initial commit of file from CVS for smeserver-rkhunter on Sat Sep 7 21:01:20 AEST 2024
This commit is contained in:
parent
575d288543
commit
712e742cfc
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
*.rpm
|
||||
*.log
|
||||
*spec-20*
|
||||
*.tar.gz
|
||||
21
Makefile
Normal file
21
Makefile
Normal file
@ -0,0 +1,21 @@
|
||||
# Makefile for source rpm: smeserver-rkhunter
|
||||
# $Id: Makefile,v 1.1 2020/10/09 14:26:36 brianr Exp $
|
||||
NAME := smeserver-rkhunter
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attept a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
||||
16
README.md
16
README.md
@ -1,3 +1,15 @@
|
||||
# smeserver-rkhunter
|
||||
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> smeserver-rkhunter
|
||||
|
||||
SMEServer Koozali developed git repo for smeserver-rkhunter smecontribs
|
||||
SMEServer Koozali developed git repo for smeserver-rkhunter smecontribs
|
||||
|
||||
## Wiki
|
||||
<br />https://wiki.koozali.org/Rkhunter
|
||||
|
||||
## Bugzilla
|
||||
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-rkhunter&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
|
||||
|
||||
## Description
|
||||
|
||||
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
|
||||
*Once it has been checked, then this comment will be deleted*
|
||||
<br />
|
||||
|
||||
1
contriborbase
Normal file
1
contriborbase
Normal file
@ -0,0 +1 @@
|
||||
contribs10
|
||||
35
createlinks
Normal file
35
createlinks
Normal file
@ -0,0 +1,35 @@
|
||||
#!/usr/bin/perl -w
|
||||
use esmith::Build::CreateLinks qw(:all);
|
||||
# our event specific for updating with yum without reboot
|
||||
$event = 'smeserver-rkhunter-update';
|
||||
#add here the path to your templates needed to expand
|
||||
#see the /etc/systemd/system-preset/49-koozali.preset should be present for systemd integration on all you yum update event
|
||||
|
||||
foreach my $file (qw(
|
||||
/etc/systemd/system-preset/49-koozali.preset
|
||||
))
|
||||
{
|
||||
templates2events( $file, $event );
|
||||
}
|
||||
#action needed in case we have a systemd unit
|
||||
event_link('systemd-default', $event, '10');
|
||||
event_link('systemd-reload', $event, '50');
|
||||
#action specific to this package
|
||||
#event_link('action', $event, '30');
|
||||
#services we need to restart
|
||||
#safe_symlink('restart',root/etc/e-smith/events/$event/services2adjust/service);
|
||||
#and Server Manager panel link
|
||||
#panel_link('somefunction', 'manager');
|
||||
|
||||
for my $event (qw(
|
||||
bootstrap-console-save
|
||||
remoteaccess-update
|
||||
smeserver-rkhunter-update
|
||||
))
|
||||
{
|
||||
templates2events("/etc/rkhunter.conf", $event);
|
||||
templates2events("/etc/sysconfig/rkhunter", $event);
|
||||
templates2events("/etc/cron.daily/rkhunter", $event);
|
||||
}
|
||||
|
||||
safe_symlink("../../../../templates-default/template-begin-shell","root/etc/e-smith/templates/etc/cron.daily/rkhunter/template-begin");
|
||||
@ -0,0 +1 @@
|
||||
apps,suspscan,system_commands
|
||||
@ -0,0 +1 @@
|
||||
enabled
|
||||
1
root/etc/e-smith/db/configuration/defaults/rkhunter/type
Normal file
1
root/etc/e-smith/db/configuration/defaults/rkhunter/type
Normal file
@ -0,0 +1 @@
|
||||
service
|
||||
@ -0,0 +1 @@
|
||||
PERMS=0755
|
||||
58
root/etc/e-smith/templates/etc/cron.daily/rkhunter/10script
Normal file
58
root/etc/e-smith/templates/etc/cron.daily/rkhunter/10script
Normal file
@ -0,0 +1,58 @@
|
||||
#!/bin/sh
|
||||
# 01-rkhunter A shell script to update and run rkhunter via CRON
|
||||
|
||||
XITVAL=0
|
||||
|
||||
# Get a secure tempfile
|
||||
TMPFILE1=`/bin/mktemp -p /var/lib/rkhunter rkhcronlog.XXXXXXXXXX` || exit 1
|
||||
|
||||
if [ ! -e /var/lock/subsys/rkhunter ]; then
|
||||
|
||||
# Try to keep the SysInit boot scan from colliding with us (highly unlikely)
|
||||
/bin/touch /var/lock/subsys/rkhunter
|
||||
|
||||
# Source system configuration parameters.
|
||||
if [ -e /etc/sysconfig/rkhunter ] ; then
|
||||
. /etc/sysconfig/rkhunter
|
||||
else
|
||||
{ my $mail = $rkhunter{'mail'} || "root"; $OUT .= "MAILTO= $mail";}
|
||||
fi
|
||||
|
||||
# If a diagnostic mode scan was requested, setup the parameters
|
||||
if [ "$DIAG_SCAN" == "yes" ]; then
|
||||
RKHUNTER_FLAGS="--checkall --skip-keypress --nocolors --quiet --appendlog --display-logfile"
|
||||
else
|
||||
RKHUNTER_FLAGS="--cronjob --nocolors --report-warnings-only"
|
||||
fi
|
||||
|
||||
# Set a few critical parameters
|
||||
RKHUNTER=/usr/bin/rkhunter
|
||||
LOGFILE=/var/log/rkhunter/rkhunter.log
|
||||
|
||||
# Run RootKit Hunter if available
|
||||
if [ -x $RKHUNTER ]; then
|
||||
/bin/echo -e "\n--------------------- Start Rootkit Hunter Update ---------------------" \
|
||||
> $TMPFILE1
|
||||
/bin/nice -n 10 $RKHUNTER --update --nocolors 2>&1 >> $TMPFILE1
|
||||
/bin/echo -e "\n---------------------- Start Rootkit Hunter Scan ----------------------" \
|
||||
>> $TMPFILE1
|
||||
/bin/nice -n 10 $RKHUNTER $RKHUNTER_FLAGS 2>&1 >> $TMPFILE1
|
||||
XITVAL=$?
|
||||
/bin/echo -e "\n----------------------- End Rootkit Hunter Scan -----------------------" \
