rkhunter version... VERSIONCHECK_FAIL_ALL:Download failed: Unable to determine the latest program version number. VERSIONCHECK_CURRENT:This version : $1 VERSIONCHECK_LATEST:Latest version: $1 VERSIONCHECK_LATEST_FAIL:Latest version: Download failed VERSIONCHECK_UPDT_AVAIL:Update available VERSIONCHECK_CONV_FAIL:Unable to compare version numbers: Program: '$1' Latest: '$2' UPDATE_START:Checking rkhunter data files... UPDATE_CHECKING_FILE:Checking file $1 UPDATE_FILE_NO_VERS:File '$1' has no valid version number. Downloading a new copy. UPDATE_FILE_MISSING:File '$1' is missing or empty. Downloading a new copy. UPDATE_DOWNLOAD_FAIL:Download of '$1' failed: Unable to determine the latest version number. UPDATE_I18N_NO_VERS:No i18n language file version numbers can be found. UPDATE_SKIPPED:Language file update skipped at users request. OSINFO_START:Checking if the O/S has changed since last time... OSINFO_END:Nothing seems to have changed. OSINFO_HOST_CHANGE1:The host name has changed since the last run: OSINFO_HOST_CHANGE2:Old host value: $1 New value: $2 OSINFO_OSVER_CHANGE1:The O/S name or version has changed since the last run: OSINFO_OSVER_CHANGE2:Old O/S value: $1 New value: $2 OSINFO_PRELINK_CHANGE:The system has changed to ${1}using prelinking since the last run. OSINFO_ARCH_CHANGE1:The system seems to have changed CPU type: OSINFO_ARCH_CHANGE2:Old CPU value: $1 New value: $2 OSINFO_MSG1:Because of the change(s) the file properties checks may give some false-positive results. OSINFO_MSG2:You may need to re-run rkhunter with the '--propupd' option. OSINFO_DO_UPDT:The file properties file will be automatically updated. SET_FILE_PROP_START:Getting file properties... SET_FILE_PROP_DIR_FILE_COUNT:Found $1 files in $2 SET_FILE_PROP_FILE_COUNT:File $1: searched for $2 files, found $3 SET_FILE_PROP_FILE_COUNT_BL:File $1: searched for $2 files, found $3, broken links $4 SET_FILE_PROP_FILE_COUNT_PROPOPT:File $1: searched for $2 files, found $3 of $4 SET_FILE_PROP_FILE_COUNT_PROPOPT_BL:File $1: searched for $2 files, found $3 of $4, broken links $5 SET_FILE_PROP_FILE_COUNT_NOHASH:File $1: searched for $2 files, found $3, missing hashes $4 SET_FILE_PROP_FILE_COUNT_NOHASH_BL:File $1: searched for $2 files, found $3, missing hashes $4, broken links $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT:File $1: searched for $2 files, found $3 of $4, missing hashes $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT_BL:File $1: searched for $2 files, found $3 of $4, missing hashes $5, broken links $6 PROPUPD_START:Starting file properties data update... PROPUPD_OSINFO_START:Collecting O/S info... PROPUPD_ARCH_FOUND:Found system architecture: $1 PROPUPD_REL_FILE:Found release file: $1 PROPUPD_NO_REL_FILE:Unable to find a release file: LS output shows: PROPUPD_OSNAME_FOUND:Found O/S name: $1 PROPUPD_ERROR:Error installing new 'rkhunter.dat' file. Code $1 PROPUPD_NEW_DAT_FILE:New 'rkhunter.dat' file installed in '$1' PROPUPD_WARN:WARNING! It is the users responsibility to ensure that when the '--propupd' option PROPUPD_WARN:is used, all the files on their system are known to be genuine, and installed from a PROPUPD_WARN:reliable source. The rkhunter '--check' option will compare the current file properties PROPUPD_WARN:against previously stored values, and report if any values differ. However, rkhunter PROPUPD_WARN:cannot determine what has caused the change, that is for the user to do. ENABLED_TESTS:Enabled tests are: $1 DISABLED_TESTS:Disabled tests are: $1 USER_FILE_LIST:Including user files for file properties check: USER_CMD_LIST:Including user commands for file properties check: USER_DIR_LIST:Including user directories for file properties check: USER_EXCLUDE_PROP:Excluding from file properties check: KSYMS_FOUND:Found ksym file '$1' KSYMS_UNAVAIL:All ksyms and kallsyms checks will be skipped - the file is unreadable. KSYMS_MISSING:All ksyms and kallsyms checks will be skipped - neither file is present on the system. STARTING_TEST:Starting test name '$1' USER_DISABLED_TEST:Test '$1' disabled at users request. CHECK_START:Starting system checks... CHECK_WARNINGS_NOT_FOUND:No warnings were found while checking the system. CHECK_WARNINGS_NOT_FOUND0:0 warnings were found while checking the system. CHECK_WARNINGS_FOUND:One or more warnings have been found while checking the system. CHECK_WARNINGS_FOUND_NUMBER:$1 warnings have been found while checking the system. CHECK_WARNINGS_FOUND_NUMBER1:1 warning has been found while checking the system. CHECK_WARNINGS_FOUND_RERUN:Please re-run rkhunter, ensuring that a log file is created. CHECK_WARNINGS_FOUND_CHK_LOG:Please check the log file ($1) CHECK_SYS_COMMANDS:Checking system commands... STRINGS_CHECK_START:Performing 'strings' command checks STRINGS_SCANNING_OK:Scanning for string $1 STRINGS_SCANNING_BAD:Scanning for string $1 STRINGS_SCANNING_BAD:String not found in 'strings' command STRINGS_CHECK:Checking 'strings' command STRINGS_CHECK:Check skipped - no 'strings' command found. FILE_PROP_START:Performing file properties checks FILE_PROP_CMDS:Checking for prerequisites FILE_PROP_IMMUT_OS:Skipping all immutable-bit checks. This check is only available for Linux systems. FILE_PROP_IMMUT_SET:The immutable-bit check will be reversed. FILE_PROP_SKIP_ATTR:Unable to find 'stat' command - all file attribute checks will be skipped. FILE_PROP_SKIP_HASH:All file hash checks will be skipped because: FILE_PROP_SKIP_HASH_FUNC:The current hash function ($1) or package manager ($2) is incompatible with the hash function ($3) or package manager ($4) used to store the values. FILE_PROP_SKIP_HASH_PRELINK:Unable to find 'prelink' command. FILE_PROP_SKIP_HASH_SHA1:This system uses prelinking, but the hash function command does not look like SHA1 or MD5. FILE_PROP_SKIP_HASH_LIBSAFE:Libsafe was found, which can cause errors. If possible, disable libsafe and then run the prelink command. Finally, recreate the hash values using 'rkhunter --propupd'. FILE_PROP_SKIP_IMMUT:Unable to find 'lsattr' command - all file immutable-bit checks will be skipped. FILE_PROP_SKIP_IMMUT_CMD:No output from the '$1' command - all file immutable-bit checks will be skipped. FILE_PROP_SKIP_SCRIPT:Unable to find 'file' command - all script replacement checks will be skipped. FILE_PROP_SKIP_FILE_CMD:No output from the 'file' command - all script replacement checks will be skipped. FILE_PROP_NO_OS_WARNING:Warnings of any O/S change have been disabled at the users request. FILE_PROP_OS_CHANGED:The local host configuration or operating system has changed. FILE_PROP_DAT_MISSING:The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'. FILE_PROP_DAT_EMPTY:The file of stored file properties (rkhunter.dat) is empty, and should be created. To do this type in 'rkhunter --propupd'. FILE_PROP_SKIP_ALL:All file property checks are now being skipped. FILE_PROP_DAT_MISSING_INFO:The file properties check will still run as there are checks that can be performed without the 'rkhunter.dat' file. FILE_PROP_FILE_NOT_EXIST:The file '$1' does not exist on the system, but it is present in the 'rkhunter.dat' file. FILE_PROP_WL:Found file '$1': it is whitelisted for the '$2' check. FILE_PROP_WL_STR:Found file '$1' and string '$2': they are whitelisted for the '$3' check. FILE_PROP_WL_DIR:Found directory '$1': it is whitelisted for the '$2' check. FILE_PROP_NO_RKH_REC:The file '$1' exists on the system, but it is not present in the 'rkhunter.dat' file. FILE_PROP_CHANGED:The file properties have changed: FILE_PROP_CHANGED2:File: $1 FILE_PROP_NO_PKGMGR_FILE:File '$1' hash value skipped: file does not belong to a package FILE_PROP_NO_SYSHASH:No hash value found for file '$1' FILE_PROP_NO_SYSHASH_BL:The file is a broken link: $1 -> $2 FILE_PROP_BROKEN_LINK_WL_TGT:Found a broken link, but the targets existence is whitelisted: $1 -> $2 FILE_PROP_NO_SYSHASH_CMD:Hash command output: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:Try running the command 'prelink $1' to resolve dependency errors. FILE_PROP_IGNORE_PRELINK_DEP_ERR:Ignoring prelink dependency error for file '$1' FILE_PROP_SYSHASH_UNAVAIL:Current hash: Unavailable FILE_PROP_SYSHASH_UNAVAIL_BL:Current hash: Unavailable (possible broken link) FILE_PROP_SYSHASH:Current hash: $1 FILE_PROP_RKHHASH:Stored hash : $1 FILE_PROP_NO_RKHHASH:No hash value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_NO_RKHPERM:No file permissions value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_PERM_UNAVAIL:Current permissions: Unavailable Stored permissions: $1 FILE_PROP_PERM:Current permissions: $1 Stored permissions: $2 FILE_PROP_UID_UNAVAIL:Current uid: Unavailable Stored uid: $1 FILE_PROP_UID:Current uid: $1 Stored uid: $2 FILE_PROP_NO_RKHUID:No user-id value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_GID_UNAVAIL:Current gid: Unavailable Stored gid: $1 FILE_PROP_GID:Current gid: $1 Stored gid: $2 FILE_PROP_NO_RKHGID:No group-id value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_INODE_UNAVAIL:Current inode: Unavailable Stored inode: $1 FILE_PROP_INODE:Current inode: $1 Stored inode: $2 FILE_PROP_NO_RKHINODE:No inode value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_SIZE_UNAVAIL:Current size: Unavailable Stored size: $1 FILE_PROP_SIZE:Current size: $1 Stored size: $2 FILE_PROP_NO_RKHSIZE:No size value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_SYSDTM_UNAVAIL:Current file modification time: Unavailable FILE_PROP_SYSDTM:Current file modification time: $1 FILE_PROP_RKHDTM:Stored file modification time : $1 FILE_PROP_NO_RKHDTM:No file modification time value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_SYSLNK:Current symbolic link target: '$1' -> '$2' FILE_PROP_RKHLNK:Stored symbolic link target : '$1' -> '$2' FILE_PROP_NO_RKHLNK:No symbolic link target found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_LINK_WL:The symbolic link target has changed, but it is whitelisted: '$1' -> '$2' FILE_PROP_NO_SYSATTR:Unable to obtain current properties for file '$1' FILE_PROP_WRITE:Write permission is set on file '$1' for all users. FILE_PROP_SYSPERM_UNAVAIL:Unable to obtain current write permission for file '$1' FILE_PROP_IMMUT:File '$1' has the immutable-bit set. FILE_PROP_IMMUT_NOT_SET:File '$1' does not have the immutable-bit set. FILE_PROP_SCRIPT:The command '$1' has been replaced by a script: $2 FILE_PROP_SCRIPT_RKH:The command '$1' has been replaced and is not a script: $2 FILE_PROP_VRFY:Package manager verification has failed: FILE_PROP_VRFY_HASH:The file hash value has changed FILE_PROP_VRFY_PERM:The file permissions have changed FILE_PROP_VRFY_UID:The file owner has changed FILE_PROP_VRFY_GID:The file group has changed FILE_PROP_VRFY_DTM:The file modification time has changed FILE_PROP_VRFY_LNK:The symbolic link target has changed FILE_PROP_VRFY_SIZE:The file size has changed FILE_PROP_EPOCH_DATE_CMD:Using '$1' to process epoch second times CHECK_ROOTKITS:Checking for rootkits... ROOTKIT_FILES_DIRS_START:Performing check of known rootkit files and directories ROOTKIT_FILES_DIRS_NAME_LOG:Checking for ${1}... ROOTKIT_FILES_DIRS_FILE:Checking for file '$1' ROOTKIT_FILES_DIRS_DIR:Checking for directory '$1' ROOTKIT_FILES_DIRS_KSYM:Checking for kernel symbol '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:File '$1' found ROOTKIT_FILES_DIRS_DIR_FOUND:Directory '$1' found ROOTKIT_FILES_DIRS_KSYM_FOUND:Kernel symbol '$1' found ROOTKIT_FILES_DIRS_STR:Checking for string '$1' ROOTKIT_FILES_DIRS_STR_FOUND:Found string '$1' in file '$2' ROOTKIT_FILES_DIRS_NOFILE:The file '$1' does not exist! ROOTKIT_FILES_DIRS_SINAR_DIR:Checking in '$1' ROOTKIT_FILES_DIRS_SINAR:Found SInAR in: $1 ROOTKIT_LINK_COUNT:Checking hard link count on '$1' ROOTKIT_LINK_COUNT_FAIL:Hard link count from '$1' command: $2 ROOTKIT_LINK_COUNT_CMDERR:Error from '$1' command when checking '$2' ROOTKIT_PHALANX2_LINK_COUNT_FAIL:Hard link check on '$1' failed ROOTKIT_PHALANX2_PROC:Checking process list for process 'ata/0' ROOTKIT_PHALANX2_PROC_FOUND:Found running process 'ata/0' ROOTKIT_PHALANX2_PROC_PPID:Expected 'kthread' parent PID '$1' found parent PID '$2' ROOTKIT_PHALANX2_PROC_PS_ERR:Running 'ps' returned unexpected results: possibly unsupported cmdline arguments. ROOTKIT_ADD_START:Performing additional rootkit checks ROOTKIT_ADD_SUCKIT:Suckit Rookit additional checks ROOTKIT_ADD_SUCKIT_LOG:Performing Suckit Rookit additional checks ROOTKIT_ADD_SUCKIT_LINK_NOCMD:Checking '/sbin/init' link count: no 'stat' command found ROOTKIT_ADD_SUCKIT_LINK_FOUND:Checking '/sbin/init' link count: count is $1, it should be 1 ROOTKIT_ADD_SUCKIT_EXT:Checking for hidden file extensions ROOTKIT_ADD_SUCKIT_EXT_FOUND:Checking for hidden file extensions: found: $1 ROOTKIT_ADD_SUCKIT_SKDET:Running skdet command ROOTKIT_ADD_SUCKIT_SKDET_FOUND:Running skdet command: found: $1 ROOTKIT_ADD_SUCKIT_SKDET_VER:Running skdet command: unknown version: $1 ROOTKIT_POSS_FILES_DIRS:Checking for possible rootkit files and directories ROOTKIT_POSS_FILES_DIRS_LOG:Performing check of possible rootkit files and directories ROOTKIT_POSS_FILES_FILE_FOUND:Found file '$1'. Possible rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:Found directory '$1'. Possible rootkit: $2 ROOTKIT_POSS_STRINGS:Checking for possible rootkit strings ROOTKIT_POSS_STRINGS_LOG:Performing check for possible rootkit strings ROOTKIT_POSS_STRINGS_FOUND:Found string '$1' in file '$2'. Possible rootkit: $3 ROOTKIT_MALWARE_START:Performing malware checks ROOTKIT_MALWARE_SUSP_FILES:Checking running processes for suspicious files ROOTKIT_MALWARE_SUSP_FILES_FOUND:The following processes are using suspicious files: ROOTKIT_MALWARE_SUSP_FILES_FOUND_UID:UID: $1 PID: $2 ROOTKIT_MALWARE_SUSP_FILES_FOUND_CMD:Command: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_PATH:Pathname: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_RTKT:Possible Rootkit: $1 ROOTKIT_MALWARE_HIDDEN_PROCS:Checking for hidden processes ROOTKIT_MALWARE_HIDDEN_PROCS_NOUNHIDE:The use of '$1' has been disabled at the users request ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_VERS:Found 'unhide' command version: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_CMD:Using command '$1' ROOTKIT_MALWARE_HIDDEN_PROCS_UNH_ERR:'unhide' not executed: invalid configured test names: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_RUBY_ERR:The 'unhide.rb' command gave an error: ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:Hidden processes found: ROOTKIT_MALWARE_DELETED_FILES:Checking running processes for deleted files ROOTKIT_MALWARE_DELETED_FILES_FOUND:The following processes are using deleted files: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:Process: $1 PID: $2 File: $3 ROOTKIT_MALWARE_DELETED_FILES_WL:Found process '$1' using file '$2': it is whitelisted. ROOTKIT_MALWARE_LOGIN_BDOOR:Checking for login backdoors ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:Performing check for login backdoors ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:Checking for '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:Found login backdoor file: $1 ROOTKIT_MALWARE_SUSP_DIR:Checking for suspicious directories ROOTKIT_MALWARE_SUSP_DIR_LOG:Performing check for suspicious directories ROOTKIT_MALWARE_SUSP_DIR_FOUND:Found suspicious directory: $1 ROOTKIT_MALWARE_SFW_INTRUSION:Checking for software intrusions ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:The file '$1' contains the string '$2'. Possible rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Check skipped - tripwire not installed ROOTKIT_MALWARE_SNIFFER:Checking for sniffer log files ROOTKIT_MALWARE_SNIFFER_LOG:Performing check for sniffer log files ROOTKIT_MALWARE_SNIFFER_FOUND:Found possible sniffer log file: $1 ROOTKIT_MALWARE_IPCS:Suspicious Shared Memory segments ROOTKIT_MALWARE_IPCS_DETAILS:Process: $1 PID: $2 Owner: $3 ROOTKIT_TROJAN_START:Performing trojan specific checks ROOTKIT_TROJAN_INETD:Checking for enabled inetd services ROOTKIT_TROJAN_INETD_SKIP:Check skipped - file '$1' does not exist. ROOTKIT_TROJAN_INETD_FOUND:Found enabled inetd service: $1 ROOTKIT_TROJAN_XINETD:Checking for enabled xinetd services ROOTKIT_TROJAN_XINETD_LOG:Performing check for enabled xinetd services ROOTKIT_TROJAN_XINETD_ENABLED:Checking '$1' for enabled services ROOTKIT_TROJAN_XINETD_INCLUDE:Found 'include $1' directive ROOTKIT_TROJAN_XINETD_INCLUDEDIR:Found 'includedir $1' directive ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:Found enabled xinetd service: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:Found service '$1': it is $2 whitelisted. ROOTKIT_TROJAN_APACHE:Checking for Apache backdoor ROOTKIT_TROJAN_APACHE_SKIPPED:Apache backdoor check skipped: Apache modules and configuration directories not found. ROOTKIT_TROJAN_APACHE_FOUND:Apache backdoor module 'mod_rootme' found: $1 ROOTKIT_OS_START:Performing $1 specific checks ROOTKIT_OS_SKIPPED:No specific tests available ROOTKIT_OS_BSD_SOCKNET:Checking sockstat and netstat commands ROOTKIT_OS_BSD_SOCKNET_FOUND:Differences found between sockstat and netstat output: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 output (ports in use): $2 ROOTKIT_OS_FREEBSD_KLD:Checking for KLD backdoors ROOTKIT_OS_FREEBSD_KLD_FOUND:Found possible FreeBSD KLD backdoor. 'kldstat -v' command shows string '$1' ROOTKIT_OS_FREEBSD_PKGDB:Checking package database ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:The package database seems to have inconsistencies. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:This may not be a security issue, but running 'pkgdb -F' may help diagnose the problem. ROOTKIT_OS_DFLY_PKGDB_NOTOK:The package database seems to have inconsistencies. ROOTKIT_OS_DFLY_PKGDB_NOTOK:This may not be a security issue, but running 'pkg_admin check' may help diagnose the problem. ROOTKIT_OS_LINUX_LKM:Checking loaded kernel modules ROOTKIT_OS_LINUX_LKM_FOUND:Differences found between the lsmod command and the /proc/modules file: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 output: $2 ROOTKIT_OS_LINUX_LKM_EMPTY:No output found from the lsmod command or the /proc/modules file: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:The modules file '$1' is missing. ROOTKIT_OS_LINUX_LKMNAMES:Checking kernel module names ROOTKIT_OS_LINUX_LKMNAMES_PATH:Using modules pathname of '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:Known bad kernel module found in '$1': $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:The kernel modules directory '$1' is missing or empty. CHECK_LOCALHOST:Checking the local host... STARTUP_FILES_START:Performing system boot checks STARTUP_HOSTNAME:Checking for local host name STARTUP_NO_HOSTNAME:No host name found. STARTUP_CHECK_FILES_EXIST:Checking for system startup files STARTUP_NONE_GIVEN:User specified 'NONE' for startup file pathnames STARTUP_CHECK_FILES_MALWARE:Checking system startup files for malware STARTUP_CHECK_NO_RC_FILES:No system startup files found. ACCOUNTS_START:Performing group and account checks ACCOUNTS_PWD_FILE_CHECK:Checking for passwd file ACCOUNTS_FOUND_PWD_FILE:Found password file: $1 ACCOUNTS_NO_PWD_FILE:Password file $1 does not exist. ACCOUNTS_UID0:Checking for root equivalent (UID 0) accounts ACCOUNTS_UID0_WL:Found root equivalent account '$1': it is whitelisted. ACCOUNTS_UID0_FOUND:Account '$1' is root equivalent (UID = 0) ACCOUNTS_SHADOW_FILE:Found shadow file: $1 ACCOUNTS_SHADOW_TCB:Found TCB shadow file directory: $1 ACCOUNTS_PWDLESS:Checking for passwordless accounts ACCOUNTS_PWDLESS_WL:Found passwordless account '$1': it is whitelisted. ACCOUNTS_PWDLESS_FOUND:Found passwordless account in $1 file: $2 ACCOUNTS_NO_SHADOW_FILE:No shadow/password file found. PASSWD_CHANGES:Checking for passwd file changes PASSWD_CHANGES_NO_TMP:Unable to check for passwd file differences: no copy of the passwd file exists. PWD_CHANGES_IDADD:User '$1' has been added to the passwd file. PWD_CHANGES_IDREM:User '$1' has been removed from the passwd file. PWD_CHANGES_FOUND:Changes found in the passwd file for user '$1': PWDGRP_CHANGES_UNK:Unknown field found in the $1 file: Old field: '$2' New field: '$3' PWD_CHANGES_PWD:The passwd has changed from '$1' to '$2' PWD_CHANGES_UID:The UID has changed from '$1' to '$2' PWD_CHANGES_GID:The GID has changed from '$1' to '$2' PWD_CHANGES_COMM:The account comment has changed from '$1' to '$2' PWD_CHANGES_HOME:The home directory has changed from '$1' to '$2' PWD_CHANGES_SHL:The login shell has changed from '$1' to '$2' GROUP_CHANGES:Checking for group file changes GROUP_CHANGES_NO_FILE:Group file $1 does not exist. GROUP_CHANGES_NO_TMP:Unable to check for group file differences: no copy of the group file exists. GROUP_CHANGES_FOUND:Changes found in the group file for group '$1': GROUP_CHANGES_IDADD:Group '$1' has been added to the group file. GROUP_CHANGES_IDREM:Group '$1' has been removed from the group file. GROUP_CHANGES_PWD:The group passwd has changed from '$1' to '$2' GROUP_CHANGES_GID:The group number has changed from '$1' to '$2' GROUP_CHANGES_GRPREM:User '$1' has been removed from the group GROUP_CHANGES_GRPADD:User '$1' has been added to the group HISTORY_CHECK:Checking root account shell history files HISTORY_CHECK_FOUND:Root account $1 shell history file is a symbolic link: $2 SYSTEM_CONFIGS_START:Performing system configuration file checks SYSTEM_CONFIGS_FILE:Checking for a system logging configuration file SYSTEM_CONFIGS_FILE_SSH:Checking for an SSH configuration file SYSTEM_CONFIGS_FILE_FOUND:Found $1 $2 configuration file: $3 SYSTEM_CONFIGS_SSH_ROOT:Checking if SSH root access is allowed SYSTEM_CONFIGS_SSH_ROOT_FOUND:The SSH and rkhunter configuration options should be the same: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH configuration option 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:The SSH configuration option 'PermitRootLogin' has not been set. SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:The default value may be 'yes', to allow root access. SYSTEM_CONFIGS_SSH_PROTO:Checking if SSH protocol v1 is allowed SYSTEM_CONFIGS_SSH_PROTO_DIFF1:SSH configuration option 'Protocol': $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF2:Rkhunter configuration option 'ALLOW_SSH_PROT_V1': $1 SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:The SSH configuration option 'Protocol' has not been set. