Skip to content

damienorny/ansible-role-rkhunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
vars
vars
 
 
README.md
README.md
 
 

Repository files navigation

Ansible role: rkhunter

Ansible role for installing and using rkhunter.

IMPORTANT: rkhunter references known-good values and system states, so it is best to install and configure this after most software on the system has been isntalled.

Adapted from this blog post: https://www.digitalocean.com/community/articles/how-to-use-rkhunter-to-guard-against-rootkits-on-an-ubuntu-vps

Usage

- name: Set up security software
  hosts: all
  roles:
    # ...
    - role: rkhunter
    # ...

Variables

The rkhunter_propupd variable controls whether or not rkhunter will update its database of baseline file properties.

rkhunter_propupd: yes

IMPORTANT: rkhunter_propupd should only be set to yes when the current config files are known to be good.

To receive emails when rkhunter detects a potential threat, change the rkhunter_mail_on_warnings variable.

rkhunter_mail_on_warnings: ""

All other variables are documented in rkhunter/defaults/main.yml.

Updating baseline file properties

When software changes are made on the target machine (upgrade or install of components), rkhunter may report differences in its next run. Two options are available to update rkhunter to the new file properties.

⚠️ This should only be run when config files are known to be good

With an ad-hoc command

ansible GROUPNAME -i INVENTORY_FILE -a "rkhunter --propupd" --sudo --ask-sudo-pass

By using a handler in your task or playbook

    - notify
        - rkhunter_update_base_files

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages