/[smeserver]/rpms/rkhunter/sme8/rkhunter-1.3.8-fedoraconfig.patch
ViewVC logotype

Contents of /rpms/rkhunter/sme8/rkhunter-1.3.8-fedoraconfig.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.2 - (show annotations) (download)
Wed Apr 27 15:40:20 2011 UTC (13 years, 7 months ago) by slords
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED 
* Wed Apr 27 2011 Shad L. Lords <slords@mail.com> 1.3.8-3.sme
- Set parameters for sme specific tests
1 diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.conf
2 --- rkhunter-1.3.8.orig/files/rkhunter.conf 2010-11-13 13:25:22.000000000 -0700
3 +++ rkhunter-1.3.8/files/rkhunter.conf 2010-12-07 18:49:08.194871526 -0700
4 @@ -76,7 +76,7 @@
5 # NOTE: This option should be present in the configuration file.
6 #
7 #MAIL-ON-WARNING=me@mydomain root@mydomain
8 -MAIL-ON-WARNING=""
9 +MAIL-ON-WARNING="root"
10
11 #
12 # Specify the mail command to use if MAIL-ON-WARNING is set.
13 @@ -94,16 +94,19 @@
14 # sure that the directory permissions are tight.
15 #
16 #TMPDIR=/var/lib/rkhunter/tmp
17 +TMPDIR=/var/lib/rkhunter
18
19 #
20 # Specify the database directory to use.
21 #
22 #DBDIR=/var/lib/rkhunter/db
23 +DBDIR=/var/lib/rkhunter/db
24
25 #
26 # Specify the script directory to use.
27 #
28 #SCRIPTDIR=/usr/local/lib/rkhunter/scripts
29 +SCRIPTDIR=/usr/share/rkhunter/scripts
30
31 #
32 # Specify the root directory to use.
33 @@ -155,13 +158,13 @@
34 #
35 # NOTE: This option should be present in the configuration file.
36 #
37 -LOGFILE=/var/log/rkhunter.log
38 +LOGFILE=/var/log/rkhunter/rkhunter.log
39
40 #
41 # Set the following option to 1 if the log file is to be appended to
42 # whenever rkhunter is run.
43 #
44 -APPEND_LOG=0
45 +APPEND_LOG=1
46
47 #
48 # Set the following option to 1 if the log file is to be copied when
49 @@ -183,7 +186,7 @@
50 # Setting the value to 'none', or just leaving the option commented out,
51 # disables the use of syslog.
52 #
53 -#USE_SYSLOG=authpriv.notice
54 +USE_SYSLOG=authpriv.notice
55
56 #
57 # Set the following option to 1 if the second colour set is to be used.
58 @@ -213,7 +216,7 @@
59 # file, then a value here of 'unset' can be used to avoid warning messages.
60 # This option has a default value of 'no'.
61 #
62 -ALLOW_SSH_ROOT_USER=no
63 +ALLOW_SSH_ROOT_USER=unset
64
65 #
66 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
67 @@ -224,7 +227,7 @@
68 # configuration file, then a value of '2' may be set here in order to
69 # suppress a warning message. This option has a default value of '0'.
70 #
71 -ALLOW_SSH_PROT_V1=0
72 +ALLOW_SSH_PROT_V1=0
73
74 #
75 # This setting tells rkhunter the directory containing the SSH configuration
76 @@ -255,7 +258,7 @@
77 # tests, the test names, and how rkhunter behaves when these options are used.
78 #
79 ENABLE_TESTS="all"
80 -DISABLE_TESTS="suspscan hidden_ports hidden_procs deleted_files packet_cap_apps"
81 +DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps"
82
83 #
84 # The HASH_FUNC option can be used to specify the command to use
85 @@ -324,6 +327,7 @@
86 # Whenever this option is changed 'rkhunter --propupd' must be run.
87 #
88 #PKGMGR=NONE
89 +PKGMGR=RPM
90
91 #
92 # It is possible that a file which is part of a package may be modified
93 @@ -466,6 +470,12 @@
94 #
95 #SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown"
96 #SCRIPTWHITELIST="/usr/bin/groups"
97 +SCRIPTWHITELIST=/usr/bin/whatis
98 +SCRIPTWHITELIST=/usr/bin/ldd
99 +SCRIPTWHITELIST=/usr/bin/groups
100 +SCRIPTWHITELIST=/usr/bin/GET
101 +SCRIPTWHITELIST=/sbin/ifup
102 +SCRIPTWHITELIST=/sbin/ifdown
103
104 #
105 # Allow the specified commands to have the immutable attribute set.
106 @@ -495,6 +505,14 @@
107 #ALLOWHIDDENDIR="/dev/.initramfs"
108 #ALLOWHIDDENDIR="/dev/.SRC-unix"
109 #ALLOWHIDDENDIR="/dev/.mdadm"
110 +ALLOWHIDDENDIR=/dev/.udev
111 +ALLOWHIDDENDIR=/dev/.udevdb
112 +ALLOWHIDDENDIR=/dev/.udev.tdb
113 +ALLOWHIDDENDIR=/dev/.static
114 +ALLOWHIDDENDIR=/dev/.initramfs
115 +ALLOWHIDDENDIR=/dev/.SRC-unix
116 +ALLOWHIDDENDIR=/dev/.mdadm
117 +ALLOWHIDDENDIR=/dev/.systemd
118
119 #
120 # Allow the specified hidden files to be whitelisted.
121 @@ -519,6 +537,25 @@
122 #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac"
123 #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac"
124 #ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
125 +ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
126 +ALLOWHIDDENFILE=/lib*/.libcrypto.so.*.hmac
127 +ALLOWHIDDENFILE=/lib*/.libssl.so.*.hmac
128 +ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
129 +ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
130 +ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac
131 +ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac
132 +ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac
133 +ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac
134 +ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.*.hmac
135 +ALLOWHIDDENFILE=/usr/lib*/.libgcrypt.so.*.hmac
136 +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha1hmac.hmac
137 +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha256hmac.hmac
138 +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha384hmac.hmac
139 +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha512hmac.hmac
140 +ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
141 +ALLOWHIDDENFILE=/dev/.mdadm.map
142 +ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
143 +ALLOWHIDDENFILE=/usr/sbin/.ipsec.hmac
144
145 #
146 # Allow the specified processes to use deleted files. The
147 @@ -583,6 +620,8 @@
148 #
149 #ALLOWDEVFILE="/dev/shm/pulse-shm-*"
150 #ALLOWDEVFILE="/dev/shm/sem.ADBE_*"
151 +ALLOWDEVFILE=/dev/shm/pulse-shm-*
152 +ALLOWDEVFILE=/dev/md/md-device-map
153
154 #
155 # This setting tells rkhunter where the inetd configuration
156 @@ -721,6 +760,7 @@
157 # The option may be specified more than once.
158 #
159 #SUSPSCAN_DIRS="/tmp /var/tmp"
160 +SUSPSCAN_DIRS="/tmp /var/tmp"
161
162 #
163 # Directory for temporary files. A memory-based one is better (faster).
164 @@ -976,3 +1016,5 @@
165 # both programs, then disable the 'hidden_procs' test.
166 #
167 #DISABLE_UNHIDE=0
168 +
169 +INSTALLDIR="/usr"
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed