1 files changed, 5 insertions, 32 deletions

diff --git a/roles/patch_debian/tasks/main.yaml b/roles/patch_debian/tasks/main.yaml
index 9d96a4e..f566135 100644
--- a/roles/patch_debian/tasks/main.yaml
+++ b/roles/patch_debian/tasks/main.yaml
@@ -19,22 +19,6 @@
   #changed_when: aue.stdout|int > 0
   changed_when: false
 - block:
-    - name: Check for existence of rkhunter
-      ansible.builtin.stat:
-        path: /usr/bin/rkhunter
-      register: rkhex
-      ignore_errors: true
-      no_log: true
-      changed_when: false
-    - name: RKhunter pre-check
-      ansible.builtin.command: rkhunter -c --sk --rwo --ns
-      become: true
-      no_log: true
-      changed_when: false
-      when:
-        - rkhex.stat is defined
-        - rkhex.stat.executable is defined
-        - rkhex.stat.executable|bool == True
     - name: Clean packages cache
       ansible.builtin.command: apt clean
       changed_when: true
@@ -48,7 +32,7 @@
         autoremove: "yes"
         purge: "yes"
       become: true
-  name: Update and RKhunter checks
+  name: Updates
   when: aue.stdout|int > 0
 - block:
     - name: Check for existence of needrestart
@@ -56,37 +40,26 @@
         path: /usr/sbin/needrestart
       register: nrex
     - name: Check for outdated kernel
-      ansible.builtin.command: /usr/sbin/needrestart -pk
+      ansible.builtin.command: /usr/sbin/needrestart -rl -pk
       register: kernout
       changed_when: false
       # failed_when necessary to not fail on RC 1 instead of a true failure
       failed_when: kernout.rc > 2
     - name: Check for outdated services
-      ansible.builtin.command: /usr/sbin/needrestart -pl
+      ansible.builtin.command: /usr/sbin/needrestart -rl -pl
       register: svcout
       changed_when: false
       # failed_when necessary to not fail on RC 1 instead of a true failure
       failed_when: svcout.rc > 2
   become: true
   name: Check reboot requirement
-  when:
-    - nrex.stat is defined
-    - nrex.stat.exists == true
-    - nrex.stat.executable|bool == True
+  when: nrex.stat is defined and nrex.stat.exists == true and nrex.stat.executable|bool == True
 - name: Clean apt cache
   # ansible's apt module does not have a dedicated action for this yet. So shell it is:
   ansible.builtin.command: apt clean
   changed_when: false
   become: true
   # here, we already listen to "debian updates available" already since we already did a more generic cleanup above (unless narrowed down as well)
-- name: RKhunter properties update
-  ansible.builtin.command: rkhunter --propupd --rwo --ns
-  become: true
-  changed_when: true
-  when:
-    - rkhex.stat is defined
-    - rkhex.stat.executable is defined
-    - rkhex.stat.executable|bool == True
 - name: Reboot if required
   # ignore_errors: yes
   ansible.builtin.reboot:
@@ -96,4 +69,4 @@
     reboot_command: "/bin/systemctl reboot"
   become: true
   when: ( kernout.rc is defined and kernout.rc|int == 1 ) or ( svcout.rc is defined and svcout.r|int == 1 ) or
-        ( kernout.rc is not defined and svcout.rc is not defined )
+        ( kernout.rc is not defined and svcout.rc is not defined ) or ( kernout is not defined and svcout is not defined )