add new fips junk that just landed in f28 for some reason

roles/rkhunter/templates/rkhunter.conf.j2

@@ -326,6 +326,14 @@ ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac
 ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac
 ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
 ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
+{% if ansible_distribution_version|int > 27 %}
+# In Fedora 28+ there's a new package for dracut that does the FIPs stuff
+ALLOWHIDDENFILE=/usr/bin/.sha1hmac.hmac
+ALLOWHIDDENFILE=/usr/bin/.sha224hmac.hmac
+ALLOWHIDDENFILE=/usr/bin/.sha256hmac.hmac
+ALLOWHIDDENFILE=/usr/bin/.sha384hmac.hmac
+ALLOWHIDDENFILE=/usr/bin/.sha512hmac.hmac
+{% endif %}
 ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
 ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
 ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz