smeserver-rkhunter/contribs10/smeserver-rkhunter-1.4.0.more_options2rkhunter-conf.patch

diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120FilesPropertiesChecks smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120FilesPropertiesChecks
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120FilesPropertiesChecks  1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120FilesPropertiesChecks  2015-08-18 21:24:22.280859226 +0200
@@ -0,0 +1,50 @@
+#
+# These options specify a command, directory or file pathname which will be
+# included or excluded in the file properties checks.
+#
+# For the USER_FILEPROP_FILES_DIRS option, simple command names - for example,
+# 'top' - and directory names are added to the internal list of directories to
+# be searched for each of the command names in the command list. Additionally,
+# full pathnames to files, which need not be commands, may be given. Any files
+# or directories which are already part of the internal lists will be silently
+# ignored from the configuration.
+#
+# For the USER_FILEPROP_FILES_DIRS option, wildcards are allowed, except for
+# simple command names.
+# For example, 'top*' cannot be given, but '/usr/bin/top*' is allowed.
+#
+# Specific files may be excluded by using the EXCLUDE_USER_FILEPROP_FILES_DIRS
+# option. Wildcards may be used with this option.
+#
+# By combining these two options, and using wildcards, whole directories can be
+# excluded. For example:
+#
+#     USER_FILEPROP_FILES_DIRS=/etc/*
+#     USER_FILEPROP_FILES_DIRS=/etc/*/*
+#     EXCLUDE_USER_FILEPROP_FILES_DIRS=/etc/rc?.d/*
+#
+# This will look for files in the first two directory levels of '/etc'. However,
+# anything in '/etc/rc0.d', '/etc/rc1.d', '/etc/rc2.d' and so on, will be
+# excluded.
+#
+# NOTE: Only files and directories which have been added by the user, and are
+# not part of the internal lists, can be excluded. So, for example, it is not
+# possible to exclude the 'ps' command by using '/bin/ps'. These will be
+# silently ignored from the configuration.
+#
+# Both options can be specified more than once.
+#
+# NOTE: Whenever these options are changed 'rkhunter --propupd' must be run.
+#
+# The default value for both options is the null string.
+#
+#USER_FILEPROP_FILES_DIRS=top
+#USER_FILEPROP_FILES_DIRS=/usr/local/sbin
+#USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf
+#USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf.local
+#USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/*
+#USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/i18n/*
+#EXCLUDE_USER_FILEPROP_FILES_DIRS=/opt/ps*
+#EXCLUDE_USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/mirrors.dat
+#EXCLUDE_USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/rkhunter*
+
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120IgnorePrelink smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120IgnorePrelink
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120IgnorePrelink  1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120IgnorePrelink  2015-08-18 21:22:31.047811621 +0200
@@ -0,0 +1,18 @@
+#
+# This option can be used to tell rkhunter to ignore any prelink dependency
+# errors for the given commands. However, a warning will also be issued if the
+# error does not occur for a given command. As such this option must only be
+# used on commands which experience a persistent problem.
+#
+# Short-term prelink dependency errors can usually be resolved simply by
+# running the 'prelink' command on the given pathname.
+#
+# This is a space-separated list of command pathnames. The option can be
+# specified more than once.
+#
+# NOTE: Whenever this option is changed 'rkhunter --propupd' must be run.
+#
+# The default value is the null string.
+#
+#IGNORE_PRELINK_DEP_ERR=/bin/ps /usr/bin/top
+
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120LookTimeDate smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120LookTimeDate
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120LookTimeDate   1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120LookTimeDate   2015-08-18 20:51:18.460294734 +0200
@@ -0,0 +1,16 @@
+#
+# In the file properties test any modification date/time is displayed as the
+# number of epoch seconds. Rkhunter will try and use the 'date' command, or
+# failing that the 'perl' command, to display the date and time in a
+# human-readable format as well. This option may be used if some other command
+# should be used instead. The given command must understand the '%s' and
+# 'seconds ago' options found in the GNU 'date' command.
