Skip to content
This repository has been archived by the owner on Jan 26, 2023. It is now read-only.

Add ALLOWDEVFILE configuration. #6

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add ALLOWDEVFILE configuration. #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,6 @@ rkhunter_allowhiddendir: []
rkhunter_allowhiddenfile: []
rkhunter_allowprocdelfile: ''
rkhunter_allowproclisten: []
rkhunter_allowdevfile: []
rkhunter_port_whitelist: []
rkhunter_port_path_whitelist: []
17 changes: 10 additions & 7 deletions templates/etc/rkhunter.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@
#
# If the mirrors file is read-only, then the '--versioncheck' command-line
# option can only be used if this option is set to '0'.
#
#
# The default value is '1'.
#
ROTATE_MIRRORS={{ rkhunter_rotate_mirrors }}
Expand Down Expand Up @@ -643,7 +643,7 @@ ALLOWHIDDENDIR="{{ elem }}"
# This option may be specified more than once, and may use wildcard characters.
#
# The default value is the null string.
#
#
#ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
{% for elem in rkhunter_allowhiddenfile %}
ALLOWHIDDENFILE="{{ elem }}"
Expand Down Expand Up @@ -717,6 +717,9 @@ ALLOWPROCLISTEN="{{ elem }}"
#
#ALLOWDEVFILE=/dev/shm/pulse-shm-*
#ALLOWDEVFILE=/dev/shm/sem.ADBE_*
{% for elem in rkhunter_allowdevfile %}
ALLOWDEVFILE="{{ elem }}"
{% endfor %}

#
# Allow the specified process pathnames to use shared memory segments.
Expand Down Expand Up @@ -882,7 +885,7 @@ ALLOWPROCLISTEN="{{ elem }}"
#
#APP_WHITELIST=""

#
#
# Set this option to scan for suspicious files in directories which pose a
# relatively higher risk due to user write access.
#
Expand All @@ -893,7 +896,7 @@ ALLOWPROCLISTEN="{{ elem }}"
#
# Please consider adding all directories the user the (web)server runs as,
# and has write access to, including the document root (e.g: '/var/www') and
# log directories (e.g: '/var/log/httpd').
# log directories (e.g: '/var/log/httpd').
#
# This is a space-separated list of directory pathnames. The option may be
# specified more than once.
Expand Down Expand Up @@ -931,7 +934,7 @@ ALLOWPROCLISTEN="{{ elem }}"

#
# The following options can be used to whitelist network ports which are known
# to have been used by malware.
# to have been used by malware.
#
# The PORT_WHITELIST option is a space-separated list of one or more of two
# types of whitelisting. These are:
Expand Down Expand Up @@ -1203,10 +1206,10 @@ PORT_PATH_WHITELIST="{{ elem }}"
#
# You should only activate this feature as part of a more thorough
# investigation, which should be based on relevant best practices and
# procedures.
# procedures.
#
# Enabling this feature implies you have the knowledge to interpret the
# results properly.
# results properly.
#
# The default value is the null string.
#
Expand Down