diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/patch_debian/tasks/main.yaml | 20 | ||||
| -rw-r--r-- | roles/patch_redhat/tasks/main.yaml | 17 | ||||
| -rw-r--r-- | roles/patch_suse/tasks/main.yaml | 14 |
3 files changed, 3 insertions, 48 deletions
diff --git a/roles/patch_debian/tasks/main.yaml b/roles/patch_debian/tasks/main.yaml index 485d60a..f566135 100644 --- a/roles/patch_debian/tasks/main.yaml +++ b/roles/patch_debian/tasks/main.yaml @@ -19,19 +19,6 @@ #changed_when: aue.stdout|int > 0 changed_when: false - block: - - name: Check for existence of rkhunter - ansible.builtin.stat: - path: /usr/bin/rkhunter - register: rkhex - ignore_errors: true - no_log: true - changed_when: false - - name: RKhunter pre-check - ansible.builtin.command: rkhunter -c --sk --rwo --ns - become: true - no_log: true - changed_when: false - when: rkhex.stat is defined and rkhex.stat.executable is defined and rkhex.stat.executable|bool == True - name: Clean packages cache ansible.builtin.command: apt clean changed_when: true @@ -45,7 +32,7 @@ autoremove: "yes" purge: "yes" become: true - name: Update and RKhunter checks + name: Updates when: aue.stdout|int > 0 - block: - name: Check for existence of needrestart @@ -73,11 +60,6 @@ changed_when: false become: true # here, we already listen to "debian updates available" already since we already did a more generic cleanup above (unless narrowed down as well) -- name: RKhunter properties update - ansible.builtin.command: rkhunter --propupd --rwo --ns - become: true - changed_when: true - when: rkhex.stat is defined and rkhex.stat.executable is defined and rkhex.stat.executable|bool == True - name: Reboot if required # ignore_errors: yes ansible.builtin.reboot: diff --git a/roles/patch_redhat/tasks/main.yaml b/roles/patch_redhat/tasks/main.yaml index 9732153..63b33be 100644 --- a/roles/patch_redhat/tasks/main.yaml +++ b/roles/patch_redhat/tasks/main.yaml @@ -24,16 +24,6 @@ changed_when: false become: true - block: - - name: Check for existence of rkhunter - ansible.builtin.stat: - path: /usr/bin/rkhunter - register: rkhex - - name: RKhunter pre-check - ansible.builtin.command: rkhunter -c --sk --rwo --ns - become: true - no_log: true - changed_when: false - when: rkhex.stat is defined and rkhex.stat.executable is defined and rkhex.stat.executable - name: Upgrade all installed packages (RHEL) ansible.builtin.yum: name: '*' @@ -46,7 +36,7 @@ # - name: Auto-removal of orphaned dependencies (RHEL) # ansible.builtin.yum: # autoremove: "yes" - name: Updates and RKhunter checks + name: Updates # yum always tosses an arbitrary extra line at you, a simple tr -s does not eradicate it, so - well, # 0 and 1 are fine. As explained above, the RC is worthless when run through ansible. when: yue.stdout|int > 1 @@ -69,11 +59,6 @@ ansible.builtin.command: yum clean packages changed_when: true become: true -- name: RKhunter properties update - ansible.builtin.command: rkhunter --propupd --rwo --ns - become: true - changed_when: true - when: rkhex.stat is defined and rkhex.stat.executable is defined and rkhex.stat.executable - name: Reboot if required # ignore_errors: yes ansible.builtin.reboot: diff --git a/roles/patch_suse/tasks/main.yaml b/roles/patch_suse/tasks/main.yaml index d277877..21bc882 100644 --- a/roles/patch_suse/tasks/main.yaml +++ b/roles/patch_suse/tasks/main.yaml @@ -4,10 +4,6 @@ that: - ansible_distribution_file_variety == 'SUSE' or ansible_distribution_file_variety == 'SuSE' no_log: true -- name: Check for existence of rkhunter - ansible.builtin.stat: - path: /usr/bin/rkhunter - register: rkhex - name: Update zypper cache (SUSE) # we cannot cheat like we did with yum: we need to update any package to refresh the cache with the zypper module. Hence falling back # to shell. @@ -49,7 +45,7 @@ # rpm's cleanup or apt's "autoremove" :( # clean_deps: true become: true - name: Update and RKhunter checks + name: Updates when: - zypperlu is not search("No updates found.") - block: @@ -76,14 +72,6 @@ changed_when: false name: Cleanup become: true -- name: RKhunter properties update - ansible.builtin.command: rkhunter --propupd --rwo --ns - become: true - changed_when: true - when: - - rkhex.stat is defined - - rkhex.stat.executable is defined - - rkhex.stat.executable|bool == true - name: Reboot if required # ignore_errors: yes ansible.builtin.reboot: |