diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-06-29 16:08:48 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:08 +0200 |
| commit | fd3adc5afe27e1208f8a173414a19884459ae54c (patch) | |
| tree | fb7bb0da59bb41b99720313dc707e81aa0fdd6c3 /roles/common | |
| parent | 658321213c4aca5f31a1695b5ac34976e130604c (diff) | |
Don't install 'unhide.rb'.
Diffstat (limited to 'roles/common')
| -rw-r--r-- | roles/common/files/etc/rkhunter.conf | 2 | ||||
| -rw-r--r-- | roles/common/tasks/rkhunter.yml | 1 |
2 files changed, 1 insertions, 2 deletions
diff --git a/roles/common/files/etc/rkhunter.conf b/roles/common/files/etc/rkhunter.conf index 9e4cb14..9a64a17 100644 --- a/roles/common/files/etc/rkhunter.conf +++ b/roles/common/files/etc/rkhunter.conf @@ -981,24 +981,24 @@ SHOW_LOCK_MSGS=1 #SCANROOTKITMODE=THOROUGH # # The following option can be set to the name(s) of the tests the 'unhide' command is # to use. In order to maintain compatibility with older versions of 'unhide', this # option defaults to 'sys'. Options such as '-m' and '-v' may also be specified, but # will only take effect when they are seen. The test names are a space-separated list, # and will be executed in the order given. # #UNHIDE_TESTS="sys" # # If both the C 'unhide', and Ruby 'unhide.rb', programs exist on the system, then it # is possible to disable the execution of one of the programs if desired. By default # rkhunter will look for both programs, and execute each of them as they are found. # If the value of this option is 0, then both programs will be executed if they are # present. A value of 1 will disable execution of the C 'unhide' program, and a value # of 2 will disable the Ruby 'unhide.rb' program. The default value is 0. To disable # both programs, then disable the 'hidden_procs' test. # -DISABLE_UNHIDE=1 +DISABLE_UNHIDE=0 INSTALLDIR="/usr" diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml index 78eec90..d504a49 100644 --- a/roles/common/tasks/rkhunter.yml +++ b/roles/common/tasks/rkhunter.yml @@ -1,26 +1,25 @@ - name: Install rkhunter apt: pkg={{ item }} with_items: - rkhunter - curl - iproute - lsof - unhide - - unhide.rb # To test the configuration: # ansible all -m command -a '/usr/bin/rkhunter -c --nomow --rwo' - name: Configure rkhunter copy: src=etc/{{ item }} dest=/etc/{{ item }} owner=root group=root mode=0644 with_items: - rkhunter.conf - default/rkhunter notify: # This might not always be necessary, but it's not like we would # change the config every day... - Update rkhunter's data file - meta: flush_handlers |