/[smeserver]/rpms/rkhunter/sme8/rkhunter-1.3.8-smeconfig.patch
ViewVC logotype

Contents of /rpms/rkhunter/sme8/rkhunter-1.3.8-smeconfig.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Apr 27 15:40:20 2011 UTC (13 years, 6 months ago) by slords
Branch: MAIN
CVS Tags: rkhunter-1_3_8-3_el5_sme, HEAD
* Wed Apr 27 2011 Shad L. Lords <slords@mail.com> 1.3.8-3.sme
- Set parameters for sme specific tests

1 diff -up rkhunter-1.3.8/files/rkhunter.conf.smeconfig rkhunter-1.3.8/files/rkhunter.conf
2 --- rkhunter-1.3.8/files/rkhunter.conf.smeconfig 2010-11-13 13:25:22.000000000 -0700
3 +++ rkhunter-1.3.8/files/rkhunter.conf 2011-04-27 09:38:25.522680955 -0600
4 @@ -76,7 +76,7 @@ MIRRORS_MODE=0
5 # NOTE: This option should be present in the configuration file.
6 #
7 #MAIL-ON-WARNING=me@mydomain root@mydomain
8 -MAIL-ON-WARNING=""
9 +MAIL-ON-WARNING="root"
10
11 #
12 # Specify the mail command to use if MAIL-ON-WARNING is set.
13 @@ -94,16 +94,19 @@ MAIL_CMD=mail -s "[rkhunter] Warnings fo
14 # sure that the directory permissions are tight.
15 #
16 #TMPDIR=/var/lib/rkhunter/tmp
17 +TMPDIR=/var/lib/rkhunter
18
19 #
20 # Specify the database directory to use.
21 #
22 #DBDIR=/var/lib/rkhunter/db
23 +DBDIR=/var/lib/rkhunter/db
24
25 #
26 # Specify the script directory to use.
27 #
28 #SCRIPTDIR=/usr/local/lib/rkhunter/scripts
29 +SCRIPTDIR=/usr/share/rkhunter/scripts
30
31 #
32 # Specify the root directory to use.
33 @@ -155,13 +158,13 @@ UPDATE_LANG=""
34 #
35 # NOTE: This option should be present in the configuration file.
36 #
37 -LOGFILE=/var/log/rkhunter.log
38 +LOGFILE=/var/log/rkhunter/rkhunter.log
39
40 #
41 # Set the following option to 1 if the log file is to be appended to
42 # whenever rkhunter is run.
43 #
44 -APPEND_LOG=0
45 +APPEND_LOG=1
46
47 #
48 # Set the following option to 1 if the log file is to be copied when
49 @@ -213,7 +216,7 @@ WHITELISTED_IS_WHITE=0
50 # file, then a value here of 'unset' can be used to avoid warning messages.
51 # This option has a default value of 'no'.
52 #
53 -ALLOW_SSH_ROOT_USER=no
54 +ALLOW_SSH_ROOT_USER=unset
55
56 #
57 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
58 @@ -255,7 +258,7 @@ ALLOW_SSH_PROT_V1=0
59 # tests, the test names, and how rkhunter behaves when these options are used.
60 #
61 ENABLE_TESTS="all"
62 -DISABLE_TESTS="suspscan hidden_ports hidden_procs deleted_files packet_cap_apps"
63 +DISABLE_TESTS="apps suspscan system_commands"
64
65 #
66 # The HASH_FUNC option can be used to specify the command to use
67 @@ -324,6 +327,7 @@ DISABLE_TESTS="suspscan hidden_ports hid
68 # Whenever this option is changed 'rkhunter --propupd' must be run.
69 #
70 #PKGMGR=NONE
71 +PKGMGR=RPM
72
73 #
74 # It is possible that a file which is part of a package may be modified
75 @@ -466,6 +470,12 @@ DISABLE_TESTS="suspscan hidden_ports hid
76 #
77 #SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown"
78 #SCRIPTWHITELIST="/usr/bin/groups"
79 +SCRIPTWHITELIST=/usr/bin/whatis
80 +SCRIPTWHITELIST=/usr/bin/ldd
81 +SCRIPTWHITELIST=/usr/bin/groups
82 +SCRIPTWHITELIST=/usr/bin/GET
83 +SCRIPTWHITELIST=/sbin/ifup
84 +SCRIPTWHITELIST=/sbin/ifdown
85
86 #
87 # Allow the specified commands to have the immutable attribute set.
88 @@ -495,6 +505,14 @@ IMMUTABLE_SET=0
89 #ALLOWHIDDENDIR="/dev/.initramfs"
90 #ALLOWHIDDENDIR="/dev/.SRC-unix"
91 #ALLOWHIDDENDIR="/dev/.mdadm"
92 +ALLOWHIDDENDIR=/dev/.udev
93 +ALLOWHIDDENDIR=/dev/.udevdb
94 +ALLOWHIDDENDIR=/dev/.udev.tdb
95 +ALLOWHIDDENDIR=/dev/.static
96 +ALLOWHIDDENDIR=/dev/.initramfs
97 +ALLOWHIDDENDIR=/dev/.SRC-unix
98 +ALLOWHIDDENDIR=/dev/.mdadm
99 +ALLOWHIDDENDIR=/dev/.systemd
100
101 #
102 # Allow the specified hidden files to be whitelisted.
103 @@ -519,6 +537,25 @@ IMMUTABLE_SET=0
104 #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac"