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:The default value may be '2,1', to allow the use of protocol version 1. SYSTEM_CONFIGS_SYSLOG:Checking for a running system logging daemon SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:No running system logging daemon has been found. SYSTEM_CONFIGS_SYSLOG_DAEMON:A running '$1' daemon has been found. SYSTEM_CONFIGS_SYSLOG_NO_FILE:The '$1' daemon is running, but no configuration file can be found. SYSTEM_CONFIGS_SYSLOG_REMOTE:Checking if syslog remote logging is allowed SYSTEM_CONFIGS_SYSLOG_REMOTE_LOG:The '$1' configuration file allows remote logging: $2 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter configuration option 'ALLOW_SYSLOG_REMOTE_LOGGING' has been enabled. FILESYSTEM_START:Performing filesystem checks FILESYSTEM_DEV_CHECK:Checking /dev for suspicious file types FILESYSTEM_DEV_CHECK_NO_DEV:/dev does not exist. FILESYSTEM_DEV_FILE_WL:Found file '$1': it is whitelisted. FILESYSTEM_DEV_FILE_FOUND:Suspicious file types found in ${1}: FILESYSTEM_HIDDEN_DIR_WL:Found hidden directory '$1': it is whitelisted. FILESYSTEM_HIDDEN_FILE_WL:Found hidden file '$1': it is whitelisted. FILESYSTEM_HIDDEN_CHECK:Checking for hidden files and directories FILESYSTEM_HIDDEN_DIR_FOUND:Hidden directory found: $1 FILESYSTEM_HIDDEN_FILE_FOUND:Hidden file found: $1 FILESYSTEM_LOGFILE_MISSING:Checking for missing log files FILESYSTEM_LOGFILE_MISSING_FOUND:The log file '$1' is missing. FILESYSTEM_LOGFILE_EMPTY:Checking for empty log files FILESYSTEM_LOGFILE_EMPTY_FOUND:The log file '$1' is empty. CHECK_APPS:Checking application versions... APPS_NONE_FOUND:No known applications found - all version checks skipped. APPS_DAT_MISSING:The file of unsecure application versions is missing or empty: $1 APPS_DAT_MISSING:Run 'rkhunter --update' to restore the default file. APPS_DAT_NOTAFILE:The file of unsecure application versions is not a file: $1 APPS_NOT_FOUND:Application '$1' not found. APPS_CHECK:Checking version of $1 APPS_CHECK_WL:Found application '$1': it is whitelisted. APPS_CHECK_VERSION_UNKNOWN:Unable to obtain version number for '$1'. APPS_CHECK_VERSION_FOUND:Application '$1' version '$2' found. APPS_CHECK_VERSION_WL:Found application '$1' version '$2': this version is whitelisted. APPS_CHECK_WHOLE_VERSION_USED:Unable to obtain version number for '$1': version option gives: $2 APPS_CHECK_FOUND:Application '$1', version '$2', is out of date, and possibly a security risk. APPS_TOTAL_COUNT:Applications checked: $1 out of $2 CHECK_NETWORK:Checking the network... NETWORK_PORTS_START:Performing checks on the network ports NETWORK_PORTS_BACKDOOR:Checking for backdoor ports NETWORK_PORTS_BACKDOOR_LOG:Performing check for backdoor ports NETWORK_PORTS_FILE_MISSING:The file of known backdoor ports is missing or empty: $1 NETWORK_PORTS_FILE_MISSING:Run 'rkhunter --update' to restore the default file. NETWORK_PORTS_FILE_NOTAFILE:The file of known backdoor ports is not a file: $1 NETWORK_PORTS_UNKNOWN_NETSTAT:All backdoor port checks skipped. NETWORK_PORTS_UNKNOWN_NETSTAT:Unknown netstat command format with this O/S. NETWORK_PORTS_ENABLE_TRUSTED:Trusted pathnames are enabled for port whitelisting. NETWORK_PORTS_BACKDOOR_CHK:Checking for $1 port $2 NETWORK_PORTS_PATH_WHITELIST:Network $1 port $2 is being used by $3: the pathname is whitelisted. NETWORK_PORTS_TRUSTED_WHITELIST:Network $1 port $2 is being used by $3: the pathname is trusted. NETWORK_PORTS_PORT_WHITELIST:Network $1 port $2 found: the port is whitelisted. NETWORK_PORTS_BKDOOR_FOUND:Network $1 port $2 is being used${3}. Possible rootkit: $4 NETWORK_PORTS_BKDOOR_FOUND:Use the 'lsof -i' or 'netstat -an' command to check this. NETWORK_HIDDEN_PORTS:Checking for hidden ports NETWORK_HIDDEN_PORTS_FOUND:Hidden ports found: NETWORK_HIDDEN_PORTS_CHK:Port number: $1:$2 NETWORK_HIDDEN_PORTS_CHK_NAME:Port number: $1:$2 is being used by $3 NETWORK_HIDDEN_PORTS_PATH_WHITELIST:Hidden $1 port $2 is being used by $3: the pathname is whitelisted. NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:Hidden $1 port $2 is being used by $3: the pathname is trusted. NETWORK_HIDDEN_PORTS_PORT_WHITELIST:Hidden $1 port $2 found: the port is whitelisted. NETWORK_INTERFACE_START:Performing checks on the network interfaces NETWORK_PROMISC_WLIST:Network interfaces allowed to be in promiscuous mode: $1 NETWORK_PROMISC_CHECK:Checking for promiscuous interfaces NETWORK_PROMISC_NO_IFCONF_IP:Promiscuous network interface check skipped - unable to find the 'ifconfig' or 'ip' command. NETWORK_PROMISC_NO_CMD:Promiscuous network interface check using the '$1' command skipped - unable to find the '$1' command. Using the '$2' command. NETWORK_PROMISC_IF:Possible promiscuous interfaces: NETWORK_PROMISC_IF_1:'ifconfig' command output: NETWORK_PROMISC_IF_2:'ip' command output: NETWORK_PACKET_CAP_CHECK:Checking for packet capturing applications NETWORK_PACKET_CAP_CHECK_NO_FILE:Packet capturing application check skipped - the '$1' file is missing. NETWORK_PACKET_CAP_FOUND:Process '$1' (PID $2) is listening on the network. NETWORK_PACKET_CAP_WL:Found process '$1': it is whitelisted. SHARED_LIBS_START:Performing 'shared libraries' checks SHARED_LIBS_PRELOAD_VAR:Checking for preloading variables SHARED_LIBS_PRELOAD_VAR_FOUND:Found library preload variable(s): $1 SHARED_LIBS_PRELOAD_FILE:Checking for preloaded libraries SHARED_LIBS_PRELOAD_LIB_FOUND:Found preloaded shared library: $1 SHARED_LIBS_PRELOAD_FILE_FOUND:Found library preload file: $1 SHARED_LIBS_PRELOAD_LIB_WLIST:Found preloaded shared library '$1': it is whitelisted. SHARED_LIBS_PATH:Checking LD_LIBRARY_PATH variable SHARED_LIBS_PATH_BAD:The LD_LIBRARY_PATH environment variable is set and can influence binaries: set to: $1 SUSPSCAN_CHECK:Checking for files with suspicious contents SUSPSCAN_DIR_NOT_EXIST:The directory '$1' does not exist. SUSPSCAN_INSPECT:File '$1' (score: $2) contains some suspicious content and should be checked. SUSPSCAN_START:Performing check of files with suspicious contents SUSPSCAN_DIRS:Directories to check are: $1 SUSPSCAN_NO_DIRS:No directories specified: using defaults ($1) SUSPSCAN_TEMP:Temporary directory to use: $1 SUSPSCAN_NO_TEMP:No temporary directory specified: using default ($1) SUSPSCAN_SIZE:Maximum file size to check (in bytes): $1 SUSPSCAN_NO_SIZE:No maximum file size specified: using default ($1) SUSPSCAN_THRESH:Score threshold is set to: $1 SUSPSCAN_NO_THRESH:No score threshold specified: using default ($1) SUSPSCAN_DIR_CHECK:Checking directory: $1 SUSPSCAN_FILE_CHECK:File checked: Name: '$1' Score: $2 SUSPSCAN_FILE_CHECK_DEBUG:File checked: Name: '$1' Score: $2 Hitcount: $3 Hits: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:File ignored: empty: $1 SUSPSCAN_FILE_SKIPPED_LINK:File ignored: symbolic link: $1 SUSPSCAN_FILE_SKIPPED_TYPE:File ignored: wrong type: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:File ignored: too big: $1 SUSPSCAN_FILE_LINK_CHANGE:Symbolic link found: '$1' -> '$2' SUSPSCAN_DAT_MISSING:The data file of suspicious contents is missing or empty: $1 SUSPSCAN_DAT_MISSING:Run 'rkhunter --update' to restore the default file. SUSPSCAN_DAT_NOTAFILE:The data file of suspicious contents is not a file: $1 LIST_TESTS:Current test names: LIST_GROUPED_TESTS:Grouped test names: LIST_LANGS:Current languages: LIST_PERL:Perl module installation status: LIST_RTKTS:Rootkits checked for: LOCK_USED:Locking is being used: timeout is $1 seconds LOCK_UNUSED:Locking is not being used LOCK_WAIT:Waiting for lock file LOCK_FAIL:Unable to get the lock file: rkhunter has not run! rkhunter-1.4.2/files/i18n/tr.utf80000644000000000000000000012154412310144637015204 0ustar rootrootVersion:2014030201 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:Bilgilendirme MSG_TYPE_WARNING:Uyarı # # This is the list of message results. # MSG_RESULT_OK:Tamam MSG_RESULT_SKIPPED:Atlandı MSG_RESULT_WARNING:Uyarı MSG_RESULT_FOUND:Bulundu MSG_RESULT_NOT_FOUND:Bulunamadı MSG_RESULT_NONE_FOUND:Bulunamadı MSG_RESULT_ALLOWED:İzin verildi MSG_RESULT_NOT_ALLOWED:İzin verilmedi MSG_RESULT_UNSET:Ayarlanmadı MSG_RESULT_WHITELISTED:Beyaz listeye alındı MSG_RESULT_NONE_MISSING:Eksik yok MSG_RESULT_UPD:Güncellendi MSG_RESULT_NO_UPD:Güncelleme yok MSG_RESULT_UPD_FAILED:Güncelleme hatası MSG_RESULT_VCHK_FAILED:Sürüm kontrol hatası # # The messages. # VERSIONLINE:[ $1 sürüm $2 ] VERSIONLINE2:$3 üzerinde $1 $2 sürümü çalışıyor VERSIONLINE3:$1 $2 sürümü çalışıyor RKH_STARTDATE:Başlama tarihi $1 RKH_ENDDATE:Bitiş tarihi $1 OPSYS:Tespit edilen işletim sistemi: '$1' UNAME:Uname çıktısı: '$1' CONFIG_CHECK_START:Yapılandırma dosyası ve komut-satırı seçenekleri kontrol ediliyor... CONFIG_CMDLINE:Komut satırı: $1 CONFIG_DEBUGFILE:Hata ayıklama dosyası: $1 CONFIG_ENVSHELL:Çevre değişkeni kabuğu $1; rkhunter, $2 kullanıyor CONFIG_CONFIGFILE:'$1' yapılandırma dosyası kullanılıyor CONFIG_LOCALCONFIGFILE:'$1' yerel yapılandırma dosyası kullanılıyor CONFIG_LOCALCONFIGDIR:'$1' yerel yapılandırma dizini kullanılıyor: $2 dosya bulundu CONFIG_INSTALLDIR:Kurulum dizini '$1' CONFIG_LANGUAGE:'$1' Dili kullanılıyor CONFIG_DBDIR:Veritabanı dizini olarak '$1' kullanılıyor CONFIG_SCRIPTDIR:Destek eklentileri dizini olarak '$1' kullanılıyor CONFIG_BINDIR:Komut dizinleri olarak '$1' kullanılıyor CONFIG_TMPDIR:Geçici dizin olarak '$1' kullanılıyor CONFIG_NO_MAIL_ON_WARN:Uyarılarda postalama adresi yapılandırılmadı CONFIG_MOW_DISABLED:Uyarılarda postalama, kullanıcı isteği üzerine devre dışı bırakılıyor CONFIG_MAIL_ON_WARN:Uyarılar, '$2' komutuyla, '$1' adresine postalanıyor CONFIG_SSH_ROOT:Rkhunter yapılandırmasındaki ALLOW_SSH_ROOT_USER seçeneğini '$1' olarak ayarlayın. CONFIG_SSH_PROTV1:Rkhunter yapılandırmasındaki ALLOW_SSH_PROT_V1 seçeneğini '$1' olarak ayarlayın. CONFIG_X_AUTO:X otomatik olarak algılanacaktır CONFIG_CLRSET2:İkinci renk ayarı kullanılıyor CONFIG_NO_SHOW_SUMMARY:Sistem kontrol özeti, kullanıcı isteği üzerine devre dışı bırakılıyor CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV özelliğini '$1' olarak ayarlayın CONFIG_LOG_FILE:$1 günlük/kayıt dosyasına kayıtlanıyor CONFIG_NO_VL:Ayrıntılı günlük, kullanıcı isteği üzerine devre dışı bırakılıyor CONFIG_APPEND_LOG:Geçerli günlük, günlük/kayıt dosyasına eklenecek CONFIG_COPY_LOG:Herhangi bir hata varsa günlük dosyası kopyalanacak CONFIG_XINETD_PATH:$1 yapılandırma dosyası olarak '$2' kullanılıyor CONFIG_SOL10_INETD:Solaris 10 veya üstü bir inetd mekanizması kullanılıyor CONFIG_STARTUP_PATHS:Sistem başlangıç yolu olarak şunlar kullanılıyor: $1 CONFIG_ROTATE_MIRRORS:Yansı dosyası döndürülecek CONFIG_NO_ROTATE_MIRRORS:Yansı dosyası döndürülmeyecek CONFIG_UPDATE_MIRRORS:Yansı dosyası güncellenecek CONFIG_NO_UPDATE_MIRRORS:Yansı dosyası güncellenmeyecek CONFIG_MIRRORS_MODE0:Yerel ve uzak yansıların her ikiside kullanılacak CONFIG_MIRRORS_MODE1:Yalnızca yerel yansılar kullanılacak CONFIG_MIRRORS_MODE2:Yalnızca uzak yansılar kullanılacak FOUND_CMD:'$1' komutu bulundu: $2 NOT_FOUND_CMD:'$1' komutu bulunamıyor CMD_ERROR:'$1' komutu '$2' hata kodunu verdi. SYS_PRELINK:Sistem prelinking (önbağlantı) kullanıyor SYS_NO_PRELINK:Sistem prelinking (önbağlantı) kullanmıyor SYS_SELINUX:SELinux etkin SYS_NO_SELINUX:SELinux devredışı HASH_FUNC_PRELINK:Dosya sağlama kontrolü için prelinking komutu ($1 ile) kullanılıyor HASH_FUNC_PERL:Dosya sağlama kontrolü için perl $1 modülü kullanılıyor HASH_FUNC_PERL_SHA:Dosya sağlama kontrolü için perl $1 modülü ($1 ile) kullanılıyor HASH_FUNC:Dosya sağlama kontrolü için '$1' komutu kullanılıyor HASH_FUNC_NONE:Dosya sağlama kontrolü devredışı: NONE belirtilmiş HASH_FUNC_NONE_PKGMGR:Dosya sağlama kontrolü NONE belirtilmiş: yalnızca paket yöneticisi kullanılacak HASH_FUNC_DISABLED:Sağlama fonksiyonu 'NONE' olarak ayarlandı: dosya sağlama kontrolü otomatikman devredışı HASH_FUNC_OLD:Depolanan sağlama verileri, '$1' sağlama fonksiyonunu kullandı HASH_FUNC_OLD_DISABLED:Önceki sağlama fonksiyonu devredışı bırakılmış: depolanan sağlama verisi yok HASH_PKGMGR_OLD:Depolan doğrulama verileri, '$1' paket yöneticisini kullandı HASH_PKGMGR_OLD_UNSET:Depolan doğrulama verileri, bir paket yöneticisi kullanmadı HASH_PKGMGR:Dosya özellikleri kontrolü için '$1' paket yöneticisi kullanılıyor HASH_PKGMGR_MD5:Paket yöneticisi doğrulamasına yardımcı olması için MD5 sağlama fonksiyonu komutu '$1' kullanılıyor HASH_PKGMGR_SUM:Paket doğrulaması için depolanan 16-bit sağlama kullanılıyor HASH_PKGMGR_NOT_SPEC:Paket yöneticisi belirtilmedi: '$1' sağlama fonksiyonu kullanılıyor HASH_PKGMGR_NOT_SPEC_PRELINKED:Paket yöneticisi belirtilmedi: '$1' ile prelink komutu kullanılıyor HASH_FIELD_INDEX:Sağlama fonksiyonu kısım içeriği, $1 olarak ayarlandı HASHUPD_DISABLED:Sağlama kontrolü devredışı: geçerli dosya sağlama verileri depolanmayacak HASHUPD_PKGMGR:Dosya sağlama değerlerini güncellemek için, '$1' paket yöneticisi kullanılıyor HASHUPD_PKGMGR_NOT_SPEC:Dosya sağlama değerlerini güncellemek için paket yöneticisi belirtilmemiş: sağlama fonksiyonu olarak '$1' kullanılıyor HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:Dosya sağlama değerlerini güncellemek için paket yöneticisi belirtilmemiş: '$1' ile prelink komutu kullanılıyor ATTRUPD_DISABLED:Dosya özniteliklerinin kontrolü devredışı: geçerli dosya öznitelikleri depolanmayacak ATTRUPD_NOSTATCMD:Dosya özniteliklerinin kontrolü devredışı: 'stat' komutu bulunamıyor: geçerli dosya öznitelikleri depolanmayacak ATTRUPD_OK:Geçerli dosya öznitelikleri depolanacak ATTRUPD_OLD_DISABLED:Önceki dosya öznitelikleri devredışı: depolanmış dosya özniteliği yok ATTRUPD_OLD_NOSTATCMD:Önceki dosya öznitelikleri devredışı: 'stat' komutu bulunamıyor: depolanmış dosya özniteliği yok ATTRUPD_OLD_OK:Önceki dosya öznitelikleri depolandı RKHDAT_ADD_NEW_ENTRY:'rkhunter.dat' dosyasına, $1 dosya girdisi eklendi RKHDAT_DEL_OLD_ENTRY:'rkhunter.dat' dosyasından, $1 varolmayan dosya girdisi silindi SYSLOG_ENABLED:Muhtelif günlük/kayıtları için 'syslog' kullanılıyor - imkan/öncelik seviyesi '$1'. SYSLOG_DISABLED:Kullanıcıların isteğiyle syslog devredışı bırakılıyor. SYSLOG_NO_LOGGER:syslog devredışı bırakılıyor - 'logger' komutu bulunamıyor. NAME:$1 PRESSENTER:[Devam etmek için a basın] TEST_SKIPPED_OS:'$1' testi İşletim Sistemi: $2 nedeniyle atlandı SUMMARY_TITLE1:Sistem kontrol özeti SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:Dosya özellik kontrolü... SUMMARY_PROP_REQCMDS:Gerekli komut kontrolü başarısız SUMMARY_PROP_COUNT:Dosyalar kontrol edildi: $1 SUMMARY_PROP_FAILED:Şüpheli dosyalar: $1 SUMMARY_CHKS_SKIPPED:Tüm kontroller atlandı SUMMARY_RKT_SCAN:Rootkit kontrolü... SUMMARY_RKT_COUNT:Rootkitler kontrol edildi : $1 SUMMARY_RKT_FAILED:Olası rootkitler: $1 SUMMARY_RKT_NAMES:Rootkit isimleri : $1 SUMMARY_APPS_SCAN:Uygulama kontrolü... SUMMARY_APPS_COUNT:Kontrol edilen uygulamalar: $1 SUMMARY_APPS_FAILED:Şüpheli uygulamalar: $1 SUMMARY_SCAN_TIME:Sistem kontrolleri alındı: $1 SUMMARY_NO_SCAN_TIME:Sistem kontrolü alındı: Saat zamanı belirlenemiyor SUMMARY_LOGFILE:Tüm sonuçlar günlük/kayıt dosyasına yazılmıştır: $1 SUMMARY_NO_LOGFILE:Oluşturulmuş kayıt dosyası yok. SUMMARY_LOGFILE_COPIED:Günlük/kayıt dosyası $1 şeklinde kopyalandı CREATED_TEMP_FILE:Geçici dosya oluşturuldu '$1' MIRRORS_NO_FILE:Hedef dosya mevcut değil: $1 MIRRORS_NO_MIRRORS:Yansı dosyası için gerekli yansı içermiyor: $1 MIRRORS_NO_VERSION:Yansı dosyası sürüm numarası içermiyor - sıfıra resetleniyor: $1 MIRRORS_ROTATED:Yansı dosyası döndürülmüştür: $1 MIRRORS_SF_DEFAULT:SourceForge yansısı kullanılıyor: $1 DOWNLOAD_CMD:İndirme komutu işletiliyor '$1' DOWNLOAD_FAIL:İndirme başarısız - $1 mirror(s) left. VERSIONCHECK_START:Rkhunter sürümü kontrol ediliyor... VERSIONCHECK_FAIL_ALL:İndirme başarısız: Programın son sürüm numarası belirlenemiyor. VERSIONCHECK_CURRENT:Bu sürüm : $1 VERSIONCHECK_LATEST:Son sürüm: $1 VERSIONCHECK_LATEST_FAIL:Son sürüm: İndirme başarısız VERSIONCHECK_UPDT_AVAIL:Güncelleme mevcut VERSIONCHECK_CONV_FAIL:Sürüm numaraları karşılaştırılamıyor: Program: '$1' Son: '$2' UPDATE_START:rkhunter veri dosyaları kontrol ediliyor... UPDATE_CHECKING_FILE:Dosya kontrol ediliyor: $1 UPDATE_FILE_NO_VERS:'$1' dosyasının geçerli sürüm numarası yok. Yeni bir kopyası indiriliyor. UPDATE_FILE_MISSING:'$1' dosyası yok yada boş. Yeni bir kopyası indiriliyor. UPDATE_DOWNLOAD_FAIL:'$1' dosyasının indirilmesi başarısız: Son sürüm numarası belirlenemiyor. UPDATE_I18N_NO_VERS:i18n dil dosyası sürüm numaraları bulunamadı. UPDATE_SKIPPED:Kullanıcıların isteği üzerine dil dosyası güncelleme işlemi atlandı. OSINFO_START:İşletim Sisteminin en son ne zaman değiştiği kontrol ediliyor... OSINFO_END:Değişen birşey yok gibi görünüyor. OSINFO_HOST_CHANGE1:Son çalıştırmadan bu yana hostname değişmiş gibi görünüyor: OSINFO_HOST_CHANGE2:Eski host değeri: $1 Yeni host değeri: $2 OSINFO_OSVER_CHANGE1:Son çalıştırmadan bu yana İşletim Sistemi adı veya sürümü değişmiş gibi görünüyor: OSINFO_OSVER_CHANGE2:Eski İ/S değeri: $1 Yeni İ/S değeri: $2 OSINFO_PRELINK_CHANGE:Son çalıştırmadan bu yana prelinking olarak ${1} şeklinde değiştirilmiş gibi görünüyor. OSINFO_ARCH_CHANGE1:Sistemin CPU türü değişmiş gibi görünüyor: OSINFO_ARCH_CHANGE2:Eski CPU değeri: $1 Yeni değer: $2 OSINFO_MSG1:Çünkü dosya özelliği değişikliklerinin kontrolü bazı yanlış-olumlu sonuçlar verebilir. OSINFO_MSG2:'--propupd' seçeneği ile rkhunterı tekrar çalıştırmanız gerekebilir. OSINFO_DO_UPDT:Dosya özellikleri dosyası otomatik olarak güncellenecek. SET_FILE_PROP_START:Dosya özelliklerini alınıyor... SET_FILE_PROP_DIR_FILE_COUNT:$2 dizininde $1 dosya bulundu SET_FILE_PROP_FILE_COUNT:Dosya $1: aranan $2 dosya, $3 tane bulundu SET_FILE_PROP_FILE_COUNT_BL:Dosya $1: aranan $2 dosya, $3 tane bulundu, kırık link: $4 SET_FILE_PROP_FILE_COUNT_PROPOPT:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu SET_FILE_PROP_FILE_COUNT_PROPOPT_BL:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kırık link: $5 SET_FILE_PROP_FILE_COUNT_NOHASH:Dosya $1: aranan $2 dosya, $3 tane bulundu, kayıp sağlama: $4 SET_FILE_PROP_FILE_COUNT_NOHASH_BL:Dosya $1: aranan $2 dosya, $3 tane bulundu, kayıp sağlama: $4, kırık link: $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kayıp sağlama $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT_BL:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kayıp sağlama: $5, kırık link: $6 PROPUPD_START:Dosya özellikleri veri güncellemesi başlatılıyor... PROPUPD_OSINFO_START:İşletim Sistemi bilgisi toplanıyor... PROPUPD_ARCH_FOUND:Sistem mimarisi bulundu: $1 PROPUPD_REL_FILE:Sürüm dosyası bulundu: $1 PROPUPD_NO_REL_FILE:Bir sürüm dosyası bulunamadı: LS çıktısı: PROPUPD_OSNAME_FOUND:Bulunan İşletim Sistemi: $1 PROPUPD_ERROR:Yeni rkhunter.dat dosyası kurulurken hata. Kod $1 PROPUPD_NEW_DAT_FILE:Yeni rkhunter.dat dosyası '$1' dizininde kuruldu PROPUPD_WARN:UYARI! Sistemlerindeki dosyaların doğru olup olmadığından ve güvenilir bir kaynaktan yüklenip PROPUPD_WARN:yüklenmediğinden emin olmak için '--propupd' seçeneğini kullanmaları, kullanıcıların PROPUPD_WARN:sorumluluğundadır. rkhunter geçerli dosya özelliklerini daha önceden depolanmış değerlerle PROPUPD_WARN:karşılaştırır ve herhangi bir değer farklılığını rapor eder. Bununla birlikte rkhunter, PROPUPD_WARN:değişikliklere neyin sebep olduğunu belirleyemez, bunu sebepleri kullanıcı kendisi bulmalıdır. ENABLED_TESTS:Etkin testler: $1 DISABLED_TESTS:Devredışı testler: $1 USER_FILE_LIST:Dosya özellikleri kontrolüne kullanıcı dosyaları dahil ediliyor: USER_CMD_LIST:Dosya özellikleri kontrolüne kullanıcı komutları dahil ediliyor: USER_DIR_LIST:Dosya özellikleri kontrolüne kullanıcı dizinleri dahil ediliyor: USER_EXCLUDE_PROP:Dosya özellikleri kontrolünden hariç tutulanlar: KSYMS_FOUND:'$1' kysm dosyası bulundu KSYMS_UNAVAIL:Tüm ksym ve kallsym kontrolleri atlanacak - dosya okunabilir değil. KSYMS_MISSING:Tüm ksym ve kallsym kontrolleri atlanacak - hiçbir dosya sistemde mevcut değil. STARTING_TEST:'$1' testi başlatılıyor USER_DISABLED_TEST:Kullanıcı isteğiyle '$1' testi devredışı bırakıldı. CHECK_START:Sistem kontrolleri başlatılıyor... CHECK_WARNINGS_NOT_FOUND:Sistem kontrol edilirken herhangi bir uyarı bulunamadı. CHECK_WARNINGS_NOT_FOUND0:Sistem kontrol edilirken 0 uyarı bulundu. CHECK_WARNINGS_FOUND:Sistem kontrol edilirken bir veya daha fazla uyarı bulundu. CHECK_WARNINGS_FOUND_NUMBER:Sistem kontrol edilirken $1 uyarı bulundu. CHECK_WARNINGS_FOUND_NUMBER1:Sistem kontrol edilirken 1 uyarı bulundu. CHECK_WARNINGS_FOUND_RERUN:Bir günlük/kayıt dosyası oluşturmak için lütfen rkhunterı tekrar çalıştırın. CHECK_WARNINGS_FOUND_CHK_LOG:Lütfen günlük/kayıt dosyasını ($1) kontrol edin CHECK_SYS_COMMANDS:Sistem komutları kontrol ediliyor... STRINGS_CHECK_START:'strings' komut kontrolü işletiliyor STRINGS_SCANNING_OK:İfade (OK) taranıyor: $1 STRINGS_SCANNING_BAD:İfade (BAD) taranıyor: $1 STRINGS_SCANNING_BAD:'strings' komut kontrolünde (BAD) ifade bulunamadı STRINGS_CHECK:'strings' komutu kontrol ediliyor STRINGS_CHECK:Kontrol atlandı - 'strings' komutu bulunamıyor. FILE_PROP_START:Dosya özelliklerinin kontrolleri gerçekleştiriliyor FILE_PROP_CMDS:Ön koşullar kontrol ediliyor FILE_PROP_IMMUT_OS:Tüm immutable-bit kontrolleri atlanıyor.Bu kontrol sadece Linux sistemleri için kullanılabilir. FILE_PROP_IMMUT_SET:Immutable-bit kontrolü tersine dönecek. FILE_PROP_SKIP_ATTR:'stat' komutu bulunamıyor - tüm dosya nitelik kontrolleri atlanacak. FILE_PROP_SKIP_HASH:Tüm dosya sağlama kontrolleri atlanacak, çünkü: FILE_PROP_SKIP_HASH_FUNC:Geçerli sağlama fonksiyonu ($1) ya da ($2) paket yöneticisi sağlama fonksiyonu, değerleri saklamak için kullanılan ($3) sağlama fonksiyonu veya ($4) paket yöneticisi ile uyumsuz. FILE_PROP_SKIP_HASH_PRELINK:'prelink' komutu bulunamıyor. FILE_PROP_SKIP_HASH_SHA1:Bu sistem prelinking kullanıyor, fakat sağlama fonksiyonu komutu SHA1 yada MD5 gibi görünmüyor. FILE_PROP_SKIP_HASH_LIBSAFE:Libsafe bulundu, bu durum hatalara neden olabilir. Mümkünse, libsafe'i devre dışı bırakın ve sonra prelink komutunu çalıştırın. Son olarak, 'rkhunter --propupd' komutunu kullanarak sağlama değerlerini tekrar oluşturun. FILE_PROP_SKIP_IMMUT:'lsattr' komutu bulunamıyor - tüm dosya immutable-bit kontrolleri atlanacak. FILE_PROP_SKIP_IMMUT_CMD:'$1' komutu sonrası bir çıktı yok - tüm dosya immutable-bit kontrolleri atlanacak. FILE_PROP_SKIP_SCRIPT:'file' komutu bulunamıyor - Tüm komut dosyası yedek kontrolleri atlanacak. FILE_PROP_SKIP_FILE_CMD:'file' komutu sonrası bir çıktı yok - tüm script değiştirme kontrolleri atlanacak. FILE_PROP_NO_OS_WARNING:İşletim Sistemi değişiklik uyarıları kullanıcı isteği üzerine devredışı bırakılmış. FILE_PROP_OS_CHANGED:Yerel host yapılandırması yada işletim sistemi değişmiş. FILE_PROP_DAT_MISSING:Depolanan dosya özellikleri dosyası (rkhunter.dat) mevcut değil ve oluşturulması gerekiyor. Bunun için 'rkhunter --propupd' komutunu çalıştırın. FILE_PROP_DAT_EMPTY:Depolanan dosya özellikleri dosyası (rkhunter.dat) boş ve oluşturulması gerekiyor. Bunun için 'rkhunter --propupd' komutunu çalıştırın. FILE_PROP_SKIP_ALL:Tüm dosya özellikleri kontrolleri atlanıyor. FILE_PROP_DAT_MISSING_INFO:Dosya özellik kontrolleri, rkhunter.dat dosyası olmadan da yapılabilen kontrolleri yerine getirmek üzere yine de çalışacaktır. FILE_PROP_FILE_NOT_EXIST:'$1' dosyası sistem üzerinde bulunamadı, ancak 'rkhunter.dat' dosyasında mevcut. FILE_PROP_WL:'$1' dosyası bulundu: Bu dosya '$2' kontrolü için beyaz listede. FILE_PROP_WL_STR:'$1' dosyası ve '$2' dizisi bulundu: Bunlar '$3' kontrolü için beyaz listedeler. FILE_PROP_WL_DIR:'$1' dizini bulundu: Bu dizin '$2' kontrolü için beyaz listede. FILE_PROP_NO_RKH_REC:'$1' dosyası sistemde mevcut, fakat 'rkhunter.dat' dosyasında mevcut değil. FILE_PROP_CHANGED:Dosya özellikleri değişti: FILE_PROP_CHANGED2:Dosya: $1 FILE_PROP_NO_PKGMGR_FILE:'$1' dosyası sağlama değeri atlandı: dosya bir pakete ait değil FILE_PROP_NO_SYSHASH:'$1' dosyası için sağlama değeri yok FILE_PROP_NO_SYSHASH_BL:$1 dosyası bir kırık link. FILE_PROP_BROKEN_LINK_WL_TGT:Kırık link bulundu, fakat sözkonusu hedeflerin varlığı beyaz listede: '$1' FILE_PROP_NO_SYSHASH_CMD:Sağlama komutu çıktısı: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:Bağımlılık hatalarını gidermek için 'prelink $1' komutunu deneyin. FILE_PROP_IGNORE_PRELINK_DEP_ERR:'$1' dosyası için prelink bağımlılık hatası görmezden geliniyor FILE_PROP_SYSHASH_UNAVAIL:Geçerli sağlama: Mevcut değil FILE_PROP_SYSHASH_UNAVAIL_BL:Geçerli sağlama: Mevcut değil (muhtemelen kırık link) FILE_PROP_SYSHASH:Geçerli sağlama: $1 FILE_PROP_RKHHASH:Depolanan sağlama: $1 FILE_PROP_NO_RKHHASH:'rkhunter.dat' dosyasında '$1' dosyası için sağlama değeri yok. FILE_PROP_NO_RKHPERM:'rkhunter.dat' dosyasında '$1' dosyası için dosya izni değeri yok. FILE_PROP_PERM_UNAVAIL:Geçerli dosya izni: Mevcut değil Depolanan dosya izni: $1 FILE_PROP_PERM:Geçerli dosya izni: $1 Depolanan dosya izni: $2 FILE_PROP_UID_UNAVAIL:Geçerli UID: Mevcut değil Depolanan UID: $1 FILE_PROP_UID:Geçerli UID: $1 Depolanan UID: $2 FILE_PROP_NO_RKHUID:'rkhunter.dat' dosyasında '$1' dosyası için UID değeri yok. FILE_PROP_GID_UNAVAIL:Geçerli GID: Mevcut değil Depolanan GID: $1 FILE_PROP_GID:Geçerli GID: $1 Depolanan UID: $2 FILE_PROP_NO_RKHGID:'rkhunter.dat' dosyasında '$1' dosyası için GID değeri yok. FILE_PROP_INODE_UNAVAIL:Geçerli inode: Mevcut değil Depolanan inode: $1 FILE_PROP_INODE:Geçerli inode: $1 Depolanan inode: $2 FILE_PROP_NO_RKHINODE:'rkhunter.dat' dosyasında '$1' dosyası için inode değeri yok. FILE_PROP_SIZE_UNAVAIL:Geçerli boyut: Mevcut değil Depolanan boyut: $1 FILE_PROP_SIZE:Geçerli boyut: $1 Depolanan boyut: $2 FILE_PROP_NO_RKHSIZE:'rkhunter.dat' dosyasında '$1' dosyası için boyut değeri yok. FILE_PROP_SYSDTM_UNAVAIL:Geçerli dosya değişiklik zamanı: Mevcut değil FILE_PROP_SYSDTM:Geçerli dosya değişiklik zamanı: $1 FILE_PROP_RKHDTM:Depolanan dosya değişiklik zamanı: $1 FILE_PROP_NO_RKHDTM:'rkhunter.dat' dosyasında '$1' dosyası için dosya değişiklik zamanı değeri yok. FILE_PROP_SYSLNK:Geçerli sembolik link hedefi: '$1' -> '$2' FILE_PROP_RKHLNK:Depolanan sembolik link hedefi : '$1' -> '$2' FILE_PROP_NO_RKHLNK:'$1' dosyası için 'rkhunter.dat' dosyasında sembolik link hedefi bulunamadı. FILE_PROP_LINK_WL:Sembolik link hedefi değişmiş, fakat beyaz listede: '$1' -> '$2' FILE_PROP_NO_SYSATTR:'$1' dosyasının geçerli dosya özellikleri elde edilemiyor FILE_PROP_WRITE:'$1' dosyasının yazma izni tüm kullanıcılar için ayarlandı. FILE_PROP_SYSPERM_UNAVAIL:'$1' dosyasının geçerli yazma izni elde edilemiyor FILE_PROP_IMMUT:'$1' dosyası immutable-bit ayarına sahip. FILE_PROP_IMMUT_NOT_SET:'$1' dosyası immutable-bit ayarına sahip değil. FILE_PROP_SCRIPT:'$1' komutu, '$2' scripti ile değiştirilmiştir. FILE_PROP_SCRIPT_RKH:'$1' komutu, '$2' ile değiştirilmiş olup bir script değildir. FILE_PROP_VRFY:Paket yöneticisi doğrulaması başarısız oldu: FILE_PROP_VRFY_HASH:Dosya hash değeri değişmiş FILE_PROP_VRFY_PERM:Dosya izinleri değişmiş FILE_PROP_VRFY_UID:Dosya sahibi değişmiş FILE_PROP_VRFY_GID:Dosya grubu değişmiş FILE_PROP_VRFY_DTM:Dosya değişiklik zamanı değişmiş FILE_PROP_VRFY_LNK:Sembolik link hedefi değişmiş FILE_PROP_VRFY_SIZE:Dosya boyutu değişmiş FILE_PROP_EPOCH_DATE_CMD:İkinci tur işlemi için '$1' kullanılıyor. CHECK_ROOTKITS:Rootkitler kontrol ediliyor... ROOTKIT_FILES_DIRS_START:Bilinen rootkit dosyaları ve dizinlerinin kontrolü çalıştırılıyor ROOTKIT_FILES_DIRS_NAME_LOG:${1} için kontrol ediliyor... ROOTKIT_FILES_DIRS_FILE:Dosya kontrol ediliyor '$1' ROOTKIT_FILES_DIRS_DIR:Dizin kontrol ediliyor '$1' ROOTKIT_FILES_DIRS_KSYM:Kernel sembolü '$1' için kontrol ediliyor ROOTKIT_FILES_DIRS_FILE_FOUND:'$1' dosyası bulundu ROOTKIT_FILES_DIRS_DIR_FOUND:'$1' dizini bulundu ROOTKIT_FILES_DIRS_KSYM_FOUND:Kernel sembolü '$1' bulundu ROOTKIT_FILES_DIRS_STR:'$1' dizisi için kontrol ediliyor ROOTKIT_FILES_DIRS_STR_FOUND:'$2' dosyasında '$1' dizisi bulundu ROOTKIT_FILES_DIRS_NOFILE:'$1' dosyası mevcut değil! ROOTKIT_FILES_DIRS_SINAR_DIR:'$1' dizininde kontrol ediliyor ROOTKIT_FILES_DIRS_SINAR:'$1' dizininde SInAR bulundu ROOTKIT_LINK_COUNT:'$1' dizininde hard link sayısı kontrol ediliyor ROOTKIT_LINK_COUNT_FAIL:'$1' komutundan hard link sayısı: $2 ROOTKIT_LINK_COUNT_CMDERR:'$2' kontrol edildiğinde '$2' komutundan hata döndürüldü ROOTKIT_PHALANX2_LINK_COUNT_FAIL:'$1' üzerinde hard link kontrolü başarısız oldu ROOTKIT_PHALANX2_PROC:'ata/0' işlemi için işlem listesi kontrol ediliyor ROOTKIT_PHALANX2_PROC_FOUND:Çalışan 'ata/0' işlemi bulundu ROOTKIT_PHALANX2_PROC_PPID:Beklenen 'kthread' parent PID'si '$1', bulunan parent PID'si '$2' ROOTKIT_PHALANX2_PROC_PS_ERR:'ps' çalıştırılırken beklenmeyen sonuçlar döndürüldü: muhtemelen desteklenmeyen komut satırı argümanları. ROOTKIT_ADD_START:Ek rootkit kontrolleri çalıştırılıyor ROOTKIT_ADD_SUCKIT:Suckit Rookit ek kontrolleri ROOTKIT_ADD_SUCKIT_LOG:Suckit Rookit ek kontrolleri çalıştırılıyor ROOTKIT_ADD_SUCKIT_LINK_NOCMD:'/sbin/init' link sayısı kontrol ediliyor: 'stat' komutu bulunamadı ROOTKIT_ADD_SUCKIT_LINK_FOUND:'/sbin/init' link sayısı kontrol ediliyor: sayı $1, 1 olmalıdır ROOTKIT_ADD_SUCKIT_EXT:Gizli dosya uzantıları kontrol ediliyor ROOTKIT_ADD_SUCKIT_EXT_FOUND:Gizli dosya uzantıları kontrol ediliyor: $1 tane bulundu ROOTKIT_ADD_SUCKIT_SKDET:'skdet' komutu çalıştırılıyor ROOTKIT_ADD_SUCKIT_SKDET_FOUND:'skdet' komutu çalıştırılıyor: $1 tane bulundu ROOTKIT_ADD_SUCKIT_SKDET_VER:'skdet' komutu çalıştırılıyor: bilinmeyen sürüm: $1 ROOTKIT_POSS_FILES_DIRS:Olası rootkit dosya ve klasörleri kontrol ediliyor ROOTKIT_POSS_FILES_DIRS_LOG:Olası rootkit dosya ve klasörlerinin kontrolü çalıştırılıyor ROOTKIT_POSS_FILES_FILE_FOUND:'$1' dosyası bulundu. Olası rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:'$1' klasörü bulundu. Olası rootkit: $2 ROOTKIT_POSS_STRINGS:Olası rootkit dizileri kontrol ediliyor ROOTKIT_POSS_STRINGS_LOG:Olası rootkit dizilerinin kontrolü çalıştırılıyor ROOTKIT_POSS_STRINGS_FOUND:'$2' dosyasında '$1' dizisi bulundu. Olası rootkit: $3 ROOTKIT_MALWARE_START:Zararlı yazılım kontrolü çalıştırılıyor ROOTKIT_MALWARE_SUSP_FILES:Şüpheli dosyalar için çalışan işlemler kontrol ediliyor ROOTKIT_MALWARE_SUSP_FILES_FOUND:Aşağıdaki işlemler şüpheli dosya(lar) kullanıyor: ROOTKIT_MALWARE_SUSP_FILES_FOUND_UID:UID: $1 PID: $2 ROOTKIT_MALWARE_SUSP_FILES_FOUND_CMD:Komut: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_PATH:Yol ismi: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_RTKT:Olası Rootkit: $1 ROOTKIT_MALWARE_HIDDEN_PROCS:Gizli işlemler kontrol ediliyor ROOTKIT_MALWARE_HIDDEN_PROCS_NOUNHIDE:Kullanıcı isteğiyle, '$1' kullanımı devredışı bırakıldı ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_VERS:'unhide' komut sürümü bulundu: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_CMD:'$1' komutu kullanılıyor ROOTKIT_MALWARE_HIDDEN_PROCS_UNH_ERR:'unhide' çalıştırılabilir değil: geçersiz yapılandırılmış testler: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_RUBY_ERR:'unhide.rb' komutu bir hata verdi: ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:Gizli işlemler bulundu: ROOTKIT_MALWARE_DELETED_FILES:Silinen dosyalar için çalışan işlemler kontrol ediliyor ROOTKIT_MALWARE_DELETED_FILES_FOUND:Aşağıdaki işlemler silinen dosya(lar) kullanıyor: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:İşlem: $1 PID: $2 Dosya: $3 ROOTKIT_MALWARE_DELETED_FILES_WL:Beyaz listedeki '$1' dosyasını kullanan '$1' işlemi bulundu. ROOTKIT_MALWARE_LOGIN_BDOOR:Arkakapı girişleri kontrol ediliyor ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:Arkakapı girişlerinin kontrolü çalıştırılıyor ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:'$1' kontrol ediliyor ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:Arkakapı giriş dosyası bulundu: $1 ROOTKIT_MALWARE_SUSP_DIR:Şüpheli klasörler kontrol ediliyor ROOTKIT_MALWARE_SUSP_DIR_LOG:Şüpheli klasörlerin kontrolü çalıştırılıyor ROOTKIT_MALWARE_SUSP_DIR_FOUND:Şüpheli klasör bulundu: $1 ROOTKIT_MALWARE_SFW_INTRUSION:Yazılım ihlalleri kontrol ediliyor ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:'$1' dosyası '$2' dizisini içeriyor. Olası rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Kontrol atlandı - tripwire yüklü değil ROOTKIT_MALWARE_SNIFFER:Algılayıcı günlük/kayıt dosyaları kontrol ediliyor ROOTKIT_MALWARE_SNIFFER_LOG:Algılayıcı günlük/kayıt dosyalarının kontrolü çalıştırılıyor ROOTKIT_MALWARE_SNIFFER_FOUND:Algılayıcı günlük/kayıt dosyası bulundu: $1 ROOTKIT_MALWARE_IPCS:Şüpheli Paylaşılan Bellek segmentleri ROOTKIT_MALWARE_IPCS_DETAILS:İşlem: $1 PID: $2 Sahibi: $3 ROOTKIT_TROJAN_START:Spesifik trojan kontrolleri çalıştırılıyor ROOTKIT_TROJAN_INETD:Etkin inetd servisleri kontrol ediliyor ROOTKIT_TROJAN_INETD_SKIP:Kontrol atlandı - '$1' dosyası mevcut değil. ROOTKIT_TROJAN_INETD_FOUND:Etkin inetd servisi bulundu: $1 ROOTKIT_TROJAN_XINETD:Etkin xinetd servisleri kontrol ediliyor ROOTKIT_TROJAN_XINETD_LOG:Etkin xinetd servislerinin kontrolü çalıştırılıyor ROOTKIT_TROJAN_XINETD_ENABLED:Etkin servisler için, '$1' çalıştırılıyor ROOTKIT_TROJAN_XINETD_INCLUDE:'include $1' direktifi bulundu ROOTKIT_TROJAN_XINETD_INCLUDEDIR:'includedir $1' direktifi bulundu ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:Etkin xinetd servisi bulundu: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:'$1' servisi bulundu: $2 beyaz listesinde. ROOTKIT_TROJAN_APACHE:Apache arkakapısı kontrol ediliyor ROOTKIT_TROJAN_APACHE_SKIPPED:Apache arkakapısı kontrolü atlandı: Apache modül ve yapılandırma klasörleri bulunamadı. ROOTKIT_TROJAN_APACHE_FOUND:Apache arkakapı modülü 'mod_rootme' bulundu: $1 ROOTKIT_OS_START:Spesifik $1 kontrolleri çalıştırılıyor ROOTKIT_OS_SKIPPED:Spesifik test yok ROOTKIT_OS_BSD_SOCKNET:'sockstat' ve 'netstat' komutları kontrol ediliyor ROOTKIT_OS_BSD_SOCKNET_FOUND:'sockstat' ve 'netstat' komutları arasında bulunan farklılıkların çıktısı: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 çıktısı (port kullanımda): $2 ROOTKIT_OS_FREEBSD_KLD:KLD arkakapıları kontrol ediliyor ROOTKIT_OS_FREEBSD_KLD_FOUND:Olası FreeBSD KLD arkakapısı bulundu. 'kldstat -v' komutu '$1' dizisini gösteriyor ROOTKIT_OS_FREEBSD_PKGDB:Paket veritabanı kontrol ediliyor ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Paket veritabanının tutarsızlıkları var gibi görünüyor. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Bu bir güvenlik sorunu olmayabilir, ama 'pkgdb -F' komutunu çalıştırmak sorunu teşhis etmeye yardımcı olabilir. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Paket veritabanının tutarsızlıkları var gibi görünüyor. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Bu bir güvenlik sorunu olmayabilir, ama 'pkg_admin check' komutunu çalıştırmak sorunu teşhis etmeye yardımcı olabilir. ROOTKIT_OS_LINUX_LKM:Yüklü kernel modülleri kontrol ediliyor ROOTKIT_OS_LINUX_LKM_FOUND:'lsmod' komutu ve '/proc/modules' dosyası arasında farklılıklar bulundu: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 çıktısı: $2 ROOTKIT_OS_LINUX_LKM_EMPTY:'lsmod' komutu ya da /proc/modules dosyasından bir çıktı bulunamadı: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:'$1' modül dosyası kayıp. ROOTKIT_OS_LINUX_LKMNAMES:Kernek çekirdek modülleri kontrol ediliyor ROOTKIT_OS_LINUX_LKMNAMES_PATH:Modüllerin yolu olarak '$1' kullanılıyor ROOTKIT_OS_LINUX_LKMNAMES_FOUND:'$1' konumunda bilinen kötü kernel modülü bulundu: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:Kernel modül dizini '$1' kayıp yada boş. CHECK_LOCALHOST:Yerel host kontrol ediliyor... STARTUP_FILES_START:Sistem boot kontrolleri çalıştırılıyor STARTUP_HOSTNAME:Yerel host adı kontrol ediliyor STARTUP_NO_HOSTNAME:Host adı bulunamadı. STARTUP_CHECK_FILES_EXIST:Sistem başlangıç dosyaları kontrol ediliyor STARTUP_NONE_GIVEN:Başlangıç dosya yolları için kullanıcı tercihi 'NONE' STARTUP_CHECK_FILES_MALWARE:Sistem başlangıç dosyaları zararlı yazılım için kontrol ediliyor STARTUP_CHECK_NO_RC_FILES:Sistem başlangıç dosyaları bulunamadı. ACCOUNTS_START:Grup ve hesap kontrolleri çalıştırılıyor ACCOUNTS_PWD_FILE_CHECK:Şifre dosyası kontrol ediliyor ACCOUNTS_FOUND_PWD_FILE:Şifre dosyası bulundu: $1 ACCOUNTS_NO_PWD_FILE:Şifre dosyası '$1' mevcut değil. ACCOUNTS_UID0:Rootla (UID 0) eşdeğer hesaplar kontrol ediliyor ACCOUNTS_UID0_WL:Rootla (UID 0) eşdeğer hesap '$1' bulundu: Beyaz listede. ACCOUNTS_UID0_FOUND:'$1' hesabı rootla eşdeğer (UID = 0) ACCOUNTS_SHADOW_FILE:Gölge dosyası bulundu: $1 ACCOUNTS_SHADOW_TCB:TCB gölge dosyası dizini bulundu: $1 ACCOUNTS_PWDLESS:Şifresiz hesaplar kontrol ediliyor ACCOUNTS_PWDLESS_WL:Şifresiz hesap bulundu: '$1': Beyaz listede. ACCOUNTS_PWDLESS_FOUND:'$1' dosyasında şifresiz hesap bulundu: $2 ACCOUNTS_NO_SHADOW_FILE:Gölge/şifre dosyası bulunamadı. PASSWD_CHANGES:Şifre dosyası değişiklikleri kontrol ediliyor PASSWD_CHANGES_NO_TMP:Şifre dosyası farklılıkları için kontrol yapılamıyor: Varolan şifre dosyasının kopyası yok. PWD_CHANGES_IDADD:'$1' kullanıcısı şifre dosyasına eklenmiştir. PWD_CHANGES_IDREM:'$1' kullanıcısı şifre dosyasından kaldırılmıştır. PWD_CHANGES_FOUND:Şifre dosyasında '$1' kullanıcısına ait değişiklikler bulundu: PWDGRP_CHANGES_UNK:$1 dosyasında bilinmeyen alan bulundu: Eski alan: '$2' Yeni alan: '$3' PWD_CHANGES_PWD:Şifre '$1' iken, '$2' şeklinde değiştirildi PWD_CHANGES_UID:UID '$1' iken, '$2' şeklinde değiştirildi PWD_CHANGES_GID:GID '$1' iken, '$2' şeklinde değiştirildi PWD_CHANGES_COMM:Hesap açıklaması '$1' iken, '$2' şeklinde değiştirildi PWD_CHANGES_HOME:Hesap kök dizini '$1' iken, '$2' şeklinde değiştirildi PWD_CHANGES_SHL:Varsayılan kabuk '$1' iken, '$2' şeklinde değiştirildi GROUP_CHANGES:Grup dosyası değişiklikleri kontrol ediliyor GROUP_CHANGES_NO_FILE:Grup dosyası '$1' mevcut değil. GROUP_CHANGES_NO_TMP:Grup dosyası farklılıkları için kontrol yapılamıyor: Varolan grup dosyasının kopyası yok. GROUP_CHANGES_FOUND:'$1' grubu için grup dosyasında değişiklikler bulundu: GROUP_CHANGES_IDADD:'$1' grubu, grup dosyasına eklenmiştir. GROUP_CHANGES_IDREM:'$1' grubu, grup dosyasından kaldırılmıştır. GROUP_CHANGES_PWD:Grup şifresi '$1' iken, '$2' şeklinde değiştirilmiştir GROUP_CHANGES_GID:Grup numarası '$1' iken, '$2' şeklinde değiştirilmiştir GROUP_CHANGES_GRPREM:'$1' kullanıcısı, grup dosyasından kaldırılmıştır GROUP_CHANGES_GRPADD:'$1' kullanıcısı, grup dosyasına eklenmiştir HISTORY_CHECK:Root hesabı komut geçmişi dosyaları kontrol ediliyor HISTORY_CHECK_FOUND:Root hesabı komut geçmişi dosyası '$1', '$2' konumuna sembolik bir bağlantı SYSTEM_CONFIGS_START:Sistem yapılandırma dosyalarının kontrolü çalıştırılıyor SYSTEM_CONFIGS_FILE:$1 yapılandırma dosyası kontrol ediliyor SYSTEM_CONFIGS_FILE_SSH:Bir SSH yapılandırma dosyası kontrol ediliyor SYSTEM_CONFIGS_FILE_FOUND:$1 '$2' yapılandırma dosyası bulundu: $3 SYSTEM_CONFIGS_SSH_ROOT:SSH root erişim durumu kontrol ediliyor SYSTEM_CONFIGS_SSH_ROOT_FOUND:SSH ve rkhunter yapılandırma aşağıdaki gibi olmalıdır: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH yapılandırma seçeneği 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter yapılandırma seçeneği 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:SSH yapılandırma seçeneği 'PermitRootLogin' ayarlanmamış. SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:Varsayılan değer root erişimine izin vermek için, 'yes' olabilir. SYSTEM_CONFIGS_SSH_PROTO:SSH protokolü v1 durumu kontrol ediliyor SYSTEM_CONFIGS_SSH_PROTO_DIFF1:SSH yapılandırma seçeneği 'Protocol': $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF2:Rkhunter yapılandırma seçeneği 'ALLOW_SSH_PROT_V1': $1 SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:SSH yapılandırma seçeneği 'Protocol' henüz ayarlanmamış. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:Protokol sürüm 1'e izin vermek için, varsayılan değer '2,1' olabilir. SYSTEM_CONFIGS_SYSLOG:Çalışan bir sistem kayıtlama süreci kontrol ediliyor SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:Çalışan bir sistem kayıtlama süreci bulunamadı. SYSTEM_CONFIGS_SYSLOG_DAEMON:Çalışan bir '$1' süreci bulundu. SYSTEM_CONFIGS_SYSLOG_NO_FILE:Syslog süreci çalışıyor, fakat hiçbir yapılandırma dosyası bulunamadı. SYSTEM_CONFIGS_SYSLOG_REMOTE:Syslog uzak günlük/kayıtlama durumu kontrol ediliyor SYSTEM_CONFIGS_SYSLOG_REMOTE_LOG:Yapılandırma dosyası uzak günlük/kayıtlamaya izin veriyor: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter yapılandırma seçeneği 'ALLOW_SYSLOG_REMOTE_LOGGING' etkinleştirilmiş. FILESYSTEM_START:Dosya sistemi kontrolü çalıştırılıyor FILESYSTEM_DEV_CHECK:Şüpheli dosya tipleri için '/dev' kontrol ediliyor FILESYSTEM_DEV_CHECK_NO_DEV:'/dev' mevcut değil. FILESYSTEM_DEV_FILE_WL:'$1' dosyası bulundu: Beyaz listede. FILESYSTEM_DEV_FILE_FOUND:${1} dizininde şüpheli dosya türleri bulundu: FILESYSTEM_HIDDEN_DIR_WL:Gizli klasör bulundu: '$1': Beyaz listede. FILESYSTEM_HIDDEN_FILE_WL:Gizli dosya bulundu: '$1': Beyaz listede. FILESYSTEM_HIDDEN_CHECK:Gizli dosya ve klasörler kontrol ediliyor FILESYSTEM_HIDDEN_DIR_FOUND:Gizli klasör bulundu: '$1' FILESYSTEM_HIDDEN_FILE_FOUND:Gizli dosya bulundu: '$1' FILESYSTEM_LOGFILE_MISSING:Kayıp kayıt dosyaları kontrol ediliyor FILESYSTEM_LOGFILE_MISSING_FOUND:'$1' kayıt dosyası eksik. FILESYSTEM_LOGFILE_EMPTY:Boş kayıt dosyaları kontrol ediliyor FILESYSTEM_LOGFILE_EMPTY_FOUND:'$1' kayıt dosyası boş. CHECK_APPS:Uygulama sürümleri kontrol ediliyor... APPS_NONE_FOUND:Bilinen uygulamalar bulunamadı - tüm sürüm kontrolleri atlandı. APPS_DAT_MISSING:Güvensiz uygulama sürümleri dosyası kayıp yada boş: $1 APPS_DAT_MISSING:Varsayılan dosyayı sıfırlamak için 'rkhunter --update' komutunu çalıştırın. APPS_DAT_NOTAFILE:Güvensiz uygulama sürümleri dosyası bir dosya değil: $1 APPS_NOT_FOUND:'$1' uygulaması bulunamadı. APPS_CHECK:$1 sürümü kontrol ediliyor APPS_CHECK_WL:'$1' uygulaması bulundu: Beyaz listede. APPS_CHECK_VERSION_UNKNOWN:'$1' sürüm numarası alınamadı. APPS_CHECK_VERSION_FOUND:'$1' uygulaması (sürüm: '$2') bulundu. APPS_CHECK_VERSION_WL:'$1' uygulaması (sürüm: '$2') bulundu: Bu sürüm beyaz listede. APPS_CHECK_WHOLE_VERSION_USED:'$1' sürüm numarası alınamadı: Sürüm seçeneği '$2' veriyor APPS_CHECK_FOUND:'$1' uygulaması (sürüm: '$2'), güncel değil ve bu muhtemel bir güvenlik riski. APPS_TOTAL_COUNT:Uygulamalar kontrol edildi: $1, $2 dışında CHECK_NETWORK:Ağ kontrol ediliyor... NETWORK_PORTS_START:Ağın portlarının kontrolü çalıştırılıyor NETWORK_PORTS_BACKDOOR:Arkakapı portları kontrol ediliyor NETWORK_PORTS_BACKDOOR_LOG:Arkakapı portlarının kontrolü çalıştırılıyor NETWORK_PORTS_FILE_MISSING:Arkakapı portları dosyası kayıp yada boş: $1 NETWORK_PORTS_FILE_MISSING:Varsayılan dosyayı sıfırlamak için 'rkhunter --update' komutunu çalıştırın. NETWORK_PORTS_FILE_NOTAFILE:Bilinen arkakapı portları dosyası bir dosya değil: $1 NETWORK_PORTS_UNKNOWN_NETSTAT:Tüm arkakapı port kontrolleri atlandı. NETWORK_PORTS_UNKNOWN_NETSTAT:'netstat' komut biçimi bu İ/S ile bilinmiyor. NETWORK_PORTS_ENABLE_TRUSTED:Port beyaz listesi için güvenilir yollar etkinleştiriliyor. NETWORK_PORTS_BACKDOOR_CHK:$2 nolu $1 portu kontrol ediliyor NETWORK_PORTS_PATH_WHITELIST:Ağın $2 nolu $1 portu '$3' tarafından kullanılıyor: yol beyaz listede. NETWORK_PORTS_TRUSTED_WHITELIST:Ağın $2 nolu $1 portu '$3' tarafından kullanılıyor: yol güvenilir. NETWORK_PORTS_PORT_WHITELIST:Ağın $2 nolu $1 portu bulundu: port beyaz listede. NETWORK_PORTS_BKDOOR_FOUND:Ağın $2 nolu $1 portu, [$3] tarafından kullanılıyor. Olası rootkit: $4 NETWORK_PORTS_BKDOOR_FOUND:Kontrol etmek için 'lsof -i' ya da 'netstat -an' komutunu uygulayın. NETWORK_HIDDEN_PORTS:Gizli portlar kontrol ediliyor NETWORK_HIDDEN_PORTS_FOUND:Gizli portlar bulundu: NETWORK_HIDDEN_PORTS_CHK:$2 nolu $1 portu NETWORK_HIDDEN_PORTS_CHK_NAME:$2 nolu $1 portu $3 tarafından kullanılıyor NETWORK_HIDDEN_PORTS_PATH_WHITELIST:Gizli $2 nolu $1 portu $3 tarafından kullanılıyor: yol beyaz listede. NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:Gizli $2 nolu $1 portu '$3' tarafından kullanılıyor: yol güvenilir. NETWORK_HIDDEN_PORTS_PORT_WHITELIST:Gizli $2 nolu $1 portu bulundu: port beyaz listede. NETWORK_INTERFACE_START:Ağ arayüzlerinin kontrolleri çalıştırılıyor NETWORK_PROMISC_WLIST:Ağ arayüzleri karşık modda kullanıma izinli: $1 NETWORK_PROMISC_CHECK:Karışık arayüzler kontrol ediliyor NETWORK_PROMISC_NO_IFCONF_IP:Karışık ağ arayüzü kontrolü atlandı - 'ifconfig' yada 'ip' komutu bulunamıyor. NETWORK_PROMISC_NO_CMD:'$1' komutu kullanılarak yapılan karışık ağ arayüzü kontrolü atlandı - '$1' komutu bulunamadı. '$2' komutu kullanılıyor. NETWORK_PROMISC_IF:Olası karışık arayüzler: NETWORK_PROMISC_IF_1:'ifconfig' komutu çıktısı: NETWORK_PROMISC_IF_2:'ip' komutu çıktısı: NETWORK_PACKET_CAP_CHECK:Paket yakalama uygulamaları kontrol ediliyor NETWORK_PACKET_CAP_CHECK_NO_FILE:Paket yakalama uygulama kontrolü atlandı - '$1' dosyası kayıp. NETWORK_PACKET_CAP_FOUND:'$1' işlemi (PID $2) ağı dinliyor. NETWORK_PACKET_CAP_WL:'$1' işlemi bulundu: Beyaz listede. SHARED_LIBS_START:'paylaşılan kütüphaneler' kontrolü çalıştırılıyor SHARED_LIBS_PRELOAD_VAR:Önceden yüklenmiş değişkenler kontrol ediliyor SHARED_LIBS_PRELOAD_VAR_FOUND:Önceden yüklenmiş değişken(ler) bulundu: $1 SHARED_LIBS_PRELOAD_FILE:Önceden yüklenmiş kütüphaneler kontrol ediliyor SHARED_LIBS_PRELOAD_LIB_FOUND:Önceden yüklenmiş paylaşılan kütüphane bulundu: $1 SHARED_LIBS_PRELOAD_FILE_FOUND:Önceden yüklenmiş dosya kütüphanesi bulundu: $1 SHARED_LIBS_PRELOAD_LIB_WLIST:FÖnceden yüklenmiş paylaşılan kütüphane bulundu '$1': Beyaz listede. SHARED_LIBS_PATH:LD_LIBRARY_PATH değişkeni kontrol ediliyor SHARED_LIBS_PATH_BAD:LD_LIBRARY_PATH çevre değişkeni ayarlandı ve bu durum ikili dosyaları etkileyebilir: $1 şeklinde ayarlandı SUSPSCAN_CHECK:Şüpheli içerikli dosyalar kontrol ediliyor SUSPSCAN_DIR_NOT_EXIST:'$1' dizini mevcut değil. SUSPSCAN_INSPECT:'$1' dosyası (skor: $2) biraz şüheli içerik içeriyor ve kontrol edilmeli. SUSPSCAN_START:Şüpheli içerikli dosyaların kontrolü çalıştırılıyor SUSPSCAN_DIRS:Kontrol dizinleri: $1 SUSPSCAN_NO_DIRS:Belirlenen dizin yok: varsayılanlar kullanılıyor ($1) SUSPSCAN_TEMP:Kullanılan geçici dizin: $1 SUSPSCAN_NO_TEMP:Belirlenen geçici dizin yok: varsayılan kullanılıyor ($1) SUSPSCAN_SIZE:Kontrol için maksimum dosya boyutu (byte olarak): $1 SUSPSCAN_NO_SIZE:Maksimum dosya boyutu belirlenmedi: varsayılan kullanılıyor ($1) SUSPSCAN_THRESH:Skor eşiği $1 şeklinde ayarlandı SUSPSCAN_NO_THRESH:Skor eşiği belirlenmedi: varsayılan kullanılıyor ($1) SUSPSCAN_DIR_CHECK:Dizin kontrol ediliyor: '$1' SUSPSCAN_FILE_CHECK:Dosya kontrol edildi: Adı: '$1' Skor: $2 SUSPSCAN_FILE_CHECK_DEBUG:Dosya kontrol edildi: Adı: '$1' Skor: $2 Liste başı: $3 Hit: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:Dosya yok sayıldı: boş: '$1' SUSPSCAN_FILE_SKIPPED_LINK:Dosya yok sayıldı: sembolik bağlantı: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:Dosya yok sayıldı: yanlış tip: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:Dosya yok sayıldı: çok büyük: '$1' SUSPSCAN_FILE_LINK_CHANGE:Sembolik bağlantı bulundu: '$1' -> '$2' SUSPSCAN_DAT_MISSING:Şüpheli içeriğinin veri dosyası eksik veya boş: $1 SUSPSCAN_DAT_MISSING:Varsayılan dosyayı onarmak için 'rkhunter --update' komutunu çalıştırın. SUSPSCAN_DAT_NOTAFILE:Şüpheli içeriğinin veri dosyası bir dosya değil: $1 LIST_TESTS:Test isimleri: LIST_GROUPED_TESTS:Testlerin gruplanmış hali: LIST_LANGS:Geçerli diller: LIST_PERL:Perl modülü kurulum durumu: LIST_RTKTS:Kontrol edilen rootkitler: LOCK_USED:Kilitleme kullanımda: zaman aşımı $1 saniye LOCK_UNUSED:Kilitleme kullanımda değil LOCK_WAIT:Kilit dosyası bekleniyor LOCK_FAIL:Kilit dosyası alınamadı: rkhunter çalışmadı! rkhunter-1.4.2/files/rkhunter.conf0000644000000000000000000012657112271026317015706 0ustar rootroot# # This is the main configuration file for Rootkit Hunter. # # You can modify this file directly, or you can create a local configuration # file. The local file must be named 'rkhunter.conf.local', and must reside # in the same directory as this file. Alternatively you can create a directory, # named 'rkhunter.d', which also must be in the same directory as this # configuration file. Within the 'rkhunter.d' directory you can place further # configuration files. There is no restriction on the file names used, other # than they must end in '.conf'. # # Please modify the configuration file(s) to your own requirements. It is # recommended that the command 'rkhunter -C' is run after any changes have # been made. # # Please review the documentation before posting bug reports or questions. # To report bugs, obtain updates, or provide patches or comments, please go # to: http://rkhunter.sourceforge.net # # To ask questions about rkhunter, please use the 'rkhunter-users' mailing list. # Note that this is a moderated list, so please subscribe before posting. # # In the configuration files, lines beginning with a hash (#), and blank lines, # are ignored. Also, end-of-line comments are not supported. # # Any of the configuration options may appear more than once. However, several # options only take one value, and so the last one seen will be used. Some # options are allowed to appear more than once, and the text describing the # option will say if this is so. These configuration options will, in effect, # have their values concatenated together. To delete a previously specified # option list, specify the option with no value (that is, a null string). # # Some of the options are space-separated lists, others, typically those # specifying pathnames, are newline-separated lists. These must be entered # as one item per line. Quotes must not be used to surround the pathname. # # For example, to specify two pathnames, '/tmp/abc' and '/tmp/xyz', for an # option: XXX=/tmp/abc (correct) # XXX=/tmp/xyz # # XXX="/tmp/abc" (incorrect) # XXX="/tmp/xyz" # # XXX=/tmp/abc /tmp/xyz (incorrect) # or XXX="/tmp/abc /tmp/xyz" (incorrect) # or XXX="/tmp/abc" "/tmp/xyz" (incorrect) # # The last three examples are being configured as space-separated lists, # which is incorrect, generally, for options specifying pathnames. They # should be configured with one entry per line as in the first example. # # If wildcard characters (globbing) are allowed for an option, then the # text describing the option will say so. # # Space-separated lists may be enclosed by quotes, although they are not # required. If they are used, then they must only appear at the start and # end of the list, not in the middle. # # For example: XXX=abc def gh (correct) # XXX="abc def gh" (correct) # XXX="abc" "def" "gh" (incorrect) # # Space-separated lists may also be entered simply as one entry per line. # # For example: XXX=abc (correct) # XXX=def # XXX="gh" # # If a configuration option is never set, then the program will assume a # default value. The text describing the option will state the default value. # If there is no default, then rkhunter will calculate a value or pathname # to use. # # # If this option is set to '1', it specifies that the mirrors file # ('mirrors.dat'), which is used when the '--update' and '--versioncheck' # options are used, is to be rotated. Rotating the entries in the file allows # a basic form of load-balancing between the mirror sites whenever the above # options are used. # # If the option is set to '0', then the mirrors will be treated as if in a # priority list. That is, the first mirror listed will always be used first. # The second mirror will only be used if the first mirror fails, the third # mirror will only be used if the second mirror fails, and so on. # # If the mirrors file is read-only, then the '--versioncheck' command-line # option can only be used if this option is set to '0'. # # The default value is '1'. # #ROTATE_MIRRORS=1 # # If this option is set to '1', it specifies that when the '--update' option is # used, then the mirrors file is to be checked for updates as well. If the # current mirrors file contains any local mirrors, these will be prepended to # the updated file. If this option is set to '0', the mirrors file can only be # updated manually. This may be useful if only using local mirrors. # # The default value is '1'. # #UPDATE_MIRRORS=1 # # The MIRRORS_MODE option tells rkhunter which mirrors are to be used when # the '--update' or '--versioncheck' command-line options are given. # Possible values are: # 0 - use any mirror # 1 - only use local mirrors # 2 - only use remote mirrors # # Local and remote mirrors can be defined in the mirrors file by using the # 'local=' and 'remote=' keywords respectively. # # The default value is '0'. # #MIRRORS_MODE=0 # # Email a message to this address if a warning is found when the system is # being checked. Multiple addresses may be specified simply be separating # them with a space. To disable the option, simply set it to the null string # or comment it out. # # The option may be specified more than once. # # The default value is the null string. # # Also see the MAIL_CMD option. # #MAIL-ON-WARNING=me@mydomain root@mydomain # # This option specifies the mail command to use if MAIL-ON-WARNING is set. # # NOTE: Double quotes are not required around the command, but are required # around the subject line if it contains spaces. # # The default is to use the 'mail' command, with a subject line # of '[rkhunter] Warnings found for ${HOST_NAME}'. # #MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" # # This option specifies the directory to use for temporary files. # # NOTE: Do not use '/tmp' as your temporary directory. Some important files # will be written to this directory, so be sure that the directory permissions # are secure. # # The installer program will set the default directory. If this default is # subsequently commented out or removed, then the program will assume a # default directory beneath the installation directory. # #TMPDIR=/var/lib/rkhunter/tmp # # This option specifies the database directory to use. # # The installer program will set the default directory. If this default is # subsequently commented out or removed, then the program will assume a # default directory beneath the installation directory. # #DBDIR=/var/lib/rkhunter/db # # This option specifies the script directory to use. # # The installer program will set the default directory. If this default is # subsequently commented out or removed, then the program will not run. # #SCRIPTDIR=/usr/local/lib/rkhunter/scripts # # This option can be used to modify the command directory list used by rkhunter # to locate commands (that is, its PATH). By default this will be the root PATH, # and an internal list of some common command directories. # # Any directories specified here will, by default, be appended to the default # list. However, if a directory name begins with the '+' character, then that # directory will be prepended to the list (that is, it will be put at the start # of the list). # # This is a space-separated list of directory names. The option may be # specified more than once. # # The default value is based on the root account PATH environment variable. # #BINDIR=/bin /usr/bin /sbin /usr/sbin #BINDIR=+/usr/local/bin +/usr/local/sbin # # This option specifies the default language to use. This should be similar to # the ISO 639 language code. # # NOTE: Please ensure that the language you specify is supported. # For a list of supported languages use the following command: # # rkhunter --lang en --list languages # # The default language is 'en' (English). # #LANGUAGE=en # # This option is a space-separated list of the languages that are to be updated # when the '--update' option is used. If unset, then all the languages will be # updated. If none of the languages are to be updated, then set this option to # just 'en'. # # The default language, specified by the LANGUAGE option, and the English (en) # language file will always be updated regardless of this option. # # This option may be specified more than once. # # The default value is the null string, indicating that all the language files # will be updated. # #UPDATE_LANG="" # # This option specifies the log file pathname. The file will be created if it # does not initially exist. If the option is unset, then the program will # display a message each time it is run saying that the default value is being # used. # # The default value is '/var/log/rkhunter.log'. # LOGFILE=/var/log/rkhunter.log # # Set this option to '1' if the log file is to be appended to whenever rkhunter # is run. A value of '0' will cause a new log file to be created whenever the # program is run. # # The default value is '0'. # #APPEND_LOG=0 # # Set the following option to '1' if the log file is to be copied when rkhunter # finishes and an error or warning has occurred. The copied log file name will # be appended with the current date and time (in YYYY-MM-DD_HH:MM:SS format). # For example: rkhunter.log.2009-04-21_00:57:51 # If the option value is '0', then the log file will not be copied regardless # of whether any errors or warnings occurred. # # The default value is '0'. # #COPY_LOG_ON_ERROR=0 # # Set the following option to enable the rkhunter check start and finish times # to be logged by syslog. Warning messages will also be logged. The value of # the option must be a standard syslog facility and priority, separated by a # dot. For example: # # USE_SYSLOG=authpriv.warning # # Setting the value to 'NONE', or just leaving the option commented out, # disables the use of syslog. # # The default value is not to use syslog. # #USE_SYSLOG=authpriv.notice # # Set the following option to '1' if the second colour set is to be used. This # can be useful if your screen uses black characters on a white background # (for example, a PC instead of a server). A value of '0' will cause the default # colour set to be used. # # The default value is '0'. # #COLOR_SET2=0 # # Set the following option to '0' if rkhunter should not detect if X is being # used. If X is detected as being used, then the second colour set will # automatically be used. If set to '1', then the use of X will be detected. # # The default value is '0'. # AUTO_X_DETECT=1 # # Set the following option to '1' if it is wanted that any 'Whitelisted' results # are shown in white rather than green. For colour set 2 users, setting this # option will cause the result to be shown in black. Setting the option to '0' # causes whitelisted results to be displayed in green. # # The default value is '0'. # #WHITELISTED_IS_WHITE=0 # # The following option is checked against the SSH configuration file # 'PermitRootLogin' option. A warning will be displayed if they do not match. # However, if a value has not been set in the SSH configuration file, then a # value here of 'unset' can be used to avoid warning messages. # # The default value is 'no'. # #ALLOW_SSH_ROOT_USER=no # # Set this option to '1' to allow the use of the SSH-1 protocol, but note # that theoretically it is weaker, and therefore less secure, than the # SSH-2 protocol. Do not modify this option unless you have good reasons # to use the SSH-1 protocol (for instance for AFS token passing or Kerberos4 # authentication). If the 'Protocol' option has not been set in the SSH # configuration file, then a value of '2' may be set here in order to # suppress a warning message. A value of '0' indicates that the use of # SSH-1 is not allowed. # # The default value is '0'. # #ALLOW_SSH_PROT_V1=0 # # This setting tells rkhunter the directory containing the SSH configuration # file. This setting will be worked out by rkhunter, and so should not # usually need to be set. # # This option has no default value. # #SSH_CONFIG_DIR=/etc/ssh # # These two options determine which tests are to be performed. The ENABLE_TESTS # option can use the word 'ALL' to refer to all of the available tests. The # DISABLE_TESTS option can use the word 'NONE' to mean that no tests are # disabled. The list of disabled tests is applied to the list of enabled tests. # # Both options are space-separated lists of test names, and both options may # be specified more than once. The currently available test names can be seen # by using the command 'rkhunter --list tests'. # # The supplied configuration file has some tests already disabled, and these # are tests that will be used only occasionally, can be considered 'advanced' # or that are prone to produce more than the average number of false-positives. # # Please read the README file for more details about enabling and disabling # tests, the test names, and how rkhunter behaves when these options are used. # # The default values are to enable all tests and to disable none. However, if # either of the options below are specified, then they will override the # program defaults. # ENABLE_TESTS=ALL DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps # # The HASH_CMD option can be used to specify the command to use for the file # properties hash value check. It can be specified as just the command name or # the full pathname. If just the command name is given, and it is one of MD5, # SHA1, SHA224, SHA256, SHA384 or SHA512, then rkhunter will first look for the # relevant command, such as 'sha256sum', and then for 'sha256'. If neither of # these are found, it will then look to see if a perl module has been installed # which will support the relevant hash function. To see which perl modules have # been installed use the command 'rkhunter --list perl'. # # Systems using prelinking are restricted to using either the SHA1 or MD5 # function. # # A value of 'NONE' (in uppercase) can be specified to indicate that no hash # function should be used. Rkhunter will detect this, and automatically disable # the file properties hash check test. # # Examples: # For Solaris 9 : HASH_CMD=gmd5sum # For Solaris 10: HASH_CMD=sha1sum # For AIX (>5.2): HASH_CMD="csum -hMD5" # For NetBSD : HASH_CMD="cksum -a sha512" # # NOTE: Whenever this option is changed 'rkhunter --propupd' must be run. # # The default value is the SHA1 function, or MD5 if SHA1 cannot be found. # # Also see the HASH_FLD_IDX option. # #HASH_CMD=sha1sum # # The HASH_FLD_IDX option specifies which field from the HASH_CMD command # output contains the hash value. The fields are assumed to be space-separated. # # The option value must be an integer greater than zero. # # The default value is '1', but for *BSD users rkhunter will, by default, use a # value of '4' if the HASH_CMD option has not been set. # #HASH_FLD_IDX=4 # # The PKGMGR option tells rkhunter to use the specified package manager to # obtain the file property information. This is used when updating the file # properties file ('rkhunter.dat'), and when running the file properties check. # For RedHat/RPM-based systems, 'RPM' can be used to get information from the # RPM database. For Debian-based systems 'DPKG' can be used, for *BSD systems # 'BSD' can be used, and for Solaris systems 'SOLARIS' can be used. No value, # or a value of 'NONE', indicates that no package manager is to be used. # # The current package managers, except 'SOLARIS', store the file hash values # using an MD5 hash function. The Solaris package manager includes a checksum # value, but this is not used by default (see USE_SUNSUM below). # # The 'DPKG' and 'BSD' package managers only provide MD5 hash values. # The 'RPM' package manager additionally provides values for the inode, # file permissions, uid, gid and other values. The 'SOLARIS' also provides # most of the values, similar to 'RPM', but not the inode number. # # For any file not part of a package, rkhunter will revert to using the # HASH_CMD hash function instead. # # NOTE: Whenever this option is changed 'rkhunter --propupd' must be run. # # The default value is 'NONE'. # # Also see the PKGMGR_NO_VRFY and USE_SUNSUM options. # #PKGMGR=NONE # # It is possible that a file, which is part of a package, may have been # modified by the administrator. Typically this occurs for configuration # files. However, the package manager may list the file as being modified. # For the RPM package manager this may well depend on how the package was # built. This option specifies a pathname which is to be exempt from the # package manager verification process, and which will be treated # as a non-packaged file. As such, the file properties are still checked. # # This option only takes effect if the PKGMGR option has been set, and # is not 'NONE'. # # This option may be specified more than once. # # NOTE: Whenever this option is changed 'rkhunter --propupd' must be run. # # The default value is the null string. # #PKGMGR_NO_VRFY="" # # If the 'SOLARIS' package manager is used, then it is possible to use the # checksum (hash) value stored for a file. However, this is only a 16-bit # checksum, and as such is not nearly as secure as, for example, a SHA-2 value. # If the option is set to '0', then the checksum is not used and the hash # function given by HASH_CMD is used instead. To enable this option, set its # value to '1'. The Solaris 'sum' command must be present on the system if this # option is used. # # The default value is '0'. # #USE_SUNSUM=0 # # This option can be used to tell rkhunter to ignore any prelink dependency # errors for the given commands. However, a warning will also be issued if the # error does not occur for a given command. As such this option must only be # used on commands which experience a persistent problem. # # Short-term prelink dependency errors can usually be resolved simply by # running the 'prelink' command on the given pathname. # # This is a space-separated list of command pathnames. The option can be # specified more than once. # # NOTE: Whenever this option is changed 'rkhunter --propupd' must be run. # # The default value is the null string. # #IGNORE_PRELINK_DEP_ERR=/bin/ps /usr/bin/top # # These options specify a command, directory or file pathname which will be # included or excluded in the file properties checks. # # For the USER_FILEPROP_FILES_DIRS option, simple command names - for example, # 'top' - and directory names are added to the internal list of directories to # be searched for each of the command names in the command list. Additionally, # full pathnames to files, which need not be commands, may be given. Any files # or directories which are already part of the internal lists will be silently # ignored from the configuration. # # For the USER_FILEPROP_FILES_DIRS option, wildcards are allowed, except for # simple command names. # For example, 'top*' cannot be given, but '/usr/bin/top*' is allowed. # # Specific files may be excluded by using the EXCLUDE_USER_FILEPROP_FILES_DIRS # option. Wildcards may be used with this option. # # By combining these two options, and using wildcards, whole directories can be # excluded. For example: # # USER_FILEPROP_FILES_DIRS=/etc/* # USER_FILEPROP_FILES_DIRS=/etc/*/* # EXCLUDE_USER_FILEPROP_FILES_DIRS=/etc/rc?.d/* # # This will look for files in the first two directory levels of '/etc'. However, # anything in '/etc/rc0.d', '/etc/rc1.d', '/etc/rc2.d' and so on, will be # excluded. # # NOTE: Only files and directories which have been added by the user, and are # not part of the internal lists, can be excluded. So, for example, it is not # possible to exclude the 'ps' command by using '/bin/ps'. These will be # silently ignored from the configuration. # # Both options can be specified more than once. # # NOTE: Whenever these options are changed 'rkhunter --propupd' must be run. # # The default value for both options is the null string. # #USER_FILEPROP_FILES_DIRS=top #USER_FILEPROP_FILES_DIRS=/usr/local/sbin #USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf #USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf.local #USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/* #USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/i18n/* #EXCLUDE_USER_FILEPROP_FILES_DIRS=/opt/ps* #EXCLUDE_USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/mirrors.dat #EXCLUDE_USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/rkhunter* # # This option whitelists files and directories from existing, or not existing, # on the system at the time of testing. This option is used when the # configuration file options themselves are checked, and during the file # properties check, the hidden files and directories checks, and the filesystem # check of the '/dev' directory. # # This option may be specified more than once, and may use wildcards. # Be aware though that this is probably not what you want to do as the # wildcarding will be expanded after files have been deleted. As such # deleted files won't be whitelisted if wildcarded. # # NOTE: The user must take into consideration how often the file will appear # and disappear from the system in relation to how often rkhunter is run. If # the file appears, and disappears, too often then rkhunter may not notice # this. All it will see is that the file has changed. The inode-number and DTM # will certainly be different for each new file, and rkhunter will report this. # # The default value is the null string. # #EXISTWHITELIST="" # # Whitelist various attributes of the specified file. The attributes are those # of the 'attributes' test. Specifying a file name here does not include it # being whitelisted for the write permission test (see below). # # This option may be specified more than once, and may use wildcard characters. # # The default value is the null string. # #ATTRWHITELIST=/usr/bin/date # # Allow the specified file to have the 'others' (world) permission have the # write-bit set. For example, files with permissions r-xr-xrwx or rwxrwxrwx. # # This option may be specified more than once, and may use wildcard characters. # # The default value is the null string. # #WRITEWHITELIST=/usr/bin/date # # Allow the specified file to be a script. # # This option may be specified more than once, and may use wildcard characters. # # The default value is the null string. # #SCRIPTWHITELIST=/usr/bin/groups # # Allow the specified file to have the immutable attribute set. # # This option may be specified more than once, and may use wildcard characters. # # The default value is the null string. # #IMMUTWHITELIST=/sbin/ifdown # # If this option is set to '1', then the immutable-bit test is reversed. That # is, the files are expected to have the bit set. A value of '0' means that the # immutable-bit should not be set. # # The default value is '0'. # #IMMUTABLE_SET=0 # # Allow the specified hidden directory to be whitelisted. # # This option may be specified more than once, and may use wildcard characters. # # The default value is the null string. # #ALLOWHIDDENDIR=/etc/.java #ALLOWHIDDENDIR=/dev/.udev #ALLOWHIDDENDIR=/dev/.udevdb #ALLOWHIDDENDIR=/dev/.mdadm # # Allow the specified hidden file to be whitelisted. # # This option may be specified more than once, and may use wildcard characters. # # The default value is the null string. # #ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz #ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac #ALLOWHIDDENFILE=/usr/bin/.ssh.hmac #ALLOWHIDDENFILE=/usr/lib/.libfipscheck.so.1.1.0.hmac #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac #ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac # # Allow the specified process to use deleted files. The process name may be # followed by a colon-separated list of full pathnames. The process will then # only be whitelisted if it is using one of the given files. For example: # # ALLOWPROCDELFILE=/usr/libexec/gconfd-2:/tmp/abc:/var/tmp/xyz # # This option may be specified more than once. It may also use wildcards, but # only in the file names. # # The default value is the null string. # #ALLOWPROCDELFILE=/sbin/cardmgr #ALLOWPROCDELFILE=/usr/sbin/mysqld:/tmp/ib* # # Allow the specified process to listen on any network interface. # # This option may be specified more than once, and may use wildcard characters. # # The default value is the null string. # #ALLOWPROCLISTEN=/sbin/dhclient #ALLOWPROCLISTEN=/usr/bin/dhcpcd #ALLOWPROCLISTEN=/usr/sbin/tcpdump #ALLOWPROCLISTEN=/usr/sbin/snort-plain # # Allow the specified network interfaces to be in promiscuous mode. # # This is a space-separated list of interface names. The option may be # specified more than once. # # The default value is the null string. # #ALLOWPROMISCIF=eth0 # # This option specifies how rkhunter should scan the '/dev' directory for # suspicious files. The only allowed values are 'THOROUGH' and 'LAZY'. # # A THOROUGH scan will increase the overall runtime of rkhunter. Despite this, # it is highly recommended that this value is used. # # The default value is 'THOROUGH'. # # Also see the ALLOWDEVFILE option. # #SCAN_MODE_DEV=THOROUGH # # Allow the specified file to be present in the '/dev' directory, and not # regarded as suspicious. # # This option may be specified more than once, and may use wildcard characters. # # The default value is the null string. # #ALLOWDEVFILE=/dev/shm/pulse-shm-* #ALLOWDEVFILE=/dev/shm/sem.ADBE_* # # This option is used to indicate if the Phalanx2 test is to perform a basic # check, or a more thorough check. If the option is set to '0', then a basic # check is performed. If it is set to '1', then all the directories in the # '/etc' and '/usr' directories are scanned. # # NOTE: Setting this option to '1' will cause the test to take longer # to complete. # # The default value is '0'. # #PHALANX2_DIRTEST=0 # # This option tells rkhunter where the inetd configuration file is located. # # The default value is the null string. # #INETD_CONF_PATH=/etc/inetd.conf # # This option allows the specified enabled inetd services. # # This is a space-separated list of service names. The option may be specified # more than once. # # For non-Solaris users the simple service name should be used. # For example: # # INETD_ALLOWED_SVC=echo # # For Solaris 9 users the simple service name should also be used, but # if it is an RPC service, then the executable pathname should be used. # For example: # # INETD_ALLOWED_SVC=imaps # INETD_ALLOWED_SVC=/usr/sbin/rpc.metad /usr/sbin/rpc.metamhd # # For Solaris 10 users the service/FMRI name should be used. For example: # # INETD_ALLOWED_SVC=/network/rpc/meta # INETD_ALLOWED_SVC=/network/rpc/metamed # INETD_ALLOWED_SVC=/application/font/stfsloader # INETD_ALLOWED_SVC=/network/rpc-100235_1/rpc_ticotsord # # The default value is the null string. # #INETD_ALLOWED_SVC=echo # # This option tells rkhunter where the xinetd configuration file is located. # # The default value is the null string. # #XINETD_CONF_PATH=/etc/xinetd.conf # # This option allows the specified enabled xinetd services. Whilst it would be # nice to use the service names themselves, at the time of testing we only have # the pathname available. As such, these entries are the xinetd file pathnames. # # This is a space-separated list of service names. The option may be specified # more than once. # # The default value is the null string. # #XINETD_ALLOWED_SVC=/etc/xinetd.d/echo # # This option tells rkhunter the local system startup file pathnames. The # directories will be searched for files. By default rkhunter will try and # determine were the startup files are located. If the option is set to 'NONE', # then certain tests will be skipped. # # This is a space-separated list of file and directory pathnames. The option # may be specified more than once, and may use wildcard characters. # # This option has no default value. # #STARTUP_PATHS=/etc/rc.d /etc/rc.local # # This option tells rkhunter the pathname to the file containing the user # account passwords. This setting will be worked out by rkhunter, and so # should not usually need to be set. Users of TCB shadow files should not # set this option. # # This option has no default value. # #PASSWORD_FILE=/etc/shadow # # This option allows the specified accounts to be root equivalent. These # accounts will have a UID value of zero. The 'root' account does not need # to be listed as it is automatically whitelisted. # # This is a space-separated list of account names. The option may be specified # more than once. # # NOTE: For *BSD systems you will probably need to use this option for the # 'toor' account. # # The default value is the null string. # #UID0_ACCOUNTS=toor rooty # # This option allows the specified accounts to have no password. NIS/YP entries # do not need to be listed as they are automatically whitelisted. # # This is a space-separated list of account names. The option may be specified # more than once. # # The default value is the null string. # #PWDLESS_ACCOUNTS=abc # # This option tells rkhunter the pathname to the syslog configuration file. # This setting will be worked out by rkhunter, and so should not usually need # to be set. A value of 'NONE' can be used to indicate that there is no # configuration file, but that the syslog daemon process may be running. # # This is a space-separated list of pathnames. The option may be specified # more than once. # # This option has no default value. # #SYSLOG_CONFIG_FILE=/etc/syslog.conf # # If this option is set to '1', then the use of syslog remote logging is # permitted. A value of '0' disallows the use of remote logging. # # The default value is '0'. # #ALLOW_SYSLOG_REMOTE_LOGGING=0 # # This option allows the specified applications, or a specific version of an # application, to be whitelisted. If a specific version is to be whitelisted, # then the name must be followed by a colon and then the version number. # For example: # # APP_WHITELIST=openssl:0.9.7d gpg httpd:1.3.29 # # This is a space-separated list of pathnames. The option may be specified # more than once. # # The default value is the null string. # #APP_WHITELIST="" # # Set this option to scan for suspicious files in directories which pose a # relatively higher risk due to user write access. # # Please do not enable the 'suspscan' test by default as it is CPU and I/O # intensive, and prone to producing false positives. Do review all settings # before usage. Also be aware that running 'suspscan' in combination with # verbose logging on, rkhunter's default, will show all ignored files. # # Please consider adding all directories the user the (web)server runs as, # and has write access to, including the document root (e.g: '/var/www') and # log directories (e.g: '/var/log/httpd'). # # This is a space-separated list of directory pathnames. The option may be # specified more than once. # # The default value is the '/tmp' and '/var/tmp' directories. # #SUSPSCAN_DIRS=/tmp /var/tmp # # This option specifies the directory for temporary files used by the # 'suspscan' test. A memory-based directory, such as a tempfs filesystem, is # better (faster). Do not use a directory name that is listed in SUSPSCAN_DIRS # as that is highly likely to cause false-positive results. # # The default value is '/dev/shm'. # #SUSPSCAN_TEMP=/dev/shm # # This option specifies the 'suspscan' test maximum filesize in bytes. Files # larger than this will not be inspected. Do make sure you have enough space # available in your temporary files directory. # # The default value is '1024000'. # #SUSPSCAN_MAXSIZE=10240000 # # This option specifies the 'suspscan' test score threshold. Below this value # no hits will be reported. # # The default value is '200'. # #SUSPSCAN_THRESH=200 # # The following options can be used to whitelist network ports which are known # to have been used by malware. # # The PORT_WHITELIST option is a space-separated list of one or more of two # types of whitelisting. These are: # # 1) a 'protocol:port' pair # 2) an asterisk ('*') # # Only the UDP or TCP protocol may be specified, and the port number must be # between 1 and 65535 inclusive. # # The asterisk can be used to indicate that any executable which rkhunter can # locate as a command, is whitelisted. (Also see BINDIR) # # The PORT_PATH_WHITELIST option specifies one of two types of whitelisting. # These are: # # 1) a pathname to an executable # 2) a combined pathname, protocol and port # # As above, the protocol can only be TCP or UDP, and the port number must be # between 1 and 65535 inclusive. # # Examples: # # PORT_WHITELIST=TCP:2001 UDP:32011 # PORT_PATH_WHITELIST=/usr/sbin/squid # PORT_PATH_WHITELIST=/usr/sbin/squid:TCP:3801 # # NOTE: In order to whitelist a pathname, or use the asterisk option, the # 'lsof' command must be present. # # Both options may be specified more than once. # # The default value for both options is the null string. # #PORT_WHITELIST="" #PORT_PATH_WHITELIST="" # # The following option can be used to tell rkhunter where the operating system # 'release' file is located. This file contains information specifying the # current O/S version. RKH will store this information, and check to see if it # has changed between each run. If it has changed, then the user is warned that # RKH may issue warning messages until RKH has been run with the '--propupd' # option. # # Since the contents of the file vary according to the O/S distribution, RKH # will perform different actions when it detects the file itself. As such, this # option should not be set unless necessary. If this option is specified, then # RKH will assume the O/S release information is on the first non-blank line of # the file. # # This option has no default value. # # Also see the WARN_ON_OS_CHANGE and UPDT_ON_OS_CHANGE options. # #OS_VERSION_FILE=/etc/release # # Set the following option to '0' if you do not want to receive a warning if any # O/S information has changed since the last run of 'rkhunter --propupd'. The # warnings occur during the file properties check. Setting a value of '1' will # cause rkhunter to issue a warning if something has changed. # # The default value is '1'. # #WARN_ON_OS_CHANGE=1 # # Set the following option to '1' if you want rkhunter to automatically run a # file properties update ('--propupd') if the O/S has changed. Detection of an # O/S change occurs during the file properties check. Setting a value of '0' # will cause rkhunter not to do an automatic update. # # WARNING: Only set this option if you are sure that the update will work # correctly. That is, that the database directory is writeable, that a valid # hash function is available, and so on. This can usually be checked simply by # running 'rkhunter --propupd' at least once. # # The default value is '0'. # #UPDT_ON_OS_CHANGE=0 # # The following two options can be used to whitelist files and directories that # would normally be flagged with a warning during the various rootkit and # malware checks. Only existing files and directories can be specified, and # these must be full pathnames not links. # # Additionally, the RTKT_FILE_WHITELIST option may include a string after the # file name (separated by a colon). This will then only whitelist that string # in that file (as part of the malware checks). For example: # # RTKT_FILE_WHITELIST=/etc/rc.local:hdparm # # If the option list includes the filename on its own as well, then the file # will be whitelisted from rootkit checks of the files existence, but still # only the specific string within the file will be whitelisted. For example: # # RTKT_FILE_WHITELIST=/etc/rc.local # RTKT_FILE_WHITELIST=/etc/rc.local:hdparm # # To whitelist a file from the existence checks, but not from the strings # checks, then include the filename on its own and on its own but with just # a colon appended. For example: # # RTKT_FILE_WHITELIST=/etc/rc.local # RTKT_FILE_WHITELIST=/etc/rc.local: # # NOTE: It is recommended that if you whitelist any files, then you include # those files in the file properties check. See the USER_FILEPROP_FILES_DIRS # configuration option. # # Both of these options may be specified more than once. # # For both options the default value is the null string. # #RTKT_DIR_WHITELIST="" #RTKT_FILE_WHITELIST="" # # The following option can be used to whitelist shared library files that would # normally be flagged with a warning during the preloaded shared library check. # These library pathnames usually exist in the '/etc/ld.so.preload' file or in # the LD_PRELOAD environment variable. # # NOTE: It is recommended that if you whitelist any files, then you include # those files in the file properties check. See the USER_FILEPROP_FILES_DIRS # configuration option. # # This option is a space-separated list of library pathnames. The option may be # specified more than once. # # The default value is the null string. # #SHARED_LIB_WHITELIST=/lib/snoopy.so # # To force rkhunter to use the supplied script for the 'stat' or 'readlink' # command the following two options can be used. The value must be set to # 'BUILTIN'. # # NOTE: IRIX users will probably need to enable STAT_CMD. # # For both options the default value is the null string. # #STAT_CMD=BUILTIN #READLINK_CMD=BUILTIN # # In the file properties test any modification date/time is displayed as the # number of epoch seconds. Rkhunter will try and use the 'date' command, or # failing that the 'perl' command, to display the date and time in a # human-readable format as well. This option may be used if some other command # should be used instead. The given command must understand the '%s' and # 'seconds ago' options found in the GNU 'date' command. # # A value of 'NONE' may be used to request that only the epoch seconds be shown. # A value of 'PERL' may be used to force rkhunter to use the 'perl' command, if # it is present. # # This option has no default value. # #EPOCH_DATE_CMD="" # # This setting tells rkhunter the directory containing the available Linux # kernel modules. This setting will be worked out by rkhunter, and so should # not usually need to be set. # # This option has no default value. # #MODULES_DIR="" # # The following option can be set to a command which rkhunter will use when # downloading files from the Internet - that is, when the '--update' or # '--versioncheck' option is used. The command can take options. # # This allows the user to use a command other than the one automatically # selected by rkhunter, but still one which it already knows about. # For example: # # WEB_CMD=curl # # Alternatively, the user may specify a completely new command. However, note # that rkhunter expects the downloaded file to be written to stdout, and that # everything written to stderr is ignored. For example: # # WEB_CMD="/opt/bin/dlfile --timeout 5m -q" # # *BSD users may want to use the 'ftp' command, provided that it supports the # HTTP protocol: # # WEB_CMD="ftp -o -" # # This option has no default value. # #WEB_CMD="" # # Set the following option to '1' if locking is to be used when rkhunter runs. # The lock is set just before logging starts, and is removed when the program # ends. It is used to prevent items such as the log file, and the file # properties file, from becoming