diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2013-11-04 00:59:20 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:50:39 +0200 |
| commit | b48755386073c7245c221c3108290473ae1b279e (patch) | |
| tree | bec11b7290d09049673b7ec62a14630ce5437bb5 | |
| parent | 67c5135625d3553dcb6f2bfc193df24c0e1ab826 (diff) | |
Autostart daemons.
| -rw-r--r-- | roles/common/tasks/apt.yml | 5 | ||||
| -rw-r--r-- | roles/common/tasks/fail2ban.yml | 3 | ||||
| -rw-r--r-- | roles/common/tasks/ipsec.yml | 3 | ||||
| -rw-r--r-- | roles/common/tasks/logging.yml | 5 | ||||
| -rw-r--r-- | roles/common/tasks/samhain.yml | 3 |
5 files changed, 19 insertions, 0 deletions
diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 9b553b0..030709b 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -17,20 +17,25 @@ - name: Configure APT (1) template: src=etc/apt/{{ item }}.j2 dest=/etc/apt/{{ item }} owner=root group=root mode=0644 with_items: - sources.list - preferences notify: - apt-get update - name: Configure APT (2) copy: src=etc/apt/{{ item }} dest=/etc/apt/{{ item }} owner=root group=root mode=0644 with_items: - listchanges.conf - apt.conf.d/10periodic - apt.conf.d/50unattended-upgrades + +- name: Start cron + service: name=cron state=started + tags: + - cron diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml index 64283df..ccfeaa6 100644 --- a/roles/common/tasks/fail2ban.yml +++ b/roles/common/tasks/fail2ban.yml @@ -1,10 +1,13 @@ - name: Install fail2ban apt: pkg=fail2ban - name: Configure fail2ban template: src=etc/fail2ban/jail.local.j2 dest=/etc/fail2ban/jail.local owner=root group=root mode=0644 notify: - Restart fail2ban + +- name: Start fail2ban + service: name=fail2ban state=started diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml index 4c0a946..2196728 100644 --- a/roles/common/tasks/ipsec.yml +++ b/roles/common/tasks/ipsec.yml @@ -21,35 +21,38 @@ mode=0644 notify: - Missing IPSec certificate - name: Configure IPSec's secrets template: src=etc/ipsec.secrets.j2 dest=/etc/ipsec.secrets owner=root group=root mode=0600 notify: - Restart IPSec - name: Configure IPSec template: src=etc/ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=0644 notify: - Restart IPSec +- name: Start IPSec + service: name=ipsec state=started + - name: Auto-create a dedicated interface for IPSec copy: src=etc/network/if-up.d/ipsec dest=/etc/network/if-up.d/ipsec owner=root group=root mode=0755 notify: - Reload networking # XXX: As of 1.3.1 ansible doesn't accept relative src. # See https://github.com/ansible/ansible/issues/4459 - name: Auto-deactivate the dedicated interface for IPSec file: #src=../if-up.d/ipsec src=/etc/network/if-up.d/ipsec dest=/etc/network/if-down.d/ipsec owner=root group=root state=link diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml index d305e29..312c31e 100644 --- a/roles/common/tasks/logging.yml +++ b/roles/common/tasks/logging.yml @@ -1,29 +1,34 @@ - name: Install logging server & utilities apt: pkg={{ item }} with_items: - rsyslog - syslog-summary - logcheck - logcheck-database - logrotate +- name: Start rsyslog + service: name=rsyslog state=started + tags: + - syslog + - name: Configure logcheck copy: src=etc/logcheck/{{ item }} dest=/etc/logcheck/{{ item }} owner=root group=logcheck mode=0640 with_items: - logcheck.conf - ignore.d.server/common.local - name: Minimal logging policy (1) lineinfile: dest=/etc/logrotate.d/rsyslog regexp="^/var/log/mail.(log|info)$" state=absent - name: Minimal logging policy (2) copy: src=etc/logrotate.d/fripost-mail dest=/etc/logrotate.d/fripost-mail owner=root group=root mode=0644 diff --git a/roles/common/tasks/samhain.yml b/roles/common/tasks/samhain.yml index 73a2ace..90ea754 100644 --- a/roles/common/tasks/samhain.yml +++ b/roles/common/tasks/samhain.yml @@ -1,17 +1,20 @@ - name: Install samhain apt: pkg=samhain # XXX: Doesn't work out of the box, see #660197. # If this is the first installation, you may want to start with a fresh database # sudo service samhain stop # sudo rm /var/state/samhain/samhain_file # sudo samhain -t init -p warn # sudo service samhain start # sudo samhain -t update -l none - name: Configure samhain copy: src=etc/samhain/samhainrc dest=/etc/samhain/samhainrc owner=root group=root mode=0644 notify: - Reload samhain + +- name: Start samhain + service: name=samhain state=started |