ansible-playbooks/roles/common/tasks/security.yml

- name: Install logcheck packages
  action: ${ansible_pkg_mgr} pkg=${item} state=installed update_cache=yes
  with_items:
    - logcheck
    - logcheck-database
  when_boolean: ${with_logcheck}

- name: Install local configuration files for logcheck
  action: copy src=logcheck/${item}_local dest=/etc/logcheck/ignore.d.server/${item}_local owner=root group=root mode=0644
  with_items:
    - ansible
    - bind
    - dovecot
    - dropbear
    - ipmi
    - libpam-modules
    - mon
    - noip2
    - ntp
    - openvpn
    - php
    - postfix
    - pure-ftpd
    - redir
    - rsyslog
    - smartd
    - spamd
    - sshd
    - svn
    - sympa
  when_boolean: ${with_logcheck}

- name: Update logcheck cron job
  action: template src=cron/logcheck.j2 dest=/etc/cron.d/logcheck owner=root group=root mode=0644
  when_boolean: ${with_logcheck}

- name: Update rkhunter default/init parameters
  action: template src=rkhunter/default.j2 dest=/etc/default/rkhunter owner=root group=root mode=0644
  when_boolean: ${with_rkhunter}

- name: Update rkhunter configuration
  action: template src=rkhunter/${ansible_lsb.codename}.conf.j2 dest=/etc/rkhunter.conf owner=root group=root mode=0644
  when_boolean: ${with_rkhunter}

- name: Update chkrootkit configuration
  action: template src=chkrootkit/chkrootkit.conf.j2 dest=/etc/chkrootkit.conf owner=root group=root mode=0644
  when_boolean: ${with_chkrootkit}