Greetings.
I'd like to apply the following and run the rhunter template over
everything. This is targeted at host1plus however. At most this will
impact rkhunter and nothing else.
ansible_fqdn gets it's value by looking at the ip address of the
machine and doing a reverse dns lookup. Mostly this is fine, but in
some cases (like host1plus) the reverse dns is not controlled by us and
is not as you might expect:
$ host host1plus01.fedoraproject.org
host1plus01.fedoraproject.org has address 5.175.150.48
host 5.175.150.48
48.150.175.5.in-addr.arpa domain name pointer gdm4.unidis.com.br.
This results in the above template looking and seeing that
"gdm4.unidis.com.br" is not in fact in the virthosts group and thus
shouldn't have the line that allows /dev/shm/spice* files, so it sends
a alert about it being there.
(after freeze we should probibly go remove all uses of ansible_fqdn)
diff --git a/roles/rkhunter/templates/rkhunter.conf.j2 b/roles/rkhunter/templates/rkhunter.conf.j2
index 7b76695..35e5576 100644
--- a/roles/rkhunter/templates/rkhunter.conf.j2
+++ b/roles/rkhunter/templates/rkhunter.conf.j2
@@ -386,7 +386,7 @@ ALLOWDEVFILE=/dev/shm/fmn-cache.dbm
ALLOWDEVFILE=/dev/shm/squid-squid-page-pool.shm
ALLOWDEVFILE=/dev/shm/squid-cache_mem.shm
{% endif %}
-{% if ansible_fqdn in groups['virtservers'] or ansible_fqdn in groups['openqa-workers'] or ansible_fqdn in groups['openqa-stg-workers'] %}
+{% if inventory_hostname in groups['virtservers'] or inventory_hostname in groups['openqa-workers'] or inventory_hostname in groups['openqa-stg-workers'] %}
# libvirt spice device makes a /dev/shm/spice file
ALLOWDEVFILE=/dev/shm/spice.*
{% endif %}
+1s?
kevin
Attachment:
pgp0DpXNXamsY.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