corrupted if rkhunter is running more than # once. The mechanism used is to simply create a lock file in the TMPDIR # directory. If the lock file already exists, because rkhunter is already # running, then the current process simply loops around sleeping for 10 seconds # and then retrying the lock. A value of '0' means not to use locking. # # The default value is '0'. # # Also see the LOCK_TIMEOUT and SHOW_LOCK_MSGS options. # #USE_LOCKING=0 # # If locking is used, then rkhunter may have to wait to get the lock file. # This option sets the total amount of time, in seconds, that rkhunter should # wait. It will retry the lock every 10 seconds, until either it obtains the # lock or the timeout value has been reached. # # The default value is 300 seconds (5 minutes). # #LOCK_TIMEOUT=300 # # If locking is used, then rkhunter may be doing nothing for some time if it # has to wait for the lock. If this option is set to '1', then some simple # messages are echoed to the users screen to let them know that rkhunter is # waiting for the lock. Set this option to '0' if the messages are not to be # displayed. # # The default value is '1'. # #SHOW_LOCK_MSGS=1 # # If this option is set to 'THOROUGH' then rkhunter will search (on a per # rootkit basis) for filenames in all of the directories (as defined by the # result of running 'find / -xdev'). While still not optimal, as it still # searches for only file names as opposed to file contents, this is one step # away from the rigidity of searching in known (evidence) or default # (installation) locations. # # THIS OPTION SHOULD NOT BE ENABLED BY DEFAULT. # # You should only activate this feature as part of a more thorough # investigation, which should be based on relevant best practices and # procedures. # # Enabling this feature implies you have the knowledge to interpret the # results properly. # # The default value is the null string. # #SCANROOTKITMODE=THOROUGH # # The following option can be set to the name(s) of the tests the 'unhide' # command is to use. Options such as '-m' and '-v' may be specified, but will # only take effect when they are seen. The test names are a space-separated # list, and will be executed in the order given. # # This option may be specified more than once. # # The default value is 'sys' in order to maintain compatibility with older # versions of 'unhide'. # #UNHIDE_TESTS=sys # # The following option can be used to set options for the 'unhide-tcp' command. # The options are space-separated. # # This option may be specified more than once. # # The default value is the null string. # #UNHIDETCP_OPTS="" # # If both the C 'unhide', and Ruby 'unhide.rb', programs exist on the system, # then it is possible to disable the execution of one of the programs if # desired. By default rkhunter will look for both programs, and execute each # of them as they are found. If the value of this option is '0', then both # programs will be executed if they are present. A value of '1' will disable # execution of the C 'unhide' program, and a value of '2' will disable the Ruby # 'unhide.rb' program. To disable both programs, then disable the # 'hidden_procs' test. # # The default value is '0'. # #DISABLE_UNHIDE=0 # # This option can be set to either '0' or '1'. If set to '1' then the summary, # shown after rkhunter has run, will display the actual number of warnings # found. If it is set to '0', then the summary will simply indicate that # 'One or more' warnings were found. If no warnings were found, and this option # is set to '1', then a "0" will be shown. If the option is set to '0', then # the words 'No warnings' will be shown. # # The default value is '0'. # #SHOW_SUMMARY_WARNINGS_NUMBER=0 # # This option is used to determine where, if anywhere, the summary scan time is # displayed. A value of '0' indicates that it should not be displayed anywhere. # A value of '1' indicates that the time should only appear on the screen, and a # value of '2' that it should only appear in the log file. A value of '3' # indicates that the time taken should appear both on the screen and in the log # file. # # The default value is '3'. # #SHOW_SUMMARY_TIME=3 # # The two options below may be used to check if a file is missing or empty # (that is, it has a size of zero). The EMPTY_LOGFILES option will also check # if the file is missing, since that can be interpreted as a file of no size. # However, the file will only be reported as missing if the MISSING_LOGFILES # option hasn't already done this. # # Both options are space-separated lists of pathnames, and may be specified # more than once. # # NOTE: Log files are usually 'rotated' by some mechanism. At that time it is # perfectly possible for the file to be either missing or empty. As such these # options may produce false-positive warnings when log files are rotated. # # For both options the default value is the null string. # #EMPTY_LOGFILES="" #MISSING_LOGFILES="" rkhunter-1.4.2/files/signatures/0000755000000000000000000000000012310145053015336 5ustar rootrootrkhunter-1.4.2/files/signatures/RKH_dso.ldb0000644000000000000000000000407712302525726017334 0ustar rootrootRKH_ApacheDSO;Target:0;(0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15&16&17&18&19&20&21&22&23&24&25&26&27&28&29&30&31&32&33&34&35&36&37&38&39&40&41&42&43&44&45&46&47&48&49&50&51&52&53&54&55&56&57);6d6f64756c65207377697463686572;5f434845434b5f5241575f434f4f4b4945;4b45595f434c49454e54;5f434845434b5f534954455f4b45524e454c;5f434845434b5f524546455245525f49535f484f5354;6261736536346465636f6465;786f725f646563727970745f737472696e67;786f725f656e63727970745f737472696e67;5f47454e5f46494c454e414d455f424c41434b4c495354;5f434845434b5f524546455245525f49535f53454f;53495a455f41525241595f53455f52454645524552;5f434845434b5f424f545f555345524147454e54;53495a455f41525241595f42414e5f555345524147454e54;5f4144445f544f5f424c41434b4c495354;5f434845434b5f534954455f41444d494e;53495a455f41525241595f424c41434b4c4953545f555249;434c49454e545f4950;53495a455f41525241595f42414e5f50524f43;5f49535f5355444f4552;53495a455f41525241595f5355444f455253;5f434845434b5f424c41434b4c495354;5f494e4a4543545f534b4950;5f4144445f544f5f574149544c495354;47454e5f46494c454e414d455f574149544c495354;5f53455353494f4e5f44454c455445;47454e5f46494c454e414d455f53455353494f4e;5f53455353494f4e5f4b455947454e;5f5345545f434f4f4b49455f4b4559;5f494e4a4543545f53415645;47454e5f46494c454e414d455f494e4a454354;5f53455353494f4e5f53415645;5f434845434b5f4c4f43414c5f4950;5f53455353494f4e5f4c4f4144;5f494e4a4543545f555044415445;46494c454e414d455f5550444154494e47;5f434845434b5f574149544c495354;5f494e4a4543545f4c4f4144;5f494e4a4543545f444f;53495a455f41525241595f544147535f464f525f494e4a454354;4b45595f584f52;435f4d4f44554c455f56455253494f4e;435f43435f484f5354;435f43435f555249;435f43435f524551554553545f464f524d4154;435f4d41524b45525f4c454654;435f4d41524b45525f5249474854;435f544d505f444952;435f4c4953545f50524546;435f4b45595f434f4f4b49455f4e414d45;435f41525241595f544147535f464f525f494e4a454354;435f41525241595f42414e5f555345524147454e54;435f41525241595f424c41434b4c4953545f555249;435f41525241595f53455f52454645524552;435f41525241595f5355444f455253;435f41525241595f42414e5f50524f43;435f41525241595f42414e5f4c4f43414c5f4950;646c456e67696e65;646c206d6f64756c65207377697463686572 rkhunter-1.4.2/files/signatures/RKH_Glubteba.ldb0000644000000000000000000000023712302525726020266 0ustar rootrootRKH_Glupteba-v1;Target:0;(0&0&2&3&4&5&6&7);757074696d65;646f776e6c696e6b;75706c696e6b;7374617470617373;76657273696f6e;6665617475726573;67756964;636f6d6d656e74 rkhunter-1.4.2/files/signatures/RKH_sniffer.ldb0000644000000000000000000000016712302525727020200 0ustar rootrootRKH_sniffer;Target:0;((0|1)&(2&3));63616e74206f70656e206c6f67;70726f6d697363756f7573;736e6966662e706964;7463702e6c6f67 rkhunter-1.4.2/files/signatures/RKH_shv.ldb0000644000000000000000000000051012302525727017334 0ustar rootrootRKH_SHV4;Target:0;(0&1&2&3&4);2f2e636f6e666967;2f6c69622f6c64642e736f2f746b7073;2f6c69622f6c6962657874;2f7573722f7362696e2f786e747073;696e2e696e657464 RKH_SHV5;Target:0;(0&1&2&3&4&5&6);2f7362696e2f7474796c6f6164;2f7362696e2f7474796d6f6e;6675636b6e7574;6c616d65727375636b73;70726f70657274206f66205348;736b696c6c7a;7474796c6f6164 rkhunter-1.4.2/files/signatures/RKH_libkeyutils1.ldb0000644000000000000000000000031112302525727021154 0ustar rootrootRKH_libkeyutils.so.1.9-v1;Target:0;(((0&1&2)|(3&4&5))&((6&7&8)|(9&10)));58636174;58766572;58626e64;73686d6174;73686d6474;73686d676574;62696e64;636f6e6e656374;736f636b6574;737973636f6e66;746d7066696c65 rkhunter-1.4.2/files/signatures/RKH_libkeyutils.ldb0000644000000000000000000000046612302525727021106 0ustar rootrootRKH_libkeyutils.1.9.so;Target:0;(0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15&16);737973636f6e66;746d7066696c65;77616974706964;736f636b6574;636f6e6e656374;73686d6174;73686d6474;73686d676574;73656d676574;73656d74696d65646f70;736c656570;737072696e7466;7372616e64;7374646f7574;737472636174;737472637079;5f5f737472647570 rkhunter-1.4.2/files/signatures/RKH_sshd.ldb0000644000000000000000000000120512302525727017477 0ustar rootrootRKH_Trojaned_SSHd1;Target:0;((0&1)|(2&3));2f7573722f696e636c7564652f67706d322e68;2f7573722f696e636c7564652f6f70656e73736c;4465636f6465537472696e67;456e636f6465537472696e67 RKH_Trojaned_SSHd1a;Target:0;((0|1)&(2|3));2f7573722f696e636c7564652f67706d322e68;2f7573722f696e636c7564652f6f70656e73736c;4465636f6465537472696e67;456e636f6465537472696e67 RKH_Trojaned_SSHd2;Target:0;((0&1)|(2&3));4c6f6750617373;4c6f67696e5f436865636b;6261636b646f6f722e68;6261636b646f6f725f616374697665 RKH_Trojaned_SSHd3;Target:0;(0&1&2);696e636c756465732e68;6d616769635f706173735f616374697665;7063737a50617373 RKH_Trojaned_SSHd4;Target:0;0;2b5c242e2a5c24212e2a21215c24 rkhunter-1.4.2/files/signatures/RKH_xsyslog.ldb0000644000000000000000000000163312302525727020253 0ustar rootrootRKH_xsyslog;Target:0;(0&1&2&4&5&6&7&8&9&10&11&12&13&14&15&16&17&18&19&20&21&22&23&24&25&26&27&28);2f746d702f6f726269742d67646d3131;2f6c69622f2e737379736c6f67;692077696c6c207570646174652074686520706964;692077696c6c2071756974;2f746d702f2e73656e646d61696c;757064617465206f7665722074696d65;63726561746520736f636b6574206661696c6564;646e73206f7665722074696d65;646e73207269676874;636f6e6e6563742074696d65206f7574;636f6e6e6563742073756363657373;73656c656374206f7665722074696d65;4249475041434b;4155544f555044415445;4d4f5245444e53;6d6f6e69746572;6269677061636b6574;6e6e756d7061636b6574;6d6f72655f69705f646e735f74657374;6765745f6f6e6c696e655f6970;636f6e6e6563745f746f5f736572766572;497341747461636b;6f6e5f6c696e655f6970;2f7573722f6c69622f6763632f693338362d726564666c61672d6c696e75782f342e332e322f696e636c756465;676c6f62656c2e68;6e41747461636b54797065;6e4d6f6e694368696e61;77616e745f746f5f7075745f6e616d65;2f726f6f742f636f646531323138 rkhunter-1.4.2/files/signatures/RKH_turtle.ldb0000644000000000000000000000062412302525727020061 0ustar rootrootRKH_turtle;Target:0;(0&1&2&3&4&5&6&7&8&9&10&11);747572746c652e706964;747572746c652e66696c65;747572746c652e6b6f;61706d2e6b6f;747572746c656d6f64756c655f7379735f696e6974;5f6d6f645f6d657461646174615f6d645f747572746c65;747572746c6532;6b6c64737461745f686f6f6b;747572746c65326d6f64756c655f7379735f696e6974;5f6d6f645f6d657461646174615f6d645f747572746c6532;686964655f70726f63657373;2f6465762f747572746c6532646576 rkhunter-1.4.2/files/signatures/RKH_kbeast.ldb0000644000000000000000000000061412302525727020012 0ustar rootrootRKH_kbeast;Target:0;(0&1&2&3&4&5&6&7&8&9&10);4572726f72206f636375726564206f6e20796f75722073797374656d;50617373776f7264205b646973706c6179656420746f2073637265656e;57656c636f6d6520546f2054686520536572766572;6834783364;2f5f6834785f;62642d6970736563732d6b6265617374;62696e647368656c6c;656e74657270617373;6970736563732d6b6265617374;6834785f64656c6574655f6d6f64756c65;6834785f746370345f7365715f73686f77 rkhunter-1.4.2/files/signatures/RKH_libncom.ldb0000644000000000000000000000074712302525727020173 0ustar rootrootRKH_libncom;Target:0;(0&1&2&3&4&5&6&7&8&9&10&11);6d795f616363657074;64726f705f6475707368656c6c;64726f705f737569647368656c6c;64726f705f737569647368656c6c5f69665f656e765f69735f736574;69735f726561646469725f726573756c745f696e76697369626c65;69735f7265616464697236345f726573756c745f696e76697369626c65;6d795f6e657473746174;69735f70726f635f6e65745f746370;69735f6c645f736f5f7072656c6f6164;69735f696e76697369626c65;69735f66696c655f696e76697369626c65;7368616c6c5f737461745f72657475726e5f6572726f72 rkhunter-1.4.2/files/signatures/RKH_pamunixtrojan.ldb0000644000000000000000000000023412302525727021436 0ustar rootrootRKH_pamunix;Target:0;(0&1&2&3&4);2f7661722f72756e2f737368706964;476f6f644d4435496e6974;476f6f644d4435557064617465;476f6f644d443546696e616c;636c6f73656c6f67 rkhunter-1.4.2/files/signatures/RKH_jynx.ldb0000644000000000000000000000031312302525726017524 0ustar rootrootRKH_Jynx;Target:0;(0&1&2&3&4);203C697374656E206F6E203C696E746572666163653E20666F72207061636B657473;6D61676963207061636b6574207265636569766564;6C642E736F2E7072656C6F6164;6C645F706F69736F6e2E63;786F636869 rkhunter-1.4.2/files/backdoorports.dat0000644000000000000000000000203711467621037016537 0ustar rootrootVersion:2010111401 # # Syntax: ::protocol # # Note: The port number must be between 1 and 65535 inclusive. # Descriptions cannot contain any colon (:) characters. # The protocol must be UDP or TCP. # 1524:Possible FreeBSD (FBRK) Rootkit backdoor:TCP: 1984:Fuckit Rootkit:TCP: 2001:Scalper:UDP: 2006:CB Rootkit or w00tkit Rootkit SSH server:TCP: 2128:MRK:TCP: 6666:Possible rogue IRC bot:TCP: 6667:Possible rogue IRC bot:TCP: 6668:Possible rogue IRC bot:TCP: 6669:Possible rogue IRC bot:TCP: 7000:Possible rogue IRC bot:TCP: 13000:Possible Universal Rootkit (URK) SSH server:TCP: 14856:Optic Kit (Tux):TCP: 25000:Possible Universal Rootkit (URK) component:TCP: 29812:FreeBSD (FBRK) Rootkit default backdoor port:TCP: 31337:Historical backdoor port:TCP: 32982:Solaris Wanuk:TCP: 33369:Volc Rootkit SSH server (divine):TCP: 47107:T0rn:TCP: 47018:Possible Universal Rootkit (URK) component:TCP: 60922:zaRwT.KiT:TCP: 62883:Possible FreeBSD (FBRK) Rootkit default backdoor port:TCP: 65535:FreeBSD Rootkit (FBRK) telnet port:TCP: rkhunter-1.4.2/files/FAQ0000644000000000000000000006356112233042443013522 0ustar rootroot ROOTKIT HUNTER FREQUENTLY ASKED QUESTIONS (FAQ) =============================================== The latest version of this FAQ can be found at the RKH web site. (http://rkhunter.cvs.sourceforge.net/viewvc/*checkout*/rkhunter/rkhunter/files/FAQ) =========================================================== 1. GENERAL QUESTIONS 1.1) What is Rootkit Hunter? 1.2) What are rootkits? 1.3) Can I help with the development of this project? 1.4) I like your software! How can I thank you? 2. INSTALLATION QUESTIONS 2.1) How do I install Rootkit Hunter? 2.2) How do I create a Rootkit Hunter RPM file? 3. USAGE QUESTIONS 3.1) Rootkit Hunter tells me there is something wrong with my system. What do I do? 3.2) Rootkit Hunter tells me that I have vulnerable applications installed. But I have fully patched my server! How is this possible? 3.3) How can I automatically run Rootkit Hunter every day? 3.4) What is the meaning of the test names? 3.5) Can rkhunter handle filenames with spaces in them? 3.6) What does the following warning mean: Determining OS... Warning: this operating system is not fully supported! 3.7) I have just installed Rootkit Hunter, and I am already getting warning messages. Why is that? 3.8) When I used the '--propupd' option, Rootkit Hunter told me I had some missing hashes. What does this mean? 3.9) I run rkhunter in cron and in the emailed output I get some strange characters. Why is this? 3.10) When I used the '--propupd' option, Rootkit Hunter told me that it had found more files than it was searching for. How is this possible? 4. ERROR AND WARNING MESSAGES 4.1) What does the following warning mean: The file of stored file properties (rkhunter.dat) is empty, and should be created. To do this type in 'rkhunter --propupd'. 4.2) Rootkit Hunter skips some checks, and the logfile indicates that certain commands are missing. What can I do? 4.3) I get warnings from PHP like: PHP Warning: Function registration failed - duplicate name - pg_update in Unknown on line 0. What does this mean? 4.4) After performing some updates, all, or some, binaries in the file properties checks are marked with a 'Warning'. What can I do? 5. UPDATING QUESTIONS 5.1) Rootkit Hunter tells me that I have multiple versions installed. How it this possible? 5.2) Can I be notified when a new release will be available? 6. WHITELISTING EXAMPLES 6.1) Common whitelisting examples =========================================================== 1. GENERAL QUESTIONS ==================== 1.1) What is Rootkit Hunter? A. Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools. 1.2) What are rootkits? A. Most times they are self-hiding toolkits used by blackhats, crackers and scriptkiddies, to avoid the eye of the sysadmin. 1.3) Can I help with the development of this project? A. Yes, everyone can help in some way. For example: Help your fellow Rootkit Hunter users on the rkhunter-users mailing list; Send a copy of an undetected rootkit to us so that it can be added and help others; Translate RKH messages to your native language. Details of how to do this are in the README file. For the template see the standard language file i18n/en. Are you a package maintainer? If so, then please submit your changes to us so that everyone can benefit from them; Are you an end-user? FOSS, and hence RKH, ultimately depends upon you. Contributing is your responsibility, not someone elses. Whatever you contribute is very much welcomed. For example, contribute or discuss enhancing Rootkit Hunter with us; submit a patch or discuss enhancements; file a bug report; or test the application by using it on your servers. 1.4) I like your software! How can I thank you? A. Simple - by contributing. See question 1.3 above. =========================================================== 2. INSTALLATION QUESTIONS ========================= 2.1) How do I install Rootkit Hunter? A. Instructions on installing RKH can be found in the README file. 2.2) How do I create a Rootkit Hunter RPM file? A. The RKH source contains an rkhunter.spec file which will allow an RPM to be built. To build the RPM run the following command: rpmbuild -ta rkhunter-.tar.gz The last part of the displayed build process should indicate where the RPM file has been written. However, it will usually be found in '/usr/src/redhat/RPMS/noarch'. NOTE: The RKH development team do not support any third-party RPM files. However, the rkhunter.spec file will be maintained. =========================================================== 3. USAGE QUESTIONS ================== 3.1) Rootkit Hunter tells me there is something wrong with my system. What do I do? A. Prior to any incident it is recommended that you have read "Intruder Detection Checklist". This is available from http://web.archive.org/web/20080109214340/http://www.cert.org/tech_tips/intruder_detection_checklist.html This document will tell you what to check, and makes it easier for you to find out and answer any questions. If you are unsure as to whether your system is compromised, you can get a second opinion from sources such as the rkhunter-users mailing list, the Linux-oriented forum LinuxQuestions.org, or even IRC. Please note you need to subscribe before posting to the rkhunter-users mailing list. If a file property check fails, then it is possible you have what is called a 'false positive'. Sometimes this will happen due to package updates, customised configurations or changed binaries. If so, then please check further: 1. If you run a file integrity checker, for example Aide, Samhain, or Tripwire, consult the results from running those tools. Note they must be installed directly after the O/S installation in order to be useful, and you must keep a copy of the binary, configuration files and databases off-site. Also note that running those tools, and Rootkit Hunter, is no substitute for updating software when updates are released, and proper host and network hardening. 2. If you don't run a file integrity checker you can possibly use your distributions package management system if it is configured to deal with verification. 3. Run 'strings ' and check the results for untrusted file paths (for example, /dev/.hiddendir). 4. Check recently updated binaries and their original source. 5. Run 'file ' and compare the results with other files, especially trusted binaries. If some binaries are statically linked and others are all dynamic, then they could have been trojaned. If you have a warning from another part of the checks, then please subscribe first and then email the rkhunter-users mailing list and tell us about your system configuration: The purpose of the server (for example: web server, intranet fileserver, shell server); The (approximate) date of the incident and when you found out; The running distribution name, release and kernel version; Whether any passwd or shadow file data has changed; Any anomalies you find from reading the system, daemon, IDS and firewall logs; If all the installed software was recently updated; What services are or were running at the time; If you found setuid root files in directories for temporary files; Any anomalies you find from reading user shell histories. If your system is infected with a rootkit, cleaning it up is not an option. Restoring is also not an option unless you are skilled, and have autonomous and an independent means of verifying that the backup is clean, and does not contain misconfigured or stale software. Never trust a compromised machine. Period. Read "Steps for Recovering from a UNIX or NT System Compromise". This is available from http://www.cert.org/tech_tips/win-UNIX-system_compromise.html A clean install of the system is recommended after backing up the full system. To do this follow these steps: 1. Stay calm. Be methodical. 