صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
kolter
/
ansible-playbooks
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 79c68010f7
شاخه‌ها تگ‌ها
ansible-playboo...
/
roles
/
common
/
tasks
/
security.yml

security.yml 2.2 KB
تاريخچه خام

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. - name: Install auto upgrades package
    2. 

  2.   apt: pkg=unattended-upgrades state=installed update_cache=yes
    3. 

  3.   when: with_auto_upgrade
    4. 

  4. 

  5. - name: Configure auto upgrades
    6. 

  6.   template: src={{ item }} dest=/etc/apt/apt.conf.d/20auto-upgrades owner=root group=root mode=0644
    7. 

  7.   first_available_file:
    8. 

  8.     - apt/auto-upgrades.{{ ansible_lsb.codename }}.j2
    9. 

  9.     - apt/auto-upgrades.j2
    10. 

  10.   when: with_auto_upgrade
    11. 

  11. 

  12. - name: Install logcheck packages
    13. 

  13.   apt: pkg={{ item }} state=installed update_cache=yes
    14. 

  14.   with_items:
    15. 

  15.     - logcheck
    16. 

  16.     - logcheck-database
    17. 

  17.   when: with_logcheck
    18. 

  18. 

  19. - name: Install local configuration files for logcheck
    20. 

  20.   copy: src=logcheck/{{ item }}_local dest=/etc/logcheck/ignore.d.server/{{ item }}_local owner=root group=root mode=0644
    21. 

  21.   with_items:
    22. 

  22.     - amavisd-new
    23. 

  23.     - ansible
    24. 

  24.     - bind
    25. 

  25.     - dhclient
    26. 

  26.     - dovecot
    27. 

  27.     - dropbear
    28. 

  28.     - git-daemon
    29. 

  29.     - ipmi
    30. 

  30.     - kernel
    31. 

  31.     - libpam-modules
    32. 

  32.     - mon
    33. 

  33.     - noip2
    34. 

  34.     - ntp
    35. 

  35.     - openvpn
    36. 

  36.     - php
    37. 

  37.     - postfix
    38. 

  38.     - pure-ftpd
    39. 

  39.     - pve-cluster
    40. 

  40.     - redir
    41. 

  41.     - rpc.mountd
    42. 

  42.     - rrdcached
    43. 

  43.     - rsyslog
    44. 

  44.     - smartd
    45. 

  45.     - spamd
    46. 

  46.     - sshd
    47. 

  47.     - svn
    48. 

  48.     - sympa
    49. 

  49.   when: with_logcheck
    50. 

  50. 

  51. - name: Update logcheck cron job
    52. 

  52.   template: src=cron/logcheck.j2 dest=/etc/cron.d/logcheck owner=root group=root mode=0644
    53. 

  53.   when: with_logcheck
    54. 

  54. 

  55. - name: Install rkhunter related packages
    56. 

  56.   apt: pkg={{ item }} state=installed update_cache=yes
    57. 

  57.   with_items:
    58. 

  58.     - lsof
    59. 

  59.     - unhide
    60. 

  60.     - rkhunter
    61. 

  61.   when: with_rkhunter
    62. 

  62. 

  63. - name: Update rkhunter default/init parameters
    64. 

  64.   template: src=rkhunter/default.j2 dest=/etc/default/rkhunter owner=root group=root mode=0644
    65. 

  65.   when: with_rkhunter
    66. 

  66. 

  67. - name: Update rkhunter configuration
    68. 

  68.   template: src=rkhunter/{{ ansible_lsb.codename }}.conf.j2 dest=/etc/rkhunter.conf owner=root group=root mode=0644
    69. 

  69.   when: with_rkhunter
    70. 

  70. 

  71. - name: Update chkrootkit configuration
    72. 

  72.   template: src=chkrootkit/chkrootkit.conf.j2 dest=/etc/chkrootkit.conf owner=root group=root mode=0644
    73. 

  73.   when: with_chkrootkit
    74. 

  74. 

  75. - name: Update fstab to hide pids from /proc
    76. 

  76.   lineinfile: dest=/etc/fstab regexp='(^proc\s+/proc\s+proc\s+)(\S+)(\s+[0-9]\s+[0-9])\s*$' line='\1defaults,hidepid=2\3' backrefs=yes
    77. 

  77.   notify:
    78. 

  78.       - Remount /proc
    79. 

  79.   when: with_hideproc
    80.