|
|
| @@ -0,0 +1,119 @@
+--- rkhunter-1.3.8/files/rkhunter.conf.orig 2010-11-13 21:25:22.000000000 +0100
++++ rkhunter-1.3.8/files/rkhunter.conf 2010-12-26 16:56:46.468993681 +0100
+@@ -76,7 +76,7 @@
+ # NOTE: This option should be present in the configuration file.
+ #
+ #MAIL-ON-WARNING=me@mydomain root@mydomain
+-MAIL-ON-WARNING=""
++MAIL-ON-WARNING=sudreport@internetx.de
+
+ #
+ # Specify the mail command to use if MAIL-ON-WARNING is set.
+@@ -213,7 +213,7 @@
+ # file, then a value here of 'unset' can be used to avoid warning messages.
+ # This option has a default value of 'no'.
+ #
+-ALLOW_SSH_ROOT_USER=no
++ALLOW_SSH_ROOT_USER=yes
+
+ #
+ # Set this option to '1' to allow the use of the SSH-1 protocol, but note
+@@ -224,7 +224,7 @@
+ # configuration file, then a value of '2' may be set here in order to
+ # suppress a warning message. This option has a default value of '0'.
+ #
+-ALLOW_SSH_PROT_V1=0
++ALLOW_SSH_PROT_V1=1
+
+ #
+ # This setting tells rkhunter the directory containing the SSH configuration
+@@ -323,7 +323,7 @@
+ #
+ # Whenever this option is changed 'rkhunter --propupd' must be run.
+ #
+-#PKGMGR=NONE
++PKGMGR=RPM
+
+ #
+ # It is possible that a file which is part of a package may be modified
+@@ -464,9 +464,14 @@
+ # be specified more than once. The option may use wildcard
+ # characters.
+ #
+-#SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown"
+-#SCRIPTWHITELIST="/usr/bin/groups"
+-
++SCRIPTWHITELIST=/sbin/ifup
++SCRIPTWHITELIST=/sbin/ifdown
++SCRIPTWHITELIST=/usr/bin/groups
++SCRIPTWHITELIST=/usr/bin/whatis
++SCRIPTWHITELIST=/usr/bin/ldd
++SCRIPTWHITELIST=/usr/bin/GET
++SCRIPTWHITELIST=/sbin/depmod.ksplice
++SCRIPTWHITELIST=/sbin/modprobe.ksplice
+ #
+ # Allow the specified commands to have the immutable attribute set.
+ #
+@@ -489,9 +494,9 @@
+ # The option may be specified more than once. The option
+ # may use wildcard characters.
+ #
+-#ALLOWHIDDENDIR="/etc/.java"
+-#ALLOWHIDDENDIR="/dev/.udev /dev/.udevdb /dev/.udev.tdb"
+-#ALLOWHIDDENDIR="/dev/.static"
++ALLOWHIDDENDIR="/etc/.java"
++ALLOWHIDDENDIR="/dev/.udev /dev/.udevdb /dev/.udev.tdb"
++ALLOWHIDDENDIR="/dev/.static"
+ #ALLOWHIDDENDIR="/dev/.initramfs"
+ #ALLOWHIDDENDIR="/dev/.SRC-unix"
+ #ALLOWHIDDENDIR="/dev/.mdadm"
+@@ -504,13 +509,13 @@
+ # characters.
+ #
+ #ALLOWHIDDENFILE="/etc/.java"
+-#ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz"
+-#ALLOWHIDDENFILE="/etc/.pwd.lock"
++ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz"
++ALLOWHIDDENFILE="/etc/.pwd.lock"
+ #ALLOWHIDDENFILE="/etc/.init.state"
+ #ALLOWHIDDENFILE="/lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac"
+ #ALLOWHIDDENFILE="/lib/.libssl.so.0.9.8e.hmac /lib/.libssl.so.6.hmac"
+-#ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac"
+-#ALLOWHIDDENFILE="/usr/bin/.ssh.hmac"
++ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac"
++ALLOWHIDDENFILE="/usr/bin/.ssh.hmac"
+ #ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.1.0.hmac"
+ #ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.hmac"
+ #ALLOWHIDDENFILE="/usr/lib/.libgcrypt.so.11.hmac"
+@@ -518,7 +523,7 @@
+ #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha256hmac.hmac"
+ #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac"
+ #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac"
+-#ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
++ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
+
+ #
+ # Allow the specified processes to use deleted files. The
+@@ -633,7 +638,12 @@
+ # be specified more than once.
+ #
+ #XINETD_ALLOWED_SVC=/etc/xinetd.d/echo
+-
++XINETD_ALLOWED_SVC=/etc/xinetd.d/ftp_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/smtp_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/smtps_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/poppassd_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/submission_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/nrpe
+ #
+ # This option tells rkhunter the local system startup file pathnames.
+ # The directories will be searched for files. By default rkhunter
+@@ -704,7 +714,7 @@
+ #
+ # Note above that for the Apache web server, the name 'httpd' is used.
+ #
+-#APP_WHITELIST=""
++APP_WHITELIST="httpd:2.2.3 named proftpd openssl:0.9.8e php:5.1.6 sshd:4.3p2"
+
+ #
+ # Scan for suspicious files in directories containing temporary files and
|
