Bug fixes pr 2.x (#2322)

* The mysql_client role assumes the deploy user exists, so it should depend on user_deploy.

* Fixing pre-push git hooks.

* Trying to fix ACL linting issue.

* Adding default portpathwhitelist variable to rkhunter.

* Accidentally doubled up on when clauses.

* Adding another when to rkhunter tasks for when no port paths or scripts are defined.

Author: gregharvey

roles/debian/rkhunter/defaults/main.yml

@@ -13,6 +13,7 @@ rkhunter:
   allow_ssh_root_user: "{{ sshd.PermitRootLogin | default('prohibit-password') }}"
   disable_tests: "suspscan hidden_procs deleted_files packet_cap_apps apps os_specific"
   os_package_manager: "NONE" # PKGMGR=NONE is default for Debian, set it to what you need.
+  portpathwhitelist: []
   scriptwhitelist:
     - /bin/egrep
     - /bin/fgrep

roles/debian/rkhunter/tasks/main.yml

@@ -12,23 +12,29 @@
     path: "{{ item }}"
   register: _rkhunter_existing_scripts_to_whitelist
   loop: "{{ rkhunter.scriptwhitelist }}"
+  when: rkhunter.scriptwhitelist | length > 0
 
 - name: Filter existing scripts
   set_fact:
     existing_scripts: "{{ existing_scripts | default([]) + [item.item] }}"
-  when: item.stat.exists
+  when:
+    - item.stat.exists
+    - _rkhunter_existing_scripts_to_whitelist is defined
   loop: "{{ _rkhunter_existing_scripts_to_whitelist.results }}"
 
 - name: Check paths for portpath existence
   ansible.builtin.stat:
     path: "{{ item.split(':')[0] }}"
   register: _rkhunter_existing_portpaths_to_whitelist
   loop: "{{ rkhunter.portpathwhitelist }}"
+  when: rkhunter.portpathwhitelist | length > 0
 
 - name: Filter existing portpath
   set_fact:
     existing_portpaths: "{{ existing_portpaths | default([]) + [item.item] }}"
-  when: item.stat.exists
+  when:
+    - item.stat.exists
+    - _rkhunter_existing_portpaths_to_whitelist is defined
   loop: "{{ _rkhunter_existing_portpaths_to_whitelist.results }}"
 
 - name: Copy rkhunter configuration.