lenny.conf.j2 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592
  1. {% if ansible_prolog -%}
  2. {% from 'templates/ansible/prolog.j2' import prolog with context %}
  3. {{ prolog() }}
  4. {% endif -%}
  5. #
  6. # This is the configuration file for Rootkit Hunter.
  7. #
  8. # Please modify it to your own requirements.
  9. # Please review the documentation before posting bug reports or questions.
  10. # To report bugs, obtain updates, or provide patches or comments, please go to:
  11. # http://rkhunter.sourceforge.net
  12. #
  13. # To ask questions about rkhunter, please use the rkhunter-users mailing list.
  14. # Note this is a moderated list: please subscribe before posting.
  15. #
  16. # Lines beginning with a hash (#), and blank lines, will be ignored.
  17. #
  18. # Most of the following options need only be specified once. If
  19. # they appear more than once, then the last one seen will be used.
  20. # Some options are allowed to appear more than once, and the text
  21. # describing the option will say if this is so.
  22. #
  23. #
  24. # If this option is set to 1, it specifies that the mirrors file, which
  25. # is used when the '--update' and '--versioncheck' options are used, is
  26. # to be rotated. Rotating the entries in the file allows a basic form
  27. # of load-balancing between the mirror sites whenever the above options
  28. # are used.
  29. # If the option is set to 0, then the mirrors will be treated as if in
  30. # a priority list. That is, the first mirror will always be used. The
  31. # second mirror will only be used if the first mirror fails, then the
  32. # third mirror will be used if the second fails and so on.
  33. #
  34. ROTATE_MIRRORS=1
  35. #
  36. # If this option is set to 1, it specifies that when the '--update'
  37. # option is used, then the mirrors file is to be checked for updates
  38. # as well. If the current mirrors file contains any local mirrors,
  39. # these will be prepended to the updated file.
  40. # If this option is set to 0, the mirrors file can only be updated
  41. # manually. This may be useful if only using local mirrors.
  42. #
  43. UPDATE_MIRRORS=1
  44. #
  45. # The MIRRORS_MODE option tells rkhunter which mirrors are to be
  46. # used when the '--update' or '--versioncheck' command-line options
  47. # are given. Possible values are:
  48. # 0 - use any mirror (the default)
  49. # 1 - only use local mirrors
  50. # 2 - only use remote mirrors
  51. #
  52. # Local and remote mirrors can be defined in the mirrors.dat file
  53. # by using the 'local=' and 'remote=' keywords respectively.
  54. #
  55. MIRRORS_MODE=0
  56. #
  57. # Email a message to this address if a warning is found when the
  58. # system is being checked. Multiple addresses may be specified
  59. # simply be separating them with a space.
  60. #
  61. #MAIL-ON-WARNING=me@mydomain root@mydomain
  62. #
  63. # Specify the mail command to use if MAIL-ON-WARNING is set.
  64. # NOTE: Double quotes are not required around the command, but
  65. # are required around the subject line if it contains spaces.
  66. #
  67. MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
  68. #
  69. # Specify the temporary directory to use.
  70. #
  71. # NOTE: Do not use /tmp as your temporary directory. Some
  72. # important files will be written to this directory, so be
  73. # sure that the directory permissions are tight.
  74. #
  75. TMPDIR=/var/lib/rkhunter/tmp
  76. #
  77. # Specify the database directory to use.
  78. #
  79. DBDIR=/var/lib/rkhunter/db
  80. #
  81. # Specify the script directory to use.
  82. #
  83. SCRIPTDIR=/usr/share/rkhunter/scripts
  84. #
  85. # Specify the root directory to use.
  86. #
  87. #ROOTDIR=""
  88. #
  89. # Specify the command directories to be checked. This is a
  90. # space-separated list of directories.
  91. #
  92. BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec"
  93. #
  94. # Specify the language to use. This should be similar
  95. # to the ISO 639 language code.
  96. #
  97. # NOTE: Please ensure that the language you specify is supported.
  98. # For a list of supported languages use the following command:
  99. #
  100. # rkhunter --lang en --list languages
  101. #
  102. #LANGUAGE=en
  103. #
  104. # Specify the log file pathname.
  105. #
  106. LOGFILE=/var/log/rkhunter.log
  107. #
  108. # Set the following option to 1 if the log file is to be appended to
  109. # whenever rkhunter is run.
  110. #
  111. APPEND_LOG=0
  112. #
  113. # Set the following option to enable the rkhunter check start and finish
  114. # times to be logged by syslog. Warning messages will also be logged.
  115. # The value of the option must be a standard syslog facility and
  116. # priority, separated by a dot.
  117. #
  118. # For example: USE_SYSLOG=authpriv.warning
  119. #
  120. # Setting the value to 'none', or just leaving the option commented out,
  121. # disables the use of syslog.
  122. #
  123. #USE_SYSLOG=authpriv.notice
  124. #
  125. # Set the following option to 1 if the second colour set is to be used.
  126. # This can be useful if your screen uses black characters on a white
  127. # background (for example, a PC instead of a server).
  128. #
  129. COLOR_SET2=0
  130. #
  131. # Set the following option to 0 if rkhunter should not detect if X is
  132. # being used. If X is detected as being used, then the second colour
  133. # set will automatically be used.
  134. #
  135. AUTO_X_DETECT=1
  136. #
  137. # The following option is checked against the SSH configuration file
  138. # 'PermitRootLogin' option. A warning will be displayed if they do not
  139. # match. However, if a value has not been set in the SSH configuration
  140. # file, then a value here of 'yes' or 'unset' will not cause a warning.
  141. # This option has a default value of 'no'.
  142. #
  143. ALLOW_SSH_ROOT_USER=without-password
  144. #
  145. # Set this option to '1' to allow the use of the SSH-1 protocol, but note
  146. # that theoretically it is weaker, and therefore less secure, than the
  147. # SSH-2 protocol. Do not modify this option unless you have good reasons
  148. # to use the SSH-1 protocol (for instance for AFS token passing or Kerberos4
  149. # authentication). If the 'Protocol' option has not been set in the SSH
  150. # configuration file, then a value of '2' may be set here in order to
  151. # suppress a warning message. This option has a default value of '0'.
  152. #
  153. ALLOW_SSH_PROT_V1=0
  154. #
  155. # This setting tells rkhunter the directory containing the SSH configuration
  156. # file. This setting will be worked out by rkhunter, and so should not
  157. # usually need to be set.
  158. #
  159. #SSH_CONFIG_DIR=/etc/ssh
  160. #
  161. # These two options determine which tests are to be performed.
  162. # The ENABLE_TESTS option can use the word 'all' to refer to all the
  163. # available tests. The DISABLE_TESTS option can use the word 'none' to
  164. # mean that no tests are disabled. The list of disabled tests is applied to
  165. # the list of enabled tests. Both options are space-separated lists of test
  166. # names. The currently available test names can be seen by using the command
  167. # 'rkhunter --list tests'.
  168. #
  169. # The program defaults are to enable all tests and disable none. However, if
  170. # either option is specified in this file, then it overrides the program
  171. # default. The supplied rkhunter.conf file has some tests already disabled,
  172. # and these are tests that will be used only incidentally, can be considered
  173. # "advanced" or those that are prone to produce more than the "average" number
  174. # of "false positives".
  175. #
  176. # Please read the README file for more details about enabling and disabling
  177. # tests, the test names, and how rkhunter behaves when these options are used.
  178. #
  179. # hidden_procs test requires the unhide command which is part of the unhide
  180. # package in Debian.
  181. ENABLE_TESTS="all"
  182. {% set disable_tests = [] %}
  183. {% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' -%}
  184. {% if disable_tests.append('os_specific') %}{% endif %}
  185. {%- endif %}
  186. {% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' -%}
  187. {% if disable_tests.append('promisc') %}{% endif %}
  188. {%- endif %}
  189. DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps {{ disable_tests|join(' ') }}"
  190. #
  191. # The HASH_FUNC option can be used to specify the command to use
  192. # for the file hash value check. It can be specified as just
  193. # the command name or the full pathname. Systems using prelinking
  194. # are restricted to using either SHA1 or MD5 functions. To get rkhunter
  195. # to look for the sha1(sum)/md5(sum) command, or to use the supplied
  196. # perl scripts, simply specify this option as 'SHA1' or 'MD5' in
  197. # uppercase. The default is SHA1, or MD5 if SHA1 cannot be found.
  198. #
  199. # A value of 'NONE' (in uppercase) can be specified to indicate that
  200. # no hash function should be used. Rootkit Hunter will detect this and
  201. # automatically disable the file hash checks.
  202. #
  203. # Examples:
  204. # For Solaris 9 : HASH_FUNC=gmd5sum
  205. # For Solaris 10: HASH_FUNC=sha1sum
  206. # For AIX (>5.2): HASH_FUNC="csum -hMD5"
  207. # For NetBSD : HASH_FUNC="cksum -a sha512"
  208. #
  209. # NOTE: If the hash function is changed then you MUST run rkhunter with
  210. # the '--propupd' option to rebuild the file properties database.
  211. #
  212. #HASH_FUNC=sha1sum
  213. #
  214. # The HASH_FLD_IDX option specifies which field from the HASH_FUNC
  215. # command output contains the hash value. The fields are assumed to
  216. # be space-separated. The default value is one, but for *BSD users
  217. # rkhunter will, by default, use a value of 4 if the HASH_FUNC option
  218. # has not been set. The option value must be a positive integer.
  219. #
  220. #HASH_FLD_IDX=4
  221. #
  222. # The PKGMGR option tells rkhunter to use the specified package manager
  223. # to obtain the file property information. This is used when updating
  224. # the file properties file 'rkhunter.dat', and when running the file
  225. # properties check. For RedHat/RPM-based systems, 'RPM' can be used
  226. # to get information from the RPM database. For Debian-based systems
  227. # 'DPKG' can be used, and for *BSD systems 'BSD' can be used.
  228. # No value, or a value of 'NONE', indicates that no package manager
  229. # is to be used. The default is 'NONE'.
  230. #
  231. # The current package managers store the file hash values using an
  232. # MD5 hash function.
  233. #
  234. # The 'DPKG' and 'BSD' package managers only provide MD5 hash values.
  235. # The 'RPM' package manager additionally provides values for the inode,
  236. # file permissions, uid, gid and other values.
  237. #
  238. # For any file not part of a package, rkhunter will revert to using
  239. # the HASH_FUNC hash function instead.
  240. #
  241. # NONE is the default for Debian as well, as running --propupd takes
  242. # about 4 times longer when it's set to DPKG
  243. #
  244. #PKGMGR=NONE
  245. #
  246. # Whitelist various attributes of the specified files.
  247. # The attributes are those of the 'attributes' test.
  248. # Specifying a file name here does not include it being
  249. # whitelisted for the write permission test below.
  250. # One command per line (use multiple ATTRWHITELIST lines).
  251. #
  252. #ATTRWHITELIST=/bin/ps
  253. #
  254. # Allow the specified commands to have the 'others'
  255. # (world) permission have the write-bit set.
  256. #
  257. # For example, files with permissions r-xr-xrwx
  258. # or rwxrwxrwx.
  259. #
  260. # One command per line (use multiple WRITEWHITELIST lines).
  261. #
  262. #WRITEWHITELIST=/bin/ps
  263. #
  264. # Allow the specified commands to be scripts.
  265. # One command per line (use multiple SCRIPTWHITELIST lines).
  266. #
  267. SCRIPTWHITELIST=/bin/egrep
  268. SCRIPTWHITELIST=/bin/fgrep
  269. SCRIPTWHITELIST=/bin/which
  270. SCRIPTWHITELIST=/usr/bin/groups
  271. SCRIPTWHITELIST=/usr/bin/ldd
  272. SCRIPTWHITELIST=/usr/bin/lwp-request
  273. SCRIPTWHITELIST=/usr/sbin/adduser
  274. SCRIPTWHITELIST=/usr/sbin/prelink
  275. #
  276. # Allow the specified commands to have the immutable attribute set.
  277. # One command per line (use multiple IMMUTWHITELIST lines).
  278. #
  279. #IMMUTWHITELIST=/sbin/ifup
  280. #
  281. # Allow the specified hidden directories.
  282. # One directory per line (use multiple ALLOWHIDDENDIR lines).
  283. #
  284. #ALLOWHIDDENDIR=/etc/.java
  285. #ALLOWHIDDENDIR=/dev/.udev
  286. #ALLOWHIDDENDIR=/dev/.udevdb
  287. #ALLOWHIDDENDIR=/dev/.udev.tdb
  288. #ALLOWHIDDENDIR=/dev/.static
  289. #ALLOWHIDDENDIR=/dev/.initramfs
  290. #ALLOWHIDDENDIR=/dev/.SRC-unix
  291. ALLOWHIDDENDIR=/dev/.mdadm
  292. ALLOWHIDDENDIR=/dev/.git
  293. #
  294. # Allow the specified hidden files.
  295. # One file per line (use multiple ALLOWHIDDENFILE lines).
  296. #
  297. #ALLOWHIDDENFILE=/etc/.java
  298. #ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
  299. #ALLOWHIDDENFILE=/etc/.pwd.lock
  300. #ALLOWHIDDENFILE=/etc/.init.state
  301. ALLOWHIDDENFILE=/etc/.etckeeper
  302. ALLOWHIDDENFILE=/etc/.gitignore
  303. #
  304. # Allow the specified processes to use deleted files.
  305. # One process per line (use multiple ALLOWPROCDELFILE lines).
  306. #
  307. #ALLOWPROCDELFILE=/sbin/cardmgr
  308. #ALLOWPROCDELFILE=/usr/sbin/gpm
  309. #ALLOWPROCDELFILE=/usr/lib/libgconf2-4/gconfd-2
  310. #ALLOWPROCDELFILE=/usr/sbin/mysqld
  311. #ALLOWPROCDELFILE=/usr/lib/iceweasel/firefox-bin
  312. #ALLOWPROCDELFILE=/usr/bin/file-roller
  313. #
  314. # Allow the specified processes to listen on any network interface.
  315. # One process per line (use multiple ALLOWPROCLISTEN lines).
  316. #
  317. #ALLOWPROCLISTEN=/sbin/dhclient
  318. #ALLOWPROCLISTEN=/sbin/dhclient3
  319. #ALLOWPROCLISTEN=/sbin/dhcpcd
  320. #ALLOWPROCLISTEN=/usr/sbin/pppoe
  321. #ALLOWPROCLISTEN=/usr/sbin/tcpdump
  322. #ALLOWPROCLISTEN=/usr/sbin/snort-plain
  323. #ALLOWPROCLISTEN=/sbin/wpa_supplicant
  324. #
  325. # SCAN_MODE_DEV governs how we scan /dev for suspicious files.
  326. # The two allowed options are: THOROUGH or LAZY.
  327. # If commented out we do a THOROUGH scan which will increase the runtime.
  328. # Even though this adds to the running time it is highly recommended to
  329. # leave it like this.
  330. #
  331. #SCAN_MODE_DEV=THOROUGH
  332. #
  333. # Allow the specified files to be present in the /dev directory,
  334. # and not regarded as suspicious. One file per line (use multiple
  335. # ALLOWDEVFILE lines).
  336. #
  337. #ALLOWDEVFILE=/dev/abc
  338. #ALLOWDEVFILE=/dev/shm/pulse-shm-*
  339. ALLOWDEVFILE=/dev/shm/network/ifstate
  340. #
  341. # This setting tells rkhunter where the inetd configuration
  342. # file is located.
  343. #
  344. #INETD_CONF_PATH=/etc/inetd.conf
  345. #
  346. # Allow the following enabled inetd services.
  347. # Only one service per line (use multiple INETD_ALLOWED_SVC lines).
  348. #
  349. # Below are some Solaris 9 and 10 services that may want to be whitelisted.