+#
+# A value of 'NONE' may be used to request that only the epoch seconds be shown.
+# A value of 'PERL' may be used to force rkhunter to use the 'perl' command, if
+# it is present.
+#
+# This option has no default value.
+#
+#EPOCH_DATE_CMD=""
+
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120OperatingSystem smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120OperatingSystem
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120OperatingSystem        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120OperatingSystem        2015-08-18 20:49:11.416104197 +0200
@@ -0,0 +1,45 @@
+#
+# The following option can be used to tell rkhunter where the operating system
+# 'release' file is located. This file contains information specifying the
+# current O/S version. RKH will store this information, and check to see if it
+# has changed between each run. If it has changed, then the user is warned that
+# RKH may issue warning messages until RKH has been run with the '--propupd'
+# option.
+#
+# Since the contents of the file vary according to the O/S distribution, RKH
+# will perform different actions when it detects the file itself. As such, this
+# option should not be set unless necessary. If this option is specified, then
+# RKH will assume the O/S release information is on the first non-blank line of
+# the file.
+#
+# This option has no default value.
+#
+# Also see the WARN_ON_OS_CHANGE and UPDT_ON_OS_CHANGE options.
+#
+#OS_VERSION_FILE=/etc/release
+
+#
+# Set the following option to '0' if you do not want to receive a warning if any
+# O/S information has changed since the last run of 'rkhunter --propupd'. The
+# warnings occur during the file properties check. Setting a value of '1' will
+# cause rkhunter to issue a warning if something has changed.
+#
+# The default value is '1'.
+#
+#WARN_ON_OS_CHANGE=1
+
+#
+# Set the following option to '1' if you want rkhunter to automatically run a
+# file properties update ('--propupd') if the O/S has changed. Detection of an
+# O/S change occurs during the file properties check. Setting a value of '0'
+# will cause rkhunter not to do an automatic update.
+#
+# WARNING: Only set this option if you are sure that the update will work
+# correctly. That is, that the database directory is writeable, that a valid
+# hash function is available, and so on. This can usually be checked simply by
+# running 'rkhunter --propupd' at least once.
+#
+# The default value is '0'.
+#
+#UPDT_ON_OS_CHANGE=0
+
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterDownload smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterDownload
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterDownload       1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterDownload       2015-08-18 20:52:55.587323950 +0200
@@ -0,0 +1,25 @@
+#
+# The following option can be set to a command which rkhunter will use when
+# downloading files from the Internet - that is, when the '--update' or
+# '--versioncheck' option is used. The command can take options.
+#
+# This allows the user to use a command other than the one automatically
+# selected by rkhunter, but still one which it already knows about.
+# For example:
+#
+#     WEB_CMD=curl
+#
+# Alternatively, the user may specify a completely new command. However, note
+# that rkhunter expects the downloaded file to be written to stdout, and that
+# everything written to stderr is ignored. For example:
+#
+#     WEB_CMD="/opt/bin/dlfile --timeout 5m -q"
+#
+# *BSD users may want to use the 'ftp' command, provided that it supports the
+# HTTP protocol:
+#
+#     WEB_CMD="ftp -o -"
+#
+# This option has no default value.
+#
+#WEB_CMD=""
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterLocking smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterLocking
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterLocking        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterLocking        2015-08-18 20:53:44.080833101 +0200
@@ -0,0 +1,37 @@
+#
+# Set the following option to '1' if locking is to be used when rkhunter runs.
+# The lock is set just before logging starts, and is removed when the program
+# ends. It is used to prevent items such as the log file, and the file
+# properties file, from becoming corrupted if rkhunter is running more than
+# once. The mechanism used is to simply create a lock file in the TMPDIR
+# directory. If the lock file already exists, because rkhunter is already
+# running, then the current process simply loops around sleeping for 10 seconds
+# and then retrying the lock. A value of '0' means not to use locking.
