summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-07-14 03:04:45 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:53:08 +0200
commit9516d25e869b5f704297442a9b28751081410f55 (patch)
treec7e6b5ff0eb764891f41eecc82843da99b224a8e /roles
parent9ac2057bb6f1465b8392f18552ac1df17f6d81d6 (diff)
Install auditd.
Diffstat (limited to 'roles')
-rw-r--r--roles/common/tasks/auditd.yml7
-rw-r--r--roles/common/tasks/main.yml1
-rw-r--r--roles/common/tasks/samhain.yml5
3 files changed, 9 insertions, 4 deletions
diff --git a/roles/common/tasks/auditd.yml b/roles/common/tasks/auditd.yml
new file mode 100644
index 0000000..05bd447
--- /dev/null
+++ b/roles/common/tasks/auditd.yml
@@ -0,0 +1,7 @@
+- name: Install auditd
+ apt: pkg=auditd
+
+- name: Start auditd
+ service: name=auditd state=started
+
+- meta: flush_handlers
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index a239667..903e834 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,26 +1,27 @@
---
- include: sysctl.yml tags=sysctl
- include: hosts.yml
- include: apt.yml tags=apt
- include: firewall.yml tags=firewall,iptables
- include: samhain.yml tags=samhain
+- include: auditd.yml tags=auditd
- include: rkhunter.yml tags=rkhunter
- include: clamav.yml tags=clamav
- include: fail2ban.yml tags=fail2ban
- include: smart.yml tags=smartmontools,smart
- include: haveged.yml tags=haveged,entropy
- name: Copy genkeypair.sh
copy: src=usr/local/bin/genkeypair.sh
dest=/usr/local/bin/genkeypair.sh
owner=root group=root
mode=0755
tags:
- genkey
- include: logging.yml tags=logging
- include: ntp.yml tags=ntp
- include: mail.yml tags=mail,postfix
- name: Install common packages
apt: pkg={{ item }}
with_items:
- ca-certificates
diff --git a/roles/common/tasks/samhain.yml b/roles/common/tasks/samhain.yml
index 184decc..dd5c09b 100644
--- a/roles/common/tasks/samhain.yml
+++ b/roles/common/tasks/samhain.yml
@@ -1,25 +1,22 @@
- name: Install samhain
- apt: pkg={{ item }}
- with_items:
- - samhain
- - auditd
+ apt: pkg=samhain
# XXX: Doesn't work out of the box, see #660197.
# Every once in a while, or after a major upgrade, you may want to
# update Samhain's database:
#
# sudo samhain -t update --foreground -l none
#
# To update the database interactively, without sending mails:
#
# sudo samhain -t update --interactive -l none -m none
- name: Configure samhain
copy: src=etc/samhain/samhainrc
dest=/etc/samhain/samhainrc
owner=root group=root
mode=0644
notify:
- Reload samhain
- name: Start samhain
# This task is inconditional because samhain is reloaded not
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-02 20:53:11 +0000