#
# The following options can be used to whitelist network ports which are known
# to have been used by malware. 
#
# The PORT_WHITELIST option is a space-separated list of one or more of two
# types of whitelisting. These are:
#
#   1) a 'protocol:port' pair
#   2) an asterisk ('*')
#
# Only the UDP or TCP protocol may be specified, and the port number must be
# between 1 and 65535 inclusive.
#
# The asterisk can be used to indicate that any executable which rkhunter can
# locate as a command, is whitelisted. (Also see BINDIR)
#
# The PORT_PATH_WHITELIST option specifies one of two types of whitelisting.
# These are:
#
#   1) a pathname to an executable
#   2) a combined pathname, protocol and port
#
# As above, the protocol can only be TCP or UDP, and the port number must be
# between 1 and 65535 inclusive.
#
# Examples:
#
#     PORT_WHITELIST=TCP:2001 UDP:32011
#     PORT_PATH_WHITELIST=/usr/sbin/squid
#     PORT_PATH_WHITELIST=/usr/sbin/squid:TCP:3801
#
# NOTE: In order to whitelist a pathname, or use the asterisk option, the
# 'lsof' command must be present.
#
# Both options may be specified more than once.
#
# The default value for both options is the null string.
#
#PORT_WHITELIST=""
#PORT_PATH_WHITELIST=""

