Skip to content

Commit

Permalink
rkhunter.conf: fix ALLOWPROCLISTEN (missing "EN"...) and allow some p…
Browse files Browse the repository at this point in the history 
…rocesses to

use some deleted files, to avoid some false positives

Signed-off-by: KheOps <kheops@ceops.eu>
  • Loading branch information
@kheops2713
kheops2713 committed Mar 13, 2015
1 parent 47e6ba9 commit dfbb0bd
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion roles/common/files/etc/rkhunter.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -560,6 +560,8 @@ IMMUTABLE_SET=0
#ALLOWPROCDELFILE="/usr/lib/iceweasel/firefox-bin"
#ALLOWPROCDELFILE="/usr/bin/file-roller"

ALLOWPROCDELFILE="/usr/sbin/cron:/tmp/tmp* /bin/dash:/tmp/tmp* /bin/bash:/tmp/tmp* /bin/run-parts:/tmp/tmp*"

#
# Allow the specified processes to listen on any network interface.
#
Expand All @@ -570,7 +572,7 @@ IMMUTABLE_SET=0
#ALLOWPROCLISTEN="/usr/sbin/pppoe /usr/sbin/tcpdump"
#ALLOWPROCLISTEN="/usr/sbin/snort-plain"

ALLOWPROCLIST="/usr/bin/suricata"
ALLOWPROCLISTEN="/usr/bin/suricata"

#
# Allow the specified network interfaces to be in promiscuous mode.
Expand Down

0 comments on commit dfbb0bd

Please sign in to comment.