summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/tasks')
-rw-r--r--roles/common/tasks/logging.yml32
-rw-r--r--roles/common/tasks/main.yml1
2 files changed, 33 insertions, 0 deletions
diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml
new file mode 100644
index 0000000..d305e29
--- /dev/null
+++ b/roles/common/tasks/logging.yml
@@ -0,0 +1,32 @@
+- name: Install logging server & utilities
+ apt: pkg={{ item }}
+ with_items:
+ - rsyslog
+ - syslog-summary
+ - logcheck
+ - logcheck-database
+ - logrotate
+
+- name: Configure logcheck
+ copy: src=etc/logcheck/{{ item }}
+ dest=/etc/logcheck/{{ item }}
+ owner=root group=logcheck
+ mode=0640
+ with_items:
+ - logcheck.conf
+ - ignore.d.server/common.local
+
+- name: Minimal logging policy (1)
+ lineinfile: dest=/etc/logrotate.d/rsyslog
+ regexp="^/var/log/mail.(log|info)$"
+ state=absent
+
+- name: Minimal logging policy (2)
+ copy: src=etc/logrotate.d/fripost-mail
+ dest=/etc/logrotate.d/fripost-mail
+ owner=root group=root
+ mode=0644
+
+# TODO: We also have specialized per-role logcheck rulesets, per-role
+# logrotate configuration (/etc/logrotate.d), and per-role rsyslog
+# configuration (/etc/rsyslog.d).
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index ea85900..3ee4f49 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -7,3 +7,4 @@
- include: rkhunter.yml tags=rkhunter
- include: fail2ban.yml tags=fail2ban
- include: ipsec.yml tags=strongswan,ipsec
+- include: logging.yml tags=logging