Whitelisting ports for detection in rkhunter

server rkhunter

You edit /etc/rkhunter.conf

# command line
sudo -e /etc/rkhunter.conf

# graphical
gksu gedit /etc/rkhunter.conf

Under the WHITELIST_PORTS section , add your whitelist. The configuration file has examples.

# Syntax /full/path/to/binary Protocol:port
# Protocol = TCP / UDP 
# You may use wildcards

PORT_WHITELIST=”/usr/sbin/privoxy TCP:8118″

#for multiple binaries / ports , list them as per the config file
PORT_WHITELIST="/usr/sbin/privoxy /usr/sbin/squid TCP:8118 TCP:3128"

# Alternate
PORT_WHITELIST="* TCP:22 TCP:80 TCP:443 TCP:8080"

The response from @Panther is correct. However you can also white-list whole path of executable. Example:

  • White-list all open ports for executable /usr/sbin/squid

PORT_PATH_WHITELIST=/usr/sbin/squid

  • White-list TCP port 3801 for executable /usr/sbin/squid

PORT_PATH_WHITELIST=/usr/sbin/squid:TCP:3801

All this with additional explanation is written in rkhunter.conf file.

P.S.: I just bumped into this and I feel that somebody can benefit from it in the future.

Related

Invoke a wine installed application from command line
apt --fix-broken install not working
Which tool with a square icon that has "Performance" and "Powersave" is this?
How do I start and stop a systemctl service inside a bash script?
What happens if I use Reno on a Ragnaros hero affected by Alexstrasza?
What effect does wearing heavy armor have?
What kind of weapon is a "hitscan" weapon?
What's an hour of Saints Row: The Third time in real life?
Can I restore Batman's health out of combat?
What happens to caged animals in an abandoned fortress?
Get to the space character in level 9
Does FTL make enemies stronger once you get better weapons?