|
||||
>> $TMPFILE1
|
||||
|
||||
if [ $XITVAL != 0 ]; then
|
||||
/bin/cat $TMPFILE1 | /bin/mail -s "rkhunter Daily Run on $(hostname)" $MAILTO
|
||||
fi
|
||||
/bin/cat $TMPFILE1 >> $LOGFILE
|
||||
fi
|
||||
|
||||
# Delete the gating lockfile
|
||||
/bin/rm -f /var/lock/subsys/rkhunter
|
||||
fi
|
||||
|
||||
# Delete the secure tempfile
|
||||
/bin/rm -f $TMPFILE1
|
||||
|
||||
exit $XITVAL
|
||||
|
||||
20
root/etc/e-smith/templates/etc/rkhunter.conf/000header
Normal file
20
root/etc/e-smith/templates/etc/rkhunter.conf/000header
Normal file
@ -0,0 +1,20 @@
|
||||
#
|
||||
# This is the configuration file for Rootkit Hunter.
|
||||
#
|
||||
# Please modify it to your own requirements.
|
||||
#
|
||||
# Please review the documentation before posting bug reports or questions.
|
||||
# To report bugs, obtain updates, or provide patches or comments, please go to:
|
||||
# http://rkhunter.sourceforge.net
|
||||
#
|
||||
# To ask questions about rkhunter, please use the rkhunter-users mailing list.
|
||||
# Note this is a moderated list: please subscribe before posting.
|
||||
#
|
||||
# Lines beginning with a hash (#), and blank lines, are ignored.
|
||||
# End-of-line comments are not supported.
|
||||
#
|
||||
# Most of the following options need only be specified once. If
|
||||
# they appear more than once, then the last one seen will be used.
|
||||
# Some options are allowed to appear more than once, and the text
|
||||
# describing the option will say if this is so.
|
||||
#
|
||||
@ -0,0 +1,15 @@
|
||||
#
|
||||
# If this option is set to 1, it specifies that the mirrors file
|
||||
# ('mirrors.dat'), which is used when the '--update' and '--versioncheck'
|
||||
# options are used, is to be rotated. Rotating the entries in the file
|
||||
# allows a basic form of load-balancing between the mirror sites whenever
|
||||
# the above options are used.
|
||||
# If the option is set to 0, then the mirrors will be treated as if in
|
||||
# a priority list. That is, the first mirror listed will always be used
|
||||
# first. The second mirror will only be used if the first mirror fails,
|
||||
# the third mirror will only be used if the second mirror fails, and so on.
|
||||
#
|
||||
# If the mirrors file is read-only, then the '--versioncheck' command-line
|
||||
# option can only be used if this option is set to 0.
|
||||
#
|
||||
ROTATE_MIRRORS=1
|
||||
@ -0,0 +1,9 @@
|
||||
#
|
||||
# If this option is set to 1, it specifies that when the '--update'
|
||||
# option is used, then the mirrors file is to be checked for updates
|
||||
# as well. If the current mirrors file contains any local mirrors,
|
||||
# these will be prepended to the updated file.
|
||||
# If this option is set to 0, the mirrors file can only be updated
|
||||
# manually. This may be useful if only using local mirrors.
|
||||
#
|
||||
UPDATE_MIRRORS=1
|
||||
@ -0,0 +1,12 @@
|
||||
#
|
||||
# The MIRRORS_MODE option tells rkhunter which mirrors are to be
|
||||
# used when the '--update' or '--versioncheck' command-line options
|
||||
# are given. Possible values are:
|
||||
# 0 - use any mirror (the default)
|
||||
# 1 - only use local mirrors
|
||||
# 2 - only use remote mirrors
|
||||
#
|
||||
# Local and remote mirrors can be defined in the mirrors file
|
||||
# by using the 'local=' and 'remote=' keywords respectively.
|
||||
#
|
||||
MIRRORS_MODE=0
|
||||
@ -0,0 +1,13 @@
|
||||
#
|
||||
# Email a message to this address if a warning is found when the
|
||||
# system is being checked. Multiple addresses may be specified
|
||||
# simply be separating them with a space. Setting this option to
|
||||
# null disables the option.
|
||||
#
|
||||
# NOTE: This option should be present in the configuration file.
|
||||
#
|
||||
#MAIL-ON-WARNING=me@mydomain root@mydomain
|
||||
{
|
||||
my $mailWarn = $rkhunter{'mailWarn'} || "";
|
||||
$OUT .= "MAIL-ON-WARNING=\"$mailWarn\"\n";
|
||||
}
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# Specify the mail command to use if MAIL-ON-WARNING is set.
|
||||
# NOTE: Double quotes are not required around the command, but
|
||||
# are required around the subject line if it contains spaces.
|
||||
#
|
||||
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
|
||||
8
root/etc/e-smith/templates/etc/rkhunter.conf/015dir10tmp
Normal file
8
root/etc/e-smith/templates/etc/rkhunter.conf/015dir10tmp
Normal file
@ -0,0 +1,8 @@
|
||||
#
|
||||
# Specify the temporary directory to use.
|
||||
#
|
||||
# NOTE: Do not use /tmp as your temporary directory. Some
|
||||
# important files will be written to this directory, so be
|
||||
# sure that the directory permissions are tight.
|
||||
#
|
||||
TMPDIR=/var/lib/rkhunter/
|
||||
4
root/etc/e-smith/templates/etc/rkhunter.conf/015dir20db
Normal file
4
root/etc/e-smith/templates/etc/rkhunter.conf/015dir20db
Normal file
@ -0,0 +1,4 @@
|
||||
#
|
||||
# Specify the database directory to use.
|
||||
#
|
||||
DBDIR=/var/lib/rkhunter/db
|
||||
@ -0,0 +1,4 @@
|
||||
#
|
||||
# Specify the script directory to use.
|
||||
#
|
||||
SCRIPTDIR=/usr/share/rkhunter/scripts
|
||||
@ -0,0 +1,4 @@
|
||||
#
|
||||
# Specify the root directory to use.
|
||||
#
|
||||
#ROOTDIR=""
|
||||
@ -0,0 +1,5 @@
|
||||
#
|
||||
# Specify the command directories to be checked. This is a
|
||||
# space-separated list of directories.
|
||||
#
|
||||
#BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec"
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# This setting tells rkhunter the directory containing the available
|
||||
# kernel modules. This setting will be worked out by rkhunter, and
|
||||
# so should not usually need to be set.
|
||||
#
|
||||
#MODULES_DIR=""
|
||||
@ -0,0 +1 @@
|
||||
INSTALLDIR="/usr"
|
||||
10
root/etc/e-smith/templates/etc/rkhunter.conf/020language
Normal file
10
root/etc/e-smith/templates/etc/rkhunter.conf/020language
Normal file
@ -0,0 +1,10 @@
|
||||
#
|
||||
# Specify the language to use. This should be similar
|
||||
# to the ISO 639 language code.
|
||||
#
|
||||
# NOTE: Please ensure that the language you specify is supported.
|
||||
# For a list of supported languages use the following command:
|
||||
#
|
||||
# rkhunter --lang en --list languages
|
||||
#
|
||||
#LANGUAGE=en
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# Specify the log file pathname.
|
||||
#
|
||||
# NOTE: This option should be present in the configuration file.
|
||||
#
|
||||
LOGFILE=/var/log/rkhunter/rkhunter.log
|
||||
@ -0,0 +1,5 @@
|
||||
#
|
||||
# Set the following option to 1 if the log file is to be appended to
|
||||
# whenever rkhunter is run.
|
||||
#
|
||||
APPEND_LOG=1
|
||||
12
root/etc/e-smith/templates/etc/rkhunter.conf/025log30syslog
Normal file
12
root/etc/e-smith/templates/etc/rkhunter.conf/025log30syslog
Normal file
@ -0,0 +1,12 @@
|
||||
#
|
||||
# Set the following option to enable the rkhunter check start and finish
|
||||
# times to be logged by syslog. Warning messages will also be logged.
|
||||
# The value of the option must be a standard syslog facility and
|
||||
# priority, separated by a dot.
|
||||
#
|
||||
# For example: USE_SYSLOG=authpriv.warning
|
||||
#
|
||||
# Setting the value to 'none', or just leaving the option commented out,
|
||||
# disables the use of syslog.
|
||||
#
|
||||
#USE_SYSLOG=authpriv.notice
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# Set the following option to 1 if the second colour set is to be used.
|
||||
# This can be useful if your screen uses black characters on a white
|
||||
# background (for example, a PC instead of a server).
|
||||
#
|
||||
COLOR_SET2=0
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# Set the following option to 0 if rkhunter should not detect if X is
|
||||
# being used. If X is detected as being used, then the second colour
|
||||
# set will automatically be used.
|
||||
#
|
||||
AUTO_X_DETECT=1
|
||||
@ -0,0 +1,21 @@
|
||||
#
|
||||
# The following option is checked against the SSH configuration file
|
||||
# 'PermitRootLogin' option. A warning will be displayed if they do not
|
||||
# match. However, if a value has not been set in the SSH configuration
|
||||
# file, then a value here of 'yes' or 'unset' will not cause a warning.
|
||||
# This option has a default value of 'no'.
|
||||
#
|
||||
{
|
||||
my $PermitRootLogin = $sshd{'PermitRootLogin'} || "no";
|
||||
my $status = $sshd{'status'} || 'disabled';
|
||||
$OUT .= "ALLOW_SSH_ROOT_USER=";
|
||||
if ( $status ne 'enabled' ) {
|
||||
$OUT .= 'no';
|
||||
} elsif ( $PermitRootLogin eq 'yes' ) {
|
||||
$OUT .= 'yes';
|
||||
} elsif ( $PermitRootLogin eq 'key' || $PermitRootLogin eq 'nopass' ) {
|
||||
$OUT .= 'without-password';
|
||||
} else {
|
||||
$OUT .= 'no';
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,10 @@
|
||||
#
|
||||
# Set this option to '1' to allow the use of the SSH-1 protocol, but note
|
||||
# that theoretically it is weaker, and therefore less secure, than the
|
||||
# SSH-2 protocol. Do not modify this option unless you have good reasons
|
||||
# to use the SSH-1 protocol (for instance for AFS token passing or Kerberos4
|
||||
# authentication). If the 'Protocol' option has not been set in the SSH
|
||||
# configuration file, then a value of '2' may be set here in order to
|
||||
# suppress a warning message. This option has a default value of '0'.
|
||||
#
|
||||
ALLOW_SSH_PROT_V1=0
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# This setting tells rkhunter the directory containing the SSH configuration
|
||||
# file. This setting will be worked out by rkhunter, and so should not
|
||||
# usually need to be set.
|
||||
#
|
||||
#SSH_CONFIG_DIR=/etc/ssh
|
||||
@ -0,0 +1,20 @@
|
||||
#
|
||||
# These two options determine which tests are to be performed.
|
||||
# The ENABLE_TESTS option can use the word 'all' to refer to all the
|
||||
# available tests. The DISABLE_TESTS option can use the word 'none' to
|
||||
# mean that no tests are disabled. The list of disabled tests is applied to
|
||||
# the list of enabled tests. Both options are space-separated lists of test
|
||||
# names. The currently available test names can be seen by using the command
|
||||
# 'rkhunter --list tests'.
|
||||
#
|
||||
# The program defaults are to enable all tests and disable none. However, if
|
||||
# either option is specified in this file, then it overrides the program
|
||||
# default. The supplied rkhunter.conf file has some tests already disabled,
|
||||
# and these are tests that will be used only incidentally, can be considered
|
||||
# "advanced" or those that are prone to produce more than the "average" number
|
||||
# of "false positives".
|
||||
#
|
||||
# Please read the README file for more details about enabling and disabling
|
||||
# tests, the test names, and how rkhunter behaves when these options are used.
|
||||
#
|
||||
ENABLE_TESTS="all"
|
||||
@ -0,0 +1,5 @@
|
||||
{
|
||||
my $DisableTests = $rkhunter{'DisableTests'};
|
||||
|
||||
$OUT .= 'DISABLE_TESTS=' . join(" ", split(/[ ;,]/, $DisableTests));
|
||||
}
|
||||
23
root/etc/e-smith/templates/etc/rkhunter.conf/050hash10func
Normal file
23
root/etc/e-smith/templates/etc/rkhunter.conf/050hash10func
Normal file
@ -0,0 +1,23 @@
|
||||
#
|
||||
# The HASH_FUNC option can be used to specify the command to use
|
||||
# for the file hash value check. It can be specified as just
|
||||
# the command name or the full pathname. Systems using prelinking
|
||||
# are restricted to using either SHA1 or MD5 functions. To get rkhunter
|
||||
# to look for the sha1(sum)/md5(sum) command, or to use the supplied
|
||||
# perl scripts, simply specify this option as 'SHA1' or 'MD5' in
|
||||
# uppercase. The default is SHA1, or MD5 if SHA1 cannot be found.
|
||||
#
|
||||
# A value of 'NONE' (in uppercase) can be specified to indicate that
|
||||
# no hash function should be used. Rootkit Hunter will detect this and
|
||||
# automatically disable the file hash checks.
|
||||
#
|
||||
# Examples:
|
||||
# For Solaris 9 : HASH_FUNC=gmd5sum
|
||||
# For Solaris 10: HASH_FUNC=sha1sum
|
||||
# For AIX (>5.2): HASH_FUNC="csum -hMD5"
|
||||
# For NetBSD : HASH_FUNC="cksum -a sha512"
|
||||
#
|
||||
# NOTE: If the hash function is changed then you MUST run rkhunter with
|
||||
# the '--propupd' option to rebuild the file properties database.
|
||||
#
|
||||
#HASH_FUNC=sha1sum
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# The HASH_FLD_IDX option specifies which field from the HASH_FUNC
|
||||
# command output contains the hash value. The fields are assumed to
|
||||
# be space-separated. The default value is one, but for *BSD users
|
||||
# rkhunter will, by default, use a value of 4 if the HASH_FUNC option
|
||||
# has not been set. The option value must be a positive integer.
|
||||
#
|
||||
#HASH_FLD_IDX=4
|
||||
21
root/etc/e-smith/templates/etc/rkhunter.conf/055pkgmgr
Normal file
21
root/etc/e-smith/templates/etc/rkhunter.conf/055pkgmgr
Normal file
@ -0,0 +1,21 @@
|
||||
#
|
||||
# The PKGMGR option tells rkhunter to use the specified package manager
|
||||
# to obtain the file property information. This is used when updating
|
||||
# the file properties file ('rkhunter.dat'), and when running the file
|
||||
# properties check. For RedHat/RPM-based systems, 'RPM' can be used
|
||||
# to get information from the RPM database. For Debian-based systems
|
||||
# 'DPKG' can be used, and for *BSD systems 'BSD' can be used.
|
||||
# No value, or a value of 'NONE', indicates that no package manager
|
||||
# is to be used. The default is 'NONE'.
|
||||
#
|
||||
# The current package managers store the file hash values using an
|
||||
# MD5 hash function.
|
||||
#
|
||||
# The 'DPKG' and 'BSD' package managers only provide MD5 hash values.
|
||||
# The 'RPM' package manager additionally provides values for the inode,
|
||||
# file permissions, uid, gid and other values.
|
||||
#
|
||||
# For any file not part of a package, rkhunter will revert to using
|
||||
# the HASH_FUNC hash function instead.
|
||||
#
|
||||
PKGMGR=RPM
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# Whitelist the hash (content) for the specified files. Only useful
|
||||
# for cases where e.g. the package manager is unable to verify the
|
||||
# content, or where the content is known to change
|
||||
# otherwise. Specifying a file name here does not include it being
|
||||
# whitelisted for the attribute/write/script tests below. One command
|
||||
# per line (use multiple HASHWHITELIST lines).
|
||||
#HASHWHITELIST=/usr/bin/lsattr
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# Whitelist various attributes of the specified files.
|
||||
# The attributes are those of the 'attributes' test.
|
||||
# Specifying a file name here does not include it being
|
||||
# whitelisted for the write permission test below.
|
||||
# One command per line (use multiple ATTRWHITELIST lines).
|
||||
#
|
||||
#ATTRWHITELIST=/bin/ps
|
||||
@ -0,0 +1,10 @@
|
||||
#
|
||||
# Allow the specified commands to have the 'others'
|
||||
# (world) permission have the write-bit set.
|
||||
#
|
||||
# For example, files with permissions r-xr-xrwx
|
||||
# or rwxrwxrwx.
|
||||
#
|
||||
# One command per line (use multiple WRITEWHITELIST lines).
|
||||
#
|
||||
#WRITEWHITELIST=/bin/ps
|
||||
@ -0,0 +1,13 @@
|
||||
#
|
||||
# Allow the specified commands to be scripts.
|
||||
# One command per line (use multiple SCRIPTWHITELIST lines).
|
||||
#
|
||||
#SCRIPTWHITELIST=/sbin/ifup
|
||||
#SCRIPTWHITELIST=/sbin/ifdown
|
||||
#SCRIPTWHITELIST=/usr/bin/groups
|
||||
SCRIPTWHITELIST=/usr/bin/whatis
|
||||
SCRIPTWHITELIST=/usr/bin/ldd
|
||||
SCRIPTWHITELIST=/usr/bin/groups
|
||||
SCRIPTWHITELIST=/usr/bin/GET
|
||||
SCRIPTWHITELIST=/sbin/ifup
|
||||
SCRIPTWHITELIST=/sbin/ifdown
|
||||
@ -0,0 +1,5 @@
|
||||
#
|
||||
# Allow the specified commands to have the immutable attribute set.
|
||||
# One command per line (use multiple IMMUTWHITELIST lines).
|
||||
#
|
||||
#IMMUTWHITELIST=/sbin/ifup
|
||||
@ -0,0 +1,9 @@
|
||||
#
|
||||
# Allow the following applications, or a specific version of an application,
|
||||
# to be whitelisted. This option is a space-separated list consisting of the
|
||||
# application names. If a specific version is to be whitelisted, then the
|
||||
# name must be followed by a colon and then the version number.
|
||||
#
|
||||
# For example: APP_WHITELIST="openssl:0.9.7d gpg"
|
||||
#
|
||||
#APP_WHITELIST=""
