From 19a23ab85485210301ecd4e9dfbca4363573a8db Mon Sep 17 00:00:00 2001
From: Matthieu Saulnier <fantom@fedoraproject.org>
Date: Sat, 25 Aug 2018 11:02:51 +0200
Subject: Update sudoers and rkhunter config files

---
 roles/clients/files/sudo        |  3 +++
 roles/clients/tasks/pkgs.yml    |  2 ++
 roles/common/tasks/rkhunter.yml | 13 ++++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/roles/clients/files/sudo b/roles/clients/files/sudo
index caa94ad..4d0f852 100644
--- a/roles/clients/files/sudo
+++ b/roles/clients/files/sudo
@@ -1,4 +1,5 @@
 User_Alias MOI = casper, matthieusaulnier, msaulnier
+User_Alias DAYR = dayr
 
 Cmnd_Alias CLI = /usr/bin/yum, /usr/bin/dnf, /usr/bin/touch /.autorelabel, /usr/bin/journalctl
 Cmnd_Alias DESKTOP = /usr/sbin/i7z, /usr/sbin/iftop, /usr/sbin/iotop -o
@@ -7,6 +8,7 @@ Cmnd_Alias POWEROFF = /usr/sbin/poweroff
 Cmnd_Alias SHINT = /usr/sbin/sgdisk -Z
 Cmnd_Alias RUNLEVEL = /usr/bin/systemctl isolate multi-user, /usr/bin/systemctl isolate graphical
 Cmnd_Alias DBUS = /usr/bin/systemctl stop dbus.socket dbus.service
+Cmnd_Alias VIEWER = /usr/bin/virt-viewer -c qemu\:///system -w -r -f dayr-windows-2012
 
 MOI ALL = NOPASSWD: CLI
 MOI ALL = NOPASSWD: DESKTOP
@@ -15,4 +17,5 @@ MOI ALL = NOPASSWD: POWEROFF
 MOI ALL = NOPASSWD: SHINT
 MOI ALL = NOPASSWD: RUNLEVEL
 MOI ALL = NOPASSWD: DBUS
+DAYR ALL = NOPASSWD: VIEWER
 
diff --git a/roles/clients/tasks/pkgs.yml b/roles/clients/tasks/pkgs.yml
index f8799e2..36966a6 100644
--- a/roles/clients/tasks/pkgs.yml
+++ b/roles/clients/tasks/pkgs.yml
@@ -115,6 +115,7 @@
     - srm
     - unhide
     - httping
+    - httpry
     - lbd
     - nikto
     - ratproxy
@@ -175,6 +176,7 @@
     - tortoisehg
     - officeparser
     - icecat
+    - virt-viewer
 
 - name: Installation des paquets codecs
   dnf: name={{ item }} state=present
diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml
index a773421..460073a 100644
--- a/roles/common/tasks/rkhunter.yml
+++ b/roles/common/tasks/rkhunter.yml
@@ -5,9 +5,20 @@
 - name: Activation de tests rkhunter
   lineinfile: dest=/etc/rkhunter.conf state=present backrefs=yes
               regexp="^DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps"
-              line="DISABLE_TESTS=suspscan deleted_files"
+              line="DISABLE_TESTS=deleted_files"
 
 - name: Ajout de process en liste blanche
   lineinfile:
     path: /etc/rkhunter.conf
     line: 'ALLOWPROCLISTEN=/usr/sbin/wpa_supplicant'
+
+- name: Ajout de process en liste blanche
+  lineinfile:
+    path: /etc/rkhunter.conf
+    line: 'ALLOWPROCLISTEN=/usr/sbin/arpwatch'
+
+- name: Ajout de fichier en liste blanche
+  lineinfile:
+    path: /etc/rkhunter.conf
+    insertafter: '^ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm'
+    line: 'ALLOWDEVFILE=/dev/shm/squid-tls_session_cache.shm'
-- 
cgit