diff --git a/roles/debian/rkhunter/defaults/main.yml b/roles/debian/rkhunter/defaults/main.yml
index 0a7c0943f..9950494d5 100644
--- a/roles/debian/rkhunter/defaults/main.yml
+++ b/roles/debian/rkhunter/defaults/main.yml
@@ -13,6 +13,7 @@ rkhunter:
   allow_ssh_root_user: "{{ sshd.PermitRootLogin | default('prohibit-password') }}"
   disable_tests: "suspscan hidden_procs deleted_files packet_cap_apps apps os_specific"
   os_package_manager: "NONE" # PKGMGR=NONE is default for Debian, set it to what you need.
+  portpathwhitelist: []
   scriptwhitelist:
     - /bin/egrep
     - /bin/fgrep
diff --git a/roles/debian/rkhunter/tasks/main.yml b/roles/debian/rkhunter/tasks/main.yml
index 76942cca0..ec936bf6d 100644
--- a/roles/debian/rkhunter/tasks/main.yml
+++ b/roles/debian/rkhunter/tasks/main.yml
@@ -12,11 +12,14 @@
     path: "{{ item }}"
   register: _rkhunter_existing_scripts_to_whitelist
   loop: "{{ rkhunter.scriptwhitelist }}"
+  when: rkhunter.scriptwhitelist | length > 0
 
 - name: Filter existing scripts
   set_fact:
     existing_scripts: "{{ existing_scripts | default([]) + [item.item] }}"
-  when: item.stat.exists
+  when:
+    - item.stat.exists
+    - _rkhunter_existing_scripts_to_whitelist is defined
   loop: "{{ _rkhunter_existing_scripts_to_whitelist.results }}"
 
 - name: Check paths for portpath existence
@@ -24,11 +27,14 @@
     path: "{{ item.split(':')[0] }}"
   register: _rkhunter_existing_portpaths_to_whitelist
   loop: "{{ rkhunter.portpathwhitelist }}"
+  when: rkhunter.portpathwhitelist | length > 0
 
 - name: Filter existing portpath
   set_fact:
     existing_portpaths: "{{ existing_portpaths | default([]) + [item.item] }}"
-  when: item.stat.exists
+  when:
+    - item.stat.exists
+    - _rkhunter_existing_portpaths_to_whitelist is defined
   loop: "{{ _rkhunter_existing_portpaths_to_whitelist.results }}"
 
 - name: Copy rkhunter configuration.