Mise à jour de la configuration de rkhunter pour matcher la config

octopuce

Mise à jour de la configuration de rkhunter pour matcher la config
octopuce
80735aa5 · nono · 19fbeacd · 80735aa5
Commit 80735aa5 authored Mar 18, 2022 by nono 💻
--- a/templates/rkhunter/rkhunter.conf.j2
+++ b/templates/rkhunter/rkhunter.conf.j2
@@ -303,7 +303,7 @@ AUTO_X_DETECT=1
 #
 # The default value is 'no'.
 #
-ALLOW_SSH_ROOT_USER=no
+ALLOW_SSH_ROOT_USER=yes

 #
 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
@@ -587,7 +587,7 @@ SCRIPTWHITELIST=/bin/egrep
 SCRIPTWHITELIST=/bin/fgrep
 SCRIPTWHITELIST=/usr/bin/which
 SCRIPTWHITELIST=/usr/bin/ldd
-#SCRIPTWHITELIST=/usr/bin/lwp-request
+SCRIPTWHITELIST=/usr/bin/lwp-request
 SCRIPTWHITELIST=/usr/sbin/adduser
 #SCRIPTWHITELIST=/usr/sbin/prelink
 #SCRIPTWHITELIST=/usr/sbin/unhide.rb
@@ -704,6 +704,7 @@ ALLOWHIDDENDIR=/etc/.java
 #
 #ALLOWDEVFILE=/dev/shm/pulse-shm-*
 #ALLOWDEVFILE=/dev/shm/sem.ADBE_*
+ALLOWDEVFILE=/dev/shm/PostgreSQL.*

 #
 # This option is used to indicate if the Phalanx2 test is to perform a basic
@@ -772,7 +773,8 @@ ALLOWHIDDENDIR=/etc/.java
 # The default value is the null string.
 #
 #XINETD_ALLOWED_SVC=/etc/xinetd.d/echo
-
+# Octopuce :
+XINETD_ALLOWED_SVC=/etc/xinetd.d/radacct_octo
 #
 # This option tells rkhunter the local system startup file pathnames. The
 # directories will be searched for files. By default rkhunter will try and
@@ -841,7 +843,7 @@ ALLOWHIDDENDIR=/etc/.java
 #
 # The default value is '0'.
 #
-#ALLOW_SYSLOG_REMOTE_LOGGING=0
+ALLOW_SYSLOG_REMOTE_LOGGING=1

 #
 # This option allows the specified applications, or a specific version of an
@@ -876,7 +878,7 @@ ALLOWHIDDENDIR=/etc/.java
 #
 # The default value is the '/tmp' and '/var/tmp' directories.
 #
-#SUSPSCAN_DIRS=/tmp /var/tmp
+SUSPSCAN_DIRS=/tmp /var/tmp /var/www/ /opt /srv

 #
 # This option specifies the directory for temporary files used by the
@@ -886,7 +888,7 @@ ALLOWHIDDENDIR=/etc/.java
 #
 # The default value is '/dev/shm'.
 #
-#SUSPSCAN_TEMP=/dev/shm
+SUSPSCAN_TEMP=/dev/shm

 #
 # This option specifies the 'suspscan' test maximum filesize in bytes. Files
@@ -944,7 +946,11 @@ ALLOWHIDDENDIR=/etc/.java
 # The default value for both options is the null string.
 #
 #PORT_WHITELIST=""
-#PORT_PATH_WHITELIST=""
+
+PORT_PATH_WHITELIST="/usr/sbin/portsentry:TCP:1524"
+PORT_PATH_WHITELIST="/usr/sbin/portsentry:TCP:6667"
+PORT_PATH_WHITELIST="/usr/sbin/portsentry:TCP:31337"
+

 #
 # The following option can be used to tell rkhunter where the operating system