some files/paths to add to the example option values
Brought to you by:
dogsbody,
dogsbodymark
Menu
▾
▴
#125 some files/paths to add to the example option values
Hi.
Please consider to add the following commented values to rkhunter.conf:
USER_FILEPROP_FILES_DIRS=/etc/rkhunter.d/*
Also, please have a look at the Debian modifications to rkhunter.conf, they add a lot of useful examples like:
SCRIPTWHITELIST=/usr/bin/unhide.rb
and others, which are probably universally (i.e. not just Debian-realted) applicable.
Cheers,
Chris.
btw: Isn't the example
"#USER_FILEPROP_FILES_DIRS=/var/lib/rkhunter/db/*"
a bad idea, since at least /var/lib/rkhunter/db/rkhunter.dat, which contains the checksums being calculated, will always fail?
As to the bad example, the config file was modified to include exceptions such as 'rkhunter.dat'. However, yes I think you're right that it probably is overall a bad example. I have removed the '/var/lib/rkhunter' examples from the config file.
On my test system it seems that Debian (7) is still using rkhunter 1.4.0 by default. The config file does include other examples - although I couldn't find one for unhide - but I am wary of adding too much. These are supposed to be just 'examples'. It is for the sysadmin to configure the config file to their system when rkhunter is installed, and that can vary from system to system even if they run the same O/S.
As far as I can see you've also added
USER_FILEPROP_FILES_DIRS=/etc/rkhunter.d/*
as I suggested?
Regarding Debian, 1.4.2 is current there:
https://packages.debian.org/sid/rkhunter
While I agree that one shouldn't add too many examples, some of the ones they've had seem to make particularly sense, especially unhide/unhide.rb, as this is basically suggested by rkhunter.
Cheers,
Chris.