From 70a98118cefc95c3fc131a9a9029c61153d9766e Mon Sep 17 00:00:00 2001 From: Matthieu Saulnier Date: Sun, 21 Oct 2018 12:06:09 +0200 Subject: Split diagnostic tasks into a new role --- diagnostics.yml | 5 ++++ roles/common/files/aideinit.sh | 5 ---- roles/common/files/aidereport.sh | 4 ---- roles/common/files/eaureport.sh | 8 ------- roles/common/files/rpmreport.sh | 3 --- roles/common/files/uptimereport.sh | 3 --- roles/common/handlers/aide.yml | 2 -- roles/common/handlers/main.yml | 2 -- roles/common/handlers/rkhunter.yml | 2 -- roles/common/tasks/aide.yml | 16 ------------- roles/common/tasks/cron.yml | 34 ---------------------------- roles/common/tasks/main.yml | 10 -------- roles/common/tasks/pkgs.yml | 17 -------------- roles/common/tasks/rkhunter.yml | 24 -------------------- roles/common/tasks/selinux.yml | 7 ------ roles/common/tasks/services.yml | 9 -------- roles/common/templates/diskcheck.sh.j2 | 15 ------------ roles/common/templates/diskreport.sh.j2 | 15 ------------ roles/diagnostics/files/aideinit.sh | 5 ++++ roles/diagnostics/files/aidereport.sh | 4 ++++ roles/diagnostics/files/eaureport.sh | 8 +++++++ roles/diagnostics/files/rpmreport.sh | 3 +++ roles/diagnostics/files/uptimereport.sh | 3 +++ roles/diagnostics/handlers/aide.yml | 2 ++ roles/diagnostics/handlers/main.yml | 2 ++ roles/diagnostics/handlers/rkhunter.yml | 2 ++ roles/diagnostics/tasks/aide.yml | 16 +++++++++++++ roles/diagnostics/tasks/cron.yml | 34 ++++++++++++++++++++++++++++ roles/diagnostics/tasks/main.yml | 18 +++++++++++++++ roles/diagnostics/tasks/pkgs.yml | 16 +++++++++++++ roles/diagnostics/tasks/rkhunter.yml | 24 ++++++++++++++++++++ roles/diagnostics/tasks/selinux.yml | 6 +++++ roles/diagnostics/tasks/services.yml | 9 ++++++++ roles/diagnostics/templates/diskcheck.sh.j2 | 15 ++++++++++++ roles/diagnostics/templates/diskreport.sh.j2 | 15 ++++++++++++ site.yml | 1 + 36 files changed, 188 insertions(+), 176 deletions(-) create mode 100644 diagnostics.yml delete mode 100755 roles/common/files/aideinit.sh delete mode 100755 roles/common/files/aidereport.sh delete mode 100755 roles/common/files/eaureport.sh delete mode 100755 roles/common/files/rpmreport.sh delete mode 100755 roles/common/files/uptimereport.sh delete mode 100644 roles/common/handlers/aide.yml delete mode 100644 roles/common/handlers/rkhunter.yml delete mode 100644 roles/common/tasks/aide.yml delete mode 100644 roles/common/tasks/cron.yml delete mode 100644 roles/common/tasks/rkhunter.yml delete mode 100644 roles/common/templates/diskcheck.sh.j2 delete mode 100644 roles/common/templates/diskreport.sh.j2 create mode 100755 roles/diagnostics/files/aideinit.sh create mode 100755 roles/diagnostics/files/aidereport.sh create mode 100755 roles/diagnostics/files/eaureport.sh create mode 100755 roles/diagnostics/files/rpmreport.sh create mode 100755 roles/diagnostics/files/uptimereport.sh create mode 100644 roles/diagnostics/handlers/aide.yml create mode 100644 roles/diagnostics/handlers/main.yml create mode 100644 roles/diagnostics/handlers/rkhunter.yml create mode 100644 roles/diagnostics/tasks/aide.yml create mode 100644 roles/diagnostics/tasks/cron.yml create mode 100644 roles/diagnostics/tasks/main.yml create mode 100644 roles/diagnostics/tasks/pkgs.yml create mode 100644 roles/diagnostics/tasks/rkhunter.yml create mode 100644 roles/diagnostics/tasks/selinux.yml create mode 100644 roles/diagnostics/tasks/services.yml create mode 100644 roles/diagnostics/templates/diskcheck.sh.j2 create mode 100644 roles/diagnostics/templates/diskreport.sh.j2 diff --git a/diagnostics.yml b/diagnostics.yml new file mode 100644 index 0000000..69ef2ab --- /dev/null +++ b/diagnostics.yml @@ -0,0 +1,5 @@ +- hosts: all + remote_user: root + any_errors_fatal: true + roles: + - diagnostics diff --git a/roles/common/files/aideinit.sh b/roles/common/files/aideinit.sh deleted file mode 100755 index ae9eda7..0000000 --- a/roles/common/files/aideinit.