rkhunter/sme8/rkhunter-1.3.4-smeconfig.patch

diff -up rkhunter-1.3.4/files/rkhunter.conf.smeconfig rkhunter-1.3.4/files/rkhunter.conf
diff -up rkhunter-1.3.4/files/rkhunter.conf.smeconfig rkhunter-1.3.4/files/rkhunter.conf
--- rkhunter-1.3.4/files/rkhunter.conf.smeconfig        2009-04-02 10:59:37.000000000 -0600
+++ rkhunter-1.3.4/files/rkhunter.conf  2009-04-02 11:41:08.000000000 -0600
@@ -84,17 +84,17 @@
 # important files will be written to this directory, so be
 # sure that the directory permissions are tight.
 #
-#TMPDIR=/var/lib/rkhunter/tmp
+TMPDIR=/var/lib/rkhunter/
 
 #
 # Specify the database directory to use.
 #
-#DBDIR=/var/lib/rkhunter/db
+DBDIR=/var/lib/rkhunter/db
 
 #
 # Specify the script directory to use.
 #
-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
+SCRIPTDIR=/usr/share/rkhunter/scripts
 
 #
 # Specify the root directory to use.
@@ -123,13 +123,13 @@
 #
 # NOTE: This option should be present in the configuration file.
 #
-LOGFILE=/var/log/rkhunter.log
+LOGFILE=/var/log/rkhunter/rkhunter.log
 
 #
 # Set the following option to 1 if the log file is to be appended to
 # whenever rkhunter is run.
 #
-APPEND_LOG=0
+APPEND_LOG=1
 
 #
 # Set the following option to enable the rkhunter check start and finish
@@ -165,7 +165,7 @@
 # file, then a value here of 'yes' or 'unset' will not cause a warning.
 # This option has a default value of 'no'.
 #
-ALLOW_SSH_ROOT_USER=no
+ALLOW_SSH_ROOT_USER=yes
 
 #
 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
@@ -205,7 +205,7 @@
 # tests, the test names, and how rkhunter behaves when these options are used.
 #
 ENABLE_TESTS="all"
-DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"
+DISABLE_TESTS="apps suspscan system_commands"
 
 #
 # The HASH_FUNC option can be used to specify the command to use
@@ -260,7 +260,7 @@
 # For any file not part of a package, rkhunter will revert to using
 # the HASH_FUNC hash function instead.
 #
-#PKGMGR=NONE
+PKGMGR=RPM
 
 #
 # Whitelist the hash (content) for the specified files.  Only useful
@@ -298,6 +298,12 @@
 #SCRIPTWHITELIST=/sbin/ifup
 #SCRIPTWHITELIST=/sbin/ifdown
 #SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/whatis
+SCRIPTWHITELIST=/usr/bin/ldd
+SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/GET
+SCRIPTWHITELIST=/sbin/ifup
+SCRIPTWHITELIST=/sbin/ifdown
 
 #
 # Allow the specified commands to have the immutable attribute set.
@@ -310,7 +316,7 @@
 # One directory per line (use multiple ALLOWHIDDENDIR lines).
 #
 #ALLOWHIDDENDIR=/etc/.java
-#ALLOWHIDDENDIR=/dev/.udev
+ALLOWHIDDENDIR=/dev/.udev
 #ALLOWHIDDENDIR=/dev/.udevdb
 #ALLOWHIDDENDIR=/dev/.udev.tdb
 #ALLOWHIDDENDIR=/dev/.static
@@ -322,7 +328,7 @@
 # One file per line (use multiple ALLOWHIDDENFILE lines).
 # 
 #ALLOWHIDDENFILE=/etc/.java
-#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
+ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
 #ALLOWHIDDENFILE=/etc/.pwd.lock
 #ALLOWHIDDENFILE=/etc/.init.state
 
@@ -340,14 +346,22 @@
 #ALLOWPROCDELFILE=/usr/sbin/gpm
 #ALLOWPROCDELFILE=/usr/libexec/gconfd-2
 #ALLOWPROCDELFILE=/usr/sbin/mysqld
+ALLOWPROCDELFILE=(deleted)
+ALLOWPROCDELFILE=/usr/bin/freshclam
+ALLOWPROCDELFILE=/usr/bin/perl
+ALLOWPROCDELFILE=/usr/bin/python
+ALLOWPROCDELFILE=/usr/libexec/dovecot/imap
+ALLOWPROCDELFILE=/usr/sbin/asterisk
+ALLOWPROCDELFILE=/usr/sbin/httpd
 
 #
 # Allow the specified processes to listen on any network interface.
 # One process per line (use multiple ALLOWPROCLISTEN lines).
 #
-#ALLOWPROCLISTEN=/sbin/dhclient
+ALLOWPROCLISTEN=/sbin/dhclient
+ALLOWPROCLISTEN=/usr/sbin/dhcpd
 #ALLOWPROCLISTEN=/usr/bin/dhcpcd
-#ALLOWPROCLISTEN=/usr/sbin/pppoe
+ALLOWPROCLISTEN=/usr/sbin/pppoe
 #ALLOWPROCLISTEN=/usr/sbin/tcpdump
 #ALLOWPROCLISTEN=/usr/sbin/snort-plain
 #ALLOWPROCLISTEN=/usr/local/bin/wpa_supplicant
@@ -367,7 +381,7 @@
 # ALLOWDEVFILE lines).
 #
 #ALLOWDEVFILE=/dev/abc
-#ALLOWDEVFILE=/dev/shm/pulse-shm-*
+ALLOWDEVFILE=/dev/shm/pulse-shm-*
 
 #
 # This setting tells rkhunter where the inetd configuration
@@ -460,7 +474,7 @@
 # file. This setting will be worked out by rkhunter, and so should not
 # usually need to be set.
 #
-#SYSLOG_CONFIG_FILE=/etc/syslog.conf
+SYSLOG_CONFIG_FILE=/etc/syslog.conf
 
 #
 # This option permits the use of syslog remote logging.
@@ -549,7 +563,7 @@
 # specified, then RKH will assume the O/S release information is on the
 # first non-blank line of the file.
 #
-#OS_VERSION_FILE="/etc/release"
+OS_VERSION_FILE="/etc/redhat-release"
 
 #
 # The following two options can be used to whitelist files and directories
@@ -578,3 +592,4 @@
 #
 #MODULES_DIR=""
 
+INSTALLDIR="/usr"
1	slords	1.1	diff -up rkhunter-1.3.4/files/rkhunter.conf.smeconfig rkhunter-1.3.4/files/rkhunter.conf
2			diff -up rkhunter-1.3.4/files/rkhunter.conf.smeconfig rkhunter-1.3.4/files/rkhunter.conf
3			--- rkhunter-1.3.4/files/rkhunter.conf.smeconfig 2009-04-02 10:59:37.000000000 -0600
4			+++ rkhunter-1.3.4/files/rkhunter.conf 2009-04-02 11:41:08.000000000 -0600
5			@@ -84,17 +84,17 @@
6			# important files will be written to this directory, so be
7			# sure that the directory permissions are tight.
8			#
9			-#TMPDIR=/var/lib/rkhunter/tmp
10			+TMPDIR=/var/lib/rkhunter/
11
12			#
13			# Specify the database directory to use.
14			#
15			-#DBDIR=/var/lib/rkhunter/db
16			+DBDIR=/var/lib/rkhunter/db
17
18			#
19			# Specify the script directory to use.
20			#
21			-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
22			+SCRIPTDIR=/usr/share/rkhunter/scripts
23
24			#
25			# Specify the root directory to use.
26			@@ -123,13 +123,13 @@
27			#
28			# NOTE: This option should be present in the configuration file.
29			#
30			-LOGFILE=/var/log/rkhunter.log
31			+LOGFILE=/var/log/rkhunter/rkhunter.log
32
33			#
34			# Set the following option to 1 if the log file is to be appended to
35			# whenever rkhunter is run.
36			#
37			-APPEND_LOG=0
38			+APPEND_LOG=1
39
40			#
41			# Set the following option to enable the rkhunter check start and finish
42			@@ -165,7 +165,7 @@
43			# file, then a value here of 'yes' or 'unset' will not cause a warning.
44			# This option has a default value of 'no'.
45			#
46			-ALLOW_SSH_ROOT_USER=no
47			+ALLOW_SSH_ROOT_USER=yes
48
49			#
50			# Set this option to '1' to allow the use of the SSH-1 protocol, but note
51			@@ -205,7 +205,7 @@
52			# tests, the test names, and how rkhunter behaves when these options are used.
53			#
54			ENABLE_TESTS="all"
55			-DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"
56			+DISABLE_TESTS="apps suspscan system_commands"
57
58			#
59			# The HASH_FUNC option can be used to specify the command to use
60			@@ -260,7 +260,7 @@
61			# For any file not part of a package, rkhunter will revert to using
62			# the HASH_FUNC hash function instead.
63			#
64			-#PKGMGR=NONE
65			+PKGMGR=RPM
66
67			#
68			# Whitelist the hash (content) for the specified files. Only useful
69			@@ -298,6 +298,12 @@
70			#SCRIPTWHITELIST=/sbin/ifup
71			#SCRIPTWHITELIST=/sbin/ifdown
72			#SCRIPTWHITELIST=/usr/bin/groups
73			+SCRIPTWHITELIST=/usr/bin/whatis
74			+SCRIPTWHITELIST=/usr/bin/ldd
75			+SCRIPTWHITELIST=/usr/bin/groups
76			+SCRIPTWHITELIST=/usr/bin/GET
77			+SCRIPTWHITELIST=/sbin/ifup
78			+SCRIPTWHITELIST=/sbin/ifdown
79
80			#
81			# Allow the specified commands to have the immutable attribute set.
82			@@ -310,7 +316,7 @@
83			# One directory per line (use multiple ALLOWHIDDENDIR lines).
84			#
85			#ALLOWHIDDENDIR=/etc/.java
86			-#ALLOWHIDDENDIR=/dev/.udev
87			+ALLOWHIDDENDIR=/dev/.udev
88			#ALLOWHIDDENDIR=/dev/.udevdb
89			#ALLOWHIDDENDIR=/dev/.udev.tdb
90			#ALLOWHIDDENDIR=/dev/.static
91			@@ -322,7 +328,7 @@
92			# One file per line (use multiple ALLOWHIDDENFILE lines).
93			#
94			#ALLOWHIDDENFILE=/etc/.java
95			-#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
96			+ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
97			#ALLOWHIDDENFILE=/etc/.pwd.lock
98			#ALLOWHIDDENFILE=/etc/.init.state
99
100			@@ -340,14 +346,22 @@
101			#ALLOWPROCDELFILE=/usr/sbin/gpm
102			#ALLOWPROCDELFILE=/usr/libexec/gconfd-2
103			#ALLOWPROCDELFILE=/usr/sbin/mysqld
104			+ALLOWPROCDELFILE=(deleted)
105			+ALLOWPROCDELFILE=/usr/bin/freshclam
106			+ALLOWPROCDELFILE=/usr/bin/perl
107			+ALLOWPROCDELFILE=/usr/bin/python
108			+ALLOWPROCDELFILE=/usr/libexec/dovecot/imap
109			+ALLOWPROCDELFILE=/usr/sbin/asterisk
110			+ALLOWPROCDELFILE=/usr/sbin/httpd
111
112			#
113			# Allow the specified processes to listen on any network interface.
114			# One process per line (use multiple ALLOWPROCLISTEN lines).
115			#
116			-#ALLOWPROCLISTEN=/sbin/dhclient
117			+ALLOWPROCLISTEN=/sbin/dhclient
118	slords	1.2	+ALLOWPROCLISTEN=/usr/sbin/dhcpd
119	slords	1.1	#ALLOWPROCLISTEN=/usr/bin/dhcpcd
120			-#ALLOWPROCLISTEN=/usr/sbin/pppoe
121			+ALLOWPROCLISTEN=/usr/sbin/pppoe
122			#ALLOWPROCLISTEN=/usr/sbin/tcpdump
123			#ALLOWPROCLISTEN=/usr/sbin/snort-plain
124			#ALLOWPROCLISTEN=/usr/local/bin/wpa_supplicant
125			@@ -367,7 +381,7 @@
126			# ALLOWDEVFILE lines).
127			#
128			#ALLOWDEVFILE=/dev/abc
129			-#ALLOWDEVFILE=/dev/shm/pulse-shm-*
130			+ALLOWDEVFILE=/dev/shm/pulse-shm-*
131
132			#
133			# This setting tells rkhunter where the inetd configuration
134			@@ -460,7 +474,7 @@
135			# file. This setting will be worked out by rkhunter, and so should not
136			# usually need to be set.
137			#
138			-#SYSLOG_CONFIG_FILE=/etc/syslog.conf
139			+SYSLOG_CONFIG_FILE=/etc/syslog.conf
140
141			#
142			# This option permits the use of syslog remote logging.
143			@@ -549,7 +563,7 @@
144			# specified, then RKH will assume the O/S release information is on the
145			# first non-blank line of the file.
146			#
147			-#OS_VERSION_FILE="/etc/release"
148			+OS_VERSION_FILE="/etc/redhat-release"
149
150			#
151			# The following two options can be used to whitelist files and directories
152			@@ -578,3 +592,4 @@
153			#
154			#MODULES_DIR=""
155
156			+INSTALLDIR="/usr"