|
@@ -1,86 +1,118 @@
|
|
|
-- name: Install auto upgrades package
|
|
|
- apt: pkg=unattended-upgrades state=installed update_cache=yes
|
|
|
+- name: 'Install auto upgrades package'
|
|
|
+ apt:
|
|
|
+ pkg: 'unattended-upgrades'
|
|
|
+ state: 'installed'
|
|
|
+ update_cache: 'yes'
|
|
|
when: with_auto_upgrade
|
|
|
|
|
|
-- name: Reconfigure unattended-upgrades package
|
|
|
- debconf: name="unattended-upgrades" question="unattended-upgrades/enable_auto_updates" value="true" vtype="boolean"
|
|
|
+- name: 'Reconfigure unattended-upgrades package'
|
|
|
+ debconf:
|
|
|
+ name: 'unattended-upgrades'
|
|
|
+ question: 'unattended-upgrades/enable_auto_updates'
|
|
|
+ value: 'true'
|
|
|
+ vtype: 'boolean'
|
|
|
notify:
|
|
|
- - Reconfigure unattended-upgrades
|
|
|
+ - 'Reconfigure unattended-upgrades'
|
|
|
when: with_auto_upgrade
|
|
|
|
|
|
-- name: Update unattended-upgrades configuration
|
|
|
- template: src={{ item }} dest=/etc/apt/apt.conf.d/90unattended-upgrades-local owner=root group=root mode=0644
|
|
|
- first_available_file:
|
|
|
- - apt/auto-upgrades.{{ ansible_lsb.codename }}.j2
|
|
|
- - apt/auto-upgrades.j2
|
|
|
+- name: 'Update unattended-upgrades configuration'
|
|
|
+ template:
|
|
|
+ src: '{{ item }}'
|
|
|
+ dest: '/etc/apt/apt.conf.d/90unattended-upgrades-local'
|
|
|
+ owner: 'root'
|
|
|
+ group: 'root'
|
|
|
+ mode: '0644'
|
|
|
+ with_first_found:
|
|
|
+ - 'apt/auto-upgrades.{{ ansible_lsb.codename }}.j2'
|
|
|
+ - 'apt/auto-upgrades.j2'
|
|
|
when: with_auto_upgrade
|
|
|
|
|
|
-- name: Install logcheck packages
|
|
|
- apt: pkg={{ item }} state=installed update_cache=yes
|
|
|
+- name: 'Install logcheck packages'
|
|
|
+ apt:
|
|
|
+ pkg: '{{ item }}'
|
|
|
+ state: 'installed'
|
|
|
+ update_cache: 'yes'
|
|
|
with_items:
|
|
|
- - logcheck
|
|
|
- - logcheck-database
|
|
|
+ - 'logcheck'
|
|
|
+ - 'logcheck-database'
|
|
|
when: with_logcheck
|
|
|
|
|
|
-- name: Install local configuration files for logcheck
|
|
|
- copy: src=logcheck/{{ item }}_local dest=/etc/logcheck/ignore.d.server/{{ item }}_local owner=root group=root mode=0644
|
|
|
+- name: 'Install local configuration files for logcheck'
|
|
|
+ copy:
|
|
|
+ src: 'logcheck/{{ item }}_local'
|
|
|
+ dest: '/etc/logcheck/ignore.d.server/{{ item }}_local'
|
|
|
+ owner: 'root'
|
|
|
+ group: 'root'
|
|
|
+ mode: '0644'
|
|
|
with_items:
|
|
|
- - amavisd-new
|
|
|
- - ansible
|
|
|
- - apache2
|
|
|
- - bind
|
|
|
- - dhclient
|
|
|
- - dnsmasq
|
|
|
- - dovecot
|
|
|
- - dropbear
|
|
|
- - ferm
|
|
|
- - git-daemon
|
|
|
- - gogs
|
|
|
- - ipmi
|
|
|
- - irqbalance
|
|
|
- - kernel
|
|
|
- - libpam-modules
|
|
|
- - mon
|
|
|
- - noip2
|
|
|
- - ntp
|
|
|
- - openvpn
|
|
|
- - php
|
|
|
- - postfix
|
|
|
- - pure-ftpd
|
|
|
- - pve-cluster
|
|
|
- - redir
|
|
|
- - rpc-mountd
|
|
|
- - rrdcached
|
|
|
- - rsyslog
|
|
|
- - smartd
|
|
|
- - spamd
|
|
|
- - sshd
|
|
|
- - svn
|
|
|
- - sympa
|
|
|
- - systemd
|
|
|
- - zabbix-agentd
|
|
|
+ - 'amavisd-new'
|
|
|
+ - 'ansible'
|
|
|
+ - 'apache2'
|
|
|
+ - 'bind'
|
|
|
+ - 'dhclient'
|
|
|
+ - 'dnsmasq'
|
|
|
+ - 'dovecot'
|
|
|
+ - 'dropbear'
|
|
|
+ - 'ferm'
|
|
|
+ - 'git-daemon'
|
|
|
+ - 'gogs'
|
|
|
+ - 'ipmi'
|
|
|
+ - 'irqbalance'
|
|
|
+ - 'kernel'
|
|
|
+ - 'libpam-modules'
|
|
|
+ - 'mon'
|
|
|
+ - 'noip2'
|
|
|
+ - 'ntp'
|
|
|
+ - 'openvpn'
|
|
|
+ - 'php'
|
|
|
+ - 'postfix'
|
|
|
+ - 'pure-ftpd'
|
|
|
+ - 'pve-cluster'
|
|
|
+ - 'redir'
|
|
|
+ - 'rpc-mountd'
|
|
|
+ - 'rrdcached'
|
|
|
+ - 'rsyslog'
|
|
|
+ - 'smartd'
|
|
|
+ - 'spamd'
|
|
|
+ - 'sshd'
|
|
|
+ - 'svn'
|
|
|
+ - 'sympa'
|
|
|
+ - 'systemd'
|
|
|
+ - 'zabbix-agentd'
|
|
|
when: with_logcheck
|
|
|
|
|
|
-- name: Update logcheck cron job
|
|
|
- template: src=cron/logcheck.j2 dest=/etc/cron.d/logcheck owner=root group=root mode=0644
|
|
|
+- name: 'Update logcheck cron job'
|
|
|
+ template:
|
|
|
+ src: 'cron/logcheck.j2'
|
|
|
+ dest: '/etc/cron.d/logcheck'
|
|
|
+ owner: 'root'
|
|
|
+ group: 'root'
|
|
|
+ mode: '0644'
|
|
|
when: with_logcheck
|
|
|
|
|
|
-- name: Install rkhunter related packages
|
|
|
- apt: pkg={{ item }} state=installed update_cache=yes
|
|
|
+- name: 'Install rkhunter related packages'
|
|
|
+ apt:
|
|
|
+ pkg: '{{ item }}'
|
|
|
+ state: 'installed'
|
|
|
+ update_cache: 'yes'
|
|
|
with_items:
|
|
|
- - lsof
|
|
|
- - unhide
|
|
|
- - rkhunter
|
|
|
+ - 'lsof'
|
|
|
+ - 'unhide'
|
|
|
+ - 'rkhunter'
|
|
|
when: with_rkhunter
|
|
|
|
|
|
-- name: Reconfigure rkhunter package
|
|
|
- debconf: name="{{item.name}}" question="{{item.question}}" value="{{item.value}}" vtype="{{item.vtype}}"
|
|
|
+- name: 'Reconfigure rkhunter package'
|
|
|
+ debconf:
|
|
|
+ name: '{{item.name}}'
|
|
|
+ question: '{{item.question}}'
|
|
|
+ value: '{{item.value}}'
|
|
|
+ vtype: '{{item.vtype}}'
|
|
|
with_items:
|
|
|
- { name: 'rkhunter', question: 'rkhunter/apt_autogen', value: 'true', vtype: 'boolean' }
|
|
|
- { name: 'rkhunter', question: 'rkhunter/cron_daily_run', value: 'true', vtype: 'boolean' }
|
|
|
- { name: 'rkhunter', question: 'rkhunter/cron_db_update', value: 'true', vtype: 'boolean' }
|
|
|
notify:
|
|
|
- - Reconfigure rkhunter
|
|
|
+ - 'Reconfigure rkhunter'
|
|
|
when: with_rkhunter
|
|
|
|
|
|
- name: Update rkhunter configuration
|
|
@@ -108,4 +140,4 @@
|
|
|
args:
|
|
|
creates: '/etc/ssl/private/dh{{ item }}.pem'
|
|
|
with_items:
|
|
|
- - 2048
|
|
|
+ - '2048'
|