summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/files/etc/rkhunter.conf2
-rw-r--r--roles/common/tasks/rkhunter.yml1
2 files changed, 1 insertions, 2 deletions
diff --git a/roles/common/files/etc/rkhunter.conf b/roles/common/files/etc/rkhunter.conf
index 9e4cb14..9a64a17 100644
--- a/roles/common/files/etc/rkhunter.conf
+++ b/roles/common/files/etc/rkhunter.conf
@@ -981,24 +981,24 @@ SHOW_LOCK_MSGS=1
#SCANROOTKITMODE=THOROUGH
#
# The following option can be set to the name(s) of the tests the 'unhide' command is
# to use. In order to maintain compatibility with older versions of 'unhide', this
# option defaults to 'sys'. Options such as '-m' and '-v' may also be specified, but
# will only take effect when they are seen. The test names are a space-separated list,
# and will be executed in the order given.
#
#UNHIDE_TESTS="sys"
#
# If both the C 'unhide', and Ruby 'unhide.rb', programs exist on the system, then it
# is possible to disable the execution of one of the programs if desired. By default
# rkhunter will look for both programs, and execute each of them as they are found.
# If the value of this option is 0, then both programs will be executed if they are
# present. A value of 1 will disable execution of the C 'unhide' program, and a value
# of 2 will disable the Ruby 'unhide.rb' program. The default value is 0. To disable
# both programs, then disable the 'hidden_procs' test.
#
-DISABLE_UNHIDE=1
+DISABLE_UNHIDE=0
INSTALLDIR="/usr"
diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml
index 78eec90..d504a49 100644
--- a/roles/common/tasks/rkhunter.yml
+++ b/roles/common/tasks/rkhunter.yml
@@ -1,26 +1,25 @@
- name: Install rkhunter
apt: pkg={{ item }}
with_items:
- rkhunter
- curl
- iproute
- lsof
- unhide
- - unhide.rb
# To test the configuration:
# ansible all -m command -a '/usr/bin/rkhunter -c --nomow --rwo'
- name: Configure rkhunter
copy: src=etc/{{ item }}
dest=/etc/{{ item }}
owner=root group=root
mode=0644
with_items:
- rkhunter.conf
- default/rkhunter
notify:
# This might not always be necessary, but it's not like we would
# change the config every day...
- Update rkhunter's data file
- meta: flush_handlers
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-15 07:28:10 +0000