+#
+# The default value is '0'.
+#
+# Also see the LOCK_TIMEOUT and SHOW_LOCK_MSGS options.
+#
+#USE_LOCKING=0
+
+#
+# If locking is used, then rkhunter may have to wait to get the lock file.
+# This option sets the total amount of time, in seconds, that rkhunter should
+# wait. It will retry the lock every 10 seconds, until either it obtains the
+# lock or the timeout value has been reached.
+#
+# The default value is 300 seconds (5 minutes).
+#
+#LOCK_TIMEOUT=300
+
+#
+# If locking is used, then rkhunter may be doing nothing for some time if it
+# has to wait for the lock. If this option is set to '1', then some simple
+# messages are echoed to the users screen to let them know that rkhunter is
+# waiting for the lock. Set this option to '0' if the messages are not to be
+# displayed.
+#
+# The default value is '1'.
+#
+#SHOW_LOCK_MSGS=1
+
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterLogFile smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterLogFile
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterLogFile        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterLogFile        2015-08-18 20:56:00.534708353 +0200
@@ -0,0 +1,18 @@
+#
+# The two options below may be used to check if a file is missing or empty
+# (that is, it has a size of zero). The EMPTY_LOGFILES option will also check
+# if the file is missing, since that can be interpreted as a file of no size.
+# However, the file will only be reported as missing if the MISSING_LOGFILES
+# option hasn't already done this.
+#
+# Both options are space-separated lists of pathnames, and may be specified
+# more than once.
+#
+# NOTE: Log files are usually 'rotated' by some mechanism. At that time it is
+# perfectly possible for the file to be either missing or empty. As such these
+# options may produce false-positive warnings when log files are rotated.
+#
+# For both options the default value is the null string.
+#
+#EMPTY_LOGFILES=""
+#MISSING_LOGFILES=""
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterSummary smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterSummary
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterSummary        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterSummary        2015-08-18 20:55:27.686331042 +0200
@@ -0,0 +1,23 @@
+#
+# This option can be set to either '0' or '1'. If set to '1' then the summary,
+# shown after rkhunter has run, will display the actual number of warnings
+# found. If it is set to '0', then the summary will simply indicate that
+# 'One or more' warnings were found. If no warnings were found, and this option
+# is set to '1', then a "0" will be shown. If the option is set to '0', then
+# the words 'No warnings' will be shown.
+#
+# The default value is '0'.
+#
+#SHOW_SUMMARY_WARNINGS_NUMBER=0
+
+#
+# This option is used to determine where, if anywhere, the summary scan time is
+# displayed. A value of '0' indicates that it should not be displayed anywhere.
+# A value of '1' indicates that the time should only appear on the screen, and a
+# value of '2' that it should only appear in the log file. A value of '3'
+# indicates that the time taken should appear both on the screen and in the log
+# file.
+#
+# The default value is '3'.
+#
+#SHOW_SUMMARY_TIME=3
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterTHOROUGH smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterTHOROUGH
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterTHOROUGH       1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterTHOROUGH       2015-08-18 20:54:09.000636813 +0200
@@ -0,0 +1,20 @@
+#
+# If this option is set to 'THOROUGH' then rkhunter will search (on a per
+# rootkit basis) for filenames in all of the directories (as defined by the
+# result of running 'find / -xdev'). While still not optimal, as it still
+# searches for only file names as opposed to file contents, this is one step
+# away from the rigidity of searching in known (evidence) or default
+# (installation) locations.
+#
+# THIS OPTION SHOULD NOT BE ENABLED BY DEFAULT.
+#
+# You should only activate this feature as part of a more thorough
+# investigation, which should be based on relevant best practices and
+# procedures. 
+#
+# Enabling this feature implies you have the knowledge to interpret the
+# results properly. 
+#
+# The default value is the null string.
