From 95712e196bba61423c2831329b90f338b514132a Mon Sep 17 00:00:00 2001
From: KiekerJan <github@kiekerjan.isdronken.nl>
Date: Sat, 5 Jun 2021 09:53:07 +0200
Subject: [PATCH] remove chkrootkit,too many false positives

---
 README.md              |  3 +--
 conf/chkrootkit.ignore |  4 ----
 setup/additionals.sh   | 10 +---------
 3 files changed, 2 insertions(+), 15 deletions(-)
 delete mode 100644 conf/chkrootkit.ignore

diff --git a/README.md b/README.md
index 6f84d350..cd4ad5f7 100644
--- a/README.md
+++ b/README.md
@@ -15,8 +15,7 @@ Functionality changes and additions
 * Add fail2ban jails for both above mentioned geoipblocking filters
 * Add fail2ban filters for web scanners and badbots
 * Add xapian full text searching to dovecot (from https://github.com/grosjo/fts-xapian)
-* Add rkhunter and chkrootkit
-  chkrootkit support is a bit dodgy, creating false positives every now and then, notably on kernel update.
+* Add rkhunter
 * Configure domain names for which only www will be hosted.
   Edit /etc/miabwwwdomains.conf to configure. The box will handle incoming traffic asking for these domain names. The DNS entries are entered in an external DNS provider! If you want this box to handle the DNS entries, simply add a mail alias. (existing functionality of the vanilla Mail-in-a-Box)
 * Add some munin plugins
diff --git a/conf/chkrootkit.ignore b/conf/chkrootkit.ignore
deleted file mode 100644
index f5ed075e..00000000
--- a/conf/chkrootkit.ignore
+++ /dev/null
@@ -1,4 +0,0 @@
-^eth[0-9]: PACKET SNIFFER\(\/usr\/lib\/systemd\/systemd-networkd\[[0-9]+\]\)$
-^You have [ 12345]+process hidden for readdir command$
-^You have [ 0-9]+process hidden for ps command$
-^chkproc: Warning: Possible LKM Trojan installed$
\ No newline at end of file
diff --git a/setup/additionals.sh b/setup/additionals.sh
index 15a0ed9b..d29d86f7 100644
--- a/setup/additionals.sh
+++ b/setup/additionals.sh
@@ -2,7 +2,7 @@ source /etc/mailinabox.conf
 source setup/functions.sh
 
 # Add additional packages
-apt_install pflogsumm rkhunter chkrootkit
+apt_install pflogsumm rkhunter
 
 # Cleanup old spam and trash email
 hide_output install -m 755 conf/cron/miab_clean_mail /etc/cron.weekly/
@@ -53,13 +53,5 @@ tools/editconf.py /etc/default/rkhunter \
         CRON_DB_UPDATE='"true"' \
         APT_AUTOGEN='"true"'
 
-hide_output install -m 644 conf/chkrootkit.ignore /etc/
-
-tools/editconf.py /etc/chkrootkit.conf \
-        RUN_DAILY='"true"' \
-        DIFF_MODE='"true"' \
-        IGNORE_FILE="/etc/chkrootkit.ignore"
-
 # Should be last, update expected output
 rkhunter --propupd
-chkrootkit -q | egrep -v -f /etc/chkrootkit.ignore  > /var/log/chkrootkit/log.expected