feat: Remove rkhunter

- SHM monitoring becomes tedious, and SSH monitoring ignores any
  includes. --> infeasible, better switch to other mechanisms like
  integrit, tripwire, ...
- http://www.catb.org/~esr/writings/unix-koans/nervous.html

1 files changed, 1 insertions, 16 deletions

diff --git a/roles/patch_redhat/tasks/main.yaml b/roles/patch_redhat/tasks/main.yaml
index 9732153..63b33be 100644
--- a/roles/patch_redhat/tasks/main.yaml
+++ b/roles/patch_redhat/tasks/main.yaml
@@ -24,16 +24,6 @@
   changed_when: false
   become: true
 - block:
-    - name: Check for existence of rkhunter
-      ansible.builtin.stat:
-        path: /usr/bin/rkhunter
-      register: rkhex
-    - name: RKhunter pre-check
-      ansible.builtin.command: rkhunter -c --sk --rwo --ns
-      become: true
-      no_log: true
-      changed_when: false
-      when: rkhex.stat is defined and rkhex.stat.executable is defined and rkhex.stat.executable
     - name: Upgrade all installed packages (RHEL)
       ansible.builtin.yum:
         name: '*'
@@ -46,7 +36,7 @@
     # - name: Auto-removal of orphaned dependencies (RHEL)
     #   ansible.builtin.yum:
     #     autoremove: "yes"
-  name: Updates and RKhunter checks
+  name: Updates
   # yum always tosses an arbitrary extra line at you, a simple tr -s does not eradicate it, so - well,
   # 0 and 1 are fine. As explained above, the RC is worthless when run through ansible.
   when: yue.stdout|int > 1
@@ -69,11 +59,6 @@
   ansible.builtin.command: yum clean packages
   changed_when: true
   become: true
-- name: RKhunter properties update
-  ansible.builtin.command: rkhunter --propupd --rwo --ns
-  become: true
-  changed_when: true
-  when: rkhex.stat is defined and rkhex.stat.executable is defined and rkhex.stat.executable
 - name: Reboot if required
   # ignore_errors: yes
   ansible.builtin.reboot: