--- files/rkhunter.conf.orig	2014-01-25 21:29:51 UTC
+++ files/rkhunter.conf
@@ -154,7 +154,7 @@
 # subsequently commented out or removed, then the program will assume a
 # default directory beneath the installation directory.
 #
-#TMPDIR=/var/lib/rkhunter/tmp
+TMPDIR=RKHPREFIX/var/lib/rkhunter/tmp
 
 #
 # This option specifies the database directory to use.
@@ -163,7 +163,7 @@
 # subsequently commented out or removed, then the program will assume a
 # default directory beneath the installation directory.
 #
-#DBDIR=/var/lib/rkhunter/db
+DBDIR=RKHPREFIX/var/lib/rkhunter/db
 
 #
 # This option specifies the script directory to use.
@@ -171,7 +171,7 @@
 # The installer program will set the default directory. If this default is
 # subsequently commented out or removed, then the program will not run.
 #
-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
+SCRIPTDIR=RKHPREFIX/lib/rkhunter/scripts
 
 #
 # This option can be used to modify the command directory list used by rkhunter
@@ -303,7 +303,7 @@ AUTO_X_DETECT=1
 #
 # The default value is 'no'.
 #
-#ALLOW_SSH_ROOT_USER=no
+ALLOW_SSH_ROOT_USER=unset
 
 #
 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
@@ -317,7 +317,7 @@ AUTO_X_DETECT=1
 #
 # The default value is '0'.
 #
-#ALLOW_SSH_PROT_V1=0
+ALLOW_SSH_PROT_V1=2
 
 #
 # This setting tells rkhunter the directory containing the SSH configuration
@@ -575,6 +575,8 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
 # The default value is the null string.
 #
 #SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/whatis
+SCRIPTWHITELIST=/usr/sbin/adduser
 
 #
 # Allow the specified file to have the immutable attribute set.
@@ -584,6 +586,10 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
 # The default value is the null string.
 #
 #IMMUTWHITELIST=/sbin/ifdown
+IMMUTWHITELIST=/usr/bin/login
+IMMUTWHITELIST=/usr/bin/passwd
+IMMUTWHITELIST=/usr/bin/su
+IMMUTWHITELIST=/sbin/init
 
 #
 # If this option is set to '1', then the immutable-bit test is reversed. That
@@ -787,6 +793,7 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
 # The default value is the null string.
 #
 #UID0_ACCOUNTS=toor rooty
+UID0_ACCOUNTS=toor
 
 #
 # This option allows the specified accounts to have no password. NIS/YP entries
@@ -1222,3 +1229,6 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
 #
 #EMPTY_LOGFILES=""
 #MISSING_LOGFILES=""
+
+INSTALLDIR=RKHPREFIX
+USER_FILEPROP_FILES_DIRS=RKHPREFIX/etc/rkhunter.conf