feat: Remove rkhunter

- SHM monitoring becomes tedious, and SSH monitoring ignores any
  includes. --> infeasible, better switch to other mechanisms like
  integrit, tripwire, ...
- http://www.catb.org/~esr/writings/unix-koans/nervous.html

1 files changed, 1 insertions, 19 deletions

diff --git a/roles/patch_debian/tasks/main.yaml b/roles/patch_debian/tasks/main.yaml
index 485d60a..f566135 100644
--- a/roles/patch_debian/tasks/main.yaml
+++ b/roles/patch_debian/tasks/main.yaml
@@ -19,19 +19,6 @@
   #changed_when: aue.stdout|int > 0
   changed_when: false
 - block:
-    - name: Check for existence of rkhunter
-      ansible.builtin.stat:
-        path: /usr/bin/rkhunter
-      register: rkhex
-      ignore_errors: true
-      no_log: true
-      changed_when: false
-    - name: RKhunter pre-check
-      ansible.builtin.command: rkhunter -c --sk --rwo --ns
-      become: true
-      no_log: true
-      changed_when: false
-      when: rkhex.stat is defined and rkhex.stat.executable is defined and rkhex.stat.executable|bool == True
     - name: Clean packages cache
       ansible.builtin.command: apt clean
       changed_when: true
@@ -45,7 +32,7 @@
         autoremove: "yes"
         purge: "yes"
       become: true
-  name: Update and RKhunter checks
+  name: Updates
   when: aue.stdout|int > 0
 - block:
     - name: Check for existence of needrestart
@@ -73,11 +60,6 @@
   changed_when: false
   become: true
   # here, we already listen to "debian updates available" already since we already did a more generic cleanup above (unless narrowed down as well)
-- name: RKhunter properties update
-  ansible.builtin.command: rkhunter --propupd --rwo --ns
-  become: true
-  changed_when: true
-  when: rkhex.stat is defined and rkhex.stat.executable is defined and rkhex.stat.executable|bool == True
 - name: Reboot if required
   # ignore_errors: yes
   ansible.builtin.reboot: