rkhunter.conf.j2: Check that /etc/polkit-1/rules.d exists

Also add only "/etc/sudoers.d" instead of "/etc/sudoers.d/*" as the directory might exists but being empty.
pyllyukko · Feb 23, 2025 · 0af1482 · 0af1482 · pyllyukko · Feb 23, 2025
1 parent 71c6ae1
commit 0af1482
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/tasks/rkhunter.yml b/tasks/rkhunter.yml
@@ -22,6 +22,11 @@
       ansible.builtin.getent:
         database: passwd
       tags: check
+    - name: Stat /etc/polkit-1/rules.d
+      ansible.builtin.stat:
+        path: /etc/polkit-1/rules.d
+      register: stat_polkit_etc
+      tags: check
     - name: 'Create /etc/rkhunter.conf'
       ansible.builtin.template:
         src: "{{ playbook_dir }}/templates/rkhunter.conf.j2"

diff --git a/templates/rkhunter.conf.j2 b/templates/rkhunter.conf.j2
@@ -547,10 +547,12 @@ USER_FILEPROP_FILES_DIRS=/lib64/security/*.so
 USER_FILEPROP_FILES_DIRS=/lib/{{ ansible_architecture }}-linux-gnu/security/*.so
 {% endif %}
 USER_FILEPROP_FILES_DIRS=/etc/sudoers
-USER_FILEPROP_FILES_DIRS=/etc/sudoers.d/*
+USER_FILEPROP_FILES_DIRS=/etc/sudoers.d
+{% if stat_polkit_etc.stat.exists %}
 USER_FILEPROP_FILES_DIRS=/etc/polkit-1/rules.d/*.rules
 USER_FILEPROP_FILES_DIRS=/usr/share/polkit-1/rules.d/*.rules
 USER_FILEPROP_FILES_DIRS=/usr/share/polkit-1/actions/*.policy
+{% endif %}
 #EXCLUDE_USER_FILEPROP_FILES_DIRS=/opt/ps*
 
 #