2. From another machine inform users, and the network, facility or host owner, that the machine is compromised. 3. Get the host offline or make sure the firewall is raised to only allow network traffic to and from your management IP address or range. 4. Backup your data. If you do not intend to investigate the problem, then do not backup any binaries or binary data which you cannot verify. 5. Verify the integrity of your backup by visual inspection (authentication data, configurations, log files), or by using a file integrity checker or your distributions package management tools. 6. Install your host with a fresh install. Whilst you are updating and configuring the software and services, restrict network access to the system using authentication features like accounts, PAM, firewall, TCP wrappers, and daemon configurations. Make sure you properly harden the machine. 7. Investigate the old log files, and the tools used if possible. Also investigate the services which were vulnerable at the time of attack. 3.2) Rootkit Hunter tells me that I have an out-of-date or unsecure application installed. But I have fully patched my server! How is this possible? A. Some distributions, for example Red Hat and OpenBSD, do patch old versions of software. However, Rootkit Hunter thinks it is an old version, and so sees it as being unsecure. It is possible to whitelist specific applications, or specific versions of an application. The configuration file contains more details about this. If you wish you can skip the application version check completely by adding the 'apps' test name to the DISABLE_TESTS option in your rkhunter configuration file. 3.3) How can I automatically run Rootkit Hunter every day? A. There are several ways that rkhunter can be run via cron. However, it must be remembered that cron will automatically email any output produced by the program to the root user. Secondly, when the rkhunter '--cronjob' option is used, the program will generally not produce any output. It is, therefore, necessary to tell rkhunter what output should be shown. Typically this will just be any warning messages, and this can be achieved by using the '--rwo' (report warnings only) option. For the first example, the rkhunter command could be added directly to the root crontab: 30 5 * * * /usr/local/bin/rkhunter --cronjob --update --rwo This would run rkhunter at 5:30 (AM) every day. If no output is produced by rkhunter, then nothing is emailed to root. Any output this is produced, which would only be warning messages, is automatically emailed to root by the cron process. Note that the '--update' option has been included. Rkhunter will first perform any updates required to its data files, and then perform the system checks. This option can be omitted, but it is suggested that the option is used regularly to ensure that the rkhunter data files are kept up todate. If it is wished that all the normal output of rkhunter, as seen when running rkhunter from the command-line, is emailed to root, then this is possible. The '--rwo' option should be removed, and the '--cronjob' option replaced by '--sk --nocolors --check'. The next example is of a cronjob script. For Linux systems this script could be put in to the /etc/cron.daily directory, so that it will be automatically run every day. The script might look like this: #!/bin/sh ( /usr/local/bin/rkhunter --cronjob --update --rwo && echo "" ) \ | /bin/mail -s "Rkhunter daily run on `uname -n`" root exit 0 Because we are piping any output through to the mail command, it is required to use 'echo ""' when there are no warnings. Without this, the mail command would issue its own warning about there being no message body. If it is wished to include the date in the output, then something like this could be used instead: #!/bin/sh ( date; /usr/local/bin/rkhunter --cronjob --update --rwo ) \ | /bin/mail -s "Rkhunter daily run on `uname -n`" root exit 0 Finally, it is possible to run rkhunter in quiet-mode, whereby no output will be produced at all. However, if the return code indicates that warnings were found, then we get cron to mail the root user. For example: 30 5 * * * /usr/local/bin/rkhunter --cronjob --update --quiet \ || echo "Rkhunter daily run on `uname -n` has produced warning messages" An alternative to the above example would be to use: 30 5 * * * /usr/local/bin/rkhunter --cronjob --update --quiet and then simply set the MAIL-ON-WARNING option in the configuration file with the root email address. This way, rkhunter produces no output, and so nothing is emailed to root by cron. However, if any warnings are found during the system check, then a notice message is emailed to root by rkhunter itself. Note: The '--quiet' option in the above two examples is not actually necessary, but was included for clarity. The '--cronjob' option assumes the '--quiet' option, and so, as mentioned above, when rkhunter is run with the '--cronjob' option no output is generally produced. 3.4) What is the meaning of the test names? A. See the README file for information about the test names. 3.5) Can rkhunter handle filenames with spaces in them? A. Generally yes. Some tests still may not like filenames with the colon (:) character in them though. 3.6) What does the following warning mean: Determining OS... Warning: this operating system is not fully supported! A. This is a message from older versions of rkhunter. Upgrade to a newer version. 3.7) I have just installed Rootkit Hunter, and I am already getting warning messages. Why is that? A. The first run of rkhunter after an installation will usually give some warning messages. One of the checks is whether the file of file properties (called 'rkhunter.dat') exists. This file won't exist until rkhunter is run with the '--propupd' option. There is also a check to see if any commands have been replaced by a script. To avoid these warning messages you can whitelist the commands in your configuration file. Similarly if there are warnings about hidden files or directories, then these can be whitelisted. Look in the configuration file and you will find examples of these. Once these changes have been made, then re-run rkhunter and no warnings should appear. Obviously warning messages from other checks indicate that something else is wrong, and so should be investigated. NOTE: When using the '--propupd' option it is the users responsibility to ensure that the files on their system are genuine. Rootkit Hunter can only inform the user of a change to the files, not whether they are the original files or not. Although Rootkit Hunter can use a package manager for some systems, it must be remembered that the package manager itself uses files stored on the system. Those files may have been tampered with. The logfile will contain further information about each warning message. Once the reason for the warning has been found, and you believe that rkhunter has given a false-positive result, then looking in the configuration file may show you that the relevant item can be whitelisted. Also see WHITELISTING EXAMPLES below. 3.8) When I used the '--propupd' option, Rootkit Hunter told me I had some missing hashes. What does this mean? A. Your system probably uses prelinking (the log file will say if it does or not). Sometimes a file may be updated but not be prelinked. When this happens RKH cannot determine the files hash value. If you run the command 'prelink --verify --sha ' on the file, it will probably give an error about the files dependencies having changed. This is what RKH sees, and flags it as a missing hash. If you are sure that the file is genuine, then you can try using 'prelink ' to correct it. The 'prelink' command above should then work. Re-run RKH with the '--propupd' option to ensure that all the hash values are recorded. 3.9) I run rkhunter in cron and in the emailed output I get some strange characters. Why is this? A. The problem only occurs when the '--update' or '--versioncheck' options are used, and does not occur when rkhunter is run from the command-line. It also does not occur if the '--cronjob' or '--quiet' options are used in cron. The emailed output probably looks something like this: [1;33mChecking rkhunter data files...[0;39m Checking file mirrors.dat[34C[ [1;32mNo update[0;39m ] The 'strange' characters are ANSI color codes and escape sequences, and this is why the problem does not occur if rkhunter is run from the command-line. The terminal correctly interprets the codes, but cron cannot do this. The solution is to use the '--nocolors' option in your cron job. The '--cronjob' option assumes '--nocolors', which is why the problem does not occur when '--cronjob' is used. 3.10) When I used the '--propupd' option, Rootkit Hunter told me that it had found more files than it was searching for. How is this possible? A. The output from rkhunter probably shows something like this: File updated: searched for 149 files, found 171 When rkhunter collects file property information about files (commands), it uses generic file names - for example, 'awk' and 'sed'. As such, if these files exist in more than one directory that is being searched, then it will have found two files but only have been looking for one. Secondly, some files are symbolic (soft) links to another file. In this instance rkhunter will record both the link itself, and the file that it points to. So, again, two files have been found. It is, therefore, quite possible on some systems for rkhunter to find more files than it says it is looking for. It simply indicates that rkhunter has found some files more than once. =========================================================== 4. ERROR AND WARNING MESSAGES ============================= 4.1) What does the following warning mean: The file of stored file properties (rkhunter.dat) is empty, and should be created. To do this type in 'rkhunter --propupd'. A. For rkhunter to perform file property checks, it must first have a database file ('rkhunter.dat') containing the property values for each file. It can then compare each files current values against those stored in the database. Any difference indicates that the file has changed. To create and/or update the database file use the '--propupd' option. NOTE: An additional warning will be displayed stating that it is the users responsibility to ensure that the files are valid before using the '--propupd' option. That is, the user must be sure that the files have not been compromised. 4.2) Rootkit Hunter skips some checks, and the logfile indicates that certain commands are missing. What can I do? A. You have a choice: 1) Install the relevant command. You may be able to do this simply by running a package updater for your system (for example, 'yum' or 'apt-get'). 2) You may be able to disable the check by adding its test name to your configuration file. (See the README file for more information about the test names.) 3) If you are sure that the relevant command is present on your system, then rkhunter is having a problem locating it. Check the logfile for the 'command directories' it is using. If the directory containing the command isn't listed, then you can set the command directories to use by using the '--bindir' command-line option, or the BINDIR option in the configuration file. 4.3) I get warnings from PHP like: PHP Warning: Function registration failed - duplicate name - pg_update in Unknown on line 0. What does this mean? A. This may occur during the 'apps' test. It is usually because you have updated the Apache version of PHP, but forgot to update or recompile the CLI (console version) of PHP. So update or recompile it, and then try again. 4.4) After performing some updates, all, or some, binaries in the file properties checks are marked with a 'Warning'. What can I do? A. The first thing would be to verify that the update is the cause of the warnings. Checking the system log files should indicate what has been updated. It is most likely that the stored rkhunter file property values need to be recalculated. To do this use the RKH '--propupd' option. However, the output of the RKH file properties check should only be seen as an indication that the file has changed. Updating the stored property values should be done only after proper verification of the files using a file integrity checker or your distributions package management tools. Alternatively, you can use the '--pkgmgr' command-line option, or the PKGMGR option in the configuration file, to tell RKH to obtain its file properties information from the package manager database. See the README file for more information about the package manager options. NOTES ===== 1) If the logfile indicates that a files' hash value has changed from some value to 'No hash value found', and your system uses prelinking, then the file probably needs to be specifically prelinked. This can usually be done by running the 'prelink' command on the relevant file. Running RKH with the '--propupd' option afterwards will indicate if there are still any hash values missing. Check the logfile and repeat the above process of prelinking the files. RKH will try and determine if your system is using prelinking or not. The logfile will contain the result of the check. 2) If your system uses Libsafe and prelinking, then errors can occur. Disable preloading Libsafe in /etc/ld.so.preload. Prelink again, and then run 'rkhunter --propupd'. =========================================================== 5. UPDATING QUESTIONS ===================== 5.1) Rootkit Hunter tells me that I have multiple versions installed. How it this possible? A. Usually you install a tool and upgrade it later. Sometimes if you use a 'non-official' updater or package manager (for example, from an external party, or build from source using an installer like RPM/DEB/TGZ/TXZ), the binaries may be installed into a different location from the original. So there are then two binaries with the same name, but in different locations. You will have to check which are the old binaries, and remove them. 5.2) Can I be notified when a new release will be available? A. Yes, you can join the rkhunter-announce mailing list. This is a low volume list. Details can be found on the RKH web site. Additionally, the '--versioncheck' option of rkhunter itself will indicate if a new version is available. =========================================================== 6. WHITELISTING EXAMPLES ======================== 6.1) After Rootkit Hunter has run you may encounter items in the log file you would like to whitelist. First verify that the entries are safe to add. The results of running these commands can be added to your 'rkhunter.conf.local' configuration file. Please adjust the commands, and the location of your 'rkhunter.log' log file, and verify the results before adding them. Do not automate adding whitelist entries to your configuration file. Allow script replacements ("properties" test): awk -F"'" '/replaced by a script/ {print "SCRIPTWHITELIST="$2}' rkhunter.log Allow processes using deleted files ("deleted_files" test): awk '/Process: / {print "ALLOWPROCDELFILE="$3}' rkhunter.log | sort -u Allow Xinetd services: awk '/Found enabled xinetd service/ {print $NF}' rkhunter.log |\ xargs -iX grep -e "server[[:blank:]]" 'X' | awk '{print "XINETD_ALLOWED_SVC="$NF}' Allow packet capturing applications ("packet_cap_apps" test): awk -F"'" '/is listening on the network/ {print "ALLOWPROCLISTEN="$2}' rkhunter.log Allow "suspicious" files ("filesystem" test): grep '^\[..:..:..\][[:blank:]]\{6\}.*/dev/shm/.*:' rkhunter.log |\ awk '{print "ALLOWDEVFILE="$2}' | sed -e "s|:$||g" Allow hidden directories ("filesystem" test): awk '/Warning: Hidden directory/ {print "ALLOWHIDDENDIR="$6}' rkhunter.log Allow hidden files ("filesystem" test): awk '/Warning: Hidden file/ {print "ALLOWHIDDENFILE="$6}' rkhunter.log |\ sed -e "s|:$||g" =========================================================== rkhunter-1.4.2/files/mirrors.dat0000644000000000000000000000014110633345176015353 0ustar rootrootVersion:2007060601 mirror=http://rkhunter.sourceforge.net mirror=http://rkhunter.sourceforge.net rkhunter-1.4.2/files/rkhunter.spec0000644000000000000000000001372711773664167015732 0ustar rootroot# No debuginfo: %define debug_package %{nil} # If you want to debug, uncomment the next line and remove # the duplicate percent sign (due to macro expansion) #%%dump %define name rkhunter %define ver 1.4.1 %define rel 1 %define epoch 0 # Don't change this define or also: # 1. installer.sh --layout custom /temporary/dir/usr --striproot /temporary/dir --install # 2. rewrite the files section below. %define _prefix /usr/local # We can't let RPM do the dependencies automatically because it will then pick up # a correct, but undesirable, perl dependency, which rkhunter does not require in # order to function properly. AutoReqProv: no Name: %{name} Summary: %{name} scans for rootkits, backdoors and local exploits Version: %{ver} Release: %{rel} Epoch: %{epoch} License: GPL Group: Applications/System Source0: %{name}-%{version}.tar.gz BuildArch: noarch Requires: filesystem, bash, grep, findutils, net-tools, coreutils, e2fsprogs, modutils, procps, binutils, wget, perl Provides: %{name} URL: http://rkhunter.sourceforge.net/ BuildRoot: %{_tmppath}/%{name}-%{version} %description Rootkit Hunter is a scanning tool to ensure you are about 99.9%% clean of nasty tools. It scans for rootkits, backdoors and local exploits by running tests like: - File hash check - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected strings in LKM and KLD modules - Look for hidden files - Optional scan within plaintext and binary files - Software version checks - Application tests Rootkit Hunter is released as a GPL licensed project and free for everyone to use. %prep %setup -q %build %install MANPATH="" export MANPATH sh ./installer.sh --layout RPM --install # Make a cron.daily file to mail us the reports %{__mkdir} -p "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily" %{__cat} > "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily/rkhunter" </dev/null 2>&1 || : %{__cp} -p /etc/group /var/lib/rkhunter/tmp >/dev/null 2>&1 || : fi %preun # Only do this when removing the RPM if [ $1 -eq 0 ]; then %{__rm} -f /var/log/rkhunter.log /var/log/rkhunter.log.old >/dev/null 2>&1 %{__rm} -rf /var/lib/rkhunter/* >/dev/null 2>&1 fi %clean if [ "$RPM_BUILD_ROOT" = "/" ]; then echo Invalid Build root \'"$RPM_BUILD_ROOT"\' exit 1 else rm -rf $RPM_BUILD_ROOT fi %define docdir %{_prefix}/share/doc/%{name}-%{version} %files %defattr(-,root,root) %attr(640,root,root) %config(noreplace) %{_sysconfdir}/%{name}.conf %attr(750,root,root) %{_prefix}/bin/%{name} %attr(750,root,root) %dir %{_libdir}/%{name} %attr(750,root,root) %dir %{_libdir}/%{name}/scripts %attr(750,root,root) %{_libdir}/%{name}/scripts/*.pl %attr(750,root,root) %{_libdir}/%{name}/scripts/*.sh %attr(644,root,root) %doc %{_prefix}/share/man/man8/%{name}.8 %attr(755,root,root) %dir %{docdir} %attr(644,root,root) %doc %{docdir}/* %attr(750,root,root) %dir %{_var}/lib/%{name} %attr(750,root,root) %dir %{_var}/lib/%{name}/db %attr(640,root,root) %verify(not md5 size mtime) %{_var}/lib/%{name}/db/*.dat %attr(750,root,root) %dir %{_var}/lib/%{name}/db/i18n %attr(640,root,root) %verify(not md5 size mtime) %{_var}/lib/%{name}/db/i18n/* %attr(750,root,root) %dir %{_var}/lib/%{name}/tmp %{_sysconfdir}/cron.daily/rkhunter %changelog * Tue May 01 2012 unSpawn - 1.4.0 - Spec sync, see CHANGELOG. * Tue Nov 16 2010 unSpawn - 1.3.7 - Spec sync. * Sun Nov 29 2009 unSpawn - 1.3.6 - For changes please see the CHANGELOG. * Fri Nov 27 2009 jhorne - 1.3.6 - Spec sync. * Sat Jul 18 2009 jhorne - 1.3.5 - Do not verify the checksum, size or mtime of the database files or the i18n files. * Wed Dec 10 2008 unSpawn - 1.3.4 - Spec sync. * Sun Aug 09 2008 jhorne - 1.3.3 - Renamed cron.daily file from '01-rkhunter' to 'rkhunter' so that it will run after a prelink cron job (if it exists). * Sun Feb 11 2007 unSpawn - pre-1.3.0 - Sync spec with fixes, installer and CVS * Sun Nov 12 2006 unSpawn - 1.2.9 - Re-spec, new installer * Fri Sep 29 2006 unSpawn - 1.2.9 - Updated for release 1.2.9 * Tue Aug 10 2004 Michael Boelen - 1.1.5 - Added update script - Extended description * Sun Aug 08 2004 Greg Houlette - 1.1.5 - Changed the install procedure eliminating the specification of destination filenames (only needed if you are renaming during install) - Changed the permissions for documentation files (root only overkill) - Added the installation of the rkhunter Man Page - Added the installation of the programs_{bad, good}.dat database files - Added the installation of the LICENSE documentation file - Added the chmod for root only to the /var/rkhunter/db directory * Sun May 23 2004 Craig Orsinger (cjo) - version 1.1.0-1.cjo - changed installation in accordance with new rootkit installation procedure - changed installation root to conform to LSB. Use standard macros. - added recursive remove of old build root as prep for install phase * Wed Apr 28 2004 Doncho N. Gunchev - 1.0.9-0.mr700 - dropped Requires: perl - rkhunter works without it - dropped the bash alignpatch (check the source or contact me) - various file mode fixes (.../tmp/, *.db) - optimized the %%files section - any new files in the current dirs will be fine - just %%{__install} them. * Mon Apr 26 2004 Michael Boelen - 1.0.8-0 - Fixed missing md5blacklist.dat * Mon Apr 19 2004 Doncho N. Gunchev - 1.0.6-1.mr700 - added missing /usr/local/rkhunter/db/md5blacklist.dat - patched to align results in --cronjob, I think rpm based distros have symlink /bin/sh -> /bin/bash - added --with/--without alignpatch for conditional builds (in case previous patch breaks something) * Sat Apr 03 2004 Michael Boelen / Joe Klemmer - 1.0.6-0 - Update to 1.0.6 * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0 - initial .spec file rkhunter-1.4.2/files/contrib/0000755000000000000000000000000012310145053014612 5ustar rootrootrkhunter-1.4.2/files/contrib/rkhunter_remote_howto.txt0000644000000000000000000000656510533054053022030 0ustar rootrootRUNNING ROOTKIT HUNTER FROM A CENTRAL SERVER ============================================ An example for running Rootkit Hunter using Webjob. Rootkit Hunter (RKH) currently does not have the capability to be run in a client-server way. We can remedy that by running RKH as a webjob command. Webjob allows you to run a command or a set of commands on a client by fetching the command from a remote server and returning the output to the server. While this setup is not exhaustively tested the steps should provide enough information to get you going. PREREQUISITES ============= - A webserver with CGI capabilities and Perl - A client with the requirements for running Webjob and RKH SETUP ===== 1. Set up Webjob and PAD by following the instructions included in the Webjob tarball. 