commit 974a5f3294b51f4d67670ebc4571543df31eb844 Author: Xavier Date: Wed Aug 24 08:04:54 2022 +0200 first commit diff --git a/README.md b/README.md new file mode 100755 index 0000000..78eed59 --- /dev/null +++ b/README.md @@ -0,0 +1,25 @@ + GUI RKHunter Version 1.01 +============================ + + +## Install +pres-requis: +python3 +sudo apt-get install python3-tk rkhunter gnome-terminal + +sudo ./build.sh + +## Run +sudo guirkhunter + +## Version en production 1.01 + +Outils graphique pour simplifier les commandes. + + +73 +Xavier + + + + diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..31d0dc6 --- /dev/null +++ b/build.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +#pres-requis install +if [ -e /usr/bin/python3 ] +then + echo "Phyton installé" +else + echo "Install Python et TK" + apt install python3 -y + +fi + +if [ -e /usr/share/doc/python3-tk ] +then + echo "Phyton TK installé" +else + echo "Install TK" + apt install python3-tk -y +fi + +if [ -e /usr/bin/pip3 ] +then + echo "Phyton pip3 installé" +else + echo "Install pip3" + apt install python3-pip -y + pip3 install cx_Freeze + pip3 install serial +fi + + +if [ -e /usr/bin/rkhunter ] +then + echo "RKHunter installé" +else + echo "Install RKHunter" + apt install rkhunter -y +fi + +if [ -e /usr/bin/gnome-terminal ] +then + echo "gnome-terminal installé" +else + echo "Install gnome-terminal" + apt install gnome-terminal -y +fi + + + + +#build and install guiinstall +./setup.py build +cp -r img/ build/exe.linux-x86_64-*/ +chmod -R 755 build/ +echo "install" +cd build/ +rm -r /opt/guirkhunter/ +mv exe.linux-x86_64-*/ /opt/guirkhunter/ +rm /usr/local/sbin/guirkhunter +ln -s /opt/guirkhunter/main /usr/local/sbin/guirkhunter +exit 0 diff --git a/icone.ico b/icone.ico new file mode 100644 index 0000000..20dda78 Binary files /dev/null and b/icone.ico differ diff --git a/img/rkh.png b/img/rkh.png new file mode 100644 index 0000000..4d4fa98 Binary files /dev/null and b/img/rkh.png differ diff --git a/img/rkhunter.png b/img/rkhunter.png new file mode 100644 index 0000000..c639b97 Binary files /dev/null and b/img/rkhunter.png differ diff --git a/img/rkhunter_old.png b/img/rkhunter_old.png new file mode 100644 index 0000000..4cb0e28 Binary files /dev/null and b/img/rkhunter_old.png differ diff --git a/main.py b/main.py new file mode 100755 index 0000000..d6e581c --- /dev/null +++ b/main.py @@ -0,0 +1,164 @@ +#! /usr/bin/env python3 +# -*- coding: UTF-8 -*- +#(c) Xavier 2022 + +# pour débugger… en ligne de commande !-) +#import pdb; pdb.set_trace() + +#GUI RKHunter FRS2013 + +# for Python3 +from tkinter import * +import tkinter.messagebox +import tkinter.filedialog +import os +import serial +import time +import csv +import shutil +import subprocess + + +try: + + import configparser as configparser +except ImportError: + import ConfigParser as configparser + + +#param os +sysos="linux" +clearscreen="clear" + +os.system(clearscreen) + +#def function + +def Version(): + versionrkh = os.popen('rkhunter --version') + + tkinter.messagebox.showinfo("Version","GUI RKHunter V" + versionrkh.read() + "\n(C) 2022 Xavier\n1.01") + +def Clean(): + for c in frame.winfo_children(): + c.destroy() + os.system(clearscreen) + FormGUI() + + +def Rkhscanall(): + os.system(clearscreen) + subprocess.call(['gnome-terminal -- bash -c "rkhunter --checkall"',''], shell=True) + + +def Rkhscanfast(): + os.system(clearscreen) + subprocess.call(['gnome-terminal -- bash -c "rkhunter -c --rwo"', ''], shell=True) + + +def Rkhupdate(): + os.system(clearscreen) + subprocess.call(['gnome-terminal -- bash -c "rkhunter --update"',''], shell=True) + + +def Rkhfix(): + subprocess.call(['gnome-terminal -- bash -c "rkhunter --propupd"',''], shell=True) + +def Rkhlog(): + os.system(clearscreen) + subprocess.call(['gnome-terminal -- bash -c "cat /var/log/rkhunter.log | more"',''], shell=True) + + +def FormGUI(): + + for c in frame.winfo_children(): + c.destroy() + Label0 = Label(frame, text = 'GUI RKHunter: ') + Label0.grid(column=0,row=0, sticky='w',pady=2) + + bouton2= Button (frame, text="RkHunter ScanAll", command=Rkhscanall, padx=2) + bouton2.grid (column=1, row=11,sticky='sw', padx=20) + + bouton2= Button (frame, text="RKHunter update", command=Rkhupdate, padx=2) + bouton2.grid (column=10, row=11,sticky='sw', padx=20) + + bouton2= Button (frame, text="RkHunter Scan Fast", command=Rkhscanfast, padx=2) + bouton2.grid (column=1, row=31,sticky='sw', padx=20) + + bouton2= Button (frame, text="RKHunter Log", command=Rkhlog, padx=2) + bouton2.grid (column=10, row=31,sticky='sw', padx=20) + + bouton2= Button (frame, text="RKHunter Fix", command=Rkhfix, padx=2) + bouton2.grid (column=5, row=51,sticky='sw', padx=20) + +def FormNoRoot(): + tkinter.messagebox.showinfo("Error","GUI RKHunter need ROOT\n") + os._exit(os.EX_OK) + +def Quit(): + os._exit(os.EX_OK) + +def Apropos(): + tkinter.messagebox.showinfo("Aide sur GUIRKHunter", +"Ce GUI est un interpréteur de CMD\nScanAll rkhunter --checkall\nSacnFast rkhunter -c --rwo\nUpdate rkhunter --update\nFix rkhunter --propudp\nLog nano /var/log/rkhunter.log\n\n\n") + + +if __name__ == '__main__': + + print("START INI") + chemin = os.popen("readlink guirkhunter | sed 's/main//g'") + # Main window + Mafenetre = Tk() + Mafenetre.title("GUI RKHunter") + if os.name == 'nt': + Mafenetre.iconbitmap("icone.ico") + + # Mon logo + logo = PhotoImage(file= "/opt/guirkhunter/img/rkhunter.png") + + # Création d'un widget Menu + menubar = Menu(Mafenetre) + menuaide = Menu(menubar,tearoff=0) + if not os.name == 'nt': + menubar.add_cascade(image=logo) + + menufichier = Menu(menubar,tearoff=0) + menufichier.add_separator() + menufichier.add_command(label="Nettoyer Frame",command=Clean) + menufichier.add_command(label="Quitter",command=Quit) + menubar.add_cascade(label="Fichier", menu=menufichier) + + menuaprs = Menu(menubar,tearoff=0) + menuaprs.add_command(label="RKH Scan All",command=Rkhscanall) + menuaprs.add_command(label="RKH Scan Fast",command=Rkhscanfast) + menuaprs.add_command(label="RKH Update",command=Rkhupdate) + menuaprs.add_command(label="RKH Fix",command=Rkhfix) + menuaprs.add_separator() + menuaprs.add_command(label="RKH Log",command=Rkhlog) + menuaprs.add_separator() + + menubar.add_cascade(label="GUI RKHunter", menu=menuaprs) + + menuaide = Menu(menubar,tearoff=0) + menuaide.add_command(label="A propos",command=Apropos) + menuaide.add_command(label="Version",command=Version) + menubar.add_cascade(label="Aide", menu=menuaide) + + # Affichage du menu + Mafenetre.config(menu=menubar) + frame=Frame(Mafenetre,height=200,width=400) + frame.pack() + + Canevas = Canvas(Mafenetre,width=400, height=5) + Canevas.pack() + frame.photo = PhotoImage(file ='') + espace_image = Canvas(frame, width =170, height =170, bg ='black') + espace_image.grid(row=3 ,columnspan=2, column=0, padx =10, pady =10) + espace_image.create_image(85, 85, image =frame.photo) + if os.getuid() != 0: + # We're not root so, like, whatever dude + print("No root") + FormNoRoot(); + + FormGUI() + Mafenetre.mainloop() diff --git a/rkhunter b/rkhunter new file mode 100644 index 0000000..dadc1eb --- /dev/null +++ b/rkhunter @@ -0,0 +1,34 @@ +# Defaults for rkhunter automatic tasks +# sourced by /etc/cron.*/rkhunter and /etc/apt/apt.conf.d/90rkhunter +# +# This is a POSIX shell fragment +# + +# Set this to yes to enable rkhunter daily runs +# (default: false) +CRON_DAILY_RUN="true" + +# Set this to yes to enable rkhunter weekly database updates +# (default: false) +CRON_DB_UPDATE="true" + +# Set this to yes to enable reports of weekly database updates +# (default: false) +DB_UPDATE_EMAIL="false" + +# Set this to the email address where reports and run output should be sent +# (default: root) +REPORT_EMAIL="root" + +# Set this to yes to enable automatic database updates +# (default: false) +APT_AUTOGEN="true" + +# Nicenesses range from -20 (most favorable scheduling) to 19 (least favorable) +# (default: 0) +NICE="0" + +# Should daily check be run when running on battery +# powermgmt-base is required to detect if running on battery or on AC power +# (default: false) +RUN_CHECK_ON_BATTERY="false" diff --git a/rkhunter.conf b/rkhunter.conf new file mode 100644 index 0000000..5be5fe2 --- /dev/null +++ b/rkhunter.conf @@ -0,0 +1,1352 @@ +# +# This is the main configuration file for Rootkit Hunter. +# +# You can modify this file directly, or you can create a local configuration +# file. The local file must be named 'rkhunter.conf.local', and must reside +# in the same directory as this file. Alternatively you can create a directory, +# named 'rkhunter.d', which also must be in the same directory as this +# configuration file. Within the 'rkhunter.d' directory you can place further +# configuration files. There is no restriction on the file names used, other +# than they must end in '.conf'. +# +# Please modify the configuration file(s) to your own requirements. It is +# recommended that the command 'rkhunter -C' is run after any changes have +# been made. +# +# Please review the documentation before posting bug reports or questions. +# To report bugs, provide patches or comments, please go to: +# http://rkhunter.sourceforge.net +# +# To ask questions about rkhunter, please use the 'rkhunter-users' mailing list. +# Note that this is a moderated list, so please subscribe before posting. +# +# In the configuration files, lines beginning with a hash (#), and blank lines, +# are ignored. Also, end-of-line comments are not supported. +# +# Any of the configuration options may appear more than once. However, several +# options only take one value, and so the last one seen will be used. Some +# options are allowed to appear more than once, and the text describing the +# option will say if this is so. These configuration options will, in effect, +# have their values concatenated together. To delete a previously specified +# option list, specify the option with no value (that is, a null string). +# +# Some of the options are space-separated lists, others, typically those +# specifying pathnames, are newline-separated lists. These must be entered +# as one item per line. Quotes must not be used to surround the pathname. +# +# For example, to specify two pathnames, '/tmp/abc' and '/tmp/xyz', for an +# option: XXX=/tmp/abc (correct) +# XXX=/tmp/xyz +# +# XXX="/tmp/abc" (incorrect) +# XXX="/tmp/xyz" +# +# XXX=/tmp/abc /tmp/xyz (incorrect) +# or XXX="/tmp/abc /tmp/xyz" (incorrect) +# or XXX="/tmp/abc" "/tmp/xyz" (incorrect) +# +# The last three examples are being configured as space-separated lists, +# which is incorrect, generally, for options specifying pathnames. They +# should be configured with one entry per line as in the first example. +# +# If wildcard characters (globbing) are allowed for an option, then the +# text describing the option will say so. Any globbing character explicitly +# required in a pathname should be escaped. +# +# Space-separated lists may be enclosed by quotes, although they are not +# required. If they are used, then they must only appear at the start and +# end of the list, not in the middle. +# +# For example: XXX=abc def gh (correct) +# XXX="abc def gh" (correct) +# XXX="abc" "def" "gh" (incorrect) +# +# Space-separated lists may also be entered simply as one entry per line. +# +# For example: XXX=abc (correct) +# XXX=def +# XXX="gh" +# +# If a configuration option is never set, then the program will assume a +# default value. The text describing the option will state the default value. +# If there is no default, then rkhunter will calculate a value or pathname +# to use. If a value is set for a configuration option, then the default +# value is ignored. If it is wished to keep the default value, as well as +# any other set value, then the default must be explicitly set. +# + + +# +# If this option is set to '1', it specifies that the mirrors file +# ('mirrors.dat'), which is used when the '--update' and '--versioncheck' +# options are used, is to be rotated. Rotating the entries in the file allows +# a basic form of load-balancing between the mirror sites whenever the above +# options are used. +# +# If the option is set to '0', then the mirrors will be treated as if in a +# priority list. That is, the first mirror listed will always be used first. +# The second mirror will only be used if the first mirror fails, the third +# mirror will only be used if the second mirror fails, and so on. +# +# If the mirrors file is read-only, then the '--versioncheck' command-line +# option can only be used if this option is set to '0'. +# +# The default value is '1'. +# +#ROTATE_MIRRORS=1 + +# +# If this option is set to '1', it specifies that when the '--update' option is +# used, then the mirrors file is to be checked for updates as well. If the +# current mirrors file contains any local mirrors, these will be prepended to +# the updated file. If this option is set to '0', the mirrors file can only be +# updated manually. This may be useful if only using local mirrors. +# +# The default value is '1'. +# +UPDATE_MIRRORS=1 + +# +# The MIRRORS_MODE option tells rkhunter which mirrors are to be used when +# the '--update' or '--versioncheck' command-line options are given. +# Possible values are: +# 0 - use any mirror +# 1 - only use local mirrors +# 2 - only use remote mirrors +# +# Local and remote mirrors can be defined in the mirrors file by using the +# 'local=' and 'remote=' keywords respectively. +# +# The default value is '0'. +# +MIRRORS_MODE=0 + +# +# Email a message to this address if a warning is found when the system is +# being checked. Multiple addresses may be specified simply be separating +# them with a space. To disable the option, simply set it to the null string +# or comment it out. +# +# The option may be specified more than once. +# +# The default value is the null string. +# +# Also see the MAIL_CMD option. +# +#MAIL-ON-WARNING=root + +# +# This option specifies the mail command to use if MAIL-ON-WARNING is set. +# +# NOTE: Double quotes are not required around the command, but are required +# around the subject line if it contains spaces. +# +# The default is to use the 'mail' command, with a subject line +# of '[rkhunter] Warnings found for ${HOST_NAME}'. +# +#MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" + +# +# This option specifies the directory to use for temporary files. +# +# NOTE: Do not use '/tmp' as your temporary directory. Some important files +# will be written to this directory, so be sure that the directory permissions +# are secure. +# +# The installer program will set the default directory. If this default is +# subsequently commented out or removed, then the program will assume a +# default directory beneath the installation directory. +# +TMPDIR=/var/lib/rkhunter/tmp + +# +# This option specifies the database directory to use. +# +# The installer program will set the default directory. If this default is +# subsequently commented out or removed, then the program will assume a +# default directory beneath the installation directory. +# +DBDIR=/var/lib/rkhunter/db + +# +# This option specifies the script directory to use. +# +# The installer program will set the default directory. If this default is +# subsequently commented out or removed, then the program will not run. +# +SCRIPTDIR=/usr/share/rkhunter/scripts + +# +# This option can be used