summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-07-09 19:57:56 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-07-09 20:20:31 +0200
commitcbe1123ede86042ab0d62bc4f972f026301d5016 (patch)
treeb3f144b8c6f498e842c31863a28c405423cc96e8
parentd237ec31f785c801b29d679f10f8f2d618ff1585 (diff)
ClamAV (FreshClam): use a localized Database Mirror.
As db.local.clamav.net is not always properly localized. Furthermore, our previous Ansiblee script did not ensure ordering of the DatabaseMirror lines.
-rw-r--r--production13
-rw-r--r--roles/common/tasks/clamav.yml11
-rw-r--r--roles/common/templates/etc/clamav/freshclam.conf.j232
3 files changed, 44 insertions, 12 deletions
diff --git a/production b/production
index c6cb7a0..12aa91c 100644
--- a/production
+++ b/production
@@ -1,20 +1,21 @@
[mistral]
-mistral.fripost.org
+mistral.fripost.org geoip=se
[elefant]
-elefant.fripost.org mxno=1
+elefant.fripost.org geoip=se mxno=1
[giraff]
-giraff.fripost.org
+giraff.fripost.org geoip=se
[antilop]
-antilop.fripost.org
+antilop.fripost.org geoip=se
[civett]
-civett.friprogramvarusyndikatet.se mxno=2
+civett.friprogramvarusyndikatet.se geoip=se mxno=2
[benjamin]
-benjamin.skangas.se
+benjamin.skangas.se geoip=se
+
# ldap.fripost.org
[LDAP-provider:children]
diff --git a/roles/common/tasks/clamav.yml b/roles/common/tasks/clamav.yml
index e1ece0d..de11ee6 100644
--- a/roles/common/tasks/clamav.yml
+++ b/roles/common/tasks/clamav.yml
@@ -6,12 +6,11 @@
- clamav-freshclam
- name: Configure FreshClam
- lineinfile: "dest=/etc/clamav/freshclam.conf
- line='DatabaseMirror {{ item }}'"
- with_items:
- - db.local.clamav.net
- - database.clamav.net
- - db.other.clamav.net
+ template: src=etc/clamav/freshclam.conf.j2
+ dest=/etc/clamav/freshclam.conf
+ owner=root group=root
+ mode=0644
+ tags: freshclam
notify:
- Restart freshclam
diff --git a/roles/common/templates/etc/clamav/freshclam.conf.j2 b/roles/common/templates/etc/clamav/freshclam.conf.j2
new file mode 100644
index 0000000..06cebd1
--- /dev/null
+++ b/roles/common/templates/etc/clamav/freshclam.conf.j2
@@ -0,0 +1,32 @@
+# Automatically created by the clamav-freshclam postinst
+# Comments will get lost when you reconfigure the clamav-freshclam package
+
+DatabaseOwner clamav
+UpdateLogFile /var/log/clamav/freshclam.log
+LogVerbose false
+LogSyslog false
+LogFacility LOG_LOCAL6
+LogFileMaxSize 0
+LogRotate true
+LogTime true
+Foreground false
+Debug false
+MaxAttempts 5
+DatabaseDirectory /var/lib/clamav
+DNSDatabaseInfo current.cvd.clamav.net
+ConnectTimeout 30
+ReceiveTimeout 30
+TestDatabases yes
+ScriptedUpdates yes
+CompressLocalDatabase no
+SafeBrowsing false
+Bytecode true
+NotifyClamd /etc/clamav/clamd.conf
+# Check for new database 24 times a day
+Checks 24
+DatabaseMirror db.{{ geoip | default('local') }}.clamav.net
+{% if geoip is defined and ansible_default_ipv6 %}
+DatabaseMirror db.{{ geoip }}.ipv6.clamav.net
+{% endif %}
+DatabaseMirror database.clamav.net
+DatabaseMirror db.other.clamav.net