|
||||
@ -0,0 +1,22 @@
|
||||
#
|
||||
# The following option can be used to whitelist network ports which
|
||||
# are known to have been used by malware. The option is a space-
|
||||
# separated list of one or more of three types of whitelisting.
|
||||
# These are:
|
||||
#
|
||||
# 1) a 'protocol:port' pair (e.g. TCP:25)
|
||||
# 2) a pathname to an executable (e.g. /usr/sbin/squid)
|
||||
# 3) an asterisk ('*')
|
||||
#
|
||||
# Only the UDP or TCP protocol may be specified, and the port number
|
||||
# must be between 1 and 65535 inclusive.
|
||||
#
|
||||
# The asterisk can be used to indicate that any executable in a trusted
|
||||
# path directory will be whitelisted. A trusted path directory is one which
|
||||
# rkhunter uses to locate commands. It is composed of the root PATH
|
||||
# environment variable, and the BINDIR command-line or configuration
|
||||
# file option.
|
||||
#
|
||||
# For example: PORT_WHITELIST="/home/user1/abc /opt/xyz TCP:2001 UDP:32011"
|
||||
#
|
||||
#PORT_WHITELIST=""
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# The following two options can be used to whitelist files and directories
|
||||
# that would normally be flagged with a warning during the rootkit checks.
|
||||
# If the file or directory name contains a space, then the percent character
|
||||
# ('%') must be used instead. Only existing files and directories can be
|
||||
# specified.
|
||||
#
|
||||
#RTKT_DIR_WHITELIST=""
|
||||
@ -0,0 +1 @@
|
||||
#RTKT_FILE_WHITELIST=""
|
||||
@ -0,0 +1,11 @@
|
||||
#
|
||||
# Allow the specified hidden directories.
|
||||
# One directory per line (use multiple ALLOWHIDDENDIR lines).
|
||||
#
|
||||
#ALLOWHIDDENDIR=/etc/.java
|
||||
ALLOWHIDDENDIR=/dev/.udev
|
||||
#ALLOWHIDDENDIR=/dev/.udevdb
|
||||
#ALLOWHIDDENDIR=/dev/.udev.tdb
|
||||
#ALLOWHIDDENDIR=/dev/.static
|
||||
#ALLOWHIDDENDIR=/dev/.initramfs
|
||||
#ALLOWHIDDENDIR=/dev/.SRC-unix
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# Allow the specified hidden files.
|
||||
# One file per line (use multiple ALLOWHIDDENFILE lines).
|
||||
#
|
||||
#ALLOWHIDDENFILE=/etc/.java
|
||||
ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
|
||||
#ALLOWHIDDENFILE=/etc/.pwd.lock
|
||||
#ALLOWHIDDENFILE=/etc/.init.state
|
||||
@ -0,0 +1,21 @@
|
||||
#
|
||||
# Allow the specified processes to use deleted files.
|
||||
# One process per line (use multiple ALLOWPROCDELFILE lines).
|
||||
#
|
||||
# The process name may be followed by a colon-separated list
|
||||
# of full pathnames. The process will then only be whitelisted
|
||||
# if it is using one of the given files. For example:
|
||||
#
|
||||
# ALLOWPROCDELFILE=/usr/libexec/gconfd-2:/tmp/abc:/var/tmp/xyz
|
||||
#
|
||||
#ALLOWPROCDELFILE=/sbin/cardmgr
|
||||
#ALLOWPROCDELFILE=/usr/sbin/gpm
|
||||
#ALLOWPROCDELFILE=/usr/libexec/gconfd-2
|
||||
#ALLOWPROCDELFILE=/usr/sbin/mysqld
|
||||
ALLOWPROCDELFILE=(deleted)
|
||||
ALLOWPROCDELFILE=/usr/bin/freshclam
|
||||
ALLOWPROCDELFILE=/usr/bin/perl
|
||||
ALLOWPROCDELFILE=/usr/bin/python
|
||||
ALLOWPROCDELFILE=/usr/libexec/dovecot/imap
|
||||
ALLOWPROCDELFILE=/usr/sbin/asterisk
|
||||
ALLOWPROCDELFILE=/usr/sbin/httpd
|
||||
@ -0,0 +1,11 @@
|
||||
#
|
||||
# Allow the specified processes to listen on any network interface.
|
||||
# One process per line (use multiple ALLOWPROCLISTEN lines).
|
||||
#
|
||||
ALLOWPROCLISTEN=/sbin/dhclient
|
||||
ALLOWPROCLISTEN=/usr/sbin/dhcpd
|
||||
#ALLOWPROCLISTEN=/usr/bin/dhcpcd
|
||||
ALLOWPROCLISTEN=/usr/sbin/pppoe
|
||||
#ALLOWPROCLISTEN=/usr/sbin/tcpdump
|
||||
#ALLOWPROCLISTEN=/usr/sbin/snort-plain
|
||||
#ALLOWPROCLISTEN=/usr/local/bin/wpa_supplicant
|
||||
@ -0,0 +1,7 @@
|
||||
#
|
||||
# Allow the specified files to be present in the /dev directory,
|
||||
# and not regarded as suspicious. One file per line (use multiple
|
||||
# ALLOWDEVFILE lines).
|
||||
#
|
||||
#ALLOWDEVFILE=/dev/abc
|
||||
ALLOWDEVFILE=/dev/shm/pulse-shm-*
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# SCAN_MODE_DEV governs how we scan /dev for suspicious files.
|
||||
# The two allowed options are: THOROUGH or LAZY.
|
||||
# If commented out we do a THOROUGH scan which will increase the runtime.
|
||||
# Even though this adds to the running time it is highly recommended to
|
||||
# leave it like this.
|
||||
#
|
||||
#SCAN_MODE_DEV=THOROUGH
|
||||
@ -0,0 +1,5 @@
|
||||
#
|
||||
# This setting tells rkhunter where the inetd configuration
|
||||
# file is located.
|
||||
#
|
||||
#INETD_CONF_PATH=/etc/inetd.conf
|
||||
@ -0,0 +1,30 @@
|
||||
#
|
||||
# Allow the following enabled inetd services.
|
||||
# Only one service per line (use multiple INETD_ALLOWED_SVC lines).
|
||||
#
|
||||
# Below are some Solaris 9 and 10 services that may want to be whitelisted.
|
||||
#
|
||||
#INETD_ALLOWED_SVC=echo
|
||||
#INETD_ALLOWED_SVC=/usr/dt/bin/rpc.ttdbserverd
|
||||
#INETD_ALLOWED_SVC=/usr/openwin/lib/fs.auto
|
||||
#INETD_ALLOWED_SVC=/usr/lib/smedia/rpc.smserverd
|
||||
#INETD_ALLOWED_SVC=/usr/sbin/rpc.metad
|
||||
#INETD_ALLOWED_SVC=/usr/sbin/rpc.metamhd
|
||||
#INETD_ALLOWED_SVC=/usr/sbin/rpc.metamedd
|
||||
#INETD_ALLOWED_SVC=/usr/sbin/rpc.mdcommd
|
||||
#INETD_ALLOWED_SVC=/usr/dt/bin/dtspcd
|
||||
#INETD_ALLOWED_SVC=/usr/dt/bin/rpc.cmsd
|
||||
#INETD_ALLOWED_SVC=/usr/lib/gss/gssd
|
||||
#INETD_ALLOWED_SVC=/usr/lib/ST/stfsloader
|
||||
#INETD_ALLOWED_SVC=/usr/lib/fs/cachefs/cachefsd
|
||||
#INETD_ALLOWED_SVC=/network/rpc/mdcomm
|
||||
#INETD_ALLOWED_SVC=/network/rpc/meta
|
||||
#INETD_ALLOWED_SVC=/network/rpc/metamed
|
||||
#INETD_ALLOWED_SVC=/network/rpc/metamh
|
||||
#INETD_ALLOWED_SVC=/network/security/ktkt_warn
|
||||
#INETD_ALLOWED_SVC=/application/x11/xfs
|
||||
#INETD_ALLOWED_SVC=/application/print/rfc1179
|
||||
#INETD_ALLOWED_SVC=/application/font/stfsloader
|
||||
#INETD_ALLOWED_SVC=/network/rpc-100235_1/rpc_ticotsord
|
||||
#INETD_ALLOWED_SVC=/network/rpc-100083_1/rpc_tcp
|
||||
#INETD_ALLOWED_SVC=/network/rpc-100068_2-5/rpc_udp
|
||||
@ -0,0 +1,5 @@
|
||||
#
|
||||
# This setting tells rkhunter where the xinetd configuration
|
||||
# file is located.
|
||||
#
|
||||
#XINETD_CONF_PATH=/etc/xinetd.conf
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# Allow the following enabled xinetd services. Whilst it would be
|
||||
# nice to use the service names themselves, at the time of testing
|
||||
# we only have the pathname available. As such, these entries are
|
||||
# the xinetd file pathnames.
|
||||
# Only one service (file) per line (use multiple XINETD_ALLOWED_SVC lines).
|
||||
#
|
||||
#XINETD_ALLOWED_SVC=/etc/xinetd.d/echo
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# This option tells rkhunter the local system startup file pathnames.
