File rkhunter-1.4.6-epel7.patch of Package rkhunter

Overview Repositories Revisions Requests Users Attributes Meta

File rkhunter-1.4.6-epel7.patch of Package rkhunter

diff -Nur rkhunter-1.4.6.orig/files/rkhunter.conf rkhunter-1.4.6/files/rkhunter.conf
--- rkhunter-1.4.6.orig/files/rkhunter.conf	2018-02-19 15:49:06.000000000 -0800
+++ rkhunter-1.4.6/files/rkhunter.conf	2018-02-25 15:23:23.886798270 -0800
@@ -1,4 +1,4 @@
-#
+##
 # This is the main configuration file for Rootkit Hunter.
 #
 # You can modify this file directly, or you can create a local configuration
@@ -158,6 +158,7 @@
 # default directory beneath the installation directory.
 #
 #TMPDIR=/var/lib/rkhunter/tmp
+TMPDIR=/var/lib/rkhunter
 
 #
 # This option specifies the database directory to use.
@@ -167,6 +168,7 @@
 # default directory beneath the installation directory.
 #
 #DBDIR=/var/lib/rkhunter/db
+DBDIR=/var/lib/rkhunter/db
 
 #
 # This option specifies the script directory to use.
@@ -175,6 +177,7 @@
 # subsequently commented out or removed, then the program will not run.
 #
 #SCRIPTDIR=/usr/local/lib/rkhunter/scripts
+SCRIPTDIR=/usr/share/rkhunter/scripts
 
 #
 # This option can be used to modify the command directory list used by rkhunter
@@ -231,7 +234,7 @@
 #
 # The default value is '/var/log/rkhunter.log'.
 #
-LOGFILE=/var/log/rkhunter.log
+LOGFILE=/var/log/rkhunter/rkhunter.log
 
 #
 # Set this option to '1' if the log file is to be appended to whenever rkhunter
@@ -241,6 +244,7 @@
 # The default value is '0'.
 #
 #APPEND_LOG=0
+APPEND_LOG=1
 
 #
 # Set the following option to '1' if the log file is to be copied when rkhunter
@@ -307,6 +311,7 @@
 # The default value is 'no'.
 #
 #ALLOW_SSH_ROOT_USER=no
+ALLOW_SSH_ROOT_USER=unset
 
 #
 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
@@ -321,6 +326,7 @@
 # The default value is '0'.
 #
 #ALLOW_SSH_PROT_V1=0
+ALLOW_SSH_PROT_V1=2
 
 #
 # This setting tells rkhunter the directory containing the SSH configuration
@@ -353,7 +359,8 @@
 # program defaults.
 #
 ENABLE_TESTS=ALL
-DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps
+#DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps
+DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps ipc_shared_mem
 
 #
 # The HASH_CMD option can be used to specify the command to use for the file
@@ -435,6 +442,7 @@
 # Also see the PKGMGR_NO_VRFY and USE_SUNSUM options.
 #
 #PKGMGR=NONE
+PKGMGR=RPM
 
 #
 # It is possible that a file, which is part of a package, may have been
@@ -558,6 +566,14 @@
 # The default value is the null string.
 #
 #EXISTWHITELIST=""
+EXISTWHITELIST=/bin/ad
+# FreeIPA Certificate Authority
+EXISTWHITELIST=/var/log/pki-ca/system
+# FreeIPA Certificate Authority
+EXISTWHITELIST=/var/log/pki/pki-tomcat/ca/system
+# Some non default installed files we check
+EXISTWHITELIST=/usr/bin/GET
+EXISTWHITELIST=/usr/bin/whatis
 
 #
 # Whitelist various attributes of the specified file. The attributes are those
@@ -588,6 +604,12 @@
 # The default value is the null string.
 #
 #SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/whatis
+SCRIPTWHITELIST=/usr/bin/ldd
+SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/GET
+SCRIPTWHITELIST=/sbin/ifup
+SCRIPTWHITELIST=/sbin/ifdown
 
 #
 # Allow the specified file to have the immutable attribute set.
@@ -630,6 +652,19 @@
 #ALLOWHIDDENDIR=/dev/.udev
 #ALLOWHIDDENDIR=/dev/.udevdb
 #ALLOWHIDDENDIR=/dev/.mdadm
+ALLOWHIDDENDIR="/etc/.java"
+ALLOWHIDDENDIR=/dev/.udev
+ALLOWHIDDENDIR=/dev/.udevdb
+ALLOWHIDDENDIR=/dev/.udev.tdb
+ALLOWHIDDENDIR=/dev/.static
+ALLOWHIDDENDIR=/dev/.initramfs
+ALLOWHIDDENDIR=/dev/.SRC-unix
+ALLOWHIDDENDIR=/dev/.mdadm
+ALLOWHIDDENDIR=/dev/.systemd
+ALLOWHIDDENDIR=/dev/.mount
+# for etckeeper
+ALLOWHIDDENDIR=/etc/.git
+ALLOWHIDDENDIR=/etc/.bzr
 
 #
 # Allow the specified hidden file to be whitelisted.
@@ -644,7 +679,33 @@
 #ALLOWHIDDENFILE=/usr/lib/.libfipscheck.so.1.1.0.hmac
 #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac
 #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac
-#ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
+ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
+ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz"
+ALLOWHIDDENFILE=/lib*/.libcrypto.so.*.hmac
+ALLOWHIDDENFILE=/lib*/.libssl.so.*.hmac
+ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac
+ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.*.hmac
+ALLOWHIDDENFILE=/usr/lib*/.libgcrypt.so.*.hmac
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha1hmac.hmac
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha256hmac.hmac
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha384hmac.hmac
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha512hmac.hmac
+ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
+ALLOWHIDDENFILE=/dev/.mdadm.map
+ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
+ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz
+ALLOWHIDDENFILE=/usr/sbin/.ipsec.hmac
+# etckeeper
+ALLOWHIDDENFILE=/etc/.etckeeper
+ALLOWHIDDENFILE=/etc/.gitignore
+ALLOWHIDDENFILE=/etc/.bzrignore
+# systemd
+ALLOWHIDDENFILE=/etc/.updated
 
 #
 # Allow the specified process to use deleted files. The process name may be
@@ -714,6 +775,33 @@
 #
 #ALLOWDEVFILE=/dev/shm/pulse-shm-*
 #ALLOWDEVFILE=/dev/shm/sem.ADBE_*
+# Allow PCS/Pacemaker/Corosync
+ALLOWDEVFILE=/dev/shm/qb-attrd-*
+ALLOWDEVFILE=/dev/shm/qb-cfg-*
+ALLOWDEVFILE=/dev/shm/qb-cib_rw-*
+ALLOWDEVFILE=/dev/shm/qb-cib_shm-*
+ALLOWDEVFILE=/dev/shm/qb-corosync-*
+ALLOWDEVFILE=/dev/shm/qb-cpg-*
+ALLOWDEVFILE=/dev/shm/qb-lrmd-*
+ALLOWDEVFILE=/dev/shm/qb-pengine-*
+ALLOWDEVFILE=/dev/shm/qb-quorum-*
+ALLOWDEVFILE=/dev/shm/qb-stonith-*
+ALLOWDEVFILE=/dev/shm/pulse-shm-*
+ALLOWDEVFILE=/dev/md/md-device-map
+# tomboy creates this one
+ALLOWDEVFILE="/dev/shm/mono.*"
+# created by libv4l
+ALLOWDEVFILE="/dev/shm/libv4l-*"
+# created by spice video
+ALLOWDEVFILE="/dev/shm/spice.*"
+# created by mdadm
+ALLOWDEVFILE="/dev/md/autorebuild.pid"
+# 389 Directory Server
+ALLOWDEVFILE=/dev/shm/sem.slapd-*.stats
+# squid proxy
+ALLOWDEVFILE=/dev/shm/squid-cf*
+# squid ssl cache
+ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm
 
 #
 # Allow the specified process pathnames to use shared memory segments.
@@ -1090,6 +1178,14 @@
 #
 #RTKT_DIR_WHITELIST=""
 #RTKT_FILE_WHITELIST=""
+RTKT_FILE_WHITELIST=/bin/ad
+# FreeIPA Certificate Authority
+RTKT_FILE_WHITELIST=/var/log/pki-ca/system
+# FreeIPA Certificate Authority
+RTKT_FILE_WHITELIST=/var/log/pki/pki-tomcat/ca/system
+# FreeIPA with KRA (Password Vault)
+EXISTWHITELIST=/var/log/pki/pki-tomcat/kra/system
+RTKT_FILE_WHITELIST=/var/log/pki/pki-tomcat/kra/system
 
 #
 # The following option can be used to whitelist shared library files that would
@@ -1329,3 +1425,5 @@
 # The default value is '0'.
 #
 #GLOBSTAR=0
+
+INSTALLDIR="/usr"

Places

File rkhunter-1.4.6-epel7.patch of Package rkhunter

Places