From bb238840172db0939d68ad8d3a2b708087cb3741 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 1 May 2021 21:50:43 -0700
Subject: [PATCH] adjust rkhunter rules

Include staging db servers as postgres
drop a bunch of old squid rules from kojipkgs (it uses varnish now)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/rkhunter/templates/rkhunter.conf.j2 | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/roles/rkhunter/templates/rkhunter.conf.j2 b/roles/rkhunter/templates/rkhunter.conf.j2
index 96117e31ce..5327123ef3 100644
--- a/roles/rkhunter/templates/rkhunter.conf.j2
+++ b/roles/rkhunter/templates/rkhunter.conf.j2
@@ -386,18 +386,6 @@ ALLOWDEVFILE=/dev/md/autorebuild.pid
 {% if ansible_hostname == 'notifs-backend01' %}
 ALLOWDEVFILE=/dev/shm/fmn-cache.dbm
 {% endif %}
-{% if ansible_hostname.startswith('kojipkgs') %}
-ALLOWDEVFILE=/dev/shm/squid-squid-page-pool.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem.shm
-ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem_ex.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem_map_slices.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem_map_anchors.shm
-ALLOWDEVFILE=/dev/shm/squid-cache_mem_space.shm
-ALLOWDEVFILE=/dev/shm/squid-cf__readers.shm
-ALLOWDEVFILE=/dev/shm/squid-cf__queues.shm
-ALLOWDEVFILE=/dev/shm/squid-cf__metadata.shm
-{% endif %}
 {% if inventory_hostname in groups['virtservers'] or inventory_hostname in groups['openqa_workers'] or inventory_hostname in groups['openqa_lab_workers']  %}
 # libvirt spice device makes a /dev/shm/spice file
 ALLOWDEVFILE=/dev/shm/spice.*
@@ -408,7 +396,7 @@ ALLOWDEVFILE=/dev/shm/sem.slapd*.stats
 {% if inventory_hostname in groups['proxies'] or inventory_hostname in groups['proxies_stg'] %}
 ALLOWDEVFILE=/dev/shm/libpod_rootless_lock_441
 {% endif %}
-{% if inventory_hostname in groups['dbserver'] or inventory_hostname in groups['pkgs'] or inventory_hostname in groups['pagure']  %}
+{% if inventory_hostname in groups['dbserver'] inventory_hostname in groups['dbserver_stg'] or inventory_hostname in groups['pkgs'] or inventory_hostname in groups['pagure'] inventory_hostname in groups['pagure_stg'] or inventory_hostname in groups['zabbix_stg']  %}
 ALLOWDEVFILE=/dev/shm/PostgreSQL*
 {% endif %}