summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc/rkhunter.conf
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/files/etc/rkhunter.conf')
-rw-r--r--roles/common/files/etc/rkhunter.conf22
1 files changed, 11 insertions, 11 deletions
diff --git a/roles/common/files/etc/rkhunter.conf b/roles/common/files/etc/rkhunter.conf
index abdbd6c..b6a7d06 100644
--- a/roles/common/files/etc/rkhunter.conf
+++ b/roles/common/files/etc/rkhunter.conf
@@ -242,41 +242,41 @@ LOGFILE=/var/log/rkhunter.log
#
# Set the following option to '1' if the log file is to be copied when rkhunter
# finishes and an error or warning has occurred. The copied log file name will
# be appended with the current date and time (in YYYY-MM-DD_HH:MM:SS format).
# For example: rkhunter.log.2009-04-21_00:57:51
# If the option value is '0', then the log file will not be copied regardless
# of whether any errors or warnings occurred.
#
# The default value is '0'.
#
#COPY_LOG_ON_ERROR=0
#
# Set the following option to enable the rkhunter check start and finish times
# to be logged by syslog. Warning messages will also be logged. The value of
# the option must be a standard syslog facility and priority, separated by a
# dot. For example:
#
# USE_SYSLOG=authpriv.warning
#
-# Setting the value to 'NONE', or just leaving the option commented out,
+# Setting the value to 'none', or just leaving the option commented out,
# disables the use of syslog.
#
# The default value is not to use syslog.
#
#USE_SYSLOG=authpriv.notice
#
# Set the following option to '1' if the second colour set is to be used. This
# can be useful if your screen uses black characters on a white background
# (for example, a PC instead of a server). A value of '0' will cause the default
# colour set to be used.
#
# The default value is '0'.
#
#COLOR_SET2=0
#
# Set the following option to '0' if rkhunter should not detect if X is being
# used. If X is detected as being used, then the second colour set will
# automatically be used. If set to '1', then the use of X will be detected.
@@ -313,67 +313,67 @@ AUTO_X_DETECT=1
# authentication). If the 'Protocol' option has not been set in the SSH
# configuration file, then a value of '2' may be set here in order to
# suppress a warning message. A value of '0' indicates that the use of
# SSH-1 is not allowed.
#
# The default value is '0'.
#
#ALLOW_SSH_PROT_V1=0
#
# This setting tells rkhunter the directory containing the SSH configuration
# file. This setting will be worked out by rkhunter, and so should not
# usually need to be set.
#
# This option has no default value.
#
#SSH_CONFIG_DIR=/etc/ssh
#
# These two options determine which tests are to be performed. The ENABLE_TESTS
-# option can use the word 'ALL' to refer to all of the available tests. The
-# DISABLE_TESTS option can use the word 'NONE' to mean that no tests are
+# option can use the word 'all' to refer to all of the available tests. The
+# DISABLE_TESTS option can use the word 'none' to mean that no tests are
# disabled. The list of disabled tests is applied to the list of enabled tests.
#
# Both options are space-separated lists of test names, and both options may
# be specified more than once. The currently available test names can be seen
# by using the command 'rkhunter --list tests'.
#
# The supplied configuration file has some tests already disabled, and these
# are tests that will be used only occasionally, can be considered 'advanced'
# or that are prone to produce more than the average number of false-positives.
#
# Please read the README file for more details about enabling and disabling
# tests, the test names, and how rkhunter behaves when these options are used.
#
# The default values are to enable all tests and to disable none. However, if
# either of the options below are specified, then they will override the
# program defaults.
#
# hidden_procs test requires the unhide and/or unhide.rb commands which are
# part of the unhide respectively unhide.rb packages in Debian.
#
# apps test is disabled by default as it triggers warnings about outdated
# applications (and warns about possible security risk: we better trust
# the Debian Security Team).
#
-ENABLE_TESTS=ALL
+ENABLE_TESTS=all
DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
#
# The HASH_CMD option can be used to specify the command to use for the file
# properties hash value check. It can be specified as just the command name or
# the full pathname. If just the command name is given, and it is one of MD5,
# SHA1, SHA224, SHA256, SHA384 or SHA512, then rkhunter will first look for the
# relevant command, such as 'sha256sum', and then for 'sha256'. If neither of
# these are found, it will then look to see if a perl module has been installed
# which will support the relevant hash function. To see which perl modules have
# been installed use the command 'rkhunter --list perl'.
#
# Systems using prelinking are restricted to using either the SHA1 or MD5
# function.
#
# A value of 'NONE' (in uppercase) can be specified to indicate that no hash
# function should be used. Rkhunter will detect this, and automatically disable
# the file properties hash check test.
#
# Examples:
@@ -570,111 +570,111 @@ HASH_CMD=sha512sum
#
# Allow the specified file to have the 'others' (world) permission have the
# write-bit set. For example, files with permissions r-xr-xrwx or rwxrwxrwx.
#
# This option may be specified more than once, and may use wildcard characters.
#
# The default value is the null string.
#
#WRITEWHITELIST=/usr/bin/date
#
# Allow the specified file to be a script.
#
# This option may be specified more than once, and may use wildcard characters.
#
# The default value is the null string.
#
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
-SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
-#SCRIPTWHITELIST=/usr/bin/lwp-request
+SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
#SCRIPTWHITELIST=/usr/sbin/prelink
-#SCRIPTWHITELIST=/usr/bin/unhide.rb
+#SCRIPTWHITELIST=/usr/sbin/unhide.rb
#
# Allow the specified file to have the immutable attribute set.
#
# This option may be specified more than once, and may use wildcard characters.
#
# The default value is the null string.
#
#IMMUTWHITELIST=/sbin/ifdown
#
# If this option is set to '1', then the immutable-bit test is reversed. That
# is, the files are expected to have the bit set. A value of '0' means that the
# immutable-bit should not be set.
#
# The default value is '0'.
#
#IMMUTABLE_SET=0
#
# Allow the specified hidden directory to be whitelisted.
#
# This option may be specified more than once, and may use wildcard characters.
#
# The default value is the null string.
#
-ALLOWHIDDENDIR=/etc/.java
+#ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENDIR=/etc/.git
+#ALLOWHIDDENDIR=/dev/.lxc
#
# Allow the specified hidden file to be whitelisted.
#
# This option may be specified more than once, and may use wildcard characters.
#
# The default value is the null string.
#
#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
#ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
#ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
#ALLOWHIDDENFILE=/usr/lib/.libfipscheck.so.1.1.0.hmac
#ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac
#ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac
#ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
#ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
-ALLOWHIDDENFILE=/etc/.etckeeper
+#ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz
ALLOWHIDDENFILE=/etc/.gitignore
#ALLOWHIDDENFILE=/etc/.bzrignore
-
+ALLOWHIDDENFILE=/etc/.etckeeper
#
# Allow the specified process to use deleted files. The process name may be
# followed by a colon-separated list of full pathnames. The process will then
# only be whitelisted if it is using one of the given files. For example:
#
# ALLOWPROCDELFILE=/usr/libexec/gconfd-2:/tmp/abc:/var/tmp/xyz
#
# This option may be specified more than once. It may also use wildcards, but
# only in the file names.
#
# The default value is the null string.
#
#ALLOWPROCDELFILE=/sbin/cardmgr
#ALLOWPROCDELFILE=/usr/lib/libgconf2-4/gconfd-2
#ALLOWPROCDELFILE=/usr/sbin/mysqld:/tmp/ib*
-#ALLOWPROCDELFILE=/usr/lib/iceweasel/firefox-bin
+#ALLOWPROCDELFILE=/usr/lib/iceweasel/iceweasel
#ALLOWPROCDELFILE=/usr/bin/file-roller
#
# Allow the specified process to listen on any network interface.
#
# This option may be specified more than once, and may use wildcard characters.
#
# The default value is the null string.
#
#ALLOWPROCLISTEN=/sbin/dhclient
#ALLOWPROCLISTEN=/usr/bin/dhcpcd
#ALLOWPROCLISTEN=/usr/sbin/tcpdump
#ALLOWPROCLISTEN=/usr/sbin/snort-plain
#
# Allow the specified network interfaces to be in promiscuous mode.
#
# This is a space-separated list of interface names. The option may be
# specified more than once.
#
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-22 17:11:18 +0000