Skip to content

Latest commit

 

History

History
1183 lines (568 loc) · 26.3 KB

REFERENCE.md

File metadata and controls

1183 lines (568 loc) · 26.3 KB

Reference

Table of Contents

Classes

Data types

  • Rkhunter::BindPath: matches valid binddir path accepts absolute path or an absolute path with a '+' proceeding it

Classes

rkhunter

Installs rkhunter and sets up cron job to run rkhunter once per day

Parameters

The following parameters are available in the rkhunter class:

check_for_updates

Data type: Boolean

Check internet for definition updates

Default value: false

enable_system_check

Data type: Boolean

Set rkhunter to check the system on a regular basis

Default value: true

install_optional_packages

Data type: Boolean

Install packages that enhance the capabilities of rkhunter

Default value: true

rkhunter::check

Add a scheduled job to check the system with rkhunter

Parameters

The following parameters are available in the rkhunter::check class:

method

Data type: Enum['cron','systemd']

How you wish to schedule the run

Default value: 'systemd'

systemd_calendar

Data type: Optional[String[1]]

If $method is systemd, set this exact calendar string

This is not verified, use systemd-analyze calendar on a modern system to ensure that you have a valid string

Default value: undef

minute

Data type: Simplib::Cron::Minute

Cron minute

Default value: fqdn_rand(59)

hour

Data type: Simplib::Cron::Hour

Cron hour

Default value: 1

monthday

Data type: Simplib::Cron::MonthDay

Cron monthday

Default value: '*'

month

Data type: Simplib::Cron::Month

Cron month

Default value: '*'

weekday

Data type: Simplib::Cron::Weekday

Cron weekday

Default value: '*'

path

Data type: Stdlib::Unixpath

The path to rkhunter

Default value: '/usr/bin/rkhunter'

options

Data type: Array[String[1]]

Extra options to pass to rkhunter --check

Default value: ['--skip-keypress', '--quiet']

rkhunter::config

Any parameter that is not documented below matches its direct counterpart in the rkhunter.conf configuration file.

You may need to extract a copy from the RPM for the full documentation set.

Any deviations from the defaults are noted here and any defaults that are set here relate to either performance or system security safety.

Parameters

The following parameters are available in the rkhunter::config class:

allowdevfile

Data type: Array[Stdlib::Unixpath]

In module data

allowhiddendir

Data type: Array[Stdlib::Unixpath]

In module data

allowhiddenfile

Data type: Array[Stdlib::Unixpath]

In module data

user_fileprop_files_dirs

Data type: Array[Stdlib::Unixpath]

In module data

allowipcpid

Data type: Optional[Array[Integer[1]]]

Default value: undef

allowipcproc

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

allowipcuser

Data type: Optional[Array[String[1]]]

Default value: undef

allowprocdelfile

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

allowproclisten

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

allowpromiscif

Data type: Optional[Array[String[1]]]

Default value: undef

allow_ssh_prot_v1

Data type: Boolean

Default value: false

allow_ssh_root_user

Data type: Variant[Boolean,Enum['unset']]

Default value: false

allow_syslog_remote_logging

Data type: Boolean

Default value: true

append_log

Data type: Boolean

Default value: false

app_whitelist

Data type: Optional[Array[String[1]]]

Default value: undef

attrwhitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

auto_x_detect

Data type: Boolean

Default value: true

bindir

Data type: Optional[Array[Rkhunter::BindPath]]

Default value: undef

color_set2

Data type: Boolean

Default value: false

copy_log_on_error

Data type: Boolean

Default value: false

dbdir

Data type: Stdlib::Unixpath

Default value: '/var/lib/rkhunter/db'

disable_tests

Data type: Array[String]

While the default of rkhunter is to disable none of its tests, these tests are recommended to be disabled for normal runs due to their system intesive nature and the fact they are prone to false positives.

Default value: ['suspscan', 'hidden_ports', 'hidden_procs', 'deleted_files', 'packet_cap_apps', 'apps']

empty_logfiles

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

enable_tests

Data type: Array[String[1]]

Default value: ['ALL']

epoch_date_cmd

Data type: Optional[String[1]]

Default value: undef

exclude_user_fileprop_files_dirs

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

existwhitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

globstar

Data type: Boolean

Default value: true

hash_cmd

Data type: Optional[String[1]]

Default value: undef

hash_fld_idx

Data type: Optional[Integer[1]]

Default value: undef

ignore_prelink_dep_err

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

immutable_set

Data type: Boolean

Default value: false

immutwhitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

inetd_allowed_svc

Data type: Optional[Array[String[1]]]

Default value: undef

inetd_conf_path

Data type: Optional[Stdlib::Unixpath]

Default value: undef

installdir

Data type: Stdlib::Unixpath

Default value: '/usr'

ipc_seg_size

Data type: Optional[Integer[1]]

Default value: undef

language

Data type: Optional[String[1]]

Default value: undef

lock_timeout

Data type: Optional[Integer[1]]

Default value: undef

lockdir

Data type: Stdlib::Unixpath

Default value: '/var/run/lock'

logfile

Data type: Stdlib::Unixpath

Default value: '/var/log/rkhunter/rkhunter.log'

mail_on_warning

Data type: Optional[Array[String[1]]]

Default value: undef

mail_cmd

Data type: String[1]

Default value: 'mail -s "[rkhunter] Warnings found for ${HOST_NAME}"'

mirrors_mode

Data type: Enum['any','local','remote']

Default value: 'any'

missing_logfiles

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

modules_dir

Data type: Optional[Stdlib::Unixpath]

