This release offers more ease of use and improved checks. The changelog lists 29 additions including 9 configuration options and details for 12 rootkits, 29 changes including improvements for 15 rootkit checks, and 22 bugfixes.
IntoXonia-NG and Phalanx2 rootkit checks were added. Support for TCB shadow files was added. The "--propupd" option can now take an optional file, directory, or package name after it. The file properties inode check was revised. SSH configuration file tests accept key/value pairs. The Linux "os_specific" test has been split into two separate tests. The DBDIR directory can now be read-only. The ALLOWPROCDELFILE configuration option was improved. The check for hidden files and directories was improved.
Given the timeframe between releases, the changelog is packed listing 34 new features, 47 changes, and 16 bugfixes. A new option '--propupd' replaces 'hashupd.sh'. A new option '--pkgmgr' supports RPM, dpkg, and BSD-style package managers. Support has been added for Ubuntu, 'dash' and 'ash' shells. Internationalization (i18n) has been added. New options '--enable' and '--disable' to specify which tests are run or ignored. Support for Solaris 10 inetadm. More whitelisting options.
This release added support for RHEL WS/AS/ES 3 Taroon update 8, Fedora Core 5, and SuSE 10. Checks were added for packet capturing applications and processes using deleted files. The netstat check was enabled for AIX and the backdoor check was enabled for SunOS. Logfile specification and checks were added.
