maxlareo.rkhunter

Panoramica Versioni Approfondimenti

rkhunter

Build Status Ansible Galaxy

Install and set up Rootkit Hunter on Debian-like systems.

Requirements

None.

Role Variables

About the /etc/default/rkhunter file

  • rkhunter_cron_daily_run: [default: 'true']: Set to 'true' to run rkhunter daily.
  • rkhunter_cron_db_update: [default: 'true']: Set to 'true' for weekly database updates.
  • rkhunter_db_update_email: [default: 'false']: Set to 'true' to receive email about weekly updates.
  • rkhunter_report_email: [default: root]: Email address for reports and results.
  • rkhunter_apt_autogen: [default: 'false']: Set to 'true' for automatic database updates.
  • rkhunter_nice: [default: 0]: Controls the scheduling priority, from -20 (high priority) to 19 (low priority).
  • rkhunter_run_check_on_battery: [default: 'false']: Run checks on battery if 'true' (requires powermgmt-base).

About the /etc/rkhunter.conf file

  • rkhunter_rotate_mirrors: [default: 1]: 1 to switch between mirrors, 0 to use the first failing mirror.
  • rkhunter_update_mirrors: [default: 1]: 1 to update the mirrors list, 0 to keep it unchanged.
  • rkhunter_mirrors_mode: [default: 0]: 0 to use any mirror, 1 for local only, 2 for remote only.
  • rkhunter_mail_on_warning: [default: root@localhost]: Email address for warning notifications.
  • rkhunter_mail_cmd: [default: 'mail -s "[rkhunter] Warnings found for ${HOST_NAME}"']: Command for sending warning emails.
  • rkhunter_bindir: [default: "{{ ansible_env.PATH | replace(':',' ')}}"]: Directory for commands used by rkhunter.
  • rkhunter_language: [default: en]: Default language setting.
  • rkhunter_logfile: [default: /var/log/rkhunter.log]: Path to the log file.
  • rkhunter_append_log: [default: 0]: 0 creates a new log file, 1 appends to the existing log.
  • rkhunter_copy_log_on_error: [default: 0]: 0 does not copy the log file; 1 copies it.
  • rkhunter_use_syslog: [default: NONE]: Logs start and finish times with syslog; requires standard facility and priority.
  • rkhunter_allow_ssh_root_user: [default: 'no']: Warns if SSH config does not match the root login settings.
  • rkhunter_enable_tests: [default: ALL]: Choose which tests to run.
  • rkhunter_disable_tests: [default: suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps]: List of tests to disable.
  • rkhunter_hash_cmd: [default: SHA256]: Specifies the hash command for file checks.
  • rkhunter_pkgmgr: [default: NONE]: Use the specified package manager for file property info.
  • rkhunter_existwhitelist: [default: []]: Whitelist for existing files and directories.
  • rkhunter_attrwhitelist: [default: []]: Whitelist for specific file attributes.
  • rkhunter_writewhitelist: [default: []]: Allows certain files to have write permissions for 'others'.
  • rkhunter_scriptwhitelist: [default: []]: Allows certain files to be considered scripts.
  • rkhunter_immutwhitelist: [default: []]: Allows certain files to be set as immutable.
  • rkhunter_allowhiddendir: [default: []]: Whitelist specific hidden directories.
  • rkhunter_allowhiddenfile: [default: []]: Whitelist specific hidden files.
  • rkhunter_allowprocdelfile: [default: '']: Allows processes to use deleted files.
  • rkhunter_allowproclisten: [default: []]: Allows specified processes to listen on network interfaces.
  • rkhunter_port_whitelist: [default: []]: Whitelist for network ports, including 'protocol:port' pairs.
  • rkhunter_port_path_whitelist: [default: []]: Whitelist network ports, combining executable paths and protocols.

Dependencies

None.

Example Playbook

---
- hosts: all
  roles:
    - rkhunter

License

MIT

Author Information

Maxime Lareo

Feedback, bug-reports, requests, ...

Your feedback is welcome!

Informazioni sul progetto

Install and configure Rootkit Hunter in Debian-like systems

role audit rkhunter security
Installa
ansible-galaxy install maxlareo.rkhunter
GitHub repository
7 stelle
4 fork
3 problemi aperti
Licenza
mit
Download
10.2k
Proprietario