to modify the command directory list used by rkhunter +# to locate commands (that is, its PATH). By default this will be the root PATH, +# and an internal list of some common command directories. +# +# Any directories specified here will, by default, be appended to the default +# list. However, if a directory name begins with the '+' character, then that +# directory will be prepended to the list (that is, it will be put at the start +# of the list). +# +# This is a space-separated list of directory names. The option may be +# specified more than once. +# +# The default value is based on the root account PATH environment variable. +# +#BINDIR=/bin /usr/bin /sbin /usr/sbin +#BINDIR=+/usr/local/bin +/usr/local/sbin + +# +# This option specifies the default language to use. This should be similar to +# the ISO 639 language code. +# +# NOTE: Please ensure that the language you specify is supported. +# For a list of supported languages use the following command: +# +# rkhunter --lang en --list languages +# +# The default language is 'en' (English). +# +LANGUAGE=en + +# +# This option is a space-separated list of the languages that are to be updated +# when the '--update' option is used. If unset, then all the languages will be +# updated. If none of the languages are to be updated, then set this option to +# just 'en'. +# +# The default language, specified by the LANGUAGE option, and the English (en) +# language file will always be updated regardless of this option. +# +# This option may be specified more than once. +# +# The default value is the null string, indicating that all the language files +# will be updated. +# +UPDATE_LANG="en" + +# +# This option specifies the log file pathname. The file will be created if it +# does not initially exist. If the option is unset, then the program will +# display a message each time it is run saying that the default value is being +# used. +# +# The default value is '/var/log/rkhunter.log'. +# +LOGFILE=/var/log/rkhunter.log + +# +# Set this option to '1' if the log file is to be appended to whenever rkhunter +# is run. A value of '0' will cause a new log file to be created whenever the +# program is run. +# +# The default value is '0'. +# +#APPEND_LOG=0 + +# +# Set the following option to '1' if the log file is to be copied when rkhunter +# finishes and an error or warning has occurred. The copied log file name will +# be appended with the current date and time (in YYYY-MM-DD_HH:MM:SS format). +# For example: rkhunter.log.2009-04-21_00:57:51 +# If the option value is '0', then the log file will not be copied regardless +# of whether any errors or warnings occurred. +# +# The default value is '0'. +# +#COPY_LOG_ON_ERROR=0 + +# +# Set the following option to enable the rkhunter check start and finish times +# to be logged by syslog. Warning messages will also be logged. The value of +# the option must be a standard syslog facility and priority, separated by a +# dot. For example: +# +# USE_SYSLOG=authpriv.warning +# +# Setting the value to 'NONE', or just leaving the option commented out, +# disables the use of syslog. +# +# The default value is not to use syslog. +# +USE_SYSLOG=authpriv.warning + +# +# Set the following option to '1' if the second colour set is to be used. This +# can be useful if your screen uses black characters on a white background +# (for example, a PC instead of a server). A value of '0' will cause the default +# colour set to be used. +# +# The default value is '0'. +# +#COLOR_SET2=0 + +# +# Set the following option to '0' if rkhunter should not detect if X is being +# used. If X is detected as being used, then the second colour set will +# automatically be used. If set to '1', then the use of X will be detected. +# +# The default value is '0'. +# +AUTO_X_DETECT=1 + +# +# Set the following option to '1' if it is wanted that any 'Whitelisted' results +# are shown in white rather than green. For colour set 2 users, setting this +# option will cause the result to be shown in black. Setting the option to '0' +# causes whitelisted results to be displayed in green. +# +# The default value is '0'. +# +#WHITELISTED_IS_WHITE=0 + +# +# The following option is checked against the SSH configuration file +# 'PermitRootLogin' option. A warning will be displayed if they do not match. +# However, if a value has not been set in the SSH configuration file, then a +# value here of 'unset' can be used to avoid warning messages. +# +# The default value is 'no'. +# +#ALLOW_SSH_ROOT_USER=no + +# +# Set this option to '1' to allow the use of the SSH-1 protocol, but note +# that theoretically it is weaker, and therefore less secure, than the +# SSH-2 protocol. Do not modify this option unless you have good reasons +# to use the SSH-1 protocol (for instance for AFS token passing or Kerberos4 +# authentication). If the 'Protocol' option has not been set in the SSH +# configuration file, then a value of '2' may be set here in order to +# suppress a warning message. A value of '0' indicates that the use of +# SSH-1 is not allowed. +# +# The default value is '0'. +# +ALLOW_SSH_PROT_V1=2 + +# +# This setting tells rkhunter the directory containing the SSH configuration +# file. If unset, this setting will be worked out by rkhunter, and so should +# not usually need to be set. +# +# This option has no default value. +# +#SSH_CONFIG_DIR=/etc/ssh + +# +# These two options determine which tests are to be performed. The ENABLE_TESTS +# option can use the word 'ALL' to refer to all of the available tests. The +# DISABLE_TESTS option can use the word 'NONE' to mean that no tests are +# disabled. The list of disabled tests is applied to the list of enabled tests. +# +# Both options are space-separated lists of test names, and both options may +# be specified more than once. The currently available test names can be seen +# by using the command 'rkhunter --list tests'. +# +# The supplied configuration file has some tests already disabled, and these +# are tests that will be used only occasionally, can be considered 'advanced' +# or that are prone to produce more than the average number of false-positives. +# +# Please read the README file for more details about enabling and disabling +# tests, the test names, and how rkhunter behaves when these options are used. +# +# The default values are to enable all tests and to disable none. However, if +# either of the options below are specified, then they will override the +# program defaults. +# +ENABLE_TESTS=ALL +DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps + +# +# The HASH_CMD option can be used to specify the command to use for the file +# properties hash value check. It can be specified as just the command name or +# the full pathname. If just the command name is given, and it is one of MD5, +# SHA1, SHA224, SHA256, SHA384 or SHA512, then rkhunter will first look for the +# relevant command, such as 'sha256sum', and then for 'sha256'. If neither of +# these are found, it will then look to see if a perl module has been installed +# which will support the relevant hash function. To see which perl modules have +# been installed use the command 'rkhunter --list perl'. +# +# Systems using prelinking are restricted to using either the SHA1 or MD5 +# function. +# +# A value of 'NONE' (in uppercase) can be specified to indicate that no hash +# function should be used. Rkhunter will detect this, and automatically disable +# the file properties hash check test. +# +# Examples: +# For Solaris 9 : HASH_CMD=gmd5sum +# For Solaris 10: HASH_CMD=sha1sum +# For AIX (>5.2): HASH_CMD="csum -hMD5" +# For NetBSD : HASH_CMD="cksum -a sha512" +# +# NOTE: Whenever this option is changed 'rkhunter --propupd' must be run. +# +# The default value is the SHA256 function, unless prelinking is used in +# which case it defaults to the SHA1 function. +# +# Also see the HASH_FLD_IDX option. In addition, note the comments under +# the PKGMGR option relating to the use of HASH_CMD. +# +#HASH_CMD=SHA256 + +# +# The HASH_FLD_IDX option specifies which field from the HASH_CMD command +# output contains the hash value. The fields are assumed to be space-separated. +# +# The option value must be an integer greater than zero. +# +# The default value is '1', but for *BSD users rkhunter will, by default, use a +# value of '4' if the HASH_CMD option has not been set. +# +#HASH_FLD_IDX=4 + +# +# The PKGMGR option tells rkhunter to use the specified package manager to +# obtain the file property information. This is used when updating the file +# properties file ('rkhunter.dat'), and when running the file properties check. +# For RedHat/RPM-based systems, 'RPM' can be used to get information from the +# RPM database. For Debian-based systems 'DPKG' can be used, for *BSD systems +# 'BSD' can be used, or for *BSD systems with the 'pkg' command 'BSDng' can be +# used, and for Solaris systems 'SOLARIS' can be used. No value, or a value of +# 'NONE', indicates that no package manager is to be used. +# +# The package managers obtain each file hash value using a hash function. The +# Solaris package manager includes a 16-bit checksum value, but this is not +# used by default (see USE_SUNSUM below). The 'RPM' and 'BSDng' package managers +# currently use a SHA256 hash function. Other package managers will, typically, +# use an MD5 hash function. +# +# The 'DPKG', 'BSD' and 'BSDng' package managers only provide a file hash value. +# The 'RPM' package manager additionally provides values for the inode, file +# permissions, uid, gid and other values. The 'SOLARIS' package manager also +# provides most of the values, similar to 'RPM', but not the inode number. +# +# For any file not part of a package, rkhunter will revert to using the +# HASH_CMD hash function instead. This means that if the HASH_CMD option +# is set, and PKGMGR is set, then the HASH_CMD hash function is only used, +# and stored, for non-packaged files. All packaged files will use, and store, +# whatever hash function the relevant package manager uses. So, for example, +# with the 'RPM' package manager, packaged files will be stored with their +# SHA256 value regardless of the value of the HASH_CMD option. +# +# NOTE: Whenever this option is changed 'rkhunter --propupd' must be run. +# +# The default value is 'NONE'. +# +# Also see the PKGMGR_NO_VRFY and USE_SUNSUM options. +# +# NONE is the default for Debian as well, as running --propupd takes +# about 4 times longer when it's set to DPKG +# +#PKGMGR=NONE + +# +# It is possible that a file, which is part of a package, may have been +# modified by the administrator. Typically this occurs for configuration +# files. However, the package manager may list the file as being modified. +# For the RPM package manager this may well depend on how the package was +# built. This option specifies a pathname which is to be exempt from the +# package manager verification process, and which will be treated +# as a non-packaged file. As such, the file properties are still checked. +# +# This option only takes effect if the PKGMGR option has been set, and +# is not 'NONE'. +# +# This option may be specified more than once. +# +# NOTE: Whenever this option is changed 'rkhunter --propupd' must be run. +# +# The default value is the null string. +# +#PKGMGR_NO_VRFY="" + +# +# If the 'SOLARIS' package manager is used, then it is possible to use the +# checksum (hash) value stored for a file. However, this is only a 16-bit +# checksum, and as such is not nearly as secure as, for example, a SHA-2 value. +# If the option is set to '0', then the checksum is not used and the hash +# function given by HASH_CMD is used instead. To enable this option, set its +# value to '1'. The Solaris 'sum' command must be present on the system if this +# option is used. +# +# The default value is '0'. +# +#USE_SUNSUM=0 + +# +# This option can be used to tell rkhunter to ignore any prelink dependency +# errors for the given commands. However, a warning will also be issued if the +# error does not occur for a given command. As such this option must only be +# used on commands which experience a persistent problem. +# +# Short-term prelink dependency errors can usually be resolved simply by +# running the 'prelink' command on the given pathname. +# +# This is a space-separated list of command pathnames. The option can be +# specified more than once. +# +# NOTE: Whenever this option is changed 'rkhunter --propupd' must be run. +# +# The default value is the null string. +# +#IGNORE_PRELINK_DEP_ERR=/bin/ps /usr/bin/top + +# +# These options specify a command, directory or file pathname which will be +# included or excluded in the file properties checks. +# +# For the USER_FILEPROP_FILES_DIRS option, simple command names - for example, +# 'top' - and directory names are added to the internal list of directories to +# be searched for each of the command names in the command list. Additionally, +# full pathnames to files, which need not be commands, may be given. Any files +# or directories which are already part of the internal lists will be silently +# ignored from the configuration. +# +# For the USER_FILEPROP_FILES_DIRS option, wildcards are allowed, except for +# simple command names. +# For example, 'top*' cannot be given, but '/usr/bin/top*' is allowed. +# +# To extend the use of wildcards to include recursive checking of directories, +# see the GLOBSTAR configuration option. +# +# Specific files may be excluded by using the EXCLUDE_USER_FILEPROP_FILES_DIRS +# option. Wildcards may be used with this option. +# +# By combining these two options, and using wildcards, whole directories can be +# excluded. For example: +# +# USER_FILEPROP_FILES_DIRS=/etc/* +# USER_FILEPROP_FILES_DIRS=/etc/*/* +# EXCLUDE_USER_FILEPROP_FILES_DIRS=/etc/rc?.d/* +# +# This will look for files in the first two directory levels of '/etc'. However, +# anything in '/etc/rc0.d', '/etc/rc1.d', '/etc/rc2.d' and so on, will be +# excluded. +# +# NOTE: Only files and directories which have been added by the user, and are +# not part of the internal lists, can be excluded. So, for example, it is not +# possible to exclude the 'ps' command by using '/bin/ps'. These will be +# silently ignored from the configuration. +# +# Both options can be specified more than once. +# +# NOTE: Whenever these options are changed 'rkhunter --propupd' must be run. +# +# The default value for both options is the null string. +# +#USER_FILEPROP_FILES_DIRS=top +#USER_FILEPROP_FILES_DIRS=/usr/local/sbin +#USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf +#USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf.local +#USER_FILEPROP_FILES_DIRS=/etc/rkhunter.d/* +#EXCLUDE_USER_FILEPROP_FILES_DIRS=/opt/ps* + +# +# This option whitelists files and directories from existing, or not existing, +# on the system at the time of testing. This option is used when the +# configuration file options themselves are checked, and during the file +# properties check, the hidden files and directories checks, and the filesystem +# check of the '/dev' directory. +# +# This option may be specified more than once, and may use wildcards. +# Be aware though that this is probably not what you want to do as the +# wildcarding will be expanded after files have been deleted. As such +# deleted files won't be whitelisted if wildcarded. +# +# NOTE: The user must take into