  350. #
  351. #INETD_ALLOWED_SVC=echo
  352. #INETD_ALLOWED_SVC=/usr/dt/bin/rpc.ttdbserverd
  353. #INETD_ALLOWED_SVC=/usr/openwin/lib/fs.auto
  354. #INETD_ALLOWED_SVC=/usr/lib/smedia/rpc.smserverd
  355. #INETD_ALLOWED_SVC=/usr/sbin/rpc.metad
  356. #INETD_ALLOWED_SVC=/usr/sbin/rpc.metamhd
  357. #INETD_ALLOWED_SVC=/usr/sbin/rpc.metamedd
  358. #INETD_ALLOWED_SVC=/usr/sbin/rpc.mdcommd
  359. #INETD_ALLOWED_SVC=/usr/dt/bin/dtspcd
  360. #INETD_ALLOWED_SVC=/usr/dt/bin/rpc.cmsd
  361. #INETD_ALLOWED_SVC=/usr/lib/gss/gssd
  362. #INETD_ALLOWED_SVC=/usr/lib/ST/stfsloader
  363. #INETD_ALLOWED_SVC=/usr/lib/fs/cachefs/cachefsd
  364. #INETD_ALLOWED_SVC=/network/rpc/mdcomm
  365. #INETD_ALLOWED_SVC=/network/rpc/meta
  366. #INETD_ALLOWED_SVC=/network/rpc/metamed
  367. #INETD_ALLOWED_SVC=/network/rpc/metamh
  368. #INETD_ALLOWED_SVC=/network/security/ktkt_warn
  369. #INETD_ALLOWED_SVC=/application/x11/xfs
  370. #INETD_ALLOWED_SVC=/application/print/rfc1179
  371. #INETD_ALLOWED_SVC=/application/font/stfsloader
  372. #INETD_ALLOWED_SVC=/network/rpc-100235_1/rpc_ticotsord
  373. #INETD_ALLOWED_SVC=/network/rpc-100083_1/rpc_tcp
  374. #INETD_ALLOWED_SVC=/network/rpc-100068_2-5/rpc_udp
  375. #INETD_ALLOWED_SVC=/usr/sbin/tcpd
  376. #
  377. # This setting tells rkhunter where the xinetd configuration
  378. # file is located.
  379. #
  380. #XINETD_CONF_PATH=/etc/xinetd.conf
  381. #
  382. # Allow the following enabled xinetd services. Whilst it would be
  383. # nice to use the service names themselves, at the time of testing
  384. # we only have the pathname available. As such, these entries are
  385. # the xinetd file pathnames.
  386. # Only one service (file) per line (use multiple XINETD_ALLOWED_SVC lines).
  387. #
  388. #XINETD_ALLOWED_SVC=/etc/xinetd.d/echo
  389. #
  390. # This setting tells rkhunter the local system startup file pathnames.
  391. # More than one file may be present on the system, and so this option
  392. # can be a space-separated list. This setting will be worked out by
  393. # rkhunter, and so should not usually need to be set.
  394. #
  395. # If the system uses a directory of local startup scripts, then rather
  396. # that setting all the file names here, leave this setting blank, and
  397. # specify the directory name in SYSTEM_RC_DIR instead.
  398. #
  399. # If the system does not use a local startup script at all, then this
  400. # setting can be set to 'none'. Without this, rkhunter would give a
  401. # warning that no local startup script could be found.
  402. #
  403. #LOCAL_RC_PATH="/etc/rc.local /etc/rc.d/rc.sysinit"
  404. #
  405. # This setting tells rkhunter the local system startup file directory.
  406. # This setting will be worked out by rkhunter, and so should not usually
  407. # need to be set.
  408. #
  409. #SYSTEM_RC_DIR=/etc/rc.d
  410. #
  411. # This setting tells rkhunter the pathname to the file containing the
  412. # user account passwords. This setting will be worked out by rkhunter,
  413. # and so should not usually need to be set.
  414. #
  415. #PASSWORD_FILE=/etc/shadow
  416. #
  417. # Allow the following accounts to be root equivalent. These accounts
  418. # will have a UID value of zero. This option is a space-separated list
  419. # of account names. The 'root' account does not need to be listed as it
  420. # is automatically whitelisted.
  421. #
  422. # Note: For *BSD systems you may need to enable this for the 'toor' account.
  423. #
  424. #UID0_ACCOUNTS="toor rooty sashroot"
  425. #
  426. # Allow the following accounts to have no password. This option is a
  427. # space-separated list of account names. NIS/YP entries do not need to
  428. # be listed as they are automatically whitelisted.
  429. #
  430. #PWDLESS_ACCOUNTS="abc"
  431. #
  432. # This setting tells rkhunter the pathname to the syslog configuration
  433. # file. This setting will be worked out by rkhunter, and so should not
  434. # usually need to be set.
  435. #
  436. #SYSLOG_CONFIG_FILE=/etc/syslog.conf
  437. #
  438. # This option permits the use of syslog remote logging.
  439. #
  440. ALLOW_SYSLOG_REMOTE_LOGGING=0
  441. #
  442. # Allow the following applications, or a specific version of an application,
  443. # to be whitelisted. This option is a space-separated list consisting of the
  444. # application names. If a specific version is to be whitelisted, then the
  445. # name must be followed by a colon and then the version number.