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/bash - -/usr/sbin/aide -i -/bin/cp -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz -/sbin/restorecon -R /var/lib/aide/ diff --git a/roles/common/files/aidereport.sh b/roles/common/files/aidereport.sh deleted file mode 100755 index fa56fe4..0000000 --- a/roles/common/files/aidereport.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/bash - -aide --update --verbose=20 -cp -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz && echo "Updated database file: aide.db.gz" diff --git a/roles/common/files/eaureport.sh b/roles/common/files/eaureport.sh deleted file mode 100755 index 119fc41..0000000 --- a/roles/common/files/eaureport.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/bash - -aureport -a -ts yesterday -te today -aureport -n -ts yesterday -te today -aureport -r -ts yesterday -te today -aureport -ma -i -ts yesterday -te today -aureport -l --success -i -ts yesterday -te today -aureport -l --failed -i -ts yesterday -te today diff --git a/roles/common/files/rpmreport.sh b/roles/common/files/rpmreport.sh deleted file mode 100755 index 25ca420..0000000 --- a/roles/common/files/rpmreport.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/bash - -rpm -Va | grep -v /lib/modules/ diff --git a/roles/common/files/uptimereport.sh b/roles/common/files/uptimereport.sh deleted file mode 100755 index 65a07ed..0000000 --- a/roles/common/files/uptimereport.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/bash - -/usr/bin/uptime diff --git a/roles/common/handlers/aide.yml b/roles/common/handlers/aide.yml deleted file mode 100644 index 4d5cdfc..0000000 --- a/roles/common/handlers/aide.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: initialize aide - script: files/aideinit.sh diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index 65700e8..bb3b8d2 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -1,4 +1,2 @@ - import_tasks: ssh.yml -- import_tasks: aide.yml -- import_tasks: rkhunter.yml - import_tasks: systemd.yml diff --git a/roles/common/handlers/rkhunter.yml b/roles/common/handlers/rkhunter.yml deleted file mode 100644 index d332d08..0000000 --- a/roles/common/handlers/rkhunter.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: initialize rkhunter - command: /usr/bin/rkhunter --propupd diff --git a/roles/common/tasks/aide.yml b/roles/common/tasks/aide.yml deleted file mode 100644 index a8640fd..0000000 --- a/roles/common/tasks/aide.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Installation du HIDS AIDE - yum: name=aide state=present - when: ansible_pkg_mgr == "yum" - -- name: Installation du HIDS AIDE - dnf: name=aide state=present - when: ansible_pkg_mgr == "dnf" - -- name: Activation Cron du HIDS AIDE - copy: - src: aidereport.sh - dest: /etc/cron.daily/z-aidereport.sh - mode: 0755 - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 28 and - ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - notify: initialize aide diff --git a/roles/common/tasks/cron.yml b/roles/common/tasks/cron.yml deleted file mode 100644 index 7646287..0000000 --- a/roles/common/tasks/cron.yml +++ /dev/null @@ -1,34 +0,0 @@ -- name: Installation démon Cron - yum: name=crontabs state=present - when: ansible_pkg_mgr == "yum" - -- name: Installation démon Cron - dnf: name=crontabs state=present - when: ansible_pkg_mgr == "dnf" - -- name: Rapport disques durs - template: src=diskreport.sh.j2 dest=/etc/cron.daily/diskreport.sh mode=755 - when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - -- name: Rapport RPM Verify daily - file: - path: /etc/cron.daily/rpmreport.sh - state: absent - -- name: Rapport RPM Verify monthly - copy: - src: rpmreport.sh - dest: /etc/cron.monthly/rpmreport.sh - mode: 0755 - when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - -- name: Tests disques durs - template: src=diskcheck.sh.j2 dest=/etc/cron.weekly/diskcheck.sh mode=755 - when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - -- name: Rapport d'uptime des machines physiques - copy: - src: uptimereport.sh - dest: /etc/cron.weekly/a-uptimereport.sh - mode: 0755 - when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index f9e110d..4c3d00a 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -20,9 +20,6 @@ ##- name: Configuration du fichier hôte ## import_tasks: host.yml -- name: Configuration démon Cron - import_tasks: cron.yml - - name: Configurations variables fichier setvars import_tasks: setvars.yml @@ -48,13 +45,6 @@ - name: État des services import_tasks: services.yml -- name: Installation du HIDS AIDE - import_tasks: aide.yml - -- name: Installation de rkhunter - import_tasks: rkhunter.yml - when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - - name: Changement de shell pour root import_tasks: zsh.yml diff --git a/roles/common/tasks/pkgs.yml b/roles/common/tasks/pkgs.yml index 17bf5d9..316af79 100644 --- a/roles/common/tasks/pkgs.yml +++ b/roles/common/tasks/pkgs.yml @@ -58,23 +58,6 @@ - util-linux-user when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 -- name: Installation des paquets disgnostic matériel - dnf: name={{ item }} state=present - with_items: - - hddtemp - - smartmontools - when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - -- name: Installation du paquet memtest pour archi x86_64 - dnf: name=memtest86+ state=present - when: ansible_architecture == "x86_64" and - ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - -- name: Installation du paquet lm_sensors pour archi x86_64 - dnf: name=lm_sensors state=present - when: ansible_architecture == "x86_64" and - ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - - name: Installation d'un programme de gravure dnf: name=wodim state=present when: ansible_devices.sr0 is defined diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml deleted file mode 100644 index 460073a..0000000 --- a/roles/common/tasks/rkhunter.yml +++ /dev/null @@ -1,24 +0,0 @@ -- name: Installation du HIDS rkhunter - dnf: name=rkhunter state=present - notify: initialize rkhunter - -- name: Activation de tests rkhunter - lineinfile: dest=/etc/rkhunter.conf state=present backrefs=yes - regexp="^DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps" - line="DISABLE_TESTS=deleted_files" - -- name: Ajout de process en liste blanche - lineinfile: - path: /etc/rkhunter.conf - line: 'ALLOWPROCLISTEN=/usr/sbin/wpa_supplicant' - -- name: Ajout de process en liste blanche - lineinfile: - path: /etc/rkhunter.conf - line: 'ALLOWPROCLISTEN=/usr/sbin/arpwatch' - -- name: Ajout de fichier en liste blanche - lineinfile: - path: /etc/rkhunter.conf - insertafter: '^ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm' - line: 'ALLOWDEVFILE=/dev/shm/squid-tls_session_cache.shm' diff --git a/roles/common/tasks/selinux.yml b/roles/common/tasks/selinux.yml index 92268e7..7f6fb2f 100644 --- a/roles/common/tasks/selinux.yml +++ b/roles/common/tasks/selinux.yml @@ -1,10 +1,3 @@ -- name: Rapport SELinux - copy: - src: eaureport.sh - dest: /etc/cron.daily/eaureport.sh - mode: 0755 - when: ansible_selinux.status != "disabled" - - name: Relabel système de fichier copy: src: selinuxresto.sh diff --git a/roles/common/tasks/services.yml b/roles/common/tasks/services.yml index 0f7343b..28369ee 100644 --- a/roles/common/tasks/services.yml +++ b/roles/common/tasks/services.yml @@ -2,15 +2,6 @@ service: name=gpm state=started enabled=yes when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" -- name: Activation et démarrage du service lm_sensors - service: name=lm_sensors state=started enabled=yes - when: ansible_architecture == "x86_64" and - ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - -- name: Activation et démarrage du service Smartd - service: name=smartd state=started enabled=yes - when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" - - name: Activation et démarrage du service At service: name=atd state=started enabled=yes diff --git a/roles/common/templates/diskcheck.sh.j2 b/roles/common/templates/diskcheck.sh.j2 deleted file mode 100644 index 137dfdc..0000000 --- a/roles/common/templates/diskcheck.sh.j2 +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/bash - - -{% if ansible_devices.sda is defined and ansible_devices.sda.removable == "0" %} -smartctl -t long /dev/sda -{% endif %} -{% if ansible_devices.sdb is defined and ansible_devices.sdb.removable == "0" %} -smartctl -t long /dev/sdb -{% endif %} -{% if ansible_devices.sdc is defined and ansible_devices.sdc.removable == "0" %} -smartctl -t long /dev/sdc -{% endif %} -{% if ansible_devices.sdd is defined and ansible_devices.sdd.removable == "0" %} -smartctl -t long /dev/sdd -{% endif %} diff --git a/roles/common/templates/diskreport.sh.j2 b/roles/common/templates/diskreport.sh.j2 deleted file mode 100644 index e27f70e..0000000 --- a/roles/common/templates/diskreport.sh.j2 +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/bash - - -{% if ansible_devices.sda is defined and ansible_devices.sda.removable == "0" %} -smartctl -HAl error /dev/sda -{% endif %} -{% if ansible_devices.sdb is defined and ansible_devices.sdb.removable == "0" %} -smartctl -HAl error /dev/sdb -{% endif %} -{% if ansible_devices.sdc is defined and ansible_devices.sdc.removable == "0" %} -smartctl -HAl error /dev/sdc -{% endif %} -{% if ansible_devices.sdd is defined and ansible_devices.sdd.removable == "0" %} -smartctl -HAl error /dev/sdd -{% endif %} diff --git a/roles/diagnostics/files/aideinit.sh b/roles/diagnostics/files/aideinit.sh new file mode 100755 index 0000000..ae9eda7 --- /dev/null +++ b/roles/diagnostics/files/aideinit.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +/usr/sbin/aide -i +/bin/cp -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz +/sbin/restorecon -R /var/lib/aide/ diff --git a/roles/diagnostics/files/aidereport.sh b/roles/diagnostics/files/aidereport.sh new file mode 100755 index 0000000..fa56fe4 --- /dev/null +++ b/roles/diagnostics/files/aidereport.sh @@ -0,0 +1,4 @@ +#!/usr/bin/bash + +aide --update --verbose=20 +cp -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz && echo "Updated database file: aide.db.gz" diff --git a/roles/diagnostics/files/eaureport.sh b/roles/diagnostics/files/eaureport.sh new file mode 100755 index 0000000..119fc41 --- /dev/null +++ b/roles/diagnostics/files/eaureport.sh @@ -0,0 +1,8 @@ +#!/usr/bin/bash + +aureport -a -ts yesterday -te today +aureport -n -ts yesterday -te today +aureport -r -ts yesterday -te today +aureport -ma -i -ts yesterday -te today +aureport -l --success -i -ts yesterday -te today +aureport -l --failed -i -ts yesterday -te today diff --git a/roles/diagnostics/files/rpmreport.sh b/roles/diagnostics/files/rpmreport.sh new file mode 100755 index 0000000..25ca420 --- /dev/null +++ b/roles/diagnostics/files/rpmreport.sh @@ -0,0 +1,3 @@ +#!/usr/bin/bash + +rpm -Va | grep -v /lib/modules/ diff --git a/roles/diagnostics/files/uptimereport.sh b/roles/diagnostics/files/uptimereport.sh new file mode 100755 index 0000000..65a07ed --- /dev/null +++ b/roles/diagnostics/files/uptimereport.sh @@ -0,0 +1,3 @@ +#!/usr/bin/bash + +/usr/bin/uptime diff --git a/roles/diagnostics/handlers/aide.yml b/roles/diagnostics/handlers/aide.yml new file mode 100644 index 0000000..4d5cdfc --- /dev/null +++ b/roles/diagnostics/handlers/aide.yml @@ -0,0 +1,2 @@ +- name: initialize aide + script: files/aideinit.sh diff --git a/roles/diagnostics/handlers/main.yml b/roles/diagnostics/handlers/main.yml new file mode 100644 index 0000000..037a724 --- /dev/null +++ b/roles/diagnostics/handlers/main.yml @@ -0,0 +1,2 @@ +- import_tasks: aide.yml +- import_tasks: rkhunter.yml diff --git a/roles/diagnostics/handlers/rkhunter.yml b/roles/diagnostics/handlers/rkhunter.yml new file mode 100644 index 0000000..d332d08 --- /dev/null +++ b/roles/diagnostics/handlers/rkhunter.yml @@ -0,0 +1,2 @@ +- name: initialize rkhunter + command: /usr/bin/rkhunter --propupd diff --git a/roles/diagnostics/tasks/aide.yml b/roles/diagnostics/tasks/aide.yml new file mode 100644 index 0000000..a8640fd --- /dev/null +++ b/roles/diagnostics/tasks/aide.yml @@ -0,0 +1,16 @@ +- name: Installation du HIDS AIDE + yum: name=aide state=present + when: ansible_pkg_mgr == "yum" + +- name: Installation du HIDS AIDE + dnf: name=aide state=present + when: ansible_pkg_mgr == "dnf" + +- name: Activation Cron du HIDS AIDE + copy: + src: aidereport.sh + dest: /etc/cron.daily/z-aidereport.sh + mode: 0755 + when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 28 and + ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + notify: initialize aide diff --git a/roles/diagnostics/tasks/cron.yml b/roles/diagnostics/tasks/cron.yml new file mode 100644 index 0000000..7646287 --- /dev/null +++ b/roles/diagnostics/tasks/cron.yml @@ -0,0 +1,34 @@ +- name: Installation démon Cron + yum: name=crontabs state=present + when: ansible_pkg_mgr == "yum" + +- name: Installation démon Cron + dnf: name=crontabs state=present + when: ansible_pkg_mgr == "dnf" + +- name: Rapport disques durs + template: src=diskreport.sh.j2 dest=/etc/cron.daily/diskreport.sh mode=755 + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + +- name: Rapport RPM Verify daily + file: + path: /etc/cron.daily/rpmreport.sh + state: absent + +- name: Rapport RPM Verify monthly + copy: + src: rpmreport.sh + dest: /etc/cron.monthly/rpmreport.sh + mode: 0755 + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + +- name: Tests disques durs + template: src=diskcheck.sh.j2 dest=/etc/cron.weekly/diskcheck.sh mode=755 + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + +- name: Rapport d'uptime des machines physiques + copy: + src: uptimereport.sh + dest: /etc/cron.weekly/a-uptimereport.sh + mode: 0755 + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" diff --git a/roles/diagnostics/tasks/main.yml b/roles/diagnostics/tasks/main.yml new file mode 100644 index 0000000..613a3b5 --- /dev/null +++ b/roles/diagnostics/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Configuration démon Cron + import_tasks: cron.yml + +- name: Installation des logiciels de base + import_tasks: pkgs.yml + +- name: État des services + import_tasks: services.yml + +- name: Installation du HIDS AIDE + import_tasks: aide.yml + +- name: Installation de rkhunter + import_tasks: rkhunter.yml + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + +- name: Crontasks pour SELinux + import_tasks: selinux.yml diff --git a/roles/diagnostics/tasks/pkgs.yml b/roles/diagnostics/tasks/pkgs.yml new file mode 100644 index 0000000..2861700 --- /dev/null +++ b/roles/diagnostics/tasks/pkgs.yml @@ -0,0 +1,16 @@ +- name: Installation des paquets disgnostic matériel + dnf: name={{ item }} state=present + with_items: + - hddtemp + - smartmontools + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + +- name: Installation du paquet memtest pour archi x86_64 + dnf: name=memtest86+ state=present + when: ansible_architecture == "x86_64" and + ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + +- name: Installation du paquet lm_sensors pour archi x86_64 + dnf: name=lm_sensors state=present + when: ansible_architecture == "x86_64" and + ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" diff --git a/roles/diagnostics/tasks/rkhunter.yml b/roles/diagnostics/tasks/rkhunter.yml new file mode 100644 index 0000000..460073a --- /dev/null +++ b/roles/diagnostics/tasks/rkhunter.yml @@ -0,0 +1,24 @@ +- name: Installation du HIDS rkhunter + dnf: name=rkhunter state=present + notify: initialize rkhunter + +- name: Activation de tests rkhunter + lineinfile: dest=/etc/rkhunter.conf state=present backrefs=yes + regexp="^DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps" + line="DISABLE_TESTS=deleted_files" + +- name: Ajout de process en liste blanche + lineinfile: + path: /etc/rkhunter.conf + line: 'ALLOWPROCLISTEN=/usr/sbin/wpa_supplicant' + +- name: Ajout de process en liste blanche + lineinfile: + path: /etc/rkhunter.conf + line: 'ALLOWPROCLISTEN=/usr/sbin/arpwatch' + +- name: Ajout de fichier en liste blanche + lineinfile: + path: /etc/rkhunter.conf + insertafter: '^ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm' + line: 'ALLOWDEVFILE=/dev/shm/squid-tls_session_cache.shm' diff --git a/roles/diagnostics/tasks/selinux.yml b/roles/diagnostics/tasks/selinux.yml new file mode 100644 index 0000000..0acf948 --- /dev/null +++ b/roles/diagnostics/tasks/selinux.yml @@ -