blob: b602a49d53cd96877907f9e65c65456ba0a3d340 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
- name: Install logging server & utilities
apt: pkg={{ packages }}
vars:
packages:
- rsyslog
- syslog-summary
- logcheck
- logcheck-database
- logrotate
- name: Configure rsyslog
copy: src=etc/rsyslog.conf
dest=/etc/rsyslog.conf
owner=root group=root
mode=0644
register: r1
notify:
- Restart rsyslog
tags:
- syslog
- name: Configure postfix's custom rsyslog rules
template: src=etc/rsyslog.d/postfix.conf.j2
dest=/etc/rsyslog.d/postfix.conf
owner=root group=root
mode=0644
register: r2
notify:
- Restart rsyslog
tags:
- syslog
- name: Start rsyslog
service: name=rsyslog state=started
when: not (r1.changed or r2.changed)
tags:
- syslog
- meta: flush_handlers
- name: Configure logcheck (1)
copy: src=etc/logcheck/{{ item }}
dest=/etc/logcheck/{{ item }}
owner=root group=logcheck
mode=0644
with_items:
- logcheck.conf
- ignore.d.server/common-local
- ignore.d.server/dovecot-local
- ignore.d.server/postfix-local
- ignore.d.server/strongswan-local
# logcheck-sudo already exists, but changing the filename for our
# local modifications would defeat the ruleset
- violations.ignore.d/logcheck-sudo
tags:
- logcheck
- name: Configure logcheck (2)
lineinfile: dest=/etc/logcheck/logcheck.logfiles
line={{ item }}
state=present
create=yes
owner=root group=logcheck
mode=0640
with_items:
- /var/log/syslog
- /var/log/auth.log
- /var/log/mail.log
tags:
- logcheck
- name: Minimal logging policy (1)
lineinfile: dest=/etc/logrotate.d/rsyslog
regexp="^/var/log/mail\\.(log|info|sasl)$"
state=absent
owner=root group=root
mode=0644
- name: Minimal logging policy (2)
copy: src=etc/logrotate.d/fripost-mail
dest=/etc/logrotate.d/fripost-mail
owner=root group=root
mode=0644
tags:
- logrotate
|