|
||||
# It is a space-separated list of files and directories. The directories
|
||||
# will be searched for files. By default rkhunter will use certain
|
||||
# filenames and directories. If the option is set to 'none', then
|
||||
# certain tests will be skipped.
|
||||
#
|
||||
#STARTUP_PATHS="/etc/rc.d /etc/rc.local"
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# This setting tells rkhunter the pathname to the syslog configuration
|
||||
# file. This setting will be worked out by rkhunter, and so should not
|
||||
# usually need to be set.
|
||||
#
|
||||
SYSLOG_CONFIG_FILE=/etc/rsyslog.conf
|
||||
@ -0,0 +1,7 @@
|
||||
#
|
||||
# This setting tells rkhunter the pathname to the file containing the
|
||||
# user account passwords. This setting will be worked out by rkhunter,
|
||||
# and so should not usually need to be set. Users of TCB shadow files
|
||||
# should not set this option.
|
||||
#
|
||||
#PASSWORD_FILE=/etc/shadow
|
||||
@ -0,0 +1,9 @@
|
||||
#
|
||||
# Allow the following accounts to be root equivalent. These accounts
|
||||
# will have a UID value of zero. This option is a space-separated list
|
||||
# of account names. The 'root' account does not need to be listed as it
|
||||
# is automatically whitelisted.
|
||||
#
|
||||
# NOTE: For *BSD systems you may need to enable this for the 'toor' account.
|
||||
#
|
||||
#UID0_ACCOUNTS="toor rooty"
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# Allow the following accounts to have no password. This option is a
|
||||
# space-separated list of account names. NIS/YP entries do not need to
|
||||
# be listed as they are automatically whitelisted.
|
||||
#
|
||||
#PWDLESS_ACCOUNTS="abc"
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# This setting tells rkhunter the pathname to the syslog configuration
|
||||
# file. This setting will be worked out by rkhunter, and so should not
|
||||
# usually need to be set.
|
||||
#
|
||||
SYSLOG_CONFIG_FILE=/etc/rsyslog.conf
|
||||
@ -0,0 +1,4 @@
|
||||
#
|
||||
# This option permits the use of syslog remote logging.
|
||||
#
|
||||
ALLOW_SYSLOG_REMOTE_LOGGING=0
|
||||
@ -0,0 +1,15 @@
|
||||
#
|
||||
# The following option can be used to tell rkhunter where the operating
|
||||
# system 'release' file is located. This file contains information
|
||||
# specifying the current O/S version. RKH will store this information
|
||||
# itself, and check to see if it has changed between each run. If it has
|
||||
# changed, then the user is warned that RKH may issue warning messages
|
||||
# until RKH has been run with the '--propupd' option.
|
||||
#
|
||||
# Since the contents of the file vary according to the O/S distribution,
|
||||
# RKH will perform different actions when it detects the file itself. As
|
||||
# such, this option should not be set unless necessary. If this option is
|
||||
# specified, then RKH will assume the O/S release information is on the
|
||||
# first non-blank line of the file.
|
||||
#
|
||||
OS_VERSION_FILE="/etc/redhat-release"
|
||||
@ -0,0 +1,14 @@
|
||||
#
|
||||
# Scan for suspicious files in directories containing temporary files and
|
||||
# directories posing a relatively higher risk due to user write access.
|
||||
# Please do not enable by default as suspscan is CPU and I/O intensive and prone to
|
||||
# producing false positives. Do review all settings before usage.
|
||||
# Also be aware that running suspscan in combination with verbose logging on,
|
||||
# RKH's default, will show all ignored files.
|
||||
# Please consider adding all directories the user the (web)server runs as has
|
||||
# write access to including the document root (example: "/var/www") and log
|
||||
# directories (example: "/var/log/httpd").
|
||||
#
|
||||
# A space-separated list of directories to scan.
|
||||
#
|
||||
SUSPSCAN_DIRS="/tmp /var/tmp"
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# Directory for temporary files. A memory-based one is better (faster).
|
||||
# Do not use a directory name that is listed in SUSPSCAN_DIRS.
|
||||
# Please make sure you have a tempfs mounted and the directory exists.
|
||||
#
|
||||
SUSPSCAN_TEMP=/dev/shm
|
||||
@ -0,0 +1,5 @@
|
||||
#
|
||||
# Maximum filesize in bytes. Files larger than this will not be inspected.
|
||||
# Do make sure you have enough space left in your temporary files directory.
|
||||
#
|
||||
SUSPSCAN_MAXSIZE=10240000
|
||||
@ -0,0 +1,6 @@
|
||||
#
|
||||
# Score threshold. Below this value no hits will be reported.
|
||||
# A value of "200" seems "good" after testing on malware. Please adjust
|
||||
# locally if necessary.
|
||||
#
|
||||
SUSPSCAN_THRESH=200
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# To force rkhunter to use the supplied script for the 'stat' or 'readlink'
|
||||
# command, then the following two options can be used. The value must be
|
||||
# set to 'BUILTIN'.
|
||||
#
|
||||
# NOTE: IRIX users will probably need to enable STAT_CMD.
|
||||
#
|
||||
#STAT_CMD=BUILTIN
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# To force rkhunter to use the supplied script for the 'stat' or 'readlink'
