Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

rkhunter exceptions for ipa servers

Browse source
This commit is contained in:
clime 2016-09-07 11:15:25 +02:00 committed by Kevin Fenzi
parent b5e7b32258
commit 8de8e4d99c
2 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
inventory/inventory
View file

@ -381,6 +381,9 @@ batcave01.phx2.fedoraproject.org
[batcave] [batcave]
batcave01.phx2.fedoraproject.org batcave01.phx2.fedoraproject.org
[ipa]
ipa01.phx2.fedoraproject.org
[ipa-stg] [ipa-stg]
ipa01.stg.phx2.fedoraproject.org ipa01.stg.phx2.fedoraproject.org

6
roles/rkhunter/templates/rkhunter.conf.j2
View file

@ -390,6 +390,9 @@ ALLOWDEVFILE=/dev/shm/squid-cache_mem.shm
# libvirt spice device makes a /dev/shm/spice file # libvirt spice device makes a /dev/shm/spice file
ALLOWDEVFILE=/dev/shm/spice.* ALLOWDEVFILE=/dev/shm/spice.*
{% endif %} {% endif %}
{% if inventory_hostname in groups['ipa'] or inventory_hostname in groups['ipa-stg'] %}
ALLOWDEVFILE=/dev/shm/sem.slapd*.stats
{% endif %}
# #
# This setting tells rkhunter where the inetd configuration # This setting tells rkhunter where the inetd configuration
@ -601,6 +604,9 @@ OS_VERSION_FILE=/etc/{{ ansible_distribution|lower }}-release
# #
#RTKT_DIR_WHITELIST="" #RTKT_DIR_WHITELIST=""
#RTKT_FILE_WHITELIST="" #RTKT_FILE_WHITELIST=""
{% if inventory_hostname in groups['ipa'] or inventory_hostname in groups['ipa-stg'] %}
RTKT_FILE_WHITELIST="/var/log/pki/pki-tomcat/ca/system"
{% endif %}
# #
# To force rkhunter to use the supplied script for the 'stat' or 'readlink' # To force rkhunter to use the supplied script for the 'stat' or 'readlink'