remove chkrootkit,too many false positives

README.md

@@ -15,8 +15,7 @@ Functionality changes and additions
 * Add fail2ban jails for both above mentioned geoipblocking filters
 * Add fail2ban filters for web scanners and badbots
 * Add xapian full text searching to dovecot (from https://github.com/grosjo/fts-xapian)
-* Add rkhunter and chkrootkit
-  chkrootkit support is a bit dodgy, creating false positives every now and then, notably on kernel update.
+* Add rkhunter
 * Configure domain names for which only www will be hosted.
   Edit /etc/miabwwwdomains.conf to configure. The box will handle incoming traffic asking for these domain names. The DNS entries are entered in an external DNS provider! If you want this box to handle the DNS entries, simply add a mail alias. (existing functionality of the vanilla Mail-in-a-Box)
 * Add some munin plugins

conf/chkrootkit.ignore

@@ -1,4 +0,0 @@
-^eth[0-9]: PACKET SNIFFER\(\/usr\/lib\/systemd\/systemd-networkd\[[0-9]+\]\)$
-^You have [ 12345]+process hidden for readdir command$
-^You have [ 0-9]+process hidden for ps command$
-^chkproc: Warning: Possible LKM Trojan installed$

setup/additionals.sh

@@ -2,7 +2,7 @@ source /etc/mailinabox.conf
 source setup/functions.sh
 
 # Add additional packages
-apt_install pflogsumm rkhunter chkrootkit
+apt_install pflogsumm rkhunter
 
 # Cleanup old spam and trash email
 hide_output install -m 755 conf/cron/miab_clean_mail /etc/cron.weekly/
@@ -53,13 +53,5 @@ tools/editconf.py /etc/default/rkhunter \
         CRON_DB_UPDATE='"true"' \
         APT_AUTOGEN='"true"'
 
-hide_output install -m 644 conf/chkrootkit.ignore /etc/
-
-tools/editconf.py /etc/chkrootkit.conf \
-        RUN_DAILY='"true"' \
-        DIFF_MODE='"true"' \
-        IGNORE_FILE="/etc/chkrootkit.ignore"
-
 # Should be last, update expected output
 rkhunter --propupd
-chkrootkit -q | egrep -v -f /etc/chkrootkit.ignore  > /var/log/chkrootkit/log.expected