1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
Description: Custom configuration options for Debian package
Author: Francois Marier <francois@debian.org>
Forwarded: not-needed
Last-Update: 2021-08-22
--- a/files/rkhunter.conf
+++ b/files/rkhunter.conf
@@ -133,7 +133,7 @@
#
# Also see the MAIL_CMD option.
#
-#MAIL-ON-WARNING=me@mydomain root@mydomain
+#MAIL-ON-WARNING=root
#
# This option specifies the mail command to use if MAIL-ON-WARNING is set.
@@ -157,7 +157,7 @@
# subsequently commented out or removed, then the program will assume a
# default directory beneath the installation directory.
#
-#TMPDIR=/var/lib/rkhunter/tmp
+TMPDIR=/var/lib/rkhunter/tmp
#
# This option specifies the database directory to use.
@@ -166,7 +166,7 @@
# subsequently commented out or removed, then the program will assume a
# default directory beneath the installation directory.
#
-#DBDIR=/var/lib/rkhunter/db
+DBDIR=/var/lib/rkhunter/db
#
# This option specifies the script directory to use.
@@ -174,7 +174,7 @@
# The installer program will set the default directory. If this default is
# subsequently commented out or removed, then the program will not run.
#
-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
+SCRIPTDIR=/usr/share/rkhunter/scripts
#
# This option can be used to modify the command directory list used by rkhunter
@@ -267,7 +267,7 @@ LOGFILE=/var/log/rkhunter.log
#
# The default value is not to use syslog.
#
-#USE_SYSLOG=authpriv.notice
+USE_SYSLOG=authpriv.warning
#
# Set the following option to '1' if the second colour set is to be used. This
@@ -320,7 +320,7 @@ AUTO_X_DETECT=1
#
# The default value is '0'.
#
-#ALLOW_SSH_PROT_V1=0
+ALLOW_SSH_PROT_V1=2
#
# This setting tells rkhunter the directory containing the SSH configuration
@@ -434,6 +434,9 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps a
#
# Also see the PKGMGR_NO_VRFY and USE_SUNSUM options.
#
+# NONE is the default for Debian as well, as running --propupd takes
+# about 4 times longer when it's set to DPKG
+#
#PKGMGR=NONE
#
@@ -587,7 +590,15 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps a
#
# The default value is the null string.
#
-#SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/egrep
+SCRIPTWHITELIST=/usr/bin/fgrep
+SCRIPTWHITELIST=/usr/bin/which
+SCRIPTWHITELIST=/usr/bin/ldd
+#SCRIPTWHITELIST=/usr/bin/lwp-request
+SCRIPTWHITELIST=/usr/bin/which.debianutils
+SCRIPTWHITELIST=/usr/sbin/adduser
+#SCRIPTWHITELIST=/usr/sbin/prelink
+#SCRIPTWHITELIST=/usr/sbin/unhide.rb
#
# Allow the specified file to have the immutable attribute set.
@@ -627,9 +638,8 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps a
# The default value is the null string.
#
#ALLOWHIDDENDIR=/etc/.java
-#ALLOWHIDDENDIR=/dev/.udev
-#ALLOWHIDDENDIR=/dev/.udevdb
-#ALLOWHIDDENDIR=/dev/.mdadm
+#ALLOWHIDDENDIR=/etc/.git
+#ALLOWHIDDENDIR=/dev/.lxc
#
# Allow the specified hidden file to be whitelisted.
@@ -645,6 +655,11 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps a
#ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac
#ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac
#ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
+#ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
+#ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz
+#ALLOWHIDDENFILE=/etc/.gitignore
+#ALLOWHIDDENFILE=/etc/.bzrignore
+#ALLOWHIDDENFILE=/etc/.etckeeper
#
# Allow the specified process to use deleted files. The process name may be
@@ -667,7 +682,10 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps a
# The default value is the null string.
#
#ALLOWPROCDELFILE=/sbin/cardmgr
+#ALLOWPROCDELFILE=/usr/lib/libgconf2-4/gconfd-2
#ALLOWPROCDELFILE=/usr/sbin/mysqld:/tmp/ib*
+#ALLOWPROCDELFILE=/usr/lib/iceweasel/iceweasel
+#ALLOWPROCDELFILE=/usr/bin/file-roller
#
# Allow the specified process to listen on any network interface.
@@ -834,7 +852,7 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps a
#
# This option has no default value.
#
-#STARTUP_PATHS=/etc/rc.d /etc/rc.local
+#STARTUP_PATHS=/etc/init.d /etc/rc.local
#
# This option tells rkhunter the pathname to the file containing the user
@@ -859,7 +877,7 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps a
#
# The default value is the null string.
#
-#UID0_ACCOUNTS=toor rooty
+#UID0_ACCOUNTS=toor rooty sashroot
#
# This option allows the specified accounts to have no password. NIS/YP entries
@@ -1027,7 +1045,7 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps a
#
# Also see the WARN_ON_OS_CHANGE and UPDT_ON_OS_CHANGE options.
#
-#OS_VERSION_FILE=/etc/release
+#OS_VERSION_FILE=/etc/debian_version
#
# Set the following option to '0' if you do not want to receive a warning if any
@@ -1329,3 +1347,5 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps a
# The default value is '0'.
#
#GLOBSTAR=0
+
+INSTALLDIR=/usr
|
