Search
j0ke.net Open Build Service
>
Projects
>
internetx
>
rkhunter
> rkhunter-config-1.3.8.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File rkhunter-config-1.3.8.patch of Package rkhunter (Revision 9)
Currently displaying revision
9
,
show latest
--- rkhunter-1.3.8/files/rkhunter.conf.orig 2010-11-13 21:25:22.000000000 +0100 +++ rkhunter-1.3.8/files/rkhunter.conf 2010-12-26 16:40:18.236713197 +0100 @@ -76,7 +76,7 @@ # NOTE: This option should be present in the configuration file. # #MAIL-ON-WARNING=me@mydomain root@mydomain -MAIL-ON-WARNING="" +MAIL-ON-WARNING=root # # Specify the mail command to use if MAIL-ON-WARNING is set. @@ -213,7 +213,7 @@ # file, then a value here of 'unset' can be used to avoid warning messages. # This option has a default value of 'no'. # -ALLOW_SSH_ROOT_USER=no +ALLOW_SSH_ROOT_USER=yes # # Set this option to '1' to allow the use of the SSH-1 protocol, but note @@ -224,7 +224,7 @@ # configuration file, then a value of '2' may be set here in order to # suppress a warning message. This option has a default value of '0'. # -ALLOW_SSH_PROT_V1=0 +ALLOW_SSH_PROT_V1=1 # # This setting tells rkhunter the directory containing the SSH configuration @@ -323,7 +323,7 @@ # # Whenever this option is changed 'rkhunter --propupd' must be run. # -#PKGMGR=NONE +PKGMGR=RPM # # It is possible that a file which is part of a package may be modified @@ -464,9 +464,12 @@ # be specified more than once. The option may use wildcard # characters. # -#SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown" -#SCRIPTWHITELIST="/usr/bin/groups" - +SCRIPTWHITELIST=/sbin/ifup +SCRIPTWHITELIST=/sbin/ifdown +SCRIPTWHITELIST=/usr/bin/groups +SCRIPTWHITELIST=/usr/bin/whatis +SCRIPTWHITELIST=/usr/bin/ldd +SCRIPTWHITELIST=/usr/bin/GET # # Allow the specified commands to have the immutable attribute set. # @@ -489,9 +492,9 @@ # The option may be specified more than once. The option # may use wildcard characters. # -#ALLOWHIDDENDIR="/etc/.java" -#ALLOWHIDDENDIR="/dev/.udev /dev/.udevdb /dev/.udev.tdb" -#ALLOWHIDDENDIR="/dev/.static" +ALLOWHIDDENDIR="/etc/.java" +ALLOWHIDDENDIR="/dev/.udev /dev/.udevdb /dev/.udev.tdb" +ALLOWHIDDENDIR="/dev/.static" #ALLOWHIDDENDIR="/dev/.initramfs" #ALLOWHIDDENDIR="/dev/.SRC-unix" #ALLOWHIDDENDIR="/dev/.mdadm" @@ -504,13 +507,13 @@ # characters. # #ALLOWHIDDENFILE="/etc/.java" -#ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz" -#ALLOWHIDDENFILE="/etc/.pwd.lock" +ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz" +ALLOWHIDDENFILE="/etc/.pwd.lock" #ALLOWHIDDENFILE="/etc/.init.state" #ALLOWHIDDENFILE="/lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac" #ALLOWHIDDENFILE="/lib/.libssl.so.0.9.8e.hmac /lib/.libssl.so.6.hmac" -#ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac" -#ALLOWHIDDENFILE="/usr/bin/.ssh.hmac" +ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac" +ALLOWHIDDENFILE="/usr/bin/.ssh.hmac" #ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.1.0.hmac" #ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.hmac" #ALLOWHIDDENFILE="/usr/lib/.libgcrypt.so.11.hmac" @@ -518,7 +521,7 @@ #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha256hmac.hmac" #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac" #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac" -#ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac" +ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac" # # Allow the specified processes to use deleted files. The @@ -583,6 +586,7 @@ # #ALLOWDEVFILE="/dev/shm/pulse-shm-*" #ALLOWDEVFILE="/dev/shm/sem.ADBE_*" +ALLOWDEVFILE=/dev/shm/sysconfig/* # # This setting tells rkhunter where the inetd configuration @@ -633,7 +637,12 @@ # be specified more than once. # #XINETD_ALLOWED_SVC=/etc/xinetd.d/echo - +XINETD_ALLOWED_SVC=/etc/xinetd.d/ftp_psa +XINETD_ALLOWED_SVC=/etc/xinetd.d/smtp_psa +XINETD_ALLOWED_SVC=/etc/xinetd.d/smtps_psa +XINETD_ALLOWED_SVC=/etc/xinetd.d/poppassd_psa +XINETD_ALLOWED_SVC=/etc/xinetd.d/submission_psa +XINETD_ALLOWED_SVC=/etc/xinetd.d/nrpe # # This option tells rkhunter the local system startup file pathnames. # The directories will be searched for files. By default rkhunter @@ -691,7 +700,7 @@ # # This option permits the use of syslog remote logging. # -ALLOW_SYSLOG_REMOTE_LOGGING=0 +ALLOW_SYSLOG_REMOTE_LOGGING=1 # # Allow the following applications, or a specific version of an application, @@ -704,7 +713,7 @@ # # Note above that for the Apache web server, the name 'httpd' is used. # -#APP_WHITELIST="" +APP_WHITELIST="httpd apache2 named proftpd openssl php php5 sshd gpg" # # Scan for suspicious files in directories containing temporary files and