From 91ffd0b134d3216e9418f18df1774696baa8190f Mon Sep 17 00:00:00 2001
From: Nick Fawbert <nick.fawbert@codeenigma.com>
Date: Thu, 7 Nov 2024 11:49:04 +0000
Subject: [PATCH 1/2] r70260-rkhunter-tweak-portpathwhitelist TEST

---
 roles/debian/rkhunter/tasks/main.yml             | 12 ++++++++++++
 roles/debian/rkhunter/templates/rkhunter.conf.j2 |  4 +++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/roles/debian/rkhunter/tasks/main.yml b/roles/debian/rkhunter/tasks/main.yml
index 9825b0606..aee8161e8 100644
--- a/roles/debian/rkhunter/tasks/main.yml
+++ b/roles/debian/rkhunter/tasks/main.yml
@@ -19,6 +19,18 @@
   when: item.stat.exists
   loop: "{{ _rkhunter_existing_scripts_to_whitelist.results }}"
 
+- name: Check paths for portpath existence
+  ansible.builtin.stat:
+    path: "{{ item }} | cut -d ':' -f 1"
+  register: _rkhunter_existing_portpaths_to_whitelist
+  loop: "{{ rkhunter.portpathwhitelist }}"
+
+- name: Filter existing portpath
+  set_fact:
+    existing_portpaths: "{{ existing_portpaths | default([]) + [item.item] }}"
+  when: item.stat.exists
+  loop: "{{ _rkhunter_existing_portpaths_to_whitelist.results }}"
+
 - name: Copy rkhunter configuration.
   ansible.builtin.template:
     src: rkhunter.conf.j2
diff --git a/roles/debian/rkhunter/templates/rkhunter.conf.j2 b/roles/debian/rkhunter/templates/rkhunter.conf.j2
index b9e3468a7..8c69d3c1f 100644
--- a/roles/debian/rkhunter/templates/rkhunter.conf.j2
+++ b/roles/debian/rkhunter/templates/rkhunter.conf.j2
@@ -937,9 +937,11 @@ SUSPSCAN_THRESH={{ rkhunter.supscan_threshold }}
 #
 #PORT_WHITELIST=""
 #PORT_PATH_WHITELIST=""
-{% for item in rkhunter.portpathwhitelist %}
+{% if existing_portpaths is defined and existing_portpaths | length > 0 %}
+{% for item in existing_portpaths %}
 PORT_PATH_WHITELIST={{ item }}
 {% endfor %}
+{% endif %}
 
 #
 # The following option can be used to tell rkhunter where the operating system

From dada06709126bde430d481beb3a872695c7d8585 Mon Sep 17 00:00:00 2001
From: Nick Fawbert <nick.fawbert@codeenigma.com>
Date: Thu, 7 Nov 2024 12:51:33 +0000
Subject: [PATCH 2/2] sanitise portpath items

---
 roles/debian/rkhunter/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/debian/rkhunter/tasks/main.yml b/roles/debian/rkhunter/tasks/main.yml
index aee8161e8..76942cca0 100644
--- a/roles/debian/rkhunter/tasks/main.yml
+++ b/roles/debian/rkhunter/tasks/main.yml
@@ -21,7 +21,7 @@
 
 - name: Check paths for portpath existence
   ansible.builtin.stat:
-    path: "{{ item }} | cut -d ':' -f 1"
+    path: "{{ item.split(':')[0] }}"
   register: _rkhunter_existing_portpaths_to_whitelist
   loop: "{{ rkhunter.portpathwhitelist }}"