From d2150ef9411e0801bceacd35ed9d20efdc4cae7e Mon Sep 17 00:00:00 2001
From: Matthieu Saulnier <fantom@fedoraproject.org>
Date: Sun, 18 Jun 2017 04:50:44 +0200
Subject: reconfigure rkhunter before task removal

---
 roles/common/tasks/rkhunter.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'roles/common/tasks/rkhunter.yml')

diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml
index ec65caa..cc18631 100644
--- a/roles/common/tasks/rkhunter.yml
+++ b/roles/common/tasks/rkhunter.yml
@@ -7,7 +7,8 @@
               regexp="^DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps"
               line="DISABLE_TESTS=suspscan deleted_files"
 
+# after one playbook run, this must be deleted
 - name: Autorise login root par SSH
   lineinfile: dest=/etc/rkhunter.conf state=present backrefs=yes
-              regexp="^ALLOW_SSH_ROOT_USER=yes"
-              line="ALLOW_SSH_ROOT_USER=unset"
+              regexp="^ALLOW_SSH_ROOT_USER=unset"
+              line="ALLOW_SSH_ROOT_USER=yes"
-- 
cgit