+#
+#SCANROOTKITMODE=THOROUGH
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterUnhide smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterUnhide
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterUnhide 1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120RkhunterUnhide 2015-08-18 20:54:38.988806961 +0200
@@ -0,0 +1,37 @@
+#
+# The following option can be set to the name(s) of the tests the 'unhide'
+# command is to use. Options such as '-m' and '-v' may be specified, but will
+# only take effect when they are seen. The test names are a space-separated
+# list, and will be executed in the order given.
+#
+# This option may be specified more than once.
+#
+# The default value is 'sys' in order to maintain compatibility with older
+# versions of 'unhide'.
+#
+#UNHIDE_TESTS=sys
+
+#
+# The following option can be used to set options for the 'unhide-tcp' command.
+# The options are space-separated.
+#
+# This option may be specified more than once.
+#
+# The default value is the null string.
+#
+#UNHIDETCP_OPTS=""
+
+#
+# If both the C 'unhide', and Ruby 'unhide.rb', programs exist on the system,
+# then it is possible to disable the execution of one of the programs if
+# desired. By default rkhunter will look for both programs, and execute each
+# of them as they are found. If the value of this option is '0', then both
+# programs will be executed if they are present. A value of '1' will disable
+# execution of the C 'unhide' program, and a value of '2' will disable the Ruby
+# 'unhide.rb' program. To disable both programs, then disable the
+# 'hidden_procs' test.
+#
+# The default value is '0'.
+#
+#DISABLE_UNHIDE=0
+
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistExistingFilesFolders smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistExistingFilesFolders
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistExistingFilesFolders  1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistExistingFilesFolders  2015-08-18 21:26:10.084656696 +0200
@@ -0,0 +1,28 @@
+
+#
+# This option whitelists files and directories from existing, or not existing,
+# on the system at the time of testing. This option is used when the
+# configuration file options themselves are checked, and during the file
+# properties check, the hidden files and directories checks, and the filesystem
+# check of the '/dev' directory.
+#
+# This option may be specified more than once, and may use wildcards.
+# Be aware though that this is probably not what you want to do as the
+# wildcarding will be expanded after files have been deleted. As such
+# deleted files won't be whitelisted if wildcarded.
+#
+# NOTE: The user must take into consideration how often the file will appear
+# and disappear from the system in relation to how often rkhunter is run. If
+# the file appears, and disappears, too often then rkhunter may not notice
+# this. All it will see is that the file has changed. The inode-number and DTM
+# will certainly be different for each new file, and rkhunter will report this.
+#
+# The default value is the null string.
+#
+#EXISTWHITELIST=""
+#EXISTWHITELIST=/var/log/pki-ca/system
+# FreeIPA Certificate Authority
+#EXISTWHITELIST=/var/log/pki/pki-tomcat/ca/system
+# Some non default installed files we check
+#EXISTWHITELIST=/usr/bin/GET
+#EXISTWHITELIST=/usr/bin/whatis
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistFoldersFiles smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistFoldersFiles
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistFoldersFiles  1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistFoldersFiles  2015-08-18 20:49:53.384137552 +0200
@@ -0,0 +1,41 @@
+#
+# The following two options can be used to whitelist files and directories that
+# would normally be flagged with a warning during the various rootkit and
+# malware checks. Only existing files and directories can be specified, and
+# these must be full pathnames not links.
+#
+# Additionally, the RTKT_FILE_WHITELIST option may include a string after the
+# file name (separated by a colon). This will then only whitelist that string
+# in that file (as part of the malware checks). For example:
+#
+#     RTKT_FILE_WHITELIST=/etc/rc.local:hdparm
+#
+# If the option list includes the filename on its own as well, then the file
+# will be whitelisted from rootkit checks of the files existence, but still
+# only the specific string within the file will be whitelisted. For example:
+#
+#     RTKT_FILE_WHITELIST=/etc/rc.local
+#     RTKT_FILE_WHITELIST=/etc/rc.local:hdparm
+#
+# To whitelist a file from the existence checks, but not from the strings
+# checks, then include the filename on its own and on its own but with just
+# a colon appended. For example:
+#
+#     RTKT_FILE_WHITELIST=/etc/rc.local
+#     RTKT_FILE_WHITELIST=/etc/rc.local:
+#
+# NOTE: It is recommended that if you whitelist any files, then you include
+# those files in the file properties check. See the USER_FILEPROP_FILES_DIRS
+# configuration option.
+#
+# Both of these options may be specified more than once.
+#
+# For both options the default value is the null string.
+#
+#RTKT_DIR_WHITELIST=""
+#RTKT_FILE_WHITELIST=""
+# FreeIPA Certificate Authority
+#RTKT_FILE_WHITELIST=/var/log/pki-ca/system
+# FreeIPA Certificate Authority
+#RTKT_FILE_WHITELIST=/var/log/pki/pki-tomcat/ca/system
+
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistNetwork smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistNetwork
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistNetwork       1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistNetwork       2015-08-18 20:47:37.191280473 +0200
@@ -0,0 +1,41 @@
+#
+# The following options can be used to whitelist network ports which are known
+# to have been used by malware. 
+#
+# The PORT_WHITELIST option is a space-separated list of one or more of two
+# types of whitelisting. These are:
+#
+#   1) a 'protocol:port' pair
+#   2) an asterisk ('*')
+#
+# Only the UDP or TCP protocol may be specified, and the port number must be
+# between 1 and 65535 inclusive.
+#
+# The asterisk can be used to indicate that any executable which rkhunter can
+# locate as a command, is whitelisted. (Also see BINDIR)
+#
+# The PORT_PATH_WHITELIST option specifies one of two types of whitelisting.
+# These are:
+#
+#   1) a pathname to an executable
+#   2) a combined pathname, protocol and port
+#
+# As above, the protocol can only be TCP or UDP, and the port number must be
+# between 1 and 65535 inclusive.
+#
+# Examples:
+#
+#     PORT_WHITELIST=TCP:2001 UDP:32011
+#     PORT_PATH_WHITELIST=/usr/sbin/squid
+#     PORT_PATH_WHITELIST=/usr/sbin/squid:TCP:3801
+#
+# NOTE: In order to whitelist a pathname, or use the asterisk option, the
+# 'lsof' command must be present.
+#
+# Both options may be specified more than once.
+#
+# The default value for both options is the null string.
+#
+#PORT_WHITELIST=""
+#PORT_PATH_WHITELIST=""
+
diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistSharedLibrary smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistSharedLibrary
--- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistSharedLibrary 1970-01-01 01:00:00.000000000 +0100
+++ smeserver-rkhunter-1.4.0.new/root/etc/e-smith/templates/etc/rkhunter.conf/120WhitelistSharedLibrary 2015-08-18 20:50:36.102229247 +0200
@@ -0,0 +1,29 @@
+#
+# The following option can be used to whitelist shared library files that would
+# normally be flagged with a warning during the preloaded shared library check.
+# These library pathnames usually exist in the '/etc/ld.so.preload' file or in
+# the LD_PRELOAD environment variable.
+#
+# NOTE: It is recommended that if you whitelist any files, then you include
+# those files in the file properties check. See the USER_FILEPROP_FILES_DIRS
+# configuration option.
+#
+# This option is a space-separated list of library pathnames. The option may be
+# specified more than once.
+#
+# The default value is the null string.
+#
+#SHARED_LIB_WHITELIST=/lib/snoopy.so
+
+#
+# To force rkhunter to use the supplied script for the 'stat' or 'readlink'
+# command the following two options can be used. The value must be set to
+# 'BUILTIN'.
+#
+# NOTE: IRIX users will probably need to enable STAT_CMD.
+#
+# For both options the default value is the null string.
+#
+#STAT_CMD=BUILTIN
+#READLINK_CMD=BUILTIN
+