adjust rkhunter rules

Include staging db servers as postgres drop a bunch of old squid rules from kojipkgs (it uses varnish now) Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-05-01 21:50:43 -07:00 · 2021-05-01 21:50:43 -07:00 · bb23884017
commit bb23884017
parent d377ff4898
1 changed files with 1 additions and 13 deletions
--- a/roles/rkhunter/templates/rkhunter.conf.j2
+++ b/roles/rkhunter/templates/rkhunter.conf.j2
@ -386,18 +386,6 @@ ALLOWDEVFILE=/dev/md/autorebuild.pid
 {% if ansible_hostname == 'notifs-backend01' %}
 ALLOWDEVFILE=/dev/shm/fmn-cache.dbm
 {% endif %}
-{% if ansible_hostname.startswith('kojipkgs') %}
-ALLOWDEVFILE=/dev/shm/squid-squid-page-pool.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem.shm
-ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem_ex.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem_map_slices.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem_map_anchors.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem_space.shm
-ALLOWDEVFILE=/dev/shm/squid-cf__readers.shm
-ALLOWDEVFILE=/dev/shm/squid-cf__queues.shm
-ALLOWDEVFILE=/dev/shm/squid-cf__metadata.shm
-{% endif %}
 {% if inventory_hostname in groups['virtservers'] or inventory_hostname in groups['openqa_workers'] or inventory_hostname in groups['openqa_lab_workers']  %}
 # libvirt spice device makes a /dev/shm/spice file
 ALLOWDEVFILE=/dev/shm/spice.*
@ -408,7 +396,7 @@ ALLOWDEVFILE=/dev/shm/sem.slapd*.stats
 {% if inventory_hostname in groups['proxies'] or inventory_hostname in groups['proxies_stg'] %}
 ALLOWDEVFILE=/dev/shm/libpod_rootless_lock_441
 {% endif %}
-{% if inventory_hostname in groups['dbserver'] or inventory_hostname in groups['pkgs'] or inventory_hostname in groups['pagure']  %}
+{% if inventory_hostname in groups['dbserver'] inventory_hostname in groups['dbserver_stg'] or inventory_hostname in groups['pkgs'] or inventory_hostname in groups['pagure'] inventory_hostname in groups['pagure_stg'] or inventory_hostname in groups['zabbix_stg']  %}
 ALLOWDEVFILE=/dev/shm/PostgreSQL*
 {% endif %}