From 874ee116c6f1ee61bca9cba4fa8347a26a0fa1e9 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 29 Jul 2017 13:46:28 +0200
Subject: rkhunter: Disable remote updates to fix CVE-2017-7480.

---
 roles/common/files/etc/rkhunter.conf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/common/files/etc/rkhunter.conf b/roles/common/files/etc/rkhunter.conf
index 31b3062..abdbd6c 100644
--- a/roles/common/files/etc/rkhunter.conf
+++ b/roles/common/files/etc/rkhunter.conf
@@ -101,7 +101,7 @@
 #
 # The default value is '1'.
 #
-#UPDATE_MIRRORS=1
+UPDATE_MIRRORS=0
 
 #
 # The MIRRORS_MODE option tells rkhunter which mirrors are to be used when
@@ -116,7 +116,7 @@
 #
 # The default value is '0'.
 #
-#MIRRORS_MODE=0
+MIRRORS_MODE=1
 
 #
 # Email a message to this address if a warning is found when the system is
@@ -218,7 +218,7 @@ SCRIPTDIR=/usr/share/rkhunter/scripts
 # The default value is the null string, indicating that all the language files
 # will be updated.
 #
-#UPDATE_LANG=""
+UPDATE_LANG="en"
 
 #
 # This option specifies the log file pathname. The file will be created if it
@@ -1107,7 +1107,7 @@ ALLOWHIDDENFILE=/etc/.gitignore
 #
 # This option has no default value.
 #
-#WEB_CMD=""
+WEB_CMD="/bin/false"
 
 #
 # Set the following option to '1' if locking is to be used when rkhunter runs.
-- 
cgit v1.2.3