A Chef cookbook for installing and configuring rkhunter
Chef.
So far, only tested with a Debian 6 Vagrant Box.
Key | Type | Description | Default |
---|---|---|---|
['rkhunter']['cron_daily_run'] | Boolean | whether to run daily | true |
['rkhunter']['cron_db_update'] | Boolean | whether to update db weekly | true |
['rkhunter']['db_update_email'] | Boolean | enable reports of weekly database updates | true |
['rkhunter']['report_email'] | String | email address to report to | root |
['rkhunter']['apt_autogen'] | Boolean | enable automatic database updates | false |
['rkhunter']['nice'] | String | niceness of run-level | 0 |
['rkhunter']['run_check_on_battery'] | String | potentially run while on battery | false |
['rkhunter']['allow_ssh_root_user'] | String | proper configuration of SSHD's PermitRootLogin option | no |
['rkhunter']['scriptwhitelist'] | Array | paths to commands which are allowed to be scripts | [] |
['rkhunter']['allowhiddendir'] | Array | paths to hidden directories for whitelisting | [] |
['rkhunter']['allowhiddenfile'] | Array | paths to hidden files for whitelisting | [] |
['rkhunter']['port_whitelist'] | Array | paths and/or network ports to whitelist | [] |
Just include rkhunter
in your node's run_list
OR create a simple role:
name "rkhunter"
description "rkhunter config"
run_list(
"recipe[rkhunter]",
)
default_attributes(
:rkhunter => { :db_update_email => "true",
:report_email => "[email protected]" }
)
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
License: Apache Authors: Greg Palmier