From 77628b800070a825e0b7e28f0ccc647d1912f4a4 Mon Sep 17 00:00:00 2001
From: Harald Pfeiffer <coding@lirion.de>
Date: Sat, 18 Apr 2026 10:20:56 +0200
Subject: feat: Remove rkhunter

- SHM monitoring becomes tedious, and SSH monitoring ignores any
  includes. --> infeasible, better switch to other mechanisms like
  integrit, tripwire, ...
- http://www.catb.org/~esr/writings/unix-koans/nervous.html
---
 roles/patch_suse/tasks/main.yaml | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

(limited to 'roles/patch_suse/tasks/main.yaml')

diff --git a/roles/patch_suse/tasks/main.yaml b/roles/patch_suse/tasks/main.yaml
index d277877..21bc882 100644
--- a/roles/patch_suse/tasks/main.yaml
+++ b/roles/patch_suse/tasks/main.yaml
@@ -4,10 +4,6 @@
     that:
       - ansible_distribution_file_variety == 'SUSE' or ansible_distribution_file_variety == 'SuSE'
   no_log: true
-- name: Check for existence of rkhunter
-  ansible.builtin.stat:
-    path: /usr/bin/rkhunter
-  register: rkhex
 - name: Update zypper cache (SUSE)
   # we cannot cheat like we did with yum: we need to update any package to refresh the cache with the zypper module. Hence falling back
   # to shell.
@@ -49,7 +45,7 @@
         # rpm's cleanup or apt's "autoremove" :(
         # clean_deps: true
       become: true
-  name: Update and RKhunter checks
+  name: Updates
   when:
     - zypperlu is not search("No updates found.")
 - block:
@@ -76,14 +72,6 @@
       changed_when: false
   name: Cleanup
   become: true
-- name: RKhunter properties update
-  ansible.builtin.command: rkhunter --propupd --rwo --ns
-  become: true
-  changed_when: true
-  when:
-    - rkhex.stat is defined
-    - rkhex.stat.executable is defined
-    - rkhex.stat.executable|bool == true
 - name: Reboot if required
   # ignore_errors: yes
   ansible.builtin.reboot:
-- 
cgit v1.2.3