1 |
diff -up rkhunter-1.3.4/files/rkhunter.conf.smeconfig rkhunter-1.3.4/files/rkhunter.conf |
2 |
diff -up rkhunter-1.3.4/files/rkhunter.conf.smeconfig rkhunter-1.3.4/files/rkhunter.conf |
3 |
--- rkhunter-1.3.4/files/rkhunter.conf.smeconfig 2009-04-02 10:59:37.000000000 -0600 |
4 |
+++ rkhunter-1.3.4/files/rkhunter.conf 2009-04-02 11:41:08.000000000 -0600 |
5 |
@@ -84,17 +84,17 @@ |
6 |
# important files will be written to this directory, so be |
7 |
# sure that the directory permissions are tight. |
8 |
# |
9 |
-#TMPDIR=/var/lib/rkhunter/tmp |
10 |
+TMPDIR=/var/lib/rkhunter/ |
11 |
|
12 |
# |
13 |
# Specify the database directory to use. |
14 |
# |
15 |
-#DBDIR=/var/lib/rkhunter/db |
16 |
+DBDIR=/var/lib/rkhunter/db |
17 |
|
18 |
# |
19 |
# Specify the script directory to use. |
20 |
# |
21 |
-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts |
22 |
+SCRIPTDIR=/usr/share/rkhunter/scripts |
23 |
|
24 |
# |
25 |
# Specify the root directory to use. |
26 |
@@ -123,13 +123,13 @@ |
27 |
# |
28 |
# NOTE: This option should be present in the configuration file. |
29 |
# |
30 |
-LOGFILE=/var/log/rkhunter.log |
31 |
+LOGFILE=/var/log/rkhunter/rkhunter.log |
32 |
|
33 |
# |
34 |
# Set the following option to 1 if the log file is to be appended to |
35 |
# whenever rkhunter is run. |
36 |
# |
37 |
-APPEND_LOG=0 |
38 |
+APPEND_LOG=1 |
39 |
|
40 |
# |
41 |
# Set the following option to enable the rkhunter check start and finish |
42 |
@@ -165,7 +165,7 @@ |
43 |
# file, then a value here of 'yes' or 'unset' will not cause a warning. |
44 |
# This option has a default value of 'no'. |
45 |
# |
46 |
-ALLOW_SSH_ROOT_USER=no |
47 |
+ALLOW_SSH_ROOT_USER=yes |
48 |
|
49 |
# |
50 |
# Set this option to '1' to allow the use of the SSH-1 protocol, but note |
51 |
@@ -205,7 +205,7 @@ |
52 |
# tests, the test names, and how rkhunter behaves when these options are used. |
53 |
# |
54 |
ENABLE_TESTS="all" |
55 |
-DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps" |
56 |
+DISABLE_TESTS="apps suspscan system_commands" |
57 |
|
58 |
# |
59 |
# The HASH_FUNC option can be used to specify the command to use |
60 |
@@ -260,7 +260,7 @@ |
61 |
# For any file not part of a package, rkhunter will revert to using |
62 |
# the HASH_FUNC hash function instead. |
63 |
# |
64 |
-#PKGMGR=NONE |
65 |
+PKGMGR=RPM |
66 |
|
67 |
# |
68 |
# Whitelist the hash (content) for the specified files. Only useful |
69 |
@@ -298,6 +298,12 @@ |
70 |
#SCRIPTWHITELIST=/sbin/ifup |
71 |
#SCRIPTWHITELIST=/sbin/ifdown |
72 |
#SCRIPTWHITELIST=/usr/bin/groups |
73 |
+SCRIPTWHITELIST=/usr/bin/whatis |
74 |
+SCRIPTWHITELIST=/usr/bin/ldd |
75 |
+SCRIPTWHITELIST=/usr/bin/groups |
76 |
+SCRIPTWHITELIST=/usr/bin/GET |
77 |
+SCRIPTWHITELIST=/sbin/ifup |
78 |
+SCRIPTWHITELIST=/sbin/ifdown |
79 |
|
80 |
# |
81 |
# Allow the specified commands to have the immutable attribute set. |
82 |
@@ -310,7 +316,7 @@ |
83 |
# One directory per line (use multiple ALLOWHIDDENDIR lines). |
84 |
# |
85 |
#ALLOWHIDDENDIR=/etc/.java |
86 |
-#ALLOWHIDDENDIR=/dev/.udev |
87 |
+ALLOWHIDDENDIR=/dev/.udev |
88 |
#ALLOWHIDDENDIR=/dev/.udevdb |
89 |
#ALLOWHIDDENDIR=/dev/.udev.tdb |
90 |
#ALLOWHIDDENDIR=/dev/.static |
91 |
@@ -322,7 +328,7 @@ |
92 |
# One file per line (use multiple ALLOWHIDDENFILE lines). |
93 |
# |
94 |
#ALLOWHIDDENFILE=/etc/.java |
95 |
-#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz |
96 |
+ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz |
97 |
#ALLOWHIDDENFILE=/etc/.pwd.lock |
98 |
#ALLOWHIDDENFILE=/etc/.init.state |
99 |
|
100 |
@@ -340,14 +346,22 @@ |
101 |
#ALLOWPROCDELFILE=/usr/sbin/gpm |
102 |
#ALLOWPROCDELFILE=/usr/libexec/gconfd-2 |
103 |
#ALLOWPROCDELFILE=/usr/sbin/mysqld |
104 |
+ALLOWPROCDELFILE=(deleted) |
105 |
+ALLOWPROCDELFILE=/usr/bin/freshclam |
106 |
+ALLOWPROCDELFILE=/usr/bin/perl |
107 |
+ALLOWPROCDELFILE=/usr/bin/python |
108 |
+ALLOWPROCDELFILE=/usr/libexec/dovecot/imap |
109 |
+ALLOWPROCDELFILE=/usr/sbin/asterisk |
110 |
+ALLOWPROCDELFILE=/usr/sbin/httpd |
111 |
|
112 |
# |
113 |
# Allow the specified processes to listen on any network interface. |
114 |
# One process per line (use multiple ALLOWPROCLISTEN lines). |
115 |
# |
116 |
-#ALLOWPROCLISTEN=/sbin/dhclient |
117 |
+ALLOWPROCLISTEN=/sbin/dhclient |
118 |
+ALLOWPROCLISTEN=/usr/bin/dhcpd |
119 |
#ALLOWPROCLISTEN=/usr/bin/dhcpcd |
120 |
-#ALLOWPROCLISTEN=/usr/sbin/pppoe |
121 |
+ALLOWPROCLISTEN=/usr/sbin/pppoe |
122 |
#ALLOWPROCLISTEN=/usr/sbin/tcpdump |
123 |
#ALLOWPROCLISTEN=/usr/sbin/snort-plain |
124 |
#ALLOWPROCLISTEN=/usr/local/bin/wpa_supplicant |
125 |
@@ -367,7 +381,7 @@ |
126 |
# ALLOWDEVFILE lines). |
127 |
# |
128 |
#ALLOWDEVFILE=/dev/abc |
129 |
-#ALLOWDEVFILE=/dev/shm/pulse-shm-* |
130 |
+ALLOWDEVFILE=/dev/shm/pulse-shm-* |
131 |
|
132 |
# |
133 |
# This setting tells rkhunter where the inetd configuration |
134 |
@@ -460,7 +474,7 @@ |
135 |
# file. This setting will be worked out by rkhunter, and so should not |
136 |
# usually need to be set. |
137 |
# |
138 |
-#SYSLOG_CONFIG_FILE=/etc/syslog.conf |
139 |
+SYSLOG_CONFIG_FILE=/etc/syslog.conf |
140 |
|
141 |
# |
142 |
# This option permits the use of syslog remote logging. |
143 |
@@ -549,7 +563,7 @@ |
144 |
# specified, then RKH will assume the O/S release information is on the |
145 |
# first non-blank line of the file. |
146 |
# |
147 |
-#OS_VERSION_FILE="/etc/release" |
148 |
+OS_VERSION_FILE="/etc/redhat-release" |
149 |
|
150 |
# |
151 |
# The following two options can be used to whitelist files and directories |
152 |
@@ -578,3 +592,4 @@ |
153 |
# |
154 |
#MODULES_DIR="" |
155 |
|
156 |
+INSTALLDIR="/usr" |