Ansible role to deploy several rootkit and malware detection tools:
- rkhunter
- chkrootkit
- unhide
- Shell Detector (https://github.com/emposha/Shell-Detector)
Only Debian and Ubuntu are supported, right now.
- antirootkits_mail_from: Sender email address for the audit reports. No valid default, you have to fill it in.
- antirootkits_mail_to: Receiver email address for the audit reports. No valid default, you have to fill it in.
- antirootkits_log_expire: Days before logs are purged. Defaults to '90'.
- shelldetector_scan_directory: Directory to scan for Shell Detector. Defaults to '/var/www'.
- shelldetector_cron_hour: Hour of execution of Shell Detector's cron job. Defaults to '6'.
- shelldetector_cron_minute: Minute of execution of Shell Detector's cron job. Defaults to '30'.
Example of how to use this role:
- hosts: debian_servers
vars:
antirootkits_mail_from: '[email protected]'
antirootkits_mail_to: '[email protected]'
roles:
- { role: mablanco.antirootkits }
- Schedule unhide runs and send email reports
- Add more tools!
GPLv3