|
|
| @@ -0,0 +1,113 @@
+--- rkhunter-1.3.6.orig/files/rkhunter.conf 2009-11-28 23:13:19.000000000 +0100
++++ rkhunter-1.3.6/files/rkhunter.conf 2010-04-22 10:29:12.878085047 +0200
+@@ -71,7 +71,7 @@
+ # NOTE: This option should be present in the configuration file.
+ #
+ #MAIL-ON-WARNING=me@mydomain root@mydomain
+-MAIL-ON-WARNING=""
++MAIL-ON-WARNING=sudreport@internetx.de
+
+ #
+ # Specify the mail command to use if MAIL-ON-WARNING is set.
+@@ -196,7 +196,7 @@
+ # file, then a value here of 'yes' or 'unset' will not cause a warning.
+ # This option has a default value of 'no'.
+ #
+-ALLOW_SSH_ROOT_USER=no
++ALLOW_SSH_ROOT_USER=yes
+
+ #
+ # Set this option to '1' to allow the use of the SSH-1 protocol, but note
+@@ -299,7 +299,7 @@
+ #
+ # Whenever this option is changed 'rkhunter --propupd' must be run.
+ #
+-#PKGMGR=NONE
++PKGMGR=RPM
+
+ #
+ # It is possible that a file which is part of a package may be modified
+@@ -392,10 +392,12 @@
+ # Allow the specified commands to be scripts.
+ # One command per line (use multiple SCRIPTWHITELIST lines).
+ #
+-#SCRIPTWHITELIST=/sbin/ifup
+-#SCRIPTWHITELIST=/sbin/ifdown
+-#SCRIPTWHITELIST=/usr/bin/groups
+-
++SCRIPTWHITELIST=/sbin/ifup
++SCRIPTWHITELIST=/sbin/ifdown
++SCRIPTWHITELIST=/usr/bin/groups
++SCRIPTWHITELIST=/usr/bin/whatis
++SCRIPTWHITELIST=/usr/bin/ldd
++SCRIPTWHITELIST=/usr/bin/GET
+ #
+ # Allow the specified commands to have the immutable attribute set.
+ # One command per line (use multiple IMMUTWHITELIST lines).
+@@ -406,11 +408,11 @@
+ # Allow the specified hidden directories.
+ # One directory per line (use multiple ALLOWHIDDENDIR lines).
+ #
+-#ALLOWHIDDENDIR=/etc/.java
+-#ALLOWHIDDENDIR=/dev/.udev
++ALLOWHIDDENDIR=/etc/.java
++ALLOWHIDDENDIR=/dev/.udev
+ #ALLOWHIDDENDIR=/dev/.udevdb
+ #ALLOWHIDDENDIR=/dev/.udev.tdb
+-#ALLOWHIDDENDIR=/dev/.static
++ALLOWHIDDENDIR=/dev/.static
+ #ALLOWHIDDENDIR=/dev/.initramfs
+ #ALLOWHIDDENDIR=/dev/.SRC-unix
+ #ALLOWHIDDENDIR=/dev/.mdadm
+@@ -420,15 +422,15 @@
+ # One file per line (use multiple ALLOWHIDDENFILE lines).
+ #
+ #ALLOWHIDDENFILE=/etc/.java
+-#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
+-#ALLOWHIDDENFILE=/etc/.pwd.lock
++ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
++ALLOWHIDDENFILE=/etc/.pwd.lock
+ #ALLOWHIDDENFILE=/etc/.init.state
+ #ALLOWHIDDENFILE=/lib/.libcrypto.so.0.9.8e.hmac
+ #ALLOWHIDDENFILE=/lib/.libcrypto.so.6.hmac
+ #ALLOWHIDDENFILE=/lib/.libssl.so.0.9.8e.hmac
+ #ALLOWHIDDENFILE=/lib/.libssl.so.6.hmac
+-#ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
+-#ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
++ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
+ #ALLOWHIDDENFILE=/usr/lib/.libfipscheck.so.1.1.0.hmac
+ #ALLOWHIDDENFILE=/usr/lib/.libfipscheck.so.1.hmac
+ #ALLOWHIDDENFILE=/usr/lib/.libgcrypt.so.11.hmac
+@@ -436,7 +438,7 @@
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha384hmac.hmac
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha512hmac.hmac
+-#ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
++ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
+
+ #
+ # Allow the specified processes to use deleted files.
+@@ -546,7 +548,12 @@
+ # Only one service (file) per line (use multiple XINETD_ALLOWED_SVC lines).
+ #
+ #XINETD_ALLOWED_SVC=/etc/xinetd.d/echo
+-
++XINETD_ALLOWED_SVC=/etc/xinetd.d/ftp_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/smtp_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/smtps_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/poppassd_psa
++XIENTD_ALLOWED_SVC=/etc/xinetd.d/submission_psa
++XIENTD_ALLOWED_SVC=/etc/xinetd.d/nrpe
+ #
+ # This option tells rkhunter the local system startup file pathnames.
+ # It is a space-separated list of files and directories. The directories
+@@ -605,7 +612,7 @@
+ #
+ # Note above that for the Apache web server, the name 'httpd' is used.
+ #
+-#APP_WHITELIST=""
++APP_WHITELIST="httpd:2.2.3 named:9.3.6-P1 openssl:0.9.8e php:5.1.6 sshd:4.3p2"
+
+ #
+ # Scan for suspicious files in directories containing temporary files and
|
