--- files/rkhunter.conf.orig 2014-01-25 13:29:51.000000000 -0800 +++ /usr/local/etc/rkhunter.conf 2014-07-12 07:41:35.000000000 -0700 @@ -154,7 +154,7 @@ # subsequently commented out or removed, then the program will assume a # default directory beneath the installation directory. # -#TMPDIR=/var/lib/rkhunter/tmp +TMPDIR=/usr/local/var/lib/rkhunter/tmp # # This option specifies the database directory to use. @@ -163,7 +163,7 @@ # subsequently commented out or removed, then the program will assume a # default directory beneath the installation directory. # -#DBDIR=/var/lib/rkhunter/db +DBDIR=/usr/local/var/lib/rkhunter/db # # This option specifies the script directory to use. @@ -171,7 +171,7 @@ # The installer program will set the default directory. If this default is # subsequently commented out or removed, then the program will not run. # -#SCRIPTDIR=/usr/local/lib/rkhunter/scripts +SCRIPTDIR=/usr/local/lib/rkhunter/scripts # # This option can be used to modify the command directory list used by rkhunter @@ -191,6 +191,8 @@ #BINDIR=/bin /usr/bin /sbin /usr/sbin #BINDIR=+/usr/local/bin +/usr/local/sbin +INSTALLDIR=/usr/local + # # This option specifies the default language to use. This should be similar to # the ISO 639 language code. @@ -575,6 +577,10 @@ # The default value is the null string. # #SCRIPTWHITELIST=/usr/bin/groups +SCRIPTWHITELIST=/usr/bin/whatis +SCRIPTWHITELIST=/usr/sbin/adduser +SCRIPTWHITELIST=/usr/local/bin/GET +SCRIPTWHITELIST=/usr/local/sbin/pkgdb # # Allow the specified file to have the immutable attribute set. @@ -584,6 +590,10 @@ # The default value is the null string. # #IMMUTWHITELIST=/sbin/ifdown +IMMUTWHITELIST=/usr/bin/login +IMMUTWHITELIST=/usr/bin/passwd +IMMUTWHITELIST=/usr/bin/su +IMMUTWHITELIST=/sbin/init # # If this option is set to '1', then the immutable-bit test is reversed. That @@ -787,6 +797,7 @@ # The default value is the null string. # #UID0_ACCOUNTS=toor rooty +UID0_ACCOUNTS=toor # # This option allows the specified accounts to have no password. NIS/YP entries