1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-24 07:37:04 +00:00

remove chkrootkit,too many false positives

This commit is contained in:
KiekerJan 2021-06-05 09:53:07 +02:00
parent c488329417
commit 95712e196b
3 changed files with 2 additions and 15 deletions

View File

@ -15,8 +15,7 @@ Functionality changes and additions
* Add fail2ban jails for both above mentioned geoipblocking filters
* Add fail2ban filters for web scanners and badbots
* Add xapian full text searching to dovecot (from https://github.com/grosjo/fts-xapian)
* Add rkhunter and chkrootkit
chkrootkit support is a bit dodgy, creating false positives every now and then, notably on kernel update.
* Add rkhunter
* Configure domain names for which only www will be hosted.
Edit /etc/miabwwwdomains.conf to configure. The box will handle incoming traffic asking for these domain names. The DNS entries are entered in an external DNS provider! If you want this box to handle the DNS entries, simply add a mail alias. (existing functionality of the vanilla Mail-in-a-Box)
* Add some munin plugins

View File

@ -1,4 +0,0 @@
^eth[0-9]: PACKET SNIFFER\(\/usr\/lib\/systemd\/systemd-networkd\[[0-9]+\]\)$
^You have [ 12345]+process hidden for readdir command$
^You have [ 0-9]+process hidden for ps command$
^chkproc: Warning: Possible LKM Trojan installed$

View File

@ -2,7 +2,7 @@ source /etc/mailinabox.conf
source setup/functions.sh
# Add additional packages
apt_install pflogsumm rkhunter chkrootkit
apt_install pflogsumm rkhunter
# Cleanup old spam and trash email
hide_output install -m 755 conf/cron/miab_clean_mail /etc/cron.weekly/
@ -53,13 +53,5 @@ tools/editconf.py /etc/default/rkhunter \
CRON_DB_UPDATE='"true"' \
APT_AUTOGEN='"true"'
hide_output install -m 644 conf/chkrootkit.ignore /etc/
tools/editconf.py /etc/chkrootkit.conf \
RUN_DAILY='"true"' \
DIFF_MODE='"true"' \
IGNORE_FILE="/etc/chkrootkit.ignore"
# Should be last, update expected output
rkhunter --propupd
chkrootkit -q | egrep -v -f /etc/chkrootkit.ignore > /var/log/chkrootkit/log.expected