Temporary disable HIDS tasks due to overload

5 files changed, 18 insertions, 42 deletions

diff --git a/roles/clients/tasks/main.yml b/roles/clients/tasks/main.yml
index 8b0e2ed..13b1d46 100644
--- a/roles/clients/tasks/main.yml
+++ b/roles/clients/tasks/main.yml
@@ -19,8 +19,9 @@
 - name: Configuration mock
   import_tasks: mock.yml
 
-- name: Configuration rkhunter pour mock
-  import_tasks: rkhunter.yml
+### rkhunter est désinstallé par le role diagnostics
+###- name: Configuration rkhunter pour mock
+###  import_tasks: rkhunter.yml
 
 - name: Ajout points de montage
   import_tasks: mnt.yml
diff --git a/roles/diagnostics/tasks/aide.yml b/roles/diagnostics/tasks/aide.yml
index a8640fd..c7490ca 100644
--- a/roles/diagnostics/tasks/aide.yml
+++ b/roles/diagnostics/tasks/aide.yml
@@ -1,16 +1,14 @@
 - name: Installation du HIDS AIDE
   yum: name=aide state=present
   when: ansible_pkg_mgr == "yum"
+  notify: initialize aide
 
 - name: Installation du HIDS AIDE
   dnf: name=aide state=present
   when: ansible_pkg_mgr == "dnf"
-
-- name: Activation Cron du HIDS AIDE
-  copy:
-    src: aidereport.sh
-    dest: /etc/cron.daily/z-aidereport.sh
-    mode: 0755
-  when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 28 and
-        ansible_virtualization_role == "NA" or ansible_virtualization_role == "host"
   notify: initialize aide
+
+- name: Désactivation Cron du HIDS AIDE
+  file:
+    path: /etc/cron.daily/z-aidereport.sh
+    state: absent
diff --git a/roles/diagnostics/tasks/cron.yml b/roles/diagnostics/tasks/cron.yml
index 7646287..43c54f3 100644
--- a/roles/diagnostics/tasks/cron.yml
+++ b/roles/diagnostics/tasks/cron.yml
@@ -16,11 +16,9 @@
     state: absent
 
 - name: Rapport RPM Verify monthly
-  copy:
-    src: rpmreport.sh
-    dest: /etc/cron.monthly/rpmreport.sh
-    mode: 0755
-  when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host"
+  file:
+    path: /etc/cron.monthly/rpmreport.sh
+    state: absent
 
 - name: Tests disques durs
   template: src=diskcheck.sh.j2 dest=/etc/cron.weekly/diskcheck.sh mode=755
diff --git a/roles/diagnostics/tasks/rkhunter.yml b/roles/diagnostics/tasks/rkhunter.yml
index 460073a..edb73ef 100644
--- a/roles/diagnostics/tasks/rkhunter.yml
+++ b/roles/diagnostics/tasks/rkhunter.yml
@@ -1,24 +1,4 @@
 - name: Installation du HIDS rkhunter
-  dnf: name=rkhunter state=present
-  notify: initialize rkhunter
-
-- name: Activation de tests rkhunter
-  lineinfile: dest=/etc/rkhunter.conf state=present backrefs=yes
-              regexp="^DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps"
-              line="DISABLE_TESTS=deleted_files"
-
-- name: Ajout de process en liste blanche
-  lineinfile:
-    path: /etc/rkhunter.conf
-    line: 'ALLOWPROCLISTEN=/usr/sbin/wpa_supplicant'
-
-- name: Ajout de process en liste blanche
-  lineinfile:
-    path: /etc/rkhunter.conf
-    line: 'ALLOWPROCLISTEN=/usr/sbin/arpwatch'
-
-- name: Ajout de fichier en liste blanche
-  lineinfile:
-    path: /etc/rkhunter.conf
-    insertafter: '^ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm'
-    line: 'ALLOWDEVFILE=/dev/shm/squid-tls_session_cache.shm'
+  package:
+    name: rkhunter
+    state: absent
diff --git a/roles/diagnostics/tasks/selinux.yml b/roles/diagnostics/tasks/selinux.yml
index 92268e7..7497364 100644
--- a/roles/diagnostics/tasks/selinux.yml
+++ b/roles/diagnostics/tasks/selinux.yml
@@ -6,8 +6,7 @@
   when: ansible_selinux.status != "disabled"
 
 - name: Relabel système de fichier
-  copy:
-    src: selinuxresto.sh
-    dest: /etc/cron.monthly/selinuxresto.sh
-    mode: 0755
+  file:
+    path: /etc/cron.monthly/selinuxresto.sh
+    state: absent
   when: ansible_selinux.status != "disabled"