diff options
Diffstat (limited to 'roles/common/tasks')
-rw-r--r-- | roles/common/tasks/logging.yml | 32 | ||||
-rw-r--r-- | roles/common/tasks/main.yml | 1 |
2 files changed, 33 insertions, 0 deletions
diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml new file mode 100644 index 0000000..d305e29 --- /dev/null +++ b/roles/common/tasks/logging.yml @@ -0,0 +1,32 @@ +- name: Install logging server & utilities + apt: pkg={{ item }} + with_items: + - rsyslog + - syslog-summary + - logcheck + - logcheck-database + - logrotate + +- name: Configure logcheck + copy: src=etc/logcheck/{{ item }} + dest=/etc/logcheck/{{ item }} + owner=root group=logcheck + mode=0640 + with_items: + - logcheck.conf + - ignore.d.server/common.local + +- name: Minimal logging policy (1) + lineinfile: dest=/etc/logrotate.d/rsyslog + regexp="^/var/log/mail.(log|info)$" + state=absent + +- name: Minimal logging policy (2) + copy: src=etc/logrotate.d/fripost-mail + dest=/etc/logrotate.d/fripost-mail + owner=root group=root + mode=0644 + +# TODO: We also have specialized per-role logcheck rulesets, per-role +# logrotate configuration (/etc/logrotate.d), and per-role rsyslog +# configuration (/etc/rsyslog.d). diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index ea85900..3ee4f49 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -7,3 +7,4 @@ - include: rkhunter.yml tags=rkhunter - include: fail2ban.yml tags=fail2ban - include: ipsec.yml tags=strongswan,ipsec +- include: logging.yml tags=logging |