|
||||
# command, then the following two options can be used. The value must be
|
||||
# set to 'BUILTIN'.
|
||||
#
|
||||
# NOTE: IRIX users will probably need to enable STAT_CMD.
|
||||
#
|
||||
#STAT_CMD=BUILTIN
|
||||
@ -0,0 +1,50 @@
|
||||
#
|
||||
# These options specify a command, directory or file pathname which will be
|
||||
# included or excluded in the file properties checks.
|
||||
#
|
||||
# For the USER_FILEPROP_FILES_DIRS option, simple command names - for example,
|
||||
# 'top' - and directory names are added to the internal list of directories to
|
||||
# be searched for each of the command names in the command list. Additionally,
|
||||
# full pathnames to files, which need not be commands, may be given. Any files
|
||||
# or directories which are already part of the internal lists will be silently
|
||||
# ignored from the configuration.
|
||||
#
|
||||
# For the USER_FILEPROP_FILES_DIRS option, wildcards are allowed, except for
|
||||
# simple command names.
|
||||
# For example, 'top*' cannot be given, but '/usr/bin/top*' is allowed.
|
||||
#
|
||||
# Specific files may be excluded by using the EXCLUDE_USER_FILEPROP_FILES_DIRS
|
||||
# option. Wildcards may be used with this option.
|
||||
#
|
||||
# By combining these two options, and using wildcards, whole directories can be
|
||||
# excluded. For example:
|
||||
#
|
||||
# USER_FILEPROP_FILES_DIRS=/etc/*
|
||||
# USER_FILEPROP_FILES_DIRS=/etc/*/*
|
||||
# EXCLUDE_USER_FILEPROP_FILES_DIRS=/etc/rc?.d/*
|
||||
#
|
||||
# This will look for files in the first two directory levels of '/etc'. However,
|
||||
# anything in '/etc/rc0.d', '/etc/rc1.d', '/etc/rc2.d' and so on, will be
|
||||
# excluded.
|
||||
#
|
||||
# NOTE: Only files and directories which have been added by the user, and are
|
||||
# not part of the internal lists, can be excluded. So, for example, it is not
|
||||
# possible to exclude the 'ps' command by using '/bin/ps'. These will be
|
||||
# silently ignored from the configuration.
|
||||
#
|
||||
# Both options can be specified more than once.
|
||||
#
|
||||
# NOTE: Whenever these options are changed 'rkhunter --propupd' must be run.
|
||||
#
|
||||
# The default value for both options is the null string.
|
||||
#
|
||||
#USER_FILEPROP_FILES_DIRS=top
|
||||
#USER_FILEPROP_FILES_DIRS=/usr/local/sbin
|
||||
#USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf
|
||||
#USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf.local
|
||||
#USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/*
|
||||
#USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/i18n/*
|
||||
#EXCLUDE_USER_FILEPROP_FILES_DIRS=/opt/ps*
|
||||
#EXCLUDE_USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/mirrors.dat
|
||||
#EXCLUDE_USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/rkhunter*
|
||||
|
||||
@ -0,0 +1,18 @@
|
||||
#
|
||||
# This option can be used to tell rkhunter to ignore any prelink dependency
|
||||
# errors for the given commands. However, a warning will also be issued if the
|
||||
# error does not occur for a given command. As such this option must only be
|
||||
# used on commands which experience a persistent problem.
|
||||
#
|
||||
# Short-term prelink dependency errors can usually be resolved simply by
|
||||
# running the 'prelink' command on the given pathname.
|
||||
#
|
||||
# This is a space-separated list of command pathnames. The option can be
|
||||
# specified more than once.
|
||||
#
|
||||
# NOTE: Whenever this option is changed 'rkhunter --propupd' must be run.
|
||||
#
|
||||
# The default value is the null string.
|
||||
#
|
||||
#IGNORE_PRELINK_DEP_ERR=/bin/ps /usr/bin/top
|
||||
|
||||
16
root/etc/e-smith/templates/etc/rkhunter.conf/120LookTimeDate
Normal file
16
root/etc/e-smith/templates/etc/rkhunter.conf/120LookTimeDate
Normal file
@ -0,0 +1,16 @@
|
||||
#
|
||||
# In the file properties test any modification date/time is displayed as the
|
||||
# number of epoch seconds. Rkhunter will try and use the 'date' command, or
|
||||
# failing that the 'perl' command, to display the date and time in a
|
||||
# human-readable format as well. This option may be used if some other command
|
||||
# should be used instead. The given command must understand the '%s' and
|
||||
# 'seconds ago' options found in the GNU 'date' command.
|
||||
#
|
||||
# A value of 'NONE' may be used to request that only the epoch seconds be shown.
|
||||
# A value of 'PERL' may be used to force rkhunter to use the 'perl' command, if
|
||||
# it is present.
|
||||
#
|
||||
# This option has no default value.
|
||||
#
|
||||
#EPOCH_DATE_CMD=""
|
||||
|
||||
@ -0,0 +1,45 @@
|
||||
#
|
||||
# The following option can be used to tell rkhunter where the operating system
|
||||
# 'release' file is located. This file contains information specifying the
|
||||
# current O/S version. RKH will store this information, and check to see if it
|
||||
# has changed between each run. If it has changed, then the user is warned that
|
||||
# RKH may issue warning messages until RKH has been run with the '--propupd'
|
||||
# option.
|
||||
#
|
||||
# Since the contents of the file vary according to the O/S distribution, RKH
|
||||
# will perform different actions when it detects the file itself. As such, this
|
||||
# option should not be set unless necessary. If this option is specified, then
|
||||
# RKH will assume the O/S release information is on the first non-blank line of
|
||||
# the file.
|
||||
#
|
||||
# This option has no default value.
|
||||
#
|
||||
# Also see the WARN_ON_OS_CHANGE and UPDT_ON_OS_CHANGE options.
|
||||
#
|
||||
#OS_VERSION_FILE=/etc/release
|
||||
|
||||
#
|
||||
# Set the following option to '0' if you do not want to receive a warning if any
|
||||
# O/S information has changed since the last run of 'rkhunter --propupd'. The
|
||||
# warnings occur during the file properties check. Setting a value of '1' will
|
||||
# cause rkhunter to issue a warning if something has changed.
|
||||
#
|
||||
# The default value is '1'.
|
||||
#
|
||||
#WARN_ON_OS_CHANGE=1
|
||||
|
||||
#
|
||||
# Set the following option to '1' if you want rkhunter to automatically run a
|
||||
# file properties update ('--propupd') if the O/S has changed. Detection of an
|
||||
# O/S change occurs during the file properties check. Setting a value of '0'
|
||||
# will cause rkhunter not to do an automatic update.
|
||||
#
|
||||
# WARNING: Only set this option if you are sure that the update will work
|
||||
# correctly. That is, that the database directory is writeable, that a valid
|
||||
# hash function is available, and so on. This can usually be checked simply by
|
||||
# running 'rkhunter --propupd' at least once.
|
||||
#
|
||||
# The default value is '0'.
|
||||
#
|
||||
#UPDT_ON_OS_CHANGE=0
|
||||
|
||||
@ -0,0 +1,25 @@
|
||||
#
|
||||
# The following option can be set to a command which rkhunter will use when
|
||||
# downloading files from the Internet - that is, when the '--update' or
|
||||
# '--versioncheck' option is used. The command can take options.
|
||||
#
|
||||
# This allows the user to use a command other than the one automatically
|
||||
# selected by rkhunter, but still one which it already knows about.
|
||||
# For example:
|
||||
#
|
||||
# WEB_CMD=curl
|
||||
#
|
||||
# Alternatively, the user may specify a completely new command. However, note
|
||||
# that rkhunter expects the downloaded file to be written to stdout, and that
|
||||
# everything written to stderr is ignored. For example:
|
||||
#
|
||||
# WEB_CMD="/opt/bin/dlfile --timeout 5m -q"
|
||||
#
|
||||
# *BSD users may want to use the 'ftp' command, provided that it supports the
|
||||
# HTTP protocol:
|
||||
#
|
||||
# WEB_CMD="ftp -o -"
|
||||
#
|
||||
# This option has no default value.
|
||||
#
|
||||
#WEB_CMD=""
|
||||
@ -0,0 +1,37 @@
|
||||
#
|
||||
# Set the following option to '1' if locking is to be used when rkhunter runs.
|
||||
# The lock is set just before logging starts, and is removed when the program
|
||||
# ends. It is used to prevent items such as the log file, and the file
|
||||
# properties file, from becoming corrupted if rkhunter is running more than
|
||||
# once. The mechanism used is to simply create a lock file in the TMPDIR
|
||||
# directory. If the lock file already exists, because rkhunter is already
|
||||
# running, then the current process simply loops around sleeping for 10 seconds
|
||||
# and then retrying the lock. A value of '0' means not to use locking.
|
||||
#
|
||||
# The default value is '0'.
|
||||
#
|
||||
# Also see the LOCK_TIMEOUT and SHOW_LOCK_MSGS options.
|
||||
#
|
||||
#USE_LOCKING=0
|
||||
|
||||
#
|
||||
# If locking is used, then rkhunter may have to wait to get the lock file.
|
||||
# This option sets the total amount of time, in seconds, that rkhunter should
|
||||
# wait. It will retry the lock every 10 seconds, until either it obtains the
|
||||
# lock or the timeout value has been reached.
|
||||
#
|
||||
# The default value is 300 seconds (5 minutes).
|
||||
#
|
||||
#LOCK_TIMEOUT=300
|
||||
|
||||
#
|
||||
# If locking is used, then rkhunter may be doing nothing for some time if it
|
||||
# has to wait for the lock. If this option is set to '1', then some simple
|
||||
# messages are echoed to the users screen to let them know that rkhunter is
|
||||
# waiting for the lock. Set this option to '0' if the messages are not to be
|
||||
# displayed.
|
||||
#
|
||||
# The default value is '1'.
|
||||
#
|
||||
#SHOW_LOCK_MSGS=1
|
||||
|
||||
@ -0,0 +1,18 @@
|
||||
#
|
||||
# The two options below may be used to check if a file is missing or empty
|
||||
# (that is, it has a size of zero). The EMPTY_LOGFILES option will also check
|
||||
# if the file is missing, since that can be interpreted as a file of no size.
|
||||
# However, the file will only be reported as missing if the MISSING_LOGFILES
|
||||
# option hasn't already done this.
|
||||
#
|
||||
# Both options are space-separated lists of pathnames, and may be specified
|
||||
# more than once.
|
||||
#
|
||||
# NOTE: Log files are usually 'rotated' by some mechanism. At that time it is
|
||||
# perfectly possible for the file to be either missing or empty. As such these
|
||||
# options may produce false-positive warnings when log files are rotated.
|
||||
#
|
||||
# For both options the default value is the null string.
|
||||
#
|
||||
#EMPTY_LOGFILES=""
|
||||
#MISSING_LOGFILES=""
|
||||
@ -0,0 +1,23 @@
|
||||
#
|
||||
# This option can be set to either '0' or '1'. If set to '1' then the summary,
|
||||
# shown after rkhunter has run, will display the actual number of warnings
|
||||
# found. If it is set to '0', then the summary will simply indicate that
|
||||
# 'One or more' warnings were found. If no warnings were found, and this option
|
||||
# is set to '1', then a "0" will be shown. If the option is set to '0', then
|
||||
# the words 'No warnings' will be shown.
|
||||
#
|
||||
# The default value is '0'.
|
||||
#
|
||||
#SHOW_SUMMARY_WARNINGS_NUMBER=0
|
||||
|
||||
#
|
||||
# This option is used to determine where, if anywhere, the summary scan time is
|
||||
# displayed. A value of '0' indicates that it should not be displayed anywhere.
|
||||
# A value of '1' indicates that the time should only appear on the screen, and a
|
||||
# value of '2' that it should only appear in the log file. A value of '3'
|
||||
# indicates that the time taken should appear both on the screen and in the log
|
||||
# file.
|
||||
#
|
||||
# The default value is '3'.
|
||||
#
|
||||
#SHOW_SUMMARY_TIME=3
|
||||
@ -0,0 +1,20 @@
|
||||
#
|
||||
# If this option is set to 'THOROUGH' then rkhunter will search (on a per
|
||||
# rootkit basis) for filenames in all of the directories (as defined by the
|
||||
# result of running 'find / -xdev'). While still not optimal, as it still
|
||||
# searches for only file names as opposed to file contents, this is one step
|
||||
# away from the rigidity of searching in known (evidence) or default
|
||||
# (installation) locations.
|
||||
#
|
||||
# THIS OPTION SHOULD NOT BE ENABLED BY DEFAULT.
|
||||
#
|
||||
# You should only activate this feature as part of a more thorough
|
||||
# investigation, which should be based on relevant best practices and
|
||||
# procedures.
|
||||
#
|
||||
# Enabling this feature implies you have the knowledge to interpret the
|
||||
# results properly.
|
||||
#
|
||||
# The default value is the null string.
|
||||
#
|
||||
#SCANROOTKITMODE=THOROUGH
|
||||
@ -0,0 +1,37 @@
|
||||
#
|
||||
# The following option can be set to the name(s) of the tests the 'unhide'
|
||||
# command is to use. Options such as '-m' and '-v' may be specified, but will
|
||||
# only take effect when they are seen. The test names are a space-separated
|
||||
# list, and will be executed in the order given.
|
||||
#
|
||||
# This option may be specified more than once.
|
||||
#
|
||||
# The default value is 'sys' in order to maintain compatibility with older
|
||||
# versions of 'unhide'.
|
||||
#
|
||||
#UNHIDE_TESTS=sys
|
||||
|
||||
#
|
||||
# The following option can be used to set options for the 'unhide-tcp' command.
|
||||
# The options are space-separated.
|
||||
#
|
||||
# This option may be specified more than once.
|
||||
#
|
||||
# The default value is the null string.
|
||||
#
|
||||
#UNHIDETCP_OPTS=""
|
||||
|
||||
#
|
||||
# If both the C 'unhide', and Ruby 'unhide.rb', programs exist on the system,
|
||||
# then it is possible to disable the execution of one of the programs if
|
||||
# desired. By default rkhunter will look for both programs, and execute each
|
||||
# of them as they are found. If the value of this option is '0', then both
|
||||
# programs will be executed if they are present. A value of '1' will disable
|
||||
# execution of the C 'unhide' program, and a value of '2' will disable the Ruby
|
||||
# 'unhide.rb' program. To disable both programs, then disable the
|
||||
# 'hidden_procs' test.
|
||||
#
|
||||
# The default value is '0'.
|
||||
#
|
||||
#DISABLE_UNHIDE=0
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
|
||||
#
|
||||
# This option whitelists files and directories from existing, or not existing,
|
||||
# on the system at the time of testing. This option is used when the
|
||||
# configuration file options themselves are checked, and during the file
|
||||
# properties check, the hidden files and directories checks, and the filesystem
|
||||
# check of the '/dev' directory.
|
||||
#
|
||||
# This option may be specified more than once, and may use wildcards.
|
||||
# Be aware though that this is probably not what you want to do as the
|
||||
# wildcarding will be expanded after files have been deleted. As such
|
||||
# deleted files won't be whitelisted if wildcarded.
|
||||
#
|
||||
# NOTE: The user must take into consideration how often the file will appear
|
||||
# and disappear from the system in relation to how often rkhunter is run. If
|
||||
# the file appears, and disappears, too often then rkhunter may not notice
|
||||
# this. All it will see is that the file has changed. The inode-number and DTM
|
||||
# will certainly be different for each new file, and rkhunter will report this.
|
||||
#
|
||||
# The default value is the null string.
|
||||
#
|
||||
#EXISTWHITELIST=""
|
||||
#EXISTWHITELIST=/var/log/pki-ca/system
|
||||
# FreeIPA Certificate Authority
|
||||
#EXISTWHITELIST=/var/log/pki/pki-tomcat/ca/system
|
||||
# Some non default installed files we check
|
||||
#EXISTWHITELIST=/usr/bin/GET
|
||||
#EXISTWHITELIST=/usr/bin/whatis
|
||||
@ -0,0 +1,41 @@
|
||||
#
|
||||
# The following two options can be used to whitelist files and directories that
|
||||
# would normally be flagged with a warning during the various rootkit and
|
||||
# malware checks. Only existing files and directories can be specified, and
|
||||
# these must be full pathnames not links.
|
||||
#
|
||||
# Additionally, the RTKT_FILE_WHITELIST option may include a string after the
|
||||
# file name (separated by a colon). This will then only whitelist that string
|
||||
# in that file (as part of the malware checks). For example:
|
||||
#
|
||||
# RTKT_FILE_WHITELIST=/etc/rc.local:hdparm
|
||||
#
|
||||
# If the option list includes the filename on its own as well, then the file
|
||||
# will be whitelisted from rootkit checks of the files existence, but still
|
||||
# only the specific string within the file will be whitelisted. For example:
|
||||
#
|
||||
# RTKT_FILE_WHITELIST=/etc/rc.local
|
||||
# RTKT_FILE_WHITELIST=/etc/rc.local:hdparm
|
||||
#
|
||||
# To whitelist a file from the existence checks, but not from the strings
|
||||
# checks, then include the filename on its own and on its own but with just
|
||||
# a colon appended. For example:
|
||||
#
|
||||
# RTKT_FILE_WHITELIST=/etc/rc.local
|
||||
# RTKT_FILE_WHITELIST=/etc/rc.local:
|
||||
#
|
||||
# NOTE: It is recommended that if you whitelist any files, then you include
|
||||
# those files in the file properties check. See the USER_FILEPROP_FILES_DIRS
|
||||
# configuration option.
|
||||
#
|
||||
# Both of these options may be specified more than once.
|
||||
#
|
||||
# For both options the default value is the null string.
|
||||
#
|
||||
#RTKT_DIR_WHITELIST=""
|
||||
#RTKT_FILE_WHITELIST=""
|
||||
# FreeIPA Certificate Authority
|
||||
#RTKT_FILE_WHITELIST=/var/log/pki-ca/system
|
||||
# FreeIPA Certificate Authority
|
||||
#RTKT_FILE_WHITELIST=/var/log/pki/pki-tomcat/ca/system
|
||||
|
||||
@ -0,0 +1,41 @@
|
||||
#
|
||||
# The following options can be used to whitelist network ports which are known
|
||||
# to have been used by malware.
|
||||
#
|
||||
# The PORT_WHITELIST option is a space-separated list of one or more of two
|
||||
# types of whitelisting. These are:
|
||||
#
|
||||
# 1) a 'protocol:port' pair
|
||||
# 2) an asterisk ('*')
|
||||
#
|
||||
# Only the UDP or TCP protocol may be specified, and the port number must be
|
||||
# between 1 and 65535 inclusive.
|
||||
#
|
||||
# The asterisk can be used to indicate that any executable which rkhunter can
|
||||
# locate as a command, is whitelisted. (Also see BINDIR)
|
||||
#
|
||||
# The PORT_PATH_WHITELIST option specifies one of two types of whitelisting.
|
||||
# These are:
|
||||
#
|
||||
# 1) a pathname to an executable
|
||||
# 2) a combined pathname, protocol and port
|
||||
#
|
||||
# As above, the protocol can only be TCP or UDP, and the port number must be
|
||||
# between 1 and 65535 inclusive.
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# PORT_WHITELIST=TCP:2001 UDP:32011
|
||||
# PORT_PATH_WHITELIST=/usr/sbin/squid
|
||||
# PORT_PATH_WHITELIST=/usr/sbin/squid:TCP:3801
|
||||
#
|
||||
# NOTE: In order to whitelist a pathname, or use the asterisk option, the
|
||||
# 'lsof' command must be present.
|
||||
#
|
||||
# Both options may be specified more than once.
|
||||
#
|
||||
# The default value for both options is the null string.
|
||||
#
|
||||
#PORT_WHITELIST=""
|
||||
#PORT_PATH_WHITELIST=""
|
||||
|
||||
@ -0,0 +1,29 @@
|
||||
#
|
||||
# The following option can be used to whitelist shared library files that would
|
||||
# normally be flagged with a warning during the preloaded shared library check.
|
||||
# These library pathnames usually exist in the '/etc/ld.so.preload' file or in
|
||||
# the LD_PRELOAD environment variable.
|
||||
#
|
||||
# NOTE: It is recommended that if you whitelist any files, then you include
|
||||
# those files in the file properties check. See the USER_FILEPROP_FILES_DIRS
|
||||
# configuration option.
|
||||
#
|
||||
# This option is a space-separated list of library pathnames. The option may be
|
||||
# specified more than once.
|
||||
#
|
||||
# The default value is the null string.
|
||||
#
|
||||
#SHARED_LIB_WHITELIST=/lib/snoopy.so
|
||||
|
||||
#
|
||||
# To force rkhunter to use the supplied script for the 'stat' or 'readlink'
|
||||
# command the following two options can be used. The value must be set to
|
||||
# 'BUILTIN'.
|
||||
#
|
||||
# NOTE: IRIX users will probably need to enable STAT_CMD.
|
||||
#
|
||||
# For both options the default value is the null string.
|
||||
#
|
||||
#STAT_CMD=BUILTIN
|
||||
#READLINK_CMD=BUILTIN
|
||||
|
||||
11
root/etc/e-smith/templates/etc/sysconfig/rkhunter/09warning
Normal file
11
root/etc/e-smith/templates/etc/sysconfig/rkhunter/09warning
Normal file
@ -0,0 +1,11 @@
|
||||
#------------------------------------------------------------
|
||||
# !!DO NOT MODIFY THIS FILE!!
|
||||
#
|
||||
# Manual changes will be lost when this file is regenerated.
|
||||
#
|
||||
# Please read the developer's guide, which is available
|
||||
# at http://www.contribs.org/development/
|
||||
#
|
||||
# Copyright (C) 1999-2006 Mitel Networks Corporation
|
||||
#------------------------------------------------------------
|
||||
|
||||
19
root/etc/e-smith/templates/etc/sysconfig/rkhunter/10config
Normal file
19
root/etc/e-smith/templates/etc/sysconfig/rkhunter/10config
Normal file
@ -0,0 +1,19 @@
|
||||
# System configuration file for Rootkit Hunter which
|
||||
# stores RPM system specifics for cron run, etc.
|
||||
#
|
||||
# MAILTO= <email address to send scan report>
|
||||
# DIAG_SCAN= no - perform normal report scan
|
||||
# yes - perform detailed report scan
|
||||
# (includes application check)
|
||||
|
||||
{
|
||||
my $mailRK = $rkhunter{'mail'} || "root";
|
||||
$OUT .= "MAILTO=$mailRK\n";
|
||||
|
||||
my $diagScan = $rkhunter{'DIAG_SCAN'} || "no";
|
||||
|
||||
$OUT .= "DIAG_SCAN=$diagScan\n";
|
||||
|
||||
}
|
||||
|
||||
|
||||
100
smeserver-rkhunter.spec
Normal file
100
smeserver-rkhunter.spec
Normal file
@ -0,0 +1,100 @@
|
||||
# $Id: smeserver-rkhunter.spec,v 1.4 2021/03/29 17:49:09 brianr Exp $
|
||||
|
||||
Summary: rkhunter for SME Server
|
||||
Name: smeserver-rkhunter
|
||||
%define version 1.4.0
|
||||
%define release 8
|
||||
%define displayversion %{version}
|
||||
Version: %{version}
|
||||
Release: %{release}%{?dist}
|
||||
License: GPL
|
||||
Group: Applications/System
|
||||
Source: smeserver-rkhunter-%{version}.tar.xz
|
||||
BuildArchitectures: noarch
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||
Requires: rkhunter
|
||||
#Patch2: smeserver-rkhunter-1.4.0.bz10376.disableupdate.patch
|
||||
BuildRequires: perl, e-smith-devtools
|
||||
|
||||
%description
|
||||
rkhunter for SME Server
|
||||
|
||||
%changelog
|
||||
* Sat Sep 07 2024 cvs2git.sh aka Brian Read <brianr@koozali.org> 1.4.0-8.sme
|
||||
- Roll up patches and move to git repo [SME: 12338]
|
||||
|
||||
* Sat Sep 07 2024 BogusDateBot
|
||||
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||
by assuming the date is correct and changing the weekday.
|
||||
|
||||
* Mon Mar 29 2021 Brian Read <brianr@bjsystems.co.uk> 1.4.0-7.sme
|
||||
- Add Update event to createlinks [SME: 11025]
|
||||
|
||||
* Mon Mar 29 2021 BogusDateBot
|
||||
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||
by assuming the date is correct and changing the weekday.
|
||||
|
||||
* Wed Dec 30 2020 Brian Read <brianr@bjsystems.co.uk> 1.4.0-6.sme
|
||||
- Revert patch to suppress update as the exploit has been fixed [SME:11025]
|
||||
|
||||
* Fri Oct 09 2020 Brian Read <brianr@bjsystems.co.uk> 1.4.0-5.sme
|
||||
- Import in SME10 tree [SME: 11025 ]
|
||||
|
||||
* Thu Jul 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.4.0-4.sme
|
||||
- disabling as default update for rkh because of CVE-2017-7480 [SME: 10376]
|
||||
- added property updateMirrors to handle this
|
||||
|
||||
* Tue Aug 18 2015 stephane de Labrusse <stephdl@de-labrusse.fr> 1.4.0-3.sme
|
||||
- add smeserver-rkhunter-1.4.0.more_options2rkhunter-conf.patch
|
||||
|
||||
* Thu Aug 13 2015 stephane de Labrusse <stephdl@de-labrusse.fr> 1.4.0-2.sme
|
||||
- change path to rsyslog.conf
|
||||
|
||||
* Thu Aug 13 2015 stephane de Labrusse <stephdl@de-labrusse.fr> 1.4.0-1.sme
|
||||
- First Import to contribs9
|
||||
|
||||
* Tue Sep 17 2013 JP Pialasse <tests@pialasse.com> 1.2.0-10
|
||||
- Add Update event to createlinks not run in cron daily [SME: 7800]
|
||||
- typos in patchs
|
||||
|
||||
* Tue Jul 02 2013 JP Pialasse <tests@pialasse.com> 1.2.0-7
|
||||
- Add Update event to createlinks typo patch correct
|
||||
- Add Update event to createlinks spare space
|
||||
|
||||
* Sun Jun 23 2013 JP Pialasse <tests@pialasse.com> 1.2.0-5
|
||||
- Add Update event to createlinks email error root@localhost [SME: 7103]
|
||||
- adding option for warning mail in .conf
|
||||
- Patch2
|
||||
|
||||
* Thu Jun 20 2013 JP Pialasse <tests@pialasse.com>
|
||||
- Add Update event to createlinks email error root@localhost [SME: 7103]
|
||||
- you can set the mail you want with key mail and default is root
|
||||
|
||||
* Thu May 14 2009 Jonathan Martens <smeserver-contribs@snetram.nl> 1.2.0-3
|
||||
- Bump version number in order to move package to SME Contribs [SME: 5172]
|
||||
|
||||
* Tue Apr 7 2009 Jonathan Martens <smeserver-contribs@snetram.nl> 1.2.0-2
|
||||
- Remove quotes in DISABLE_TESTS setting [SME: 5149]
|
||||
|
||||
* Fri Apr 3 2009 Jonathan Martens <smeserver-contribs@snetram.nl> 1.2.0-1
|
||||
- Initial draft of rkhunter for SME Server
|
||||
- Adjust ALLOW_SSH_ROOT_USER according to sshd PermitRootLogin setting [SME: 3718]
|
||||
|
||||
%prep
|
||||
%setup
|
||||
#%patch2 -p1
|
||||
|
||||
%build
|
||||
perl createlinks
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
|
||||
rm -f %{name}-%{version}-filelist
|
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files -f %{name}-%{version}-filelist
|
||||
%defattr(-,root,root)
|
||||
Loading…
Reference in New Issue
Block a user