rkhunter

Description

This charm installs and configures rkhunter, a rootkit scanner.
It is a subordinate charm that can be installed alongside your
primary charm to help protect the unit from attackers.


This charm installs and configures the rkhunter rootkit scanner.

The default configuration settings should be generally sane. If you
want to change them, here are your options:

daily_run This enables or disables a daily system scan
dev_files A space-separated list of valid /dev files
hidden_dirs A space-separated list of valid hidden (dot) directories
hidden_files A space-separated list of valid hidden (dot) files
logfile The location of rkhunter's logging output
mail_recipient The email address to which any output should be sent
mirror_access Determines how rkhunter should use its mirrors
mirror_mode Chooses which mirrors to use (local, remote or any)
mirror_update Sets whether to update mirrors automatically
mirror_list A space-separated list of mirror sites
nagios_context Used by the nrpe subordinate charm to identify a unit
nagios_servicegroups Used by the nrpe subordinate charm to set a servicegroup
script_dir The directory the charm should install any scripts into
script_whitelist A space-separated list of binaries that are really scripts
ssh_root_allowed Should ssh allow root logins?
weekly_db_update This enables or disables a weekly database update

This is a subordinate charm. Depoyment should be something like this:

juju deploy apache2
juju deploy rkhunter
juju add-relation apache2 rkhunter

Hooks are provided to enable Nagios alerts via the nrpe-external-master
charm and log rotation via the logrotate charm. Adding these relations
should be as simple as:

juju add-relation rkhunter nrpe-external-master
juju add-relation rkhunter logrotate

Configuration

daily_run
(string) Should rkhunter run daily? (yes/no)
yes
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
dev_files
(string) Space separated list of allowed /dev files
/dev/.udev/rules.d/root.rules
weekly_db_update
(string) Should rkhunter update it's database weekly? (yes/no)
yes
mirror_mode
(string) Which mirrors to use (any/local/remote)
any
script_whitelist
(string) Space separated list of binaries that are really scripts
/usr/bin/unhide.rb
ssh_root_allowed
(string) Should ssh root user be allowed? (yes/no)
no
nagios_context
(string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
hidden_dirs
(string) Space separated list of allowed hidden (dot) directories
/dev/.udev
mail_recipient
(string) The email address to which any output should be sent
root
mirror_access
(string) Should rkhunter rotate between mirrors or use them in priority order? (rotate/priority)
rotate
application_name
(string) Operating name of the charm
rkhunter
mirror_update
(string) Update mirrors automatically? (yes/no)
no
logfile
(string) Where to write rkhunter's logfiles
/var/log/rkhunter/rkhunter.log
hidden_files
(string) Space separated list of allowed hidden (dot) files
/dev/.blkid.tab /dev/.blkid.tab.old
script_dir
(string) The directory this charm should install any scripts into
/srv/rkhunter/bin
mirror_list
(string) A space separated list of mirrors
mirror=http://rkhunter.sourceforge.net