105 #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac"
106 #ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
107 +ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
108 +ALLOWHIDDENFILE=/lib*/.libcrypto.so.*.hmac
109 +ALLOWHIDDENFILE=/lib*/.libssl.so.*.hmac
110 +ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
111 +ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
112 +ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac
113 +ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac
114 +ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac
115 +ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac
116 +ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.*.hmac
117 +ALLOWHIDDENFILE=/usr/lib*/.libgcrypt.so.*.hmac
118 +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha1hmac.hmac
119 +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha256hmac.hmac
120 +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha384hmac.hmac
121 +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha512hmac.hmac
122 +ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
123 +ALLOWHIDDENFILE=/dev/.mdadm.map
124 +ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
125 +ALLOWHIDDENFILE=/usr/sbin/.ipsec.hmac
126
127 #
128 # Allow the specified processes to use deleted files. The
129 @@ -534,6 +571,13 @@ IMMUTABLE_SET=0
130 #ALLOWPROCDELFILE="/sbin/cardmgr /usr/sbin/gpm:/etc/X11/abc"
131 #ALLOWPROCDELFILE="/usr/libexec/gconfd-2"
132 #ALLOWPROCDELFILE="/usr/sbin/mysqld"
133 +ALLOWPROCDELFILE=(deleted)
134 +ALLOWPROCDELFILE=/usr/bin/freshclam
135 +ALLOWPROCDELFILE=/usr/bin/perl
136 +ALLOWPROCDELFILE=/usr/bin/python
137 +ALLOWPROCDELFILE=/usr/libexec/dovecot/imap
138 +ALLOWPROCDELFILE=/usr/sbin/asterisk
139 +ALLOWPROCDELFILE=/usr/sbin/httpd
140
141 #
142 # Allow the specified processes to listen on any network interface.
143 @@ -541,8 +585,11 @@ IMMUTABLE_SET=0
144 # This is a space-separated list of process names. The option
145 # may be specified more than once.
146 #
147 -#ALLOWPROCLISTEN="/sbin/dhclient /usr/bin/dhcpcd"
148 -#ALLOWPROCLISTEN="/usr/sbin/pppoe /usr/sbin/tcpdump"
149 +ALLOWPROCLISTEN="/sbin/dhclient"
150 +ALLOWPROCLISTEN="/usr/sbin/dhcpd"
151 +#ALLOWPROCLISTEN="/usr/bin/dhcpcd"
152 +ALLOWPROCLISTEN="/usr/sbin/pppoe"
153 +#ALLOWPROCLISTEN="/usr/sbin/tcpdump"
154 #ALLOWPROCLISTEN="/usr/sbin/snort-plain"
155 #ALLOWPROCLISTEN="/usr/local/bin/wpa_supplicant"
156
157 @@ -583,6 +630,8 @@ PHALANX2_DIRTEST=0
158 #
159 #ALLOWDEVFILE="/dev/shm/pulse-shm-*"
160 #ALLOWDEVFILE="/dev/shm/sem.ADBE_*"
161 +ALLOWDEVFILE=/dev/shm/pulse-shm-*
162 +ALLOWDEVFILE=/dev/md/md-device-map
163
164 #
165 # This setting tells rkhunter where the inetd configuration
166 @@ -686,7 +735,7 @@ PHALANX2_DIRTEST=0
167 # This is a space-separated list of pathnames. The option may
168 # be specified more than once.
169 #
170 -#SYSLOG_CONFIG_FILE=/etc/syslog.conf
171 +SYSLOG_CONFIG_FILE=/etc/syslog.conf
172
173 #
174 # This option permits the use of syslog remote logging.
175 @@ -721,6 +770,7 @@ ALLOW_SYSLOG_REMOTE_LOGGING=0
176 # The option may be specified more than once.
177 #
178 #SUSPSCAN_DIRS="/tmp /var/tmp"
179 +SUSPSCAN_DIRS="/tmp /var/tmp"
180
181 #
182 # Directory for temporary files. A memory-based one is better (faster).
183 @@ -783,7 +833,7 @@ SUSPSCAN_THRESH=200
184 # specified, then RKH will assume the O/S release information is on the
185 # first non-blank line of the file.
186 #
187 -#OS_VERSION_FILE="/etc/release"
188 +OS_VERSION_FILE="/etc/redhat-release"
189
190 #
191 # The following two options can be used to whitelist files and directories
192 @@ -976,3 +1026,5 @@ SHOW_LOCK_MSGS=1
193 # both programs, then disable the 'hidden_procs' test.
194 #
195 #DISABLE_UNHIDE=0
196 +
197 +INSTALLDIR="/usr"

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed