| 1 |
slords |
1.1 |
diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.conf |
| 2 |
|
|
--- rkhunter-1.3.8.orig/files/rkhunter.conf 2010-11-13 13:25:22.000000000 -0700 |
| 3 |
|
|
+++ rkhunter-1.3.8/files/rkhunter.conf 2010-12-07 18:49:08.194871526 -0700 |
| 4 |
|
|
@@ -76,7 +76,7 @@ |
| 5 |
|
|
# NOTE: This option should be present in the configuration file. |
| 6 |
|
|
# |
| 7 |
|
|
#MAIL-ON-WARNING=me@mydomain root@mydomain |
| 8 |
|
|
-MAIL-ON-WARNING="" |
| 9 |
|
|
+MAIL-ON-WARNING="root" |
| 10 |
|
|
|
| 11 |
|
|
# |
| 12 |
|
|
# Specify the mail command to use if MAIL-ON-WARNING is set. |
| 13 |
|
|
@@ -94,16 +94,19 @@ |
| 14 |
|
|
# sure that the directory permissions are tight. |
| 15 |
|
|
# |
| 16 |
|
|
#TMPDIR=/var/lib/rkhunter/tmp |
| 17 |
|
|
+TMPDIR=/var/lib/rkhunter |
| 18 |
|
|
|
| 19 |
|
|
# |
| 20 |
|
|
# Specify the database directory to use. |
| 21 |
|
|
# |
| 22 |
|
|
#DBDIR=/var/lib/rkhunter/db |
| 23 |
|
|
+DBDIR=/var/lib/rkhunter/db |
| 24 |
|
|
|
| 25 |
|
|
# |
| 26 |
|
|
# Specify the script directory to use. |
| 27 |
|
|
# |
| 28 |
|
|
#SCRIPTDIR=/usr/local/lib/rkhunter/scripts |
| 29 |
|
|
+SCRIPTDIR=/usr/share/rkhunter/scripts |
| 30 |
|
|
|
| 31 |
|
|
# |
| 32 |
|
|
# Specify the root directory to use. |
| 33 |
|
|
@@ -155,13 +158,13 @@ |
| 34 |
|
|
# |
| 35 |
|
|
# NOTE: This option should be present in the configuration file. |
| 36 |
|
|
# |
| 37 |
|
|
-LOGFILE=/var/log/rkhunter.log |
| 38 |
|
|
+LOGFILE=/var/log/rkhunter/rkhunter.log |
| 39 |
|
|
|
| 40 |
|
|
# |
| 41 |
|
|
# Set the following option to 1 if the log file is to be appended to |
| 42 |
|
|
# whenever rkhunter is run. |
| 43 |
|
|
# |
| 44 |
|
|
-APPEND_LOG=0 |
| 45 |
|
|
+APPEND_LOG=1 |
| 46 |
|
|
|
| 47 |
|
|
# |
| 48 |
|
|
# Set the following option to 1 if the log file is to be copied when |
| 49 |
|
|
@@ -183,7 +186,7 @@ |
| 50 |
|
|
# Setting the value to 'none', or just leaving the option commented out, |
| 51 |
|
|
# disables the use of syslog. |
| 52 |
|
|
# |
| 53 |
|
|
-#USE_SYSLOG=authpriv.notice |
| 54 |
|
|
+USE_SYSLOG=authpriv.notice |
| 55 |
|
|
|
| 56 |
|
|
# |
| 57 |
|
|
# Set the following option to 1 if the second colour set is to be used. |
| 58 |
|
|
@@ -213,7 +216,7 @@ |
| 59 |
|
|
# file, then a value here of 'unset' can be used to avoid warning messages. |
| 60 |
|
|
# This option has a default value of 'no'. |
| 61 |
|
|
# |
| 62 |
|
|
-ALLOW_SSH_ROOT_USER=no |
| 63 |
|
|
+ALLOW_SSH_ROOT_USER=unset |
| 64 |
|
|
|
| 65 |
|
|
# |
| 66 |
|
|
# Set this option to '1' to allow the use of the SSH-1 protocol, but note |
| 67 |
|
|
@@ -224,7 +227,7 @@ |
| 68 |
|
|
# configuration file, then a value of '2' may be set here in order to |
| 69 |
|
|
# suppress a warning message. This option has a default value of '0'. |
| 70 |
|
|
# |
| 71 |
|
|
-ALLOW_SSH_PROT_V1=0 |
| 72 |
|
|
+ALLOW_SSH_PROT_V1=0 |
| 73 |
|
|
|
| 74 |
|
|
# |
| 75 |
|
|
# This setting tells rkhunter the directory containing the SSH configuration |
| 76 |
|
|
@@ -255,7 +258,7 @@ |
| 77 |
|
|
# tests, the test names, and how rkhunter behaves when these options are used. |
| 78 |
|
|
# |
| 79 |
|
|
ENABLE_TESTS="all" |
| 80 |
|
|
-DISABLE_TESTS="suspscan hidden_ports hidden_procs deleted_files packet_cap_apps" |
| 81 |
|
|
+DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps" |
| 82 |
|
|
|
| 83 |
|
|
# |
| 84 |
|
|
# The HASH_FUNC option can be used to specify the command to use |
| 85 |
|
|
@@ -324,6 +327,7 @@ |
| 86 |
|
|
# Whenever this option is changed 'rkhunter --propupd' must be run. |
| 87 |
|
|
# |
| 88 |
|
|
#PKGMGR=NONE |
| 89 |
|
|
+PKGMGR=RPM |
| 90 |
|
|
|
| 91 |
|
|
# |
| 92 |
|
|
# It is possible that a file which is part of a package may be modified |
| 93 |
|
|
@@ -466,6 +470,12 @@ |
| 94 |
|
|
# |
| 95 |
|
|
#SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown" |
| 96 |
|
|
#SCRIPTWHITELIST="/usr/bin/groups" |
| 97 |
|
|
+SCRIPTWHITELIST=/usr/bin/whatis |
| 98 |
|
|
+SCRIPTWHITELIST=/usr/bin/ldd |
| 99 |
|
|
+SCRIPTWHITELIST=/usr/bin/groups |
| 100 |
|
|
+SCRIPTWHITELIST=/usr/bin/GET |
| 101 |
|
|
+SCRIPTWHITELIST=/sbin/ifup |
| 102 |
|
|
+SCRIPTWHITELIST=/sbin/ifdown |
| 103 |
|
|
|
| 104 |
|
|
# |
| 105 |
|
|
# Allow the specified commands to have the immutable attribute set. |
| 106 |
|
|
@@ -495,6 +505,14 @@ |
| 107 |
|
|
#ALLOWHIDDENDIR="/dev/.initramfs" |
| 108 |
|
|
#ALLOWHIDDENDIR="/dev/.SRC-unix" |
| 109 |
|
|
#ALLOWHIDDENDIR="/dev/.mdadm" |
| 110 |
|
|
+ALLOWHIDDENDIR=/dev/.udev |
| 111 |
|
|
+ALLOWHIDDENDIR=/dev/.udevdb |
| 112 |
|
|
+ALLOWHIDDENDIR=/dev/.udev.tdb |
| 113 |
|
|
+ALLOWHIDDENDIR=/dev/.static |
| 114 |
|
|
+ALLOWHIDDENDIR=/dev/.initramfs |
| 115 |
|
|
+ALLOWHIDDENDIR=/dev/.SRC-unix |
| 116 |
|
|
+ALLOWHIDDENDIR=/dev/.mdadm |
| 117 |
|
|
+ALLOWHIDDENDIR=/dev/.systemd |
| 118 |
|
|
|
| 119 |
|
|
# |
| 120 |
|
|
# Allow the specified hidden files to be whitelisted. |
| 121 |
|
|
@@ -519,6 +537,25 @@ |
| 122 |
|
|
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac" |
| 123 |
|
|
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac" |
| 124 |
|
|
#ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac" |
| 125 |
|
|
+ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz |
| 126 |
|
|
+ALLOWHIDDENFILE=/lib*/.libcrypto.so.*.hmac |
| 127 |
|
|
+ALLOWHIDDENFILE=/lib*/.libssl.so.*.hmac |
| 128 |
|
|
+ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac |
| 129 |
|
|
+ALLOWHIDDENFILE=/usr/bin/.ssh.hmac |
| 130 |
|
|
+ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac |
| 131 |
|
|
+ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac |
| 132 |
|
|
+ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac |
| 133 |
|
|
+ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac |
| 134 |
|
|
+ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.*.hmac |
| 135 |
|
|
+ALLOWHIDDENFILE=/usr/lib*/.libgcrypt.so.*.hmac |
| 136 |
|
|
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha1hmac.hmac |
| 137 |
|
|
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha256hmac.hmac |
| 138 |
|
|
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha384hmac.hmac |
| 139 |
|
|
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha512hmac.hmac |
| 140 |
|
|
+ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac |
| 141 |
|
|
+ALLOWHIDDENFILE=/dev/.mdadm.map |
| 142 |
|
|
+ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz |
| 143 |
|
|
+ALLOWHIDDENFILE=/usr/sbin/.ipsec.hmac |
| 144 |
|
|
|
| 145 |
|
|
# |
| 146 |
|
|
# Allow the specified processes to use deleted files. The |
| 147 |
|
|
@@ -583,6 +620,8 @@ |
| 148 |
|
|
# |
| 149 |
|
|
#ALLOWDEVFILE="/dev/shm/pulse-shm-*" |
| 150 |
|
|
#ALLOWDEVFILE="/dev/shm/sem.ADBE_*" |
| 151 |
|
|
+ALLOWDEVFILE=/dev/shm/pulse-shm-* |
| 152 |
|
|
+ALLOWDEVFILE=/dev/md/md-device-map |
| 153 |
|
|
|
| 154 |
|
|
# |
| 155 |
|
|
# This setting tells rkhunter where the inetd configuration |
| 156 |
|
|
@@ -721,6 +760,7 @@ |
| 157 |
|
|
# The option may be specified more than once. |
| 158 |
|
|
# |
| 159 |
|
|
#SUSPSCAN_DIRS="/tmp /var/tmp" |
| 160 |
|
|
+SUSPSCAN_DIRS="/tmp /var/tmp" |
| 161 |
|
|
|
| 162 |
|
|
# |
| 163 |
|
|
# Directory for temporary files. A memory-based one is better (faster). |
| 164 |
|
|
@@ -976,3 +1016,5 @@ |
| 165 |
|
|
# both programs, then disable the 'hidden_procs' test. |
| 166 |
|
|
# |
| 167 |
|
|
#DISABLE_UNHIDE=0 |
| 168 |
|
|
+ |
| 169 |
|
|
+INSTALLDIR="/usr" |
Parent Directory
| 
Revision Log
| 
Revision Graph
