diff options
Diffstat (limited to 'roles/common')
-rwxr-xr-x | roles/common/files/aidereport.sh (renamed from roles/common/files/z-aidereport.sh) | 0 | ||||
-rwxr-xr-x | roles/common/files/uptimereport.sh | 3 | ||||
-rw-r--r-- | roles/common/tasks/aide.yml | 7 | ||||
-rw-r--r-- | roles/common/tasks/cron.yml | 5 | ||||
-rw-r--r-- | roles/common/tasks/host.yml | 2 | ||||
-rw-r--r-- | roles/common/tasks/main.yml | 10 | ||||
-rw-r--r-- | roles/common/tasks/pkgs.yml | 1 | ||||
-rw-r--r-- | roles/common/tasks/rkhunter.yml | 7 | ||||
-rw-r--r-- | roles/common/templates/hosts.j2 | 4 |
9 files changed, 35 insertions, 4 deletions
diff --git a/roles/common/files/z-aidereport.sh b/roles/common/files/aidereport.sh index fa56fe4..fa56fe4 100755 --- a/roles/common/files/z-aidereport.sh +++ b/roles/common/files/aidereport.sh diff --git a/roles/common/files/uptimereport.sh b/roles/common/files/uptimereport.sh new file mode 100755 index 0000000..65a07ed --- /dev/null +++ b/roles/common/files/uptimereport.sh @@ -0,0 +1,3 @@ +#!/usr/bin/bash + +/usr/bin/uptime diff --git a/roles/common/tasks/aide.yml b/roles/common/tasks/aide.yml new file mode 100644 index 0000000..2ed2774 --- /dev/null +++ b/roles/common/tasks/aide.yml @@ -0,0 +1,7 @@ +- name: Installation du HIDS AIDE + yum: name=aide state=present + +- name: Activation Cron du HIDS AIDE + copy: src=aidereport.sh dest=/etc/cron.daily/z-aidereport.sh mode=755 + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + notify: initialize aide diff --git a/roles/common/tasks/cron.yml b/roles/common/tasks/cron.yml index 9bf2800..53c0a9b 100644 --- a/roles/common/tasks/cron.yml +++ b/roles/common/tasks/cron.yml @@ -18,7 +18,6 @@ template: src=diskcheck.sh.j2 dest=/etc/cron.weekly/diskcheck.sh mode=755 when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" -- name: Installation du HIDS AIDE - copy: src=z-aidereport.sh dest=/etc/cron.daily/z-aidereport.sh mode=755 +- name: Rapport d'uptime des machines physiques + copy: src=uptimereport.sh dest=/etc/cron.weekly/a-uptimereport.sh mode=755 when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - notify: initialize aide diff --git a/roles/common/tasks/host.yml b/roles/common/tasks/host.yml new file mode 100644 index 0000000..d5705d0 --- /dev/null +++ b/roles/common/tasks/host.yml @@ -0,0 +1,2 @@ +- name: Configuration du fichier des hôtes + template: src=hosts.j2 dest=/etc/hosts mode=644 diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index cef53c1..9a0030c 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -7,6 +7,9 @@ - name: Installation des points de montage standard include: mnt.yml +- name: Configuration du fichier hôte + include: host.yml + - name: Configuration démon Cron include: cron.yml @@ -31,3 +34,10 @@ - name: État des services include: services.yml + +- name: Installation du HIDS AIDE + include: aide.yml + +- name: Installation de rkhunter + include: rkhunter.yml + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" diff --git a/roles/common/tasks/pkgs.yml b/roles/common/tasks/pkgs.yml index 5dfb03c..629dadd 100644 --- a/roles/common/tasks/pkgs.yml +++ b/roles/common/tasks/pkgs.yml @@ -1,7 +1,6 @@ - name: Installation des paquets yum: name={{ item }} state=present with_items: - - aide - emacs-nox - iotop - nmap diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml new file mode 100644 index 0000000..fbaddeb --- /dev/null +++ b/roles/common/tasks/rkhunter.yml @@ -0,0 +1,7 @@ +- name: Installation de rkhunter + yum: name=rkhunter state=present + +- name: Activation de tests rkhunter + lineinfile: dest=/etc/rkhunter.conf state=present backrefs=yes + regexp="^DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps" + line="DISABLE_TESTS=suspscan deleted_files hidden_procs" diff --git a/roles/common/templates/hosts.j2 b/roles/common/templates/hosts.j2 new file mode 100644 index 0000000..6d2d8da --- /dev/null +++ b/roles/common/templates/hosts.j2 @@ -0,0 +1,4 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +{{ ansible_default_ipv4.address }} {{ ansible_hostname }} +{{ ansible_default_ipv6.address }} {{ ansible_hostname }} |