Index: files/rkhunter.conf =================================================================== --- files/rkhunter.conf +++ files/rkhunter.conf 2011-09-07 19:08:41.422811982 +0200 @@ -93,17 +93,17 @@ # important files will be written to this directory, so be # sure that the directory permissions are tight. # -#TMPDIR=/var/lib/rkhunter/tmp +TMPDIR=/var/lib/rkhunter/tmp # # Specify the database directory to use. # -#DBDIR=/var/lib/rkhunter/db +DBDIR=/var/lib/rkhunter/db # # Specify the script directory to use. # -#SCRIPTDIR=/usr/local/lib/rkhunter/scripts +SCRIPTDIR=/var/lib/rkhunter/scripts # # Specify the root directory to use. @@ -213,7 +213,10 @@ # file, then a value here of 'unset' can be used to avoid warning messages. # This option has a default value of 'no'. # -ALLOW_SSH_ROOT_USER=no +#ALLOW_SSH_ROOT_USER=no +# +# The default Mageia install allows the root user to log in using a key only +ALLOW_SSH_ROOT_USER=without-password # # Set this option to '1' to allow the use of the SSH-1 protocol, but note @@ -224,7 +227,10 @@ # configuration file, then a value of '2' may be set here in order to # suppress a warning message. This option has a default value of '0'. # -ALLOW_SSH_PROT_V1=0 +#ALLOW_SSH_PROT_V1=0 +# +# The default Mageia install has this option not set +ALLOW_SSH_PROT_V1=2 # # This setting tells rkhunter the directory containing the SSH configuration @@ -818,7 +824,7 @@ # The options may be specified more than once. # #RTKT_DIR_WHITELIST="" -#RTKT_FILE_WHITELIST="" +RTKT_FILE_WHITELIST="/etc/rc.d/rc.sysinit:hdparm /etc/rc.d/rc.sysinit" # # The following option can be used to whitelist shared library files that would @@ -976,3 +982,15 @@ # both programs, then disable the 'hidden_procs' test. # #DISABLE_UNHIDE=0 + +INSTALLDIR=/var +PKGMGR=RPM +# to avoid some false positives... +ALLOWDEVFILE=/dev/shm/pulse-shm-* +ALLOWDEVFILE=/dev/shm/mono.* +ALLOWHIDDENDIR=/dev/.udev +ALLOWHIDDENDIR=/etc/.java +ALLOWHIDDENFILE=/usr/share/man/man1/..1.xz +ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.xz + +# On Mageia we usually have a passwordless account for 'xguest' +PWDLESS_ACCOUNTS=xguest