From bda835d0051950c63c0f38bbf11fb6fe47b4af36 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 31 Oct 2013 01:10:49 +0100 Subject: Configure the (basic) logging policy. --- roles/common/tasks/logging.yml | 32 ++++++++++++++++++++++++++++++++ roles/common/tasks/main.yml | 1 + 2 files changed, 33 insertions(+) create mode 100644 roles/common/tasks/logging.yml (limited to 'roles/common/tasks') diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml new file mode 100644 index 0000000..d305e29 --- /dev/null +++ b/roles/common/tasks/logging.yml @@ -0,0 +1,32 @@ +- name: Install logging server & utilities + apt: pkg={{ item }} + with_items: + - rsyslog + - syslog-summary + - logcheck + - logcheck-database + - logrotate + +- name: Configure logcheck + copy: src=etc/logcheck/{{ item }} + dest=/etc/logcheck/{{ item }} + owner=root group=logcheck + mode=0640 + with_items: + - logcheck.conf + - ignore.d.server/common.local + +- name: Minimal logging policy (1) + lineinfile: dest=/etc/logrotate.d/rsyslog + regexp="^/var/log/mail.(log|info)$" + state=absent + +- name: Minimal logging policy (2) + copy: src=etc/logrotate.d/fripost-mail + dest=/etc/logrotate.d/fripost-mail + owner=root group=root + mode=0644 + +# TODO: We also have specialized per-role logcheck rulesets, per-role +# logrotate configuration (/etc/logrotate.d), and per-role rsyslog +# configuration (/etc/rsyslog.d). diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index ea85900..3ee4f49 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -7,3 +7,4 @@ - include: rkhunter.yml tags=rkhunter - include: fail2ban.yml tags=fail2ban - include: ipsec.yml tags=strongswan,ipsec +- include: logging.yml tags=logging -- cgit v1.2.3