external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-21 03:02:09 +00:00
Code Issues Releases Wiki Activity

RKHunter added during installation and setup for cronjobs

Browse Source
This commit is contained in:
ChiefGyk 2016-06-28 12:46:27 -04:00
parent 23f2b1688f
commit 5ed8803cc1
4 changed files with 1122 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
conf/rkhunter/rkhunter-cron.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
# Cron daily for rkhunter by Alon "ChiefGyk" Ganon
# alon@ganon.me
(
rkhunter --versioncheck
rkhunter --update
rkhunter -c --cronjob
) | mail -s 'rkhunter Daily Check' admin@$DOMAIN

1003
conf/rkhunter/rkhunter.conf Normal file
View File

File diff suppressed because it is too large Load Diff

81
conf/rkhunter/rkhunter.conf.local Normal file
View File

@ -0,0 +1,81 @@
#
# Email a message to this address if a warning is found when the
# system is being checked. Multiple addresses may be specified
# simply be separating them with a space. Setting this option to
# null disables the option.
#
# NOTE: This option should be present in the configuration file.
#
MAIL-ON-WARNING=admin@$DOMAIN
#
# Allow the specified commands to be scripts.
#
# This is a space-separated list of filenames. The option may
# be specified more than once. The option may use wildcard
# characters.
#
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
#SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
#SCRIPTWHITELIST=/usr/sbin/prelink
SCRIPTWHITELIST=/usr/bin/unhide.rb
#
# Allow the specified hidden directories to be whitelisted.
#
# This is a space-separated list of directory pathnames.
# The option may be specified more than once. The option
# may use wildcard characters.
#
#ALLOWHIDDENDIR="/etc/.java"
#ALLOWHIDDENDIR="/dev/.static"
#ALLOWHIDDENDIR="/dev/.SRC-unix"
#ALLOWHIDDENDIR="/etc/.etckeeper"
ALLOWHIDDENDIR="/dev/.udev"
#
# Allow the specified hidden files to be whitelisted.
#
# This is a space-separated list of filenames. The option may
# be specified more than once. The option may use wildcard
# characters.
#
#ALLOWHIDDENFILE="/etc/.java"
#ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz"
#ALLOWHIDDENFILE="/etc/.pwd.lock"
#ALLOWHIDDENFILE="/etc/.init.state"
#ALLOWHIDDENFILE="/lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac"
#ALLOWHIDDENFILE="/lib/.libssl.so.0.9.8e.hmac /lib/.libssl.so.6.hmac"
#ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac"
#ALLOWHIDDENFILE="/usr/bin/.ssh.hmac"
#ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.1.0.hmac"
#ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.hmac"
#ALLOWHIDDENFILE="/usr/lib/.libgcrypt.so.11.hmac"
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha1hmac.hmac"
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha256hmac.hmac"
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac"
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac"
#ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
#ALLOWHIDDENFILE="/usr/share/man/man5/.k5login.5.gz"
#ALLOWHIDDENFILE="/etc/.gitignore"
#ALLOWHIDDENFILE="/etc/.bzrignore"
ALLOWHIDDENFILE="/dev/.blkid.tab"
ALLOWHIDDENFILE="/dev/.blkid.tab.old"
ALLOWHIDDENFILE="/dev/.initramfs"
#
# Allow the specified files to be present in the /dev directory,
# and not regarded as suspicious.
#
# This is a space-separated list of pathnames. The option may
# be specified more than once. The option may use wildcard
# characters.
#
#ALLOWDEVFILE="/dev/shm/pulse-shm-*"
#ALLOWDEVFILE="/dev/shm/sem.ADBE_*"
ALLOWDEVFILE="/dev/.udev/rules.d/root.rules"

30
setup/system.sh
View File

@ -212,6 +212,36 @@ pollinate -q -r
# #
# Allow apt to install system updates automatically every day. # Allow apt to install system updates automatically every day.
# Add Rootkit hunter
# I have it install and then update to install dependencies and such
# It adds a crontab to check daily at 4:15AM
# Added by Alon "Chief Gyk" Ganon
# alon@ganon.me
echo "setting debconf variables"
debconf-set-selections <<< "postfix postfix/mailname string $DOMAIN"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
echo "Installing RKHunter from Ubuntu Repo first to setup system files properly"
apt_install -y rkhunter binutils libreadline5 ruby ruby1.9.1 unhide.rb mailutils
echo "Downloading latest RKHunter"
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
rkhunter_ver=1.4.2
rkhunter_hash=da01bc6757e14549560ad6ea46d1e93dbf5ac90f
tar xzvf rkhunter-1.4.2.tar.gz
cd rkhunter-1.4.2
./installer.sh --layout /usr --install
cd ..
rm -rf rkhunter-1.4.2*
cp conf/rkhunter/rkhunter.conf /etc/rkhunter.conf
cp conf/rkhunter/rkhunter.conf.local /etc/rkhunter.conf.local
rkhunter --versioncheck
rkhunter --update
rkhunter --propupd
cp conf/rkhunter-cron.sh /etc/cron.daily/rkhunter-cron.sh
chmod +x /etc/cron.daily/rkhunter-cron.sh
sed -i '/APT_AUTOGEN="false"/c\APT_AUTOGEN="yes"' /etc/default/rkhunter
cat > /etc/apt/apt.conf.d/02periodic <<EOF; cat > /etc/apt/apt.conf.d/02periodic <<EOF;
APT::Periodic::MaxAge "7"; APT::Periodic::MaxAge "7";
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Update-Package-Lists "1";