Attachment #86722 for bug #123204

View | Details | Raw Unified | Return to bug 123204
Collapse All | Expand All

Lines 6-12 Link Here

(-)rkhunter/Makefile (-1 / +1 lines)
6	#	6	#
7		7
8	PORTNAME= rkhunter	8	PORTNAME= rkhunter
9	PORTVERSION= 1.3.0	9	PORTVERSION= 1.3.2
10	CATEGORIES= security	10	CATEGORIES= security
11	MASTER_SITES= SF	11	MASTER_SITES= SF
12		12

Lines 1-3 Link Here

(-)rkhunter/distinfo (-3 / +3 lines)
1	MD5 (rkhunter-1.3.0.tar.gz) = 89a4628c6378fdf3331d5a43b975d967	1	MD5 (rkhunter-1.3.2.tar.gz) = a00ff64d7076d6ff47ef0c9f0b6202f2
2	SHA256 (rkhunter-1.3.0.tar.gz) = a46610fc761e61f4f85750693f6e17aafa3a47e24e8cef76401f67d25e94d186	2	SHA256 (rkhunter-1.3.2.tar.gz) = 2a325acedc094bc5ae9d5a3326af760bb376d5a1122c433d22477968eec1eebd
3	SIZE (rkhunter-1.3.0.tar.gz) = 252011	3	SIZE (rkhunter-1.3.2.tar.gz) = 269563




--- files/rkhunter.conf.orig	2008-03-14 10:19:30.000000000 +0100
+++ files/rkhunter.conf	2008-03-14 10:21:43.000000000 +0100
@@ -76,6 +76,7 @@
 # sure that the directory permissions are tight.
 #

 
 #
 # Specify the database directory to use.
@@ -154,7 +155,8 @@
 # file, then a value here of 'yes' or 'unset' will not cause a warning.
 # This option has a default value of 'no'.
 #
-ALLOW_SSH_ROOT_USER=no
+#ALLOW_SSH_ROOT_USER=no
+ALLOW_SSH_ROOT_USER=unset
 
 #
 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
@@ -165,7 +167,8 @@
 # configuration file, then a value of '2' may be set here in order to
 # suppress a warning message. This option has a default value of '0'.
 #
-ALLOW_SSH_PROT_V1=0
+#ALLOW_SSH_PROT_V1=0
+ALLOW_SSH_PROT_V1=2
 
 #
 # This setting tells rkhunter the directory containing the SSH configuration
@@ -278,12 +281,20 @@
 #SCRIPTWHITELIST=/sbin/ifup
 #SCRIPTWHITELIST=/sbin/ifdown
 #SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/whatis
+SCRIPTWHITELIST=/usr/sbin/adduser
+SCRIPTWHITELIST=/usr/local/bin/GET
+SCRIPTWHITELIST=/usr/local/sbin/pkgdb
 
 #
 # Allow the specified commands to have the immutable attribute set.
 # One command per line (use multiple IMMUTWHITELIST lines).
 #
 #IMMUTWHITELIST=/sbin/ifup
+IMMUTWHITELIST=/usr/bin/login
+IMMUTWHITELIST=/usr/bin/passwd
+IMMUTWHITELIST=/usr/bin/su
+IMMUTWHITELIST=/sbin/init
 
 #
 # Allow the specified hidden directories.
@@ -434,6 +445,7 @@
 # Note: For *BSD systems you may need to enable this for the 'toor' account.
 #
 #UID0_ACCOUNTS="toor rooty"
+UID0_ACCOUNTS="toor"
 
 #
 # Allow the following accounts to have no password. This option is a

Return to bug 123204

Lines 1-5 Link Here

(-)rkhunter/files/patch-rkhunter.conf (-2 / +51 lines)
1	--- files/rkhunter.conf.orig Wed Oct 17 11:21:03 2007	1	--- files/rkhunter.conf.orig 2008-03-14 10:19:30.000000000 +0100
2	+++ files/rkhunter.conf Wed Oct 17 11:21:19 2007	2	+++ files/rkhunter.conf 2008-03-14 10:21:43.000000000 +0100
3	@@ -76,6 +76,7 @@	3	@@ -76,6 +76,7 @@
4	# sure that the directory permissions are tight.	4	# sure that the directory permissions are tight.
5	#	5	#
Lines 8-10 Link Here
8		8
9	#	9	#
10	# Specify the database directory to use.	10	# Specify the database directory to use.
		11	@@ -154,7 +155,8 @@
		12	# file, then a value here of 'yes' or 'unset' will not cause a warning.
		13	# This option has a default value of 'no'.
		14	#
		15	-ALLOW_SSH_ROOT_USER=no
		16	+#ALLOW_SSH_ROOT_USER=no
		17	+ALLOW_SSH_ROOT_USER=unset
		18
		19	#
		20	# Set this option to '1' to allow the use of the SSH-1 protocol, but note
		21	@@ -165,7 +167,8 @@
		22	# configuration file, then a value of '2' may be set here in order to
		23	# suppress a warning message. This option has a default value of '0'.
		24	#
		25	-ALLOW_SSH_PROT_V1=0
		26	+#ALLOW_SSH_PROT_V1=0
		27	+ALLOW_SSH_PROT_V1=2
		28
		29	#
		30	# This setting tells rkhunter the directory containing the SSH configuration
		31	@@ -278,12 +281,20 @@
		32	#SCRIPTWHITELIST=/sbin/ifup
		33	#SCRIPTWHITELIST=/sbin/ifdown
		34	#SCRIPTWHITELIST=/usr/bin/groups
		35	+SCRIPTWHITELIST=/usr/bin/whatis
		36	+SCRIPTWHITELIST=/usr/sbin/adduser
		37	+SCRIPTWHITELIST=/usr/local/bin/GET
		38	+SCRIPTWHITELIST=/usr/local/sbin/pkgdb
		39
		40	#
		41	# Allow the specified commands to have the immutable attribute set.
		42	# One command per line (use multiple IMMUTWHITELIST lines).
		43	#
		44	#IMMUTWHITELIST=/sbin/ifup
		45	+IMMUTWHITELIST=/usr/bin/login
		46	+IMMUTWHITELIST=/usr/bin/passwd
		47	+IMMUTWHITELIST=/usr/bin/su
		48	+IMMUTWHITELIST=/sbin/init
		49
		50	#
		51	# Allow the specified hidden directories.
		52	@@ -434,6 +445,7 @@
		53	# Note: For *BSD systems you may need to enable this for the 'toor' account.
		54	#
		55	#UID0_ACCOUNTS="toor rooty"
		56	+UID0_ACCOUNTS="toor"
		57
		58	#
		59	# Allow the following accounts to have no password. This option is a