consideration how often the file will appear +# and disappear from the system in relation to how often rkhunter is run. If +# the file appears, and disappears, too often then rkhunter may not notice +# this. All it will see is that the file has changed. The inode number and DTM +# will certainly be different for each new file, and rkhunter will report this. +# +# The default value is the null string. +# +#EXISTWHITELIST="" + +# +# Whitelist various attributes of the specified file. The attributes are those +# of the 'attributes' test. Specifying a file name here does not include it +# being whitelisted for the write permission test (see below). +# +# This option may be specified more than once, and may use wildcard characters. +# +# The default value is the null string. +# +#ATTRWHITELIST=/usr/bin/date + +# +# Allow the specified file to have the 'others' (world) permission have the +# write-bit set. For example, files with permissions r-xr-xrwx or rwxrwxrwx. +# +# This option may be specified more than once, and may use wildcard characters. +# +# The default value is the null string. +# +#WRITEWHITELIST=/usr/bin/date + +# +# Allow the specified file to be a script. +# +# This option may be specified more than once, and may use wildcard characters. +# +# The default value is the null string. +# +SCRIPTWHITELIST=/usr/bin/egrep +SCRIPTWHITELIST=/usr/bin/fgrep +SCRIPTWHITELIST=/usr/bin/which +SCRIPTWHITELIST=/usr/bin/ldd +SCRIPTWHITELIST=/usr/bin/lwp-request +SCRIPTWHITELIST=/usr/sbin/adduser +#SCRIPTWHITELIST=/usr/sbin/prelink +#SCRIPTWHITELIST=/usr/sbin/unhide.rb + +# +# Allow the specified file to have the immutable attribute set. +# +# This option may be specified more than once, and may use wildcard characters. +# +# The default value is the null string. +# +#IMMUTWHITELIST=/sbin/ifdown + +# +# If this option is set to '1', then the immutable-bit test is reversed. That +# is, the files are expected to have the bit set. A value of '0' means that the +# immutable-bit should not be set. +# +# The default value is '0'. +# +#IMMUTABLE_SET=0 + +# +# If this option is set to '1', then any changed inode value is ignored in +# the file properties check. The inode test itself still runs, but it will +# always return that no inodes have changed. +# +# This option may be useful for filesystems such as Btrfs, which handle inodes +# slightly differently than other filesystems. +# +# The default value is '0'. +# +#SKIP_INODE_CHECK=0 + +# +# Allow the specified hidden directory to be whitelisted. +# +# This option may be specified more than once, and may use wildcard characters. +# +# The default value is the null string. +# +ALLOWHIDDENDIR=/etc/.java +ALLOWHIDDENDIR=/dev/shm +#ALLOWHIDDENDIR=/etc/.git +#ALLOWHIDDENDIR=/dev/.lxc + +# +# Allow the specified hidden file to be whitelisted. +# +# This option may be specified more than once, and may use wildcard characters. +# +# The default value is the null string. +# +#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz +#ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac +#ALLOWHIDDENFILE=/usr/bin/.ssh.hmac +#ALLOWHIDDENFILE=/usr/lib/.libfipscheck.so.1.1.0.hmac +#ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac +#ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac +#ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac +#ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz +#ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz +#ALLOWHIDDENFILE=/etc/.gitignore +#ALLOWHIDDENFILE=/etc/.bzrignore +#ALLOWHIDDENFILE=/etc/.etckeeper + +# +# Allow the specified process to use deleted files. The process name may be +# followed by a colon-separated list of full pathnames (which have been +# deleted). The process will then only be whitelisted if it is using one of +# the given pathnames. For example: +# +# ALLOWPROCDELFILE=/usr/libexec/gconfd-2:/tmp/abc:/var/tmp/xyz +# +# This option may be specified more than once. It may also use wildcards, but +# only in the deleted file pathnames, not in the process name. The use of +# extended pattern matching in pathname expansion (for example, '**') is not +# supported for this option. However, the option itself extends globbing when +# the '*' character is used by matching zero or more characters in the +# pathname, including those in sub-directories. For example, the pathname +# '/tmp/abc/def/xyz' would not be matched by shell globbing using '/tmp/*/xyz' +# but is matched when used in this option. Similarly, using '/tmp/*' will +# match any file found in the '/tmp' directory or any sub-directories. +# +# The default value is the null string. +# +#ALLOWPROCDELFILE=/sbin/cardmgr +#ALLOWPROCDELFILE=/usr/lib/libgconf2-4/gconfd-2 +#ALLOWPROCDELFILE=/usr/sbin/mysqld:/tmp/ib* +#ALLOWPROCDELFILE=/usr/lib/iceweasel/iceweasel +#ALLOWPROCDELFILE=/usr/bin/file-roller + +# +# Allow the specified process to listen on any network interface. +# +# This option may be specified more than once, and may use wildcard characters. +# +# The default value is the null string. +# +#ALLOWPROCLISTEN=/sbin/dhclient +#ALLOWPROCLISTEN=/usr/bin/dhcpcd +#ALLOWPROCLISTEN=/usr/sbin/tcpdump +#ALLOWPROCLISTEN=/usr/sbin/snort-plain + +# +# Allow the specified network interfaces to be in promiscuous mode. +# +# This is a space-separated list of interface names. The option may be +# specified more than once. +# +# The default value is the null string. +# +#ALLOWPROMISCIF=eth0 + +# +# This option specifies how rkhunter should scan the '/dev' directory for +# suspicious files. The only allowed values are 'THOROUGH' and 'LAZY'. +# +# A THOROUGH scan will increase the overall runtime of rkhunter. Despite this, +# it is highly recommended that this value is used. +# +# The default value is 'THOROUGH'. +# +# Also see the ALLOWDEVFILE option. +# +#SCAN_MODE_DEV=THOROUGH + +# +# Allow the specified file to be present in the '/dev' directory, and not +# regarded as suspicious. +# +# This option may be specified more than once, and may use wildcard characters. +# +# The default value is the null string. +# +#ALLOWDEVFILE=/dev/shm/pulse-shm-* +#ALLOWDEVFILE=/dev/shm/sem.ADBE_* + +# +# Allow the specified process pathnames to use shared memory segments. +# +# This option may be specified more than once, and may use wildcard characters. +# +# The default value is the null string. +# +#ALLOWIPCPROC=/usr/bin/firefox +#ALLOWIPCPROC=/usr/bin/vlc + +# +# Allow the specified memory segment creator PIDs to use shared memory segments. +# +# This is a space-separated list of PID numbers (as given by the +# 'ipcs -p' command). This option may be specified more than once. +# +# The default value is the null string. +# +#ALLOWIPCPID=12345 6789 + +# +# Allow the specified account names to use shared memory segments. +# +# This is a space-separated list of account names. The option may be specified +# more than once. +# +# The default value is the null string. +# +#ALLOWIPCUSER=usera userb + +# +# This option can be used to set the maximum shared memory segment size +# (in bytes) that is not considered suspicious. Any segment above this size, +# and with 600 or 666 permissions, will be considered suspicious during the +# shared memory check. +# +# The default is 1048576 (1M) bytes. +# +#IPC_SEG_SIZE=1048576 + +# +# This option is used to indicate if the Phalanx2 test is to perform a basic +# check, or a more thorough check. If the option is set to '0', then a basic +# check is performed. If it is set to '1', then all the directories in the +# '/etc' and '/usr' directories are scanned. +# +# NOTE: Setting this option to '1' will cause the test to take longer +# to complete. +# +# The default value is '0'. +# +#PHALANX2_DIRTEST=0 + +# +# This option tells rkhunter where the inetd configuration file is located. +# +# The default value is the null string. +# +#INETD_CONF_PATH=/etc/inetd.conf + +# +# This option allows the specified enabled inetd services. +# +# This is a space-separated list of service names. The option may be specified +# more than once. +# +# For non-Solaris users the simple service name should be used. +# For example: +# +# INETD_ALLOWED_SVC=echo +# +# For Solaris 9 users the simple service name should also be used, but +# if it is an RPC service, then the executable pathname should be used. +# For example: +# +# INETD_ALLOWED_SVC=imaps +# INETD_ALLOWED_SVC=/usr/sbin/rpc.metad /usr/sbin/rpc.metamhd +# +# For Solaris 10 users the service/FMRI name should be used. For example: +# +# INETD_ALLOWED_SVC=/network/rpc/meta +# INETD_ALLOWED_SVC=/network/rpc/metamed +# INETD_ALLOWED_SVC=/application/font/stfsloader +# INETD_ALLOWED_SVC=/network/rpc-100235_1/rpc_ticotsord +# +# The default value is the null string. +# +#INETD_ALLOWED_SVC=echo + +# +# This option tells rkhunter where the xinetd configuration file is located. +# +# The default value is the null string. +# +#XINETD_CONF_PATH=/etc/xinetd.conf + +# +# This option allows the specified enabled xinetd services. Whilst it would be +# nice to use the service names themselves, at the time of testing we only have +# the pathname available. As such, these entries are the xinetd file pathnames. +# +# This is a space-separated list of service names. The option may be specified +# more than once. +# +# The default value is the null string. +# +#XINETD_ALLOWED_SVC=/etc/xinetd.d/echo + +# +# This option tells rkhunter the local system startup file pathnames. The +# directories will be searched for files. If unset, then rkhunter will try +# and determine were the startup files are located. If the option is set to +# 'NONE' then certain tests will be skipped. +# +# This is a space-separated list of file and directory pathnames. The option +# may be specified more than once, and may use wildcard characters. +# +# This option has no default value. +# +#STARTUP_PATHS=/etc/init.d /etc/rc.local + +# +# This option tells rkhunter the pathname to the file containing the user +# account passwords. If unset, this setting will be worked out by rkhunter, +# and so should not usually need to be set. Users of TCB shadow files should +# not set this option. +# +# This option has no default value. +# +#PASSWORD_FILE=/etc/shadow + +# +# This option allows the specified accounts to be root equivalent. These +# accounts will have a UID value of zero. The 'root' account does not need +# to be listed as it is automatically whitelisted. +# +# This is a space-separated list of account names. The option may be specified +# more than once. +# +# NOTE: For *BSD systems you will probably need to use this option for the +# 'toor' account. +# +# The default value is the null string. +# +#UID0_ACCOUNTS=toor rooty sashroot + +# +# This option allows the specified accounts to have no password. NIS/YP entries +# do not need to be listed as they are automatically whitelisted. +# +# This is a space-separated list of account names. The option may be specified +# more than once. +# +# The default value is the null string. +# +#PWDLESS_ACCOUNTS=abc + +# +# This option tells rkhunter the pathname to the syslog configuration file. +# If unset, this setting will be worked out by rkhunter, and so should not +# usually need to be set. A value of 'NONE' can be used to indicate that +# there is no configuration file, but that the syslog daemon process may +# be running. +# +# This is a space-separated list of pathnames. The option may be specified +# more than once. +# +# This option has no default value. +# +#SYSLOG_CONFIG_FILE=/etc/syslog.conf + +# +# If this option is set to '1', then the use of syslog remote logging is +# permitted. A value of '0' disallows the use of remote logging. +# +# The default value is '0'. +# +#ALLOW_SYSLOG_REMOTE_LOGGING=0 + +# +# This option allows the specified applications, or a specific version of an +# application, to be whitelisted. If a specific version is to be whitelisted, +# then the name must be followed by a colon and then the version number. +# For example: +# +# APP_WHITELIST=openssl:0.9.7d gpg httpd:1.3.29 +# +# This is a space-separated list of pathnames. The option may be specified +# more than once. +# +# The default value is the null string. +# +#APP_WHITELIST="" + +# +# Set this option to scan for suspicious files in directories which pose a +# relatively higher risk due to user write access. +# +# Please do not enable the 'suspscan' test by default as it is CPU and I/O +# intensive, and prone to producing false positives. Do review all settings +# before usage. Also be aware that running 'suspscan' in combination with +# verbose logging on, rkhunter's default, will show all ignored files. +# +# Please consider adding all directories the user the (web)server runs as, +# and has write access to, including the document root (e.g: '/var/www') and +# log directories (e.g: '/var/log/httpd'). +# +# This is a space-separated list of directory pathnames. The option may be +# specified more than once. +# +# The default value is the '/tmp' and '/var/tmp' directories. +# +#SUSPSCAN_DIRS=/tmp /var/tmp + +# +# This option specifies the directory for temporary files used by the +# 'suspscan' test. A memory-based directory, such as a tempfs filesystem, is +# better (faster). Do not use a directory name that is listed in SUSPSCAN_DIRS +# as that is highly likely to cause false-positive results. +# +# The default value is '/dev/shm'. +# +#SUSPSCAN_TEMP=/dev/shm + +# +# This option specifies the 'suspscan' test maximum filesize in bytes. Files +# larger than this will not be inspected. Do make sure you have enough space +# available in your temporary files directory. +# +# The default value is '1024000'. +# +#SUSPSCAN_MAXSIZE=1024000 + +# +# This option specifies the 'suspscan' test score threshold. Below this value +# no hits will be reported. +# +# The default value is '200'. +# +#SUSPSCAN_THRESH=200 + +# +# This option may be used to whitelist file pathnames from the suspscan test. +# +# Shell globbing may be used in the pathname. Also see the GLOBSTAR configuration +# option. +# +# This option may be specified more than once. +# +# The default value is the null string. +# +#SUSPSCAN_WHITELIST="" + +# +# The following options can be used to whitelist network ports which are known +# to have been used by malware. +# +# The PORT_WHITELIST option is a space-separated list of one or more of two +# types of whitelisting. These are: +# +# 1) a 'protocol:port' pair +# 2) an asterisk ('*') +# +# Only the UDP or TCP protocol may be specified, and the port number must be +# between 1 and 65535 inclusive. +# +# The asterisk can be used to indicate that any executable which rkhunter can +# locate as a command, is whitelisted. (Also see BINDIR) +# +# The PORT_PATH_WHITELIST option specifies one of two types of whitelisting. +# These are: +# +# 1) a pathname to an executable +# 2) a combined pathname, protocol and port +# +# As above, the protocol can only be TCP or UDP, and the port number must be +# between 1 and 65535 inclusive. +# +# Examples: +# +# PORT_WHITELIST=TCP:2001 UDP:32011 +# PORT_PATH_WHITELIST=/usr/sbin/squid +# PORT_PATH_WHITELIST=/usr/sbin/squid:TCP:3801 +# +# NOTE: In order to whitelist a pathname, or use the asterisk option, the +# 'lsof' command must be present. +# +# Both options may be specified more than once. +# +# The default value for both options is the null string. +# +#PORT_WHITELIST="" +#PORT_PATH_WHITELIST="" + +# +# The following option can be used to tell rkhunter where the operating system +# 'release' file is located. This file contains information specifying the +# current O/S version. RKH will store this information, and check to see if it +# has changed between each run. If it has changed, then the user is warned that +# RKH may issue warning messages until RKH has been run with the '--propupd' +# option. +# +# Since the contents of the file vary according to the O/S distribution, RKH +# will perform different actions when it detects the file itself. As such, this +# option should not be set unless necessary. If this option is specified, then +# RKH will assume the O/S release information is on the first non-blank line of +# the file. +# +# This option has no default value. +# +# Also see the WARN_ON_OS_CHANGE and UPDT_ON_OS_CHANGE options. +# +#OS_VERSION_FILE=/etc/debian_version + +# +# Set the following option to '0' if you do not want to receive a warning if any +# O/S information has changed since the last run of 'rkhunter --propupd'. The +# warnings occur during the file properties check. Setting a value of '1' will +# cause rkhunter to issue a warning if something has changed. +# +# The default value is '1'. +# +#WARN_ON_OS_CHANGE=1 + +# +# Set the following option to '1' if you want rkhunter to automatically run a +# file properties update ('--propupd') if the O/S has changed. Detection of an +# O/S change occurs during the file properties check. Setting a value of '0' +# will cause rkhunter not to do an automatic update. +# +# WARNING: Only set this option if you are sure that the update will work +# correctly. That is, that the database directory is writeable, that a valid +# hash function is available, and so on. This can usually be checked simply by +# running 'rkhunter --propupd' at least once. +# +# The default value is '0'. +# +#UPDT_ON_OS_CHANGE=0 + +# +# The following two options can be used to whitelist files and directories that +# would normally be flagged with a warning during the various rootkit and +# malware checks. Only existing files and directories can be specified, and +# these must be full pathnames not links. +# +# Additionally, the RTKT_FILE_WHITELIST option may include a string after the +# file name (separated by a colon). This will then only whitelist that string +# in that file (as part of the malware checks). For example: +# +# RTKT_FILE_WHITELIST=/etc/rc.local:hdparm +# +# If the option list includes the filename on its own as well, then the file +# will be whitelisted from rootkit checks of the files existence, but still +# only the specific string within the file will be whitelisted. For example: +# +# RTKT_FILE_WHITELIST=/etc/rc.local +# RTKT_FILE_WHITELIST=/etc/rc.local:hdparm +# +# To whitelist a file from the existence checks, but not from the strings +# checks, then include the filename on its own and on its own but with just +# a colon appended. For example: +# +# RTKT_FILE_WHITELIST=/etc/rc.local +# RTKT_FILE_WHITELIST=/etc/rc.local: +# +# NOTE: It is recommended that if you whitelist any files, then you include +# those files in the file properties check. See the USER_FILEPROP_FILES_DIRS +# configuration option. +# +# Both of these options may be specified more than once. +# +# For both options the default value is the null string. +# +#RTKT_DIR_WHITELIST="" +#RTKT_FILE_WHITELIST="" + +# +# The following option can be used to whitelist shared library files that would +# normally be flagged with a warning during the preloaded shared library check. +# These library pathnames usually exist in the '/etc/ld.so.preload' file or in +# the LD_PRELOAD environment variable. +# +# NOTE: It is recommended that if you whitelist any files, then you include +# those files in the file properties check. See the USER_FILEPROP_FILES_DIRS +# configuration option. +# +# This option is a space-separated list of library pathnames. The option may be +# specified more than once. +# +# The default value is the null string. +# +#SHARED_LIB_WHITELIST=/lib/snoopy.so + +# +# To force rkhunter to use the supplied script for the 'stat' or 'readlink' +# command the following two options can be used. The value must be set to +# 'BUILTIN'. +# +# NOTE: IRIX users will probably need to enable STAT_CMD. +# +# For both options the default value is the null string. +# +#STAT_CMD=BUILTIN +#READLINK_CMD=BUILTIN + +# +# In the file properties test any modification date/time is displayed as the +# number of epoch seconds. Rkhunter will try and use the 'date' command, or +# failing that the 'perl' command, to display the date and time in a +# human-readable format as well. This option may be used if some other command +# should be used instead. The given command must understand the '%s' and +# 'seconds ago' options found in the GNU 'date' command. +# +# A value of 'NONE' may be used to request that only the epoch seconds be shown. +# A value of 'PERL' may be used to force rkhunter to use the 'perl' command, if +# it is present. +# +# This option has no default value. +# +#EPOCH_DATE_CMD="" + +# +# This setting tells rkhunter the directory containing the available Linux +# kernel modules. If unset, this setting will be worked out by rkhunter, and +# so should not usually need to be set. +# +# This option has no default value. +# +#MODULES_DIR="" + +# +# The following option can be set to a command which rkhunter will use when +# downloading files from the Internet - that is, when the '--update' or +# '--versioncheck' option is used. The command can take options. +# +# This allows the user to use a command other than the one automatically +# selected by rkhunter, but still one which it already knows about. +# For example: +# +# WEB_CMD=curl +# +# Alternatively, the user may specify a completely new command. However, note +# that rkhunter expects the downloaded file to be written to stdout, and that +# everything written to stderr is ignored. For example: +# +# WEB_CMD="/opt/bin/dlfile --timeout 5m -q" +# +# *BSD users may want to use the 'ftp' command, provided that it supports the +# HTTP protocol: +# +# WEB_CMD="ftp -o -" +# +# This option has no default value. +# +WEB_CMD="" + +# +# Set the following option to '1' if locking is to be used when rkhunter runs. +# The lock is set just before logging starts, and is removed when the program +# ends. It is used to prevent items such as the log file, and the file +# properties file, from becoming corrupted if rkhunter is running more than +# once. The mechanism used is to simply create a lock file in the LOCKDIR +# directory. If the lock file already exists, because rkhunter is already +# running, then the current process simply loops around sleeping for 10 seconds +# and then retrying the lock. A value of '0' means not to use locking. +# +# The default value is '0'. +# +# Also see the LOCKDIR, LOCK_TIMEOUT and SHOW_LOCK_MSGS options. +# +#USE_LOCKING=0 + +# +# This option specifies the directory to be used when locking is enabled. +# If the option is unset, then the directory to be used will be worked out +# by rkhunter. In that instance the directories '/run/lock', '/var/lock', +# '/var/run/lock', '/run' and '/var/run' will be checked in turn. If none +# of those can be found, or are not read/writeable, then the TMPDIR directory +# will be used. +# +# To avoid the lock file persisting across a server reboot, the directory +# used should be memory-resident. +# +# This option has no default value. +# +#LOCKDIR="" + +# +# If locking is used, then rkhunter may have to wait to get the lock file. +# This option sets the total amount of time, in seconds, that rkhunter should +# wait. It will retry the lock every 10 seconds, until either it obtains the +# lock or the timeout value has been reached. +# +# The default value is 300 seconds (5 minutes). +# +#LOCK_TIMEOUT=300 + +# +# If locking is used, then rkhunter may be doing nothing for some time if it +# has to wait for the lock. If this option is set to '1', then some simple +# messages are echoed to the users screen to let them know that rkhunter is +# waiting for the lock. Set this option to '0' if the messages are not to be +# displayed. +# +# The default value is '1'. +# +#SHOW_LOCK_MSGS=1 + +# +# If this option is set to 'THOROUGH' then rkhunter will search (on a per +# rootkit basis) for filenames in all of the directories (as defined by the +# result of running 'find / -xdev'). While still not optimal, as it still +# searches for only file names as opposed to file contents, this is one step +# away from the rigidity of searching in known (evidence) or default +# (installation) locations. +# +# THIS OPTION SHOULD NOT BE ENABLED BY DEFAULT. +# +# You should only activate this feature as part of a more thorough +# investigation, which should be based on relevant best practices and +# procedures. +# +# Enabling this feature implies you have the knowledge to interpret the +# results properly. +# +# The default value is the null string. +# +#SCANROOTKITMODE=THOROUGH + +# +# The following option can be set to the name(s) of the tests the 'unhide' +# command is to use. Options such as '-m' and '-v' may be specified, but will +# only take effect when they are seen. The test names are a space-separated +# list, and will be executed in the order given. +# +# This option may be specified more than once. +# +# The default value is 'sys' in order to maintain compatibility with older +# versions of 'unhide'. +# +#UNHIDE_TESTS=sys + +# +# The following option can be used to set options for the 'unhide-tcp' command. +# The options are space-separated. +# +# This option may be specified more than once. +# +# The default value is the null string. +# +#UNHIDETCP_OPTS="" + +# +# This option can be set to either '0' or '1'. If set to '1' then the summary, +# shown after rkhunter has run, will display the actual number of warnings +# found. If it is set to '0', then the summary will simply indicate that +# 'One or more' warnings were found. If no warnings were found, and this option +# is set to '1', then a "0" will be shown. If the option is set to '0', then +# the words 'No warnings' will be shown. +# +# The default value is '0'. +# +#SHOW_SUMMARY_WARNINGS_NUMBER=0 + +# +# This option is used to determine where, if anywhere, the summary scan time is +# displayed. A value of '0' indicates that it should not be displayed anywhere. +# A value of '1' indicates that the time should only appear on the screen, and a +# value of '2' that it should only appear in the log file. A value of '3' +# indicates that the time taken should appear both on the screen and in the log +# file. +# +# The default value is '3'. +# +#SHOW_SUMMARY_TIME=3 + +# +# The two options below may be used to check if a file is missing or empty +# (that is, it has a size of zero). The EMPTY_LOGFILES option will also check +# if the file is missing, since that can be interpreted as a file of no size. +# However, the file will only be reported as missing if the MISSING_LOGFILES +# option hasn't already done this. +# +# Both options are space-separated lists of pathnames, and may be specified +# more than once. +# +# NOTE: Log files are usually 'rotated' by some mechanism. At that time it is +# perfectly possible for the file to be either missing or empty. As such these +# options may produce false-positive warnings when log files are rotated. +# +# For both options the default value is the null string. +# +#EMPTY_LOGFILES="" +#MISSING_LOGFILES="" + +# +# This option can be set to either '0' or '1'. If set to '1' then the globbing +# characters '**' can be used to allow the recursive checking of directories. +# This can be useful, for example, with the USER_FILEPROP_FILES_DIRS option. +# For example: +# +# USER_FILEPROP_FILES_DIRS=/etc/**/*.conf +# +# This will check all '.conf' files within the '/etc' directory, and any +# sub-directories (at any level). If GLOBSTAR is not set, then the shell will +# interpret '**' as '*' and only one level of sub-directories will be checked. +# +# NOTE: This option is only valid for those shells which support the 'globstar' +# option. Typically this will be 'bash' (version 4 and above) via the 'shopt' command, +# and 'ksh' via the 'set' command. +# +# The default value is '0'. +# +#GLOBSTAR=0 + +INSTALLDIR=/usr + diff --git a/setup.py b/setup.py new file mode 100755 index 0000000..f2d5520 --- /dev/null +++ b/setup.py @@ -0,0 +1,101 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Python 3 +#(c) Xavier 2019 +""" +Icone sous Windows: il faut: +=> un xxx.ico pour integration dans le exe, avec "icon=xxx.ico" +=> un xxx.png pour integration avec PyQt4 + demander la recopie avec includefiles. +""" + +import sys, os +from cx_Freeze import setup, Executable + +############################################################################# +# preparation des options + +# chemins de recherche des modules +# ajouter d'autres chemins (absolus) si necessaire: sys.path + ["chemin1", "chemin2"] +path = sys.path + +# options d'inclusion/exclusion des modules +includes = [] # nommer les modules non trouves par cx_freeze +excludes = [] +packages = [] # nommer les packages utilises + +# copier les fichiers non-Python et/ou repertoires et leur contenu: +includefiles = [] + +if sys.platform == "win32": + pass + # includefiles += [...] : ajouter les recopies specifiques à Windows +elif sys.platform == "linux2": + pass + # includefiles += [...] : ajouter les recopies specifiques à Linux +else: + pass + # includefiles += [...] : cas du Mac OSX non traite ici + +# pour que les bibliotheques binaires de /usr/lib soient recopiees aussi sous Linux +binpathincludes = [] +if sys.platform == "linux2": + binpathincludes += ["/usr/lib"] + +# niveau d'optimisation pour la compilation en bytecodes +optimize = 0 + +# si True, n'affiche que les warning et les erreurs pendant le traitement cx_freeze +silent = True + +# construction du dictionnaire des options +options = {"path": path, + "includes": includes, + "excludes": excludes, + "packages": packages, + "include_files": includefiles, + "bin_path_includes": binpathincludes, + #"create_shared_zip": False, # <= ne pas generer de fichier zip + #"include_in_shared_zip": False, # <= ne pas generer de fichier zip + #"compressed": False, # <= ne pas generer de fichier zip + "optimize": optimize, + "silent": silent + } + +# pour inclure sous Windows les dll system de Windows necessaires +if sys.platform == "win32": + options["include_msvcr"] = True + +############################################################################# +# preparation des cibles +base = None +if sys.platform == "win32": + base = "Win32GUI" # pour application graphique sous Windows + # base = "Console" # pour application en console sous Windows + +icone = "icone.ico" +if sys.platform == "win32": + icone = "icone.ico" + +cible_1 = Executable( + script="main.py", + base=base, + #compress=False, # <= ne pas generer de fichier zip + #copyDependentFiles=True, + #appendScriptToExe=True, + #appendScriptToLibrary=False, # <= ne pas generer de fichier zip + icon="icone.ico" + ) + + +############################################################################# +# creation du setup +setup( + name="GUI RKHunter", + version="1.01", + description="GUI RKHunter", + author="FRS2013", + options={"build_exe": options}, + executables=[cible_1] + ) + +