Default value: undef

os_version_file

Data type: Optional[Stdlib::Unixpath]

Default value: undef

password_file

Data type: Optional[Stdlib::Unixpath]

Default value: undef

phalanx2_dirtest

Data type: Boolean

Default value: false

pkgmgr_no_vrfy

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

pkgmgr

Data type: String[1]

Default value: 'RPM'

port_path_whitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

tcp_port_whitelist

Data type: Optional[Array[Simplib::Port]]

TCP Ports to add to the PORT_WHITELIST option

Default value: undef

udp_port_whitelist

Data type: Optional[Array[Simplib::Port]]

UDP Ports to add to the PORT_WHITELIST option

Default value: undef

pwdless_accounts

Data type: Optional[Array[String[1]]]

Default value: undef

readlink_cmd

Data type: Optional[String[1]]

Default value: undef

rotate_mirrors

Data type: Boolean

Default value: true

rtkt_dir_whitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

rtkt_file_whitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

scan_mode_dev

Data type: Enum['THOROUGH','LAZY']

Default value: 'THOROUGH'

scanrootkitmode

Data type: Boolean

WARNING: Do not enable this parameter unless you 100% understand what it can do to your system performance!

Default value: false

scriptdir

Data type: Stdlib::Unixpath

Default value: '/usr/share/rkhunter/scripts'

scriptwhitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

shared_lib_whitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

show_lock_msgs

Data type: Boolean

Default value: true

show_summary_time

Data type: Integer[0,3]

Default value: 3

show_summary_warnings_number

Data type: Boolean

Default value: false

skip_inode_check

Data type: Boolean

Default value: false

ssh_config_dir

Data type: Optional[Stdlib::Unixpath]

Default value: undef

startup_paths

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

stat_cmd

Data type: Optional[String[1]]

Default value: undef

suspscan_dirs

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

suspscan_maxsize

Data type: Integer[0]

Default value: 1024000

suspscan_temp

Data type: Stdlib::Unixpath

Default value: '/dev/shm'

suspscan_thresh

Data type: Integer[0]

Default value: 200

suspscan_whitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

syslog_config_file

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

tmpdir

Data type: Stdlib::Unixpath

Default value: '/var/lib/rkhunter'

uid0_accounts

Data type: Optional[Array[String[1]]]

Default value: undef

unhide_tests

Data type: Optional[Array[String[1]]]

Default value: undef

unhidetcp_opts

Data type: Optional[Array[String[1]]]

Default value: undef

update_lang

Data type: Optional[Array[String[1]]]

Default value: undef

update_mirrors

Data type: Boolean

Default value: true

updt_on_os_change

Data type: Boolean

Default value: false

use_locking

Data type: Boolean

Default value: true

use_sunsum

Data type: Boolean

Default value: false

syslog_priority

Data type: Simplib::Syslog::Priority

Default value: 'LOCAL6.NOTICE'

use_syslog

Data type: Boolean

Default value: true

warn_on_os_change

Data type: Boolean

Default value: true

web_cmd

Data type: Optional[String[1]]

Default value: undef

whitelisted_is_white

Data type: Boolean

Default value: false

writewhitelist

Data type: Optional[Array[Stdlib::Unixpath]]

Default value: undef

xinetd_allowed_svc

Data type: Optional[Array[String[1]]]

Default value: undef

xinetd_conf_path

Data type: Optional[Stdlib::Unixpath]

Default value: undef

rkhunter::install

Install rkhunter

Parameters

The following parameters are available in the rkhunter::install class:

install_optional_packages

Data type: Boolean

Install optional packages that enable additional functionality in rkhunter

Default value: $rkhunter::install_optional_packages

optional_packages

Data type: Optional[Variant[Hash[String[1],Hash],Array[String[1]]]]

The list of optional packages to be installed

This may be anything that the puppetlabs-stdlib ensure_packages function accepts

Default value: undef

optional_package_ensure

Data type: Simplib::PackageEnsure

The state in which to place all packages

Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })

rkhunter_package_ensure

Data type: String[1]

The state in which to place the rkhunter package. May be specifically pinned.

Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })

rkhunter::propupd

Needed so that each run after installation does not trigger false positives

Parameters

The following parameters are available in the rkhunter::propupd class:

datfile

Data type: Stdlib::Unixpath

enable

Data type: Boolean

Default value: true

rkhunter::update

Add a scheduled job to update rkhunter

Parameters

The following parameters are available in the rkhunter::update class:

method

Data type: Enum['cron','systemd']

How you wish to schedule the run

Default value: 'systemd'

systemd_calendar

Data type: Optional[String[1]]

If $method is systemd, set this exact calendar string

This is not verified, use systemd-analyze calendar on a modern system to ensure that you have a valid string

Default value: undef

minute

Data type: Simplib::Cron::Minute

Cron minute

Default value: fqdn_rand(59)

hour

Data type: Simplib::Cron::Hour

Cron hour

Default value: 0

monthday

Data type: Simplib::Cron::MonthDay

Cron monthday

Default value: '*'

month

Data type: Simplib::Cron::Month

Cron month

Default value: '*'

weekday

Data type: Simplib::Cron::Weekday

Cron weekday

Default value: '*'

options

Data type: Array[String[1]]

Extra options to pass to rkhunter --update

Default value: ['--nocolors']

path

Data type: Stdlib::Unixpath

Default value: '/usr/bin/rkhunter'

Data types

Rkhunter::BindPath

matches valid binddir path accepts absolute path or an absolute path with a '+' proceeding it

Alias of Pattern['^(?:\/|\+\/)(?:[^\/\0]+\/*)*$']