File rkhunter-1.4.6-epel7.patch of Package rkhunter
diff -Nur rkhunter-1.4.6.orig/files/rkhunter.conf rkhunter-1.4.6/files/rkhunter.conf --- rkhunter-1.4.6.orig/files/rkhunter.conf 2018-02-19 15:49:06.000000000 -0800 +++ rkhunter-1.4.6/files/rkhunter.conf 2018-02-25 15:23:23.886798270 -0800 @@ -1,4 +1,4 @@ -# +## # This is the main configuration file for Rootkit Hunter. # # You can modify this file directly, or you can create a local configuration @@ -158,6 +158,7 @@ # default directory beneath the installation directory. # #TMPDIR=/var/lib/rkhunter/tmp +TMPDIR=/var/lib/rkhunter # # This option specifies the database directory to use. @@ -167,6 +168,7 @@ # default directory beneath the installation directory. # #DBDIR=/var/lib/rkhunter/db +DBDIR=/var/lib/rkhunter/db # # This option specifies the script directory to use. @@ -175,6 +177,7 @@ # subsequently commented out or removed, then the program will not run. # #SCRIPTDIR=/usr/local/lib/rkhunter/scripts +SCRIPTDIR=/usr/share/rkhunter/scripts # # This option can be used to modify the command directory list used by rkhunter @@ -231,7 +234,7 @@ # # The default value is '/var/log/rkhunter.log'. # -LOGFILE=/var/log/rkhunter.log +LOGFILE=/var/log/rkhunter/rkhunter.log # # Set this option to '1' if the log file is to be appended to whenever rkhunter @@ -241,6 +244,7 @@ # The default value is '0'. # #APPEND_LOG=0 +APPEND_LOG=1 # # Set the following option to '1' if the log file is to be copied when rkhunter @@ -307,6 +311,7 @@ # The default value is 'no'. # #ALLOW_SSH_ROOT_USER=no +ALLOW_SSH_ROOT_USER=unset # # Set this option to '1' to allow the use of the SSH-1 protocol, but note @@ -321,6 +326,7 @@ # The default value is '0'. # #ALLOW_SSH_PROT_V1=0 +ALLOW_SSH_PROT_V1=2 # # This setting tells rkhunter the directory containing the SSH configuration @@ -353,7 +359,8 @@ # program defaults. # ENABLE_TESTS=ALL -DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps +#DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps +DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps ipc_shared_mem # # The HASH_CMD option can be used to specify the command to use for the file @@ -435,6 +442,7 @@ # Also see the PKGMGR_NO_VRFY and USE_SUNSUM options. # #PKGMGR=NONE +PKGMGR=RPM # # It is possible that a file, which is part of a package, may have been @@ -558,6 +566,14 @@ # The default value is the null string. # #EXISTWHITELIST="" +EXISTWHITELIST=/bin/ad +# FreeIPA Certificate Authority +EXISTWHITELIST=/var/log/pki-ca/system +# FreeIPA Certificate Authority +EXISTWHITELIST=/var/log/pki/pki-tomcat/ca/system +# Some non default installed files we check +EXISTWHITELIST=/usr/bin/GET +EXISTWHITELIST=/usr/bin/whatis # # Whitelist various attributes of the specified file. The attributes are those @@ -588,6 +604,12 @@ # The default value is the null string. # #SCRIPTWHITELIST=/usr/bin/groups +SCRIPTWHITELIST=/usr/bin/whatis +SCRIPTWHITELIST=/usr/bin/ldd +SCRIPTWHITELIST=/usr/bin/groups +SCRIPTWHITELIST=/usr/bin/GET +SCRIPTWHITELIST=/sbin/ifup +SCRIPTWHITELIST=/sbin/ifdown # # Allow the specified file to have the immutable attribute set. @@ -630,6 +652,19 @@ #ALLOWHIDDENDIR=/dev/.udev #ALLOWHIDDENDIR=/dev/.udevdb #ALLOWHIDDENDIR=/dev/.mdadm +ALLOWHIDDENDIR="/etc/.java" +ALLOWHIDDENDIR=/dev/.udev +ALLOWHIDDENDIR=/dev/.udevdb +ALLOWHIDDENDIR=/dev/.udev.tdb +ALLOWHIDDENDIR=/dev/.static +ALLOWHIDDENDIR=/dev/.initramfs +ALLOWHIDDENDIR=/dev/.SRC-unix +ALLOWHIDDENDIR=/dev/.mdadm +ALLOWHIDDENDIR=/dev/.systemd +ALLOWHIDDENDIR=/dev/.mount +# for etckeeper +ALLOWHIDDENDIR=/etc/.git +ALLOWHIDDENDIR=/etc/.bzr # # Allow the specified hidden file to be whitelisted. @@ -644,7 +679,33 @@ #ALLOWHIDDENFILE=/usr/lib/.libfipscheck.so.1.1.0.hmac #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac -#ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac +ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac +ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz" +ALLOWHIDDENFILE=/lib*/.libcrypto.so.*.hmac +ALLOWHIDDENFILE=/lib*/.libssl.so.*.hmac +ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac +ALLOWHIDDENFILE=/usr/bin/.ssh.hmac +ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac +ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac +ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac +ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac +ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.*.hmac +ALLOWHIDDENFILE=/usr/lib*/.libgcrypt.so.*.hmac +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha1hmac.hmac +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha256hmac.hmac +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha384hmac.hmac +ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha512hmac.hmac +ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac +ALLOWHIDDENFILE=/dev/.mdadm.map +ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz +ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz +ALLOWHIDDENFILE=/usr/sbin/.ipsec.hmac +# etckeeper +ALLOWHIDDENFILE=/etc/.etckeeper +ALLOWHIDDENFILE=/etc/.gitignore +ALLOWHIDDENFILE=/etc/.bzrignore +# systemd +ALLOWHIDDENFILE=/etc/.updated # # Allow the specified process to use deleted files. The process name may be @@ -714,6 +775,33 @@ # #ALLOWDEVFILE=/dev/shm/pulse-shm-* #ALLOWDEVFILE=/dev/shm/sem.ADBE_* +# Allow PCS/Pacemaker/Corosync +ALLOWDEVFILE=/dev/shm/qb-attrd-* +ALLOWDEVFILE=/dev/shm/qb-cfg-* +ALLOWDEVFILE=/dev/shm/qb-cib_rw-* +ALLOWDEVFILE=/dev/shm/qb-cib_shm-* +ALLOWDEVFILE=/dev/shm/qb-corosync-* +ALLOWDEVFILE=/dev/shm/qb-cpg-* +ALLOWDEVFILE=/dev/shm/qb-lrmd-* +ALLOWDEVFILE=/dev/shm/qb-pengine-* +ALLOWDEVFILE=/dev/shm/qb-quorum-* +ALLOWDEVFILE=/dev/shm/qb-stonith-* +ALLOWDEVFILE=/dev/shm/pulse-shm-* +ALLOWDEVFILE=/dev/md/md-device-map +# tomboy creates this one +ALLOWDEVFILE="/dev/shm/mono.*" +# created by libv4l +ALLOWDEVFILE="/dev/shm/libv4l-*" +# created by spice video +ALLOWDEVFILE="/dev/shm/spice.*" +# created by mdadm +ALLOWDEVFILE="/dev/md/autorebuild.pid" +# 389 Directory Server +ALLOWDEVFILE=/dev/shm/sem.slapd-*.stats +# squid proxy +ALLOWDEVFILE=/dev/shm/squid-cf* +# squid ssl cache +ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm # # Allow the specified process pathnames to use shared memory segments. @@ -1090,6 +1178,14 @@ # #RTKT_DIR_WHITELIST="" #RTKT_FILE_WHITELIST="" +RTKT_FILE_WHITELIST=/bin/ad +# FreeIPA Certificate Authority +RTKT_FILE_WHITELIST=/var/log/pki-ca/system +# FreeIPA Certificate Authority +RTKT_FILE_WHITELIST=/var/log/pki/pki-tomcat/ca/system +# FreeIPA with KRA (Password Vault) +EXISTWHITELIST=/var/log/pki/pki-tomcat/kra/system +RTKT_FILE_WHITELIST=/var/log/pki/pki-tomcat/kra/system # # The following option can be used to whitelist shared library files that would @@ -1329,3 +1425,5 @@ # The default value is '0'. # #GLOBSTAR=0 + +INSTALLDIR="/usr"