2. Install "webjob" binary client-side and verify server-client operation works as expected with a client config (~/.webjob.cfg): ClientId=client_1 URLGetURL=http://your.server.net/cgi-client/nph-webjob.cgi URLPutURL=http://your.server.net/cgi-client/nph-webjob.cgi URLUsername=client_1 URLPassword= URLAuthType=basic RunType=snapshot TempDirectory=/dev/shm OverwriteExecutable=Y UnlinkOutput=N UnlinkExecutable=N - Download and unpack RKH and create a local installation: sh installer.sh --install --layout . - Set executable mode on the main rkhunter script, then rename the "files" directory, make the tarball, then pad: chmod 0755 files/rkhunter mv files rkhunter tar -czf rkhunter.tgz rkhunter pad-make-script --create rkhunter.tgz > rkhunter.tgz.pad - Now remove rkhunter/ and ../rkhunter-1.2.9/ and move rkhunter.tgz.pad to $WEBJOB_DIR/profiles/client_1/commands/. - Add a Sudo entry to allow an unprivileged user to run RKH from webjob as root account user. Note this is one line: Cmnd_Alias WEBJOB_RKH=/dev/shm/rkhunter/rkhunter --configfile /dev/shm/rkhunter/rkhunter.conf -c -sk --cronjob - Add the alias as a NOPASSWD entry to the unprivileged user account. - As unprivileged user run (note this is one line): rm -rf /dev/shm/rkhunter /usr/local/webjob/bin/webjob --execute --file ~/.webjob.cfg rkhunter.tgz.pad tar -C /dev/shm -zxf %payload \&\& cd /dev/shm/rkhunter \&\& sudo /dev/shm/rkhunter/rkhunter --configfile /dev/shm/rkhunter/rkhunter.conf -c -sk --cronjob - Inspect output on your.server.net in the $WEBJOB_DIR/incoming/ directory. It is named client_1_DATE-SPEC_JOB-SPEC_rkhunter.tgz.pad.out. CAUTION ======= Note this example does not cover running webjob and RKH on a compromised host. For RKH to produce less questionable results in such a situation you would minimally need to check the integrity of the download-capable binary before executing your secure download, be aware of the consequences of disturbing a "live" filesystem and memory contents, and download all requirements for unpacking and running RKH or access those from read-only media. GETTING HELP ============ - In the steps above we have taken the examples and variable names from the Webjob README. Inspect the Webjob README for answers about the examples and variable names. - Webjob-related questions about configuring, installing, running the server-side and client-side part should be directed to http://sourceforge.net/projects/webjob. - Sudo-related problems should be remedied by reading the man page. Please do not use the RKH mailing list for questions about webjob or sudo. rkhunter-1.4.2/files/contrib/run_rkhunter.sh0000644000000000000000000000530010510437531017677 0ustar rootroot#!/bin/sh # # run_rkhunter -- check the system integrity using rkhunter # Author: Dr. Andy Spiegl, KasCada Telekommunikation (www.kascada.com) # This software is GPL and free to use. # ############################################ # Have cron call this script, eg. like this: # /etc/cron.d/run_rkhunter ############################################ # # Fallthrough in case of errors in this cronfile # MAILTO=your_address@yourdomain.com # # SKRIPT=/usr/local/sbin/kas/run_rkhunter # PATH=/sbin:/bin:/usr/sbin:/usr/bin # # 15 4 * * * root test -x $SKRIPT && $SKRIPT 2>&1 ############################################ ############################################ # History: # # v0.1 2005-02-14: first Version, split from run_chkrootkit # v0.2 2005-02-15: translated into English # v0.3 2005-02-20: changed some private information # ############################################ # where to send the output of rkhunter MAILADDRESSES=rkhunter_errors@yourdomain.com # use aktelog instead: #AKTELOG=/usr/local/sbin/aktelog #AKTELOG_LABEL="rkhunter" # appending logfile (rotate it!) LOGFILE=/var/log/mylogdir/rkhunter.log # rkhunters own logfile (only contains info from last run) RKLOGFILE=/var/log/rkhunter.log RKHUNTER=/usr/local/rkhunter/bin/rkhunter RKHUNTER_OPTS="-c --cronjob --report-warnings-only --skip-application-check --createlogfile --tmpdir /usr/local/rkhunter/lib/rkhunter/tmp" # try to get a secure tempfile if [ -x /bin/tempfile ]; then TMPLOGFILE1=`/bin/tempfile -p rkhu.` TMPLOGFILE2=`/bin/tempfile -p rkhu.` else TMPLOGFILE1=/var/tmp/rkhunter.tmp1.$$ TMPLOGFILE2=/var/tmp/rkhunter.tmp2.$$ # avoid symlink attacks rm -fr $TMPLOGFILE1 $TMPLOGFILE2 touch $TMPLOGFILE1 $TMPLOGFILE2 fi # first update the rkhunter hashes echo "=======Updating=================================" >> $LOGFILE /bin/date >> $LOGFILE $RKHUNTER --update 2>&1 >> $TMPLOGFILE1 if egrep -q "(Error|outdated)" $TMPLOGFILE1 ; then echo . >> $TMPLOGFILE1 echo "WARNING: rkhunter couldn't update its hashes which will" >> $TMPLOGFILE1 echo "most likely lead to errors now." >> $TMPLOGFILE1 fi cat $TMPLOGFILE1 >> $LOGFILE # now start checking the server echo "=======Checking=================================" >> $LOGFILE /bin/date >> $LOGFILE $RKHUNTER $RKHUNTER_OPTS >> $TMPLOGFILE2 /bin/cat $RKLOGFILE >> $LOGFILE echo done. >> $LOGFILE if [ -s $TMPLOGFILE2 ]; then ( echo __Start__: Output of rkhunter at `/bin/date`; echo "=======Updating================================="; /bin/cat $TMPLOGFILE1 ; echo "=======Checking================================="; /bin/cat $TMPLOGFILE2 ; echo __End__ of rkhunter output ) | mail -s "rkhunter output" $MAILADDRESSES # ) | $AKTELOG $AKTELOG_LABEL fi rm -f $TMPLOGFILE1 $TMPLOGFILE2 rkhunter-1.4.2/files/contrib/README.txt0000644000000000000000000000104310533052371016313 0ustar rootroot##################################################################################################### # # Contrib # # NOTE: submitted conbtributions may have their own license. # Please check the source of each file to see how you can use this software. # ##################################################################################################### [name] [description] run_rkhunter script: start rkhunter rkhunter_remote_howto.txt howto: run Rootkit Hunter from a central server. rkhunter-1.4.2/files/rkhunter0000755000000000000000000202477212310144637014767 0ustar rootroot#!/bin/sh # # rkhunter -- Scan the system for rootkits and other known security issues. # # Copyright (c) 2003-2014, Michael Boelen ( michael AT rootkit DOT nl ) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. # # # Unfortunately we must do some O/S checks at the very beginning, # otherwise SunOS will complain about some of the ksh/bash syntax. # By default the SunOS root account uses a simple Bourne shell, # which does not work with RKH. So we exec to use the Bash shell # if it is present, or the Korn shell which is usually installed # by default on Solaris systems. # BSDOS=0 SUNOS=0 OPERATING_SYSTEM=`uname 2>/dev/null` case "${OPERATING_SYSTEM}" in *BSD|DragonFly) BSDOS=1 ;; SunOS) SUNOS=1 ;; esac if [ $SUNOS -eq 1 ]; then # Simple SunOS test of RANDOM to see if we are now running bash or ksh. if [ -z "$RANDOM" ]; then # If the 'which' output contains a space, then it is probably an error. if [ -n "`which bash 2>/dev/null | grep -v ' '`" ]; then exec bash $0 $* elif [ -n "`which ksh 2>/dev/null | grep -v ' '`" ]; then exec ksh $0 $* else echo "Unable to find the bash or ksh shell to run rkhunter." exit 1 fi exit 0 fi fi # # Check to see if we are using the '--debug' option. If so, then # we exec to log everything to the debug file. # if [ -n "`echo \"$*\" | grep '\-\-debug'`" ]; then RKHDEBUGBASE="/tmp/rkhunter-debug" # # Ensure we create a random file name. # if [ -n "`which mktemp 2>/dev/null | grep -v ' '`" ]; then RKHDEBUGFILE=`mktemp ${RKHDEBUGBASE}.XXXXXXXXXX` elif [ -n "$RANDOM" ]; then RKHDEBUGFILE="${RKHDEBUGBASE}.$RANDOM" elif [ -n "`date +%N%s 2>/dev/null | grep '^[0-9][0-9]*$'`" ]; then RKHDEBUGFILE="${RKHDEBUGBASE}.`date +%N%s%N`" else RKHDEBUGFILE="${RKHDEBUGBASE}.`date +%Y%m%d%H%M%S`" fi if [ -e "${RKHDEBUGFILE}" ]; then if [ -f "${RKHDEBUGFILE}" -a ! -h "${RKHDEBUGFILE}" ]; then rm -f "${RKHDEBUGFILE}" >/dev/null 2>&1 else echo "Cannot use '--debug' option. \"${RKHDEBUGFILE}\" already exists, but it is not a file." exit 1 fi fi DEBUG_OPT=1 exec 1>"${RKHDEBUGFILE}" 2>&1 chmod 600 "${RKHDEBUGFILE}" >/dev/null 2>&1 set -x else DEBUG_OPT=0 fi # # Now we must determine if we are using the Korn shell or not. If so, # then we alias the 'echo' command and set ECHOOPT. For other shells, # we try and determine the real shell being used, and test to see if # the 'echo -e' command is valid or not. We set ECHOOPT accordingly. # # # Unfortunately *BSD doesn't seem to allow capturing of unknown commands. # So we must alias 'print' to something valid, but which will fail. # test $BSDOS -eq 1 && alias print=false if [ "`print "rkh-ksh-string-test" 2>/dev/null`" = "rkh-ksh-string-test" ]; then alias echo='print' ECHOOPT="--" MYSHELL=ksh elif [ $SUNOS -eq 1 ]; then # For Solaris, if we are not running ksh, then it must be bash. MYSHELL=bash ECHOOPT="-e" else # # We want to get the actual shell used by this program, and # so we need to test /bin/sh. # MYSHELL=/bin/sh test -h ${MYSHELL} && MYSHELL=`readlink ${MYSHELL} 2>/dev/null` MYSHELL=`basename ${MYSHELL} 2>/dev/null` # Assume 'bash' if we have problems finding the real shell. test -z "${MYSHELL}" && MYSHELL=bash # # Now test the 'echo -e' command. # if [ "`echo -e \"rkh-ksh\tstring-test\" 2>/dev/null`" = "rkh-ksh string-test" ]; then ECHOOPT="-e" else ECHOOPT="" fi fi # # We now perform a similar test to see if 'echo -n', or "\c", is valid # or not. Unfortunately on some systems both '-e' and '-n' are valid, # but not together. The "\c" option works in these cases. So we set # ECHON accordingly. # if [ "`echo -n -e \"rkh-ksh-string-test\" 2>/dev/null`" = "rkh-ksh-string-test" ]; then ECHON="-n" elif [ "`echo -e \"rkh-ksh-string-test\c\" 2>/dev/null`" = "rkh-ksh-string-test" ]; then ECHON="c" elif [ "`echo \"rkh-ksh-string-test\c\" 2>/dev/null`" = "rkh-ksh-string-test" ]; then ECHON="c" else ECHON="" fi # # Finally, we need to test the 'head' and 'tail' commands # to see if they understand the '-n' option or not. # if head -n 1 /dev/null 2>&1; then HEAD_OPT="-n " else HEAD_OPT="-" fi if tail -n 1 /dev/null 2>&1; then TAIL_OPT="-n " else TAIL_OPT="-" fi ###################################################################### # # Global function definitions # ###################################################################### display() { # # This function is used to display text messages on to the # users screen, as well as in to the log file. The same # message is written to both. However, the screen may have # a coloured result (green for good, red for bad, etc), and # the log file will have the time prefixed to the message and, # optionally, additional information messages after the main # message. All the messages are indexed in the language file. # # Syntax: display --to --type # [--screen-indent ] [--log-indent ] # [--nl []] [--nl-after] [--log-nl] [--screen-nl] [--nonl] # [--result --color ] # [optional message arguments] # # where the destination can be one of SCREEN, LOG or SCREEN+LOG. # The type can be one of PLAIN, INFO or WARNING. # The language file will have all the current values. # # The --screen-indent and --log-indent options are used to # forcibly indent a message. # The --nl option causes a blank-line to be output before the # message both on the screen and in the log file. A following # number can be used to indicate how many blank lines should # be displayed on the screen. # The --log-nl option outputs a blank line only in the log file. # The --screen-nl option outputs a blank line on the screen # regardless of whether SCREEN was specified or not. # The --nl-after option outputs a blank line on the screen after # the message. # The --nonl option is only to be used in special cases where we # want the output of more than one message to appear on the same # line. This is currently only used when trying to obtain the # lock file. It only applies to PLAIN messages, and may not be # supported on all systems (depending on whether 'echo -n' works # or not). # # # We first initialize some variables and then # process the switches used. # WARN_MSG=0; NL=0; NLAFTER=0; LOGINDENT=0; SCREENINDENT=0 LOGNL=0; SCREENNL=0 WRITETO=''; TYPE=''; RESULT=''; COLOR=''; MSG='' LINE1=''; LOGLINE1=''; SPACES=''; NONL='' DISPLAY_LINE="display $*" if [ $# -le 0 ]; then echo "Error: Invalid display call - no arguments given" return fi while [ $# -ge 1 ]; do case "$1" in --to) case "$2" in SCREEN|LOG|SCREEN+LOG) WRITETO=$2 ;; *) echo "Error: Invalid display destination: $2 Display line: ${DISPLAY_LINE}" return ;; esac shift ;; --type) TYPE=`eval echo "\\$MSG_TYPE_$2"` if [ -z "${TYPE}" -a "$2" != "PLAIN" ]; then if [ $RKHLANGUPDT -eq 0 ]; then echo "Error: Invalid display type: $2 Display line: ${DISPLAY_LINE}" return fi fi test "$2" = "WARNING" && WARN_MSG=1 shift ;; --result) RESULT=`eval echo "\\$MSG_RESULT_$2"` if [ -z "${RESULT}" ]; then if [ $RKHLANGUPDT -eq 0 ]; then echo "Error: Invalid display result: $2 Display line: ${DISPLAY_LINE}" return fi fi shift ;; --color) if [ $COLORS -eq 1 ]; then test -n "$2" && COLOR=`eval "echo \\${$2}"` if [ -z "${COLOR}" ]; then echo "Error: Invalid display color: $2 Display line: ${DISPLAY_LINE}" return fi fi shift ;; --log-indent) LOGINDENT=$2 if [ -z "${LOGINDENT}" ]; then echo "Error: No --log-indent value given. Display line: ${DISPLAY_LINE}" return elif [ -z "`echo ${LOGINDENT} | grep '^[0-9]*$'`" ]; then echo "Error: Invalid '--log-indent' value given: $2 Display line: ${DISPLAY_LINE}" return fi shift ;; --screen-indent) SCREENINDENT=$2 if [ -z "${SCREENINDENT}" ]; then echo "Error: No --screen-indent value given. Display line: ${DISPLAY_LINE}" return elif [ -z "`echo ${SCREENINDENT} | grep '^[0-9]*$'`" ]; then echo "Error: Invalid '--screen-indent' value given: $2 Display line: ${DISPLAY_LINE}" return fi shift ;; --nl) NL=1 case "$2" in [0-9]) NL=$2 shift ;; esac ;; --log-nl) LOGNL=1 ;; --screen-nl) SCREENNL=1 ;; --nl-after) NLAFTER=1 ;; --nonl) NONL=$ECHON ;; -*) echo "Error: Invalid display option given: $1 Display line: ${DISPLAY_LINE}" return ;; *) MSG=$1 shift break ;; esac shift done # # Before anything we must record if this is a warning message. # test $WARN_MSG -eq 1 && WARNING_COUNT=`expr ${WARNING_COUNT} + 1` # # For simplicity we now set variables as to whether the output # goes to the screen and/or the log file. In some cases we do # not need to output anything, and so can just return. # if [ $NOLOG -eq 1 ]; then test "${WRITETO}" = "LOG" && return test "${WRITETO}" = "SCREEN+LOG" && WRITETO="SCREEN" fi if [ $NOTTY -eq 1 ]; then test "${WRITETO}" = "SCREEN" && return test "${WRITETO}" = "SCREEN+LOG" && WRITETO="LOG" fi test "${WRITETO}" = "SCREEN" -o "${WRITETO}" = "SCREEN+LOG" && WRITETOTTY=1 || WRITETOTTY=0 test "${WRITETO}" = "LOG" -o "${WRITETO}" = "SCREEN+LOG" && WRITETOLOG=1 || WRITETOLOG=0 # # Now check that the options we have been given make sense. # if [ $WRITETOTTY -eq 0 -a $WRITETOLOG -eq 0 ]; then echo "Error: Invalid display destination: Display line: ${DISPLAY_LINE}" return elif [ $WRITETOTTY -eq 1 -a $COLORS -eq 1 -a -n "${RESULT}" -a -z "${COLOR}" ]; then echo "Error: Invalid display - no color given: Display line: ${DISPLAY_LINE}" return fi # # We only allow no newline for PLAIN messages. # test -n "${TYPE}" && NONL="" # # If we want whitelisted results to be shown as white, or # black for colour set two users, then change the colour now. # if [ $WLIST_IS_WHITE -eq 1 -a $WRITETOTTY -eq 1 -a $COLORS -eq 1 -a "${RESULT}" = "${MSG_RESULT_WHITELISTED}" ]; then COLOR=$WHITE fi # # We set the variable LINE1 to contain the first line of the message. # For the log file we use the variable LOGLINE1. We also set # where the language file is located. If a message cannot be found # in the file, then we look in the English file. This will allow RKH # to still work even when the language files change. # LANG_FILE="${DB_PATH}/i18n/${LANGUAGE}" if [ -n "${MSG}" ]; then LINE1=`grep ${GREP_OPT} "^${MSG}:" "${LANG_FILE}" 2>/dev/null | head ${HEAD_OPT}1 | cut -d: -f2-` if [ $RKHCHKLOCALE -eq 1 ]; then LINE1=`echo "${LINE1}" | ${ICONV_CMD} -f UTF-8 -t ${RKHCHRMAP} 2>/dev/null` test $? -ne 0 && LINE1="" fi if [ -z "${LINE1}" ]; then LANG_FILE="${DB_PATH}/i18n/en" LINE1=`grep ${GREP_OPT} "^${MSG}:" "${LANG_FILE}" 2>/dev/null | head ${HEAD_OPT}1 | cut -d: -f2-` if [ -z "${LINE1}" ]; then echo "Error: Invalid display - keyword cannot be found: Display line: ${DISPLAY_LINE}" return fi else LINE1=`echo "${LINE1}" | sed -e 's/\`/\\\\\`/g'` fi test -n "${LINE1}" && LINE1=`eval "echo \"${LINE1}\" | sed -e 's/;/\\;/g'"` fi # # At this point LINE1 is the text of the message. We have to # see if the message is to be indented, and must prefix the # time to log file messages. We must do the log file first # because it uses LINE1. # if [ $WRITETOLOG -eq 1 ]; then LOGLINE1=`date '+[%H:%M:%S]'` test $NL -gt 0 -o $LOGNL -eq 1 && echo "${LOGLINE1}" >>"${RKHLOGFILE}" if [ -n "${TYPE}" ]; then LOGLINE1="${LOGLINE1} ${TYPE}: ${LINE1}" else test $LOGINDENT -gt 0 && SPACES=`echo "${BLANK_LINE}" | cut -c1-$LOGINDENT` LOGLINE1="${LOGLINE1} ${SPACES}${LINE1}" fi fi if [ $WRITETOTTY -eq 1 -a $SCREENINDENT -gt 0 ]; then SPACES=`echo "${BLANK_LINE}" | cut -c1-$SCREENINDENT` LINE1="${SPACES}${LINE1}" fi # # We now check to see if a result is to be output. If it is, # then we need to space-out the line and color the result. # if [ -n "${RESULT}" ]; then if [ $WRITETOTTY -eq 1 ]; then LINE1_NUM=`echo "${LINE1}" | wc -c | tr -d ' '` NUM_SPACES=`expr 62 - ${LINE1_NUM}` test $NUM_SPACES -lt 1 && NUM_SPACES=1 if [ $COLORS -eq 0 ]; then SPACES=`echo "${BLANK_LINE}" | cut -c1-$NUM_SPACES` LINE1="${LINE1}${SPACES}[ ${RESULT} ]" else LINE1="${LINE1}\033[${NUM_SPACES}C[ ${COLOR}${RESULT}${NORMAL} ]" fi fi if [ $WRITETOLOG -eq 1 ]; then LOGLINE1_NUM=`echo "${LOGLINE1}" | wc -c | tr -d ' '` NUM_SPACES=`expr 62 - ${LOGLINE1_NUM}` test $NUM_SPACES -lt 1 && NUM_SPACES=1 SPACES=`echo "${BLANK_LINE}" | cut -c1-$NUM_SPACES` LOGLINE1="${LOGLINE1}${SPACES}[ ${RESULT} ]" fi elif [ $WRITETOTTY -eq 1 -a -n "${COLOR}" ]; then LINE1="${COLOR}${LINE1}${NORMAL}" fi # # We can now output the message. We start with any required blank # lines, and then the first line. If this is a warning message we # write to the log file any additional lines. # if [ $SCREENNL -eq 1 ]; then test $QUIET -eq 0 -a $SHOWWARNINGSONLY -eq 0 -a $NOTTY -eq 0 && echo "" fi if [ $WRITETOTTY -eq 1 ]; then NLLOOP=$NL while test $NLLOOP -gt 0; do echo "" NLLOOP=`expr ${NLLOOP} - 1` done if [ "${NONL}" = "c" ]; then echo $ECHOOPT "${LINE1}\c" else echo $NONL $ECHOOPT "${LINE1}" fi fi if [ $WRITETOLOG -eq 1 ]; then echo $ECHOOPT "${LOGLINE1}" >>"${RKHLOGFILE}" if [ $WARN_MSG -eq 1 ]; then test $SHOWWARNINGSONLY -eq 1 && echo $ECHOOPT "${LOGLINE1}" | cut -d' ' -f2- LINE1=1 OLDIFS="${IFS}" IFS=$IFSNL for LOGLINE1 in `grep ${GREP_OPT} "^${MSG}:" "${LANG_FILE}" 2>/dev/null | cut -d: -f2-`; do if [ $LINE1 -eq 1 ]; then LINE1=0 continue else test $SHOWWARNINGSONLY -eq 1 && echo $ECHOOPT " ${LOGLINE1}" echo $ECHOOPT " ${LOGLINE1}" >>"${RKHLOGFILE}" fi done IFS="${OLDIFS}" elif [ $SHOWWARNINGSONLY -eq 1 -a -n "`echo \"${LOGLINE1}\" | grep '^\[[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\] '`" ]; then echo $ECHOOPT "${LOGLINE1}" | cut -d' ' -f2- fi fi # # Output a final blank line if requested to do so. # test $WRITETOTTY -eq 1 -a $NLAFTER -eq 1 && echo "" return } name2text() { # # This function changes any spaces in a character string to '', # tabs to '' and any control characters to '?'. This allows # pathnames to be seen more easily - especially if spaces or tabs # are used. # # Whilst it would be nice to perform this function in 'display', we do # not want the changes to occur for all messages. So we keep this a # separate function, and only use it where necessary. # # Note that we must ensure that the 'echo' command does not interpret # any part of the string. # echo $ECHOOPT "$*" | sed -e 's/ //g; s/ //g' | tr -d '\n' | tr '[:cntrl:]' '?' return } keypresspause() { # # This function will display a prompt message to the user. # if [ $SKIP_KEY_PRESS -eq 0 -a $QUIET -eq 0 ]; then display --to SCREEN --type PLAIN --nl PRESSENTER read RKHTMPVAR test "${RKHTMPVAR}" = "s" -o "${RKHTMPVAR}" = "S" && SKIP_KEY_PRESS=1 fi return } get_option() { # # This function is used to process configuration file options. # # Syntax: get_option (single | space-list | newline-list)