Add hosts file configuration

Add rkhunter on physical hosts
Add cron file for weekly uptime report
Rename cron file for HIDS AIDE
Group tasks for AIDE in one task file

9 files changed, 35 insertions, 4 deletions

diff --git a/roles/common/files/z-aidereport.sh b/roles/common/files/aidereport.sh
index fa56fe4..fa56fe4 100755
--- a/roles/common/files/z-aidereport.sh
+++ b/roles/common/files/aidereport.sh
diff --git a/roles/common/files/uptimereport.sh b/roles/common/files/uptimereport.sh
new file mode 100755
index 0000000..65a07ed
--- /dev/null
+++ b/roles/common/files/uptimereport.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/bash
+
+/usr/bin/uptime
diff --git a/roles/common/tasks/aide.yml b/roles/common/tasks/aide.yml
new file mode 100644
index 0000000..2ed2774
--- /dev/null
+++ b/roles/common/tasks/aide.yml
@@ -0,0 +1,7 @@
+- name: Installation du HIDS AIDE
+  yum: name=aide state=present
+
+- name: Activation Cron du HIDS AIDE
+  copy: src=aidereport.sh dest=/etc/cron.daily/z-aidereport.sh mode=755
+  when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host"
+  notify: initialize aide
diff --git a/roles/common/tasks/cron.yml b/roles/common/tasks/cron.yml
index 9bf2800..53c0a9b 100644
--- a/roles/common/tasks/cron.yml
+++ b/roles/common/tasks/cron.yml
@@ -18,7 +18,6 @@
   template: src=diskcheck.sh.j2 dest=/etc/cron.weekly/diskcheck.sh mode=755
   when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host"
 
-- name: Installation du HIDS AIDE
-  copy: src=z-aidereport.sh dest=/etc/cron.daily/z-aidereport.sh mode=755
+- name: Rapport d'uptime des machines physiques
+  copy: src=uptimereport.sh dest=/etc/cron.weekly/a-uptimereport.sh mode=755
   when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host"
-  notify: initialize aide
diff --git a/roles/common/tasks/host.yml b/roles/common/tasks/host.yml
new file mode 100644
index 0000000..d5705d0
--- /dev/null
+++ b/roles/common/tasks/host.yml
@@ -0,0 +1,2 @@
+- name: Configuration du fichier des hôtes
+  template: src=hosts.j2 dest=/etc/hosts mode=644
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index cef53c1..9a0030c 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -7,6 +7,9 @@
 - name: Installation des points de montage standard
   include: mnt.yml
 
+- name: Configuration du fichier hôte
+  include: host.yml
+
 - name: Configuration démon Cron
   include: cron.yml
 
@@ -31,3 +34,10 @@
 
 - name: État des services
   include: services.yml
+
+- name: Installation du HIDS AIDE
+  include: aide.yml
+
+- name: Installation de rkhunter
+  include: rkhunter.yml
+  when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host"
diff --git a/roles/common/tasks/pkgs.yml b/roles/common/tasks/pkgs.yml
index 5dfb03c..629dadd 100644
--- a/roles/common/tasks/pkgs.yml
+++ b/roles/common/tasks/pkgs.yml
@@ -1,7 +1,6 @@
 - name: Installation des paquets
   yum: name={{ item }} state=present
   with_items:
-    - aide
     - emacs-nox
     - iotop
     - nmap
diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml
new file mode 100644
index 0000000..fbaddeb
--- /dev/null
+++ b/roles/common/tasks/rkhunter.yml
@@ -0,0 +1,7 @@
+- name: Installation de rkhunter
+  yum: name=rkhunter state=present
+
+- name: Activation de tests rkhunter
+  lineinfile: dest=/etc/rkhunter.conf state=present backrefs=yes
+              regexp="^DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps"
+              line="DISABLE_TESTS=suspscan deleted_files hidden_procs"
diff --git a/roles/common/templates/hosts.j2 b/roles/common/templates/hosts.j2
new file mode 100644
index 0000000..6d2d8da
--- /dev/null
+++ b/roles/common/templates/hosts.j2
@@ -0,0 +1,4 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+{{ ansible_default_ipv4.address }} {{ ansible_hostname }}
+{{ ansible_default_ipv6.address }} {{ ansible_hostname }}