From 2495327985da791891b579bd05b3cda1f41dfda7 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Dec 2018 03:04:22 +0100 Subject: Upgrade baseline to Debian Stretch. --- roles/common/files/etc/rkhunter.conf | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'roles/common/files/etc/rkhunter.conf') diff --git a/roles/common/files/etc/rkhunter.conf b/roles/common/files/etc/rkhunter.conf index abdbd6c..b6a7d06 100644 --- a/roles/common/files/etc/rkhunter.conf +++ b/roles/common/files/etc/rkhunter.conf @@ -259,7 +259,7 @@ LOGFILE=/var/log/rkhunter.log # # USE_SYSLOG=authpriv.warning # -# Setting the value to 'NONE', or just leaving the option commented out, +# Setting the value to 'none', or just leaving the option commented out, # disables the use of syslog. # # The default value is not to use syslog. @@ -330,8 +330,8 @@ AUTO_X_DETECT=1 # # These two options determine which tests are to be performed. The ENABLE_TESTS -# option can use the word 'ALL' to refer to all of the available tests. The -# DISABLE_TESTS option can use the word 'NONE' to mean that no tests are +# option can use the word 'all' to refer to all of the available tests. The +# DISABLE_TESTS option can use the word 'none' to mean that no tests are # disabled. The list of disabled tests is applied to the list of enabled tests. # # Both options are space-separated lists of test names, and both options may @@ -356,7 +356,7 @@ AUTO_X_DETECT=1 # applications (and warns about possible security risk: we better trust # the Debian Security Team). # -ENABLE_TESTS=ALL +ENABLE_TESTS=all DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps # @@ -587,12 +587,11 @@ HASH_CMD=sha512sum SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep SCRIPTWHITELIST=/bin/which -SCRIPTWHITELIST=/usr/bin/groups SCRIPTWHITELIST=/usr/bin/ldd -#SCRIPTWHITELIST=/usr/bin/lwp-request +SCRIPTWHITELIST=/usr/bin/lwp-request SCRIPTWHITELIST=/usr/sbin/adduser #SCRIPTWHITELIST=/usr/sbin/prelink -#SCRIPTWHITELIST=/usr/bin/unhide.rb +#SCRIPTWHITELIST=/usr/sbin/unhide.rb # # Allow the specified file to have the immutable attribute set. @@ -619,8 +618,9 @@ SCRIPTWHITELIST=/usr/sbin/adduser # # The default value is the null string. # -ALLOWHIDDENDIR=/etc/.java +#ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/etc/.git +#ALLOWHIDDENDIR=/dev/.lxc # # Allow the specified hidden file to be whitelisted. @@ -637,10 +637,10 @@ ALLOWHIDDENDIR=/etc/.git #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac #ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac #ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz -ALLOWHIDDENFILE=/etc/.etckeeper +#ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz ALLOWHIDDENFILE=/etc/.gitignore #ALLOWHIDDENFILE=/etc/.bzrignore - +ALLOWHIDDENFILE=/etc/.etckeeper # # Allow the specified process to use deleted files. The process name may be @@ -657,7 +657,7 @@ ALLOWHIDDENFILE=/etc/.gitignore #ALLOWPROCDELFILE=/sbin/cardmgr #ALLOWPROCDELFILE=/usr/lib/libgconf2-4/gconfd-2 #ALLOWPROCDELFILE=/usr/sbin/mysqld:/tmp/ib* -#ALLOWPROCDELFILE=/usr/lib/iceweasel/firefox-bin +#ALLOWPROCDELFILE=/usr/lib/iceweasel/iceweasel #ALLOWPROCDELFILE=/usr/bin/file-roller # -- cgit v1.2.3