  446. #
  447. # For example: APP_WHITELIST="openssl:0.9.7d gpg"
  448. #
  449. #APP_WHITELIST=""
  450. #
  451. # Scan for suspicious files in directories containing temporary files and
  452. # directories posing a relatively higher risk due to user write access.
  453. # Please do not enable by default as suspscan is CPU and I/O intensive and prone to
  454. # producing false positives. Do review all settings before usage.
  455. # Also be aware that running suspscan in combination with verbose logging on,
  456. # RKH's default, will show all ignored files.
  457. # Please consider adding all directories the user the (web)server runs as has
  458. # write access to including the document root (example: "/var/www") and log
  459. # directories (example: "/var/log/httpd").
  460. #
  461. # A space-separated list of directories to scan.
  462. #
  463. SUSPSCAN_DIRS="/tmp /var/tmp"
  464. #
  465. # Directory for temporary files. A memory-based one is better (faster).
  466. # Do not use a directory name that is listed in SUSPSCAN_DIRS.
  467. # Please make sure you have a tempfs mounted and the directory exists.
  468. #
  469. SUSPSCAN_TEMP=/dev/shm
  470. #
  471. # Maximum filesize in bytes. Files larger than this will not be inspected.
  472. # Do make sure you have enough space left in your temporary files directory.
  473. #
  474. SUSPSCAN_MAXSIZE=10240000
  475. #
  476. # Score threshold. Below this value no hits will be reported.
  477. # A value of "200" seems "good" after testing on malware. Please adjust
  478. # locally if necessary.
  479. #
  480. SUSPSCAN_THRESH=200
  481. #
  482. # The following option can be used to whitelist network ports which
  483. # are known to have been used by malware. The option is a space-
  484. # separated list of one or more of three types of whitelisting.
  485. # These are:
  486. #
  487. # 1) a 'protocol:port' pair (e.g. TCP:25)
  488. # 2) a pathname to an executable (e.g. /usr/sbin/squid)
  489. # 3) an asterisk ('*')
  490. #
  491. # Only the UDP or TCP protocol may be specified, and the port number
  492. # must be between 1 and 65535 inclusive.
  493. #
  494. # The asterisk can be used to indicate that any executable in a trusted
  495. # path directory will be whitelisted. A trusted path directory is one which
  496. # rkhunter uses to locate commands. It is composed of the root PATH
  497. # environment variable, and the BINDIR command-line or configuration
  498. # file option.
  499. #
  500. # For example: PORT_WHITELIST="/home/user1/abc /opt/xyz TCP:2001 UDP:32011"
  501. #
  502. #PORT_WHITELIST=""
  503. #
  504. # The following option can be used to tell rkhunter where the operating
  505. # system 'release' file is located. This file contains information
  506. # specifying the current O/S version. RKH will store this information
  507. # itself, and check to see if it has changed between each run. If it has
  508. # changed, then the user is warned that RKH may issue warning messages
  509. # until RKH has been run with the '--propupd' option.
  510. #
  511. # Since the contents of the file vary according to the O/S distribution,
  512. # RKH will perform different actions when it detects the file itself. As
  513. # such, this option should not be set unless necessary. If this option is
  514. # specified, then RKH will assume the O/S release information is on the
  515. # first non-blank line of the file.
  516. #
  517. #OS_VERSION_FILE="/etc/release"
  518. #
  519. # The following two options can be used to whitelist files and directories
  520. # that would normally be flagged with a warning during the rootkit checks.
  521. # If the file or directory name contains a space, then the percent character
  522. # ('%') must be used instead. Only existing files and directories can be
  523. # specified.
  524. #
  525. #RTKT_DIR_WHITELIST=""
  526. #RTKT_FILE_WHITELIST=""
  527. #
  528. # To force rkhunter to use the supplied script for the 'stat' or 'readlink'
  529. # command, then the following two options can be used. The value must be
  530. # set to 'BUILTIN'.
  531. #
  532. # NOTE: IRIX users will probably need to enable STAT_CMD.
  533. #
  534. #STAT_CMD=BUILTIN
  535. #READLINK_CMD=BUILTIN
  536. INSTALLDIR="/usr"