rkhunter #0

Supports: trusty

Add to new model

Description

This charm installs and configures rkhunter, a rootkit scanner.
It is a subordinate charm that can be installed alongside your
primary charm to help protect the unit from attackers.


This charm installs and configures the rkhunter rootkit scanner.

The default configuration settings should be generally sane. If you
want to change them, here are your options:

daily_run This enables or disables a daily system scan dev_files A space-separated list of valid /dev files hidden_dirs A space-separated list of valid hidden (dot) directories hidden_files A space-separated list of valid hidden (dot) files logfile The location of rkhunter's logging output mail_recipient The email address to which any output should be sent mirror_access Determines how rkhunter should use its mirrors mirror_mode Chooses which mirrors to use (local, remote or any) mirror_update Sets whether to update mirrors automatically mirror_list A space-separated list of mirror sites nagios_context Used by the nrpe subordinate charm to identify a unit nagios_servicegroups Used by the nrpe subordinate charm to set a servicegroup script_dir The directory the charm should install any scripts into script_whitelist A space-separated list of binaries that are really scripts ssh_root_allowed Should ssh allow root logins? weekly_db_update This enables or disables a weekly database update

This is a subordinate charm. Depoyment should be something like this:

juju deploy apache2
juju deploy rkhunter
juju add-relation apache2 rkhunter

Hooks are provided to enable Nagios alerts via the nrpe-external-master
charm and log rotation via the logrotate charm. Adding these relations
should be as simple as:

juju add-relation rkhunter nrpe-external-master
juju add-relation rkhunter logrotate


Configuration

application_name
(string) Operating name of the charm
rkhunter
daily_run
(string) Should rkhunter run daily? (yes/no)
yes
dev_files
(string) Space separated list of allowed /dev files
/dev/.udev/rules.d/root.rules
hidden_dirs
(string) Space separated list of allowed hidden (dot) directories
/dev/.udev
hidden_files
(string) Space separated list of allowed hidden (dot) files
/dev/.blkid.tab /dev/.blkid.tab.old
logfile
(string) Where to write rkhunter's logfiles
/var/log/rkhunter/rkhunter.log
mail_recipient
(string) The email address to which any output should be sent
root
mirror_access
(string) Should rkhunter rotate between mirrors or use them in priority order? (rotate/priority)
rotate
mirror_list
(string) A space separated list of mirrors
mirror=http://rkhunter.sourceforge.net
mirror_mode
(string) Which mirrors to use (any/local/remote)
any
mirror_update
(string) Update mirrors automatically? (yes/no)
no
nagios_context
(string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
script_dir
(string) The directory this charm should install any scripts into
/srv/rkhunter/bin
script_whitelist
(string) Space separated list of binaries that are really scripts
/usr/bin/unhide.rb
ssh_root_allowed
(string) Should ssh root user be allowed? (yes/no)
no
weekly_db_update
(string) Should rkhunter update it's database weekly? (yes/no)
yes