freebsd-ports/security/rkhunter/files/patch-files__rkhunter.conf

--- ./files/rkhunter.conf.orig	2010-11-13 21:25:22.000000000 +0100
+++ ./files/rkhunter.conf	2010-11-27 02:39:40.000000000 +0100
@@ -93,7 +93,7 @@
 # important files will be written to this directory, so be
 # sure that the directory permissions are tight.
 #
-#TMPDIR=/var/lib/rkhunter/tmp
+TMPDIR=/root
 
 #
 # Specify the database directory to use.
@@ -213,7 +213,8 @@
 # file, then a value here of 'unset' can be used to avoid warning messages.
 # This option has a default value of 'no'.
 #
-ALLOW_SSH_ROOT_USER=no
+#ALLOW_SSH_ROOT_USER=no
+ALLOW_SSH_ROOT_USER=unset
 
 #
 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
@@ -224,7 +225,8 @@
 # configuration file, then a value of '2' may be set here in order to
 # suppress a warning message. This option has a default value of '0'.
 #
-ALLOW_SSH_PROT_V1=0
+#ALLOW_SSH_PROT_V1=0
+ALLOW_SSH_PROT_V1=2
 
 #
 # This setting tells rkhunter the directory containing the SSH configuration
@@ -466,6 +468,10 @@
 #
 #SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown"
 #SCRIPTWHITELIST="/usr/bin/groups"
+SCRIPTWHITELIST=/usr/bin/whatis
+SCRIPTWHITELIST=/usr/sbin/adduser
+SCRIPTWHITELIST=/usr/local/bin/GET
+SCRIPTWHITELIST=/usr/local/sbin/pkgdb
 
 #
 # Allow the specified commands to have the immutable attribute set.
@@ -475,6 +481,10 @@
 # characters.
 #
 #IMMUTWHITELIST="/sbin/ifup /sbin/ifdown"
+IMMUTWHITELIST=/usr/bin/login
+IMMUTWHITELIST=/usr/bin/passwd
+IMMUTWHITELIST=/usr/bin/su
+IMMUTWHITELIST=/sbin/init
 
 #
 # If this option is set to 1, then the immutable-bit test is
@@ -665,7 +675,7 @@
 # NOTE: For *BSD systems you will probably need to use this option
 # for the 'toor' account.
 #
-#UID0_ACCOUNTS="toor rooty"
+UID0_ACCOUNTS="toor"
 
 #
 # Allow the following accounts to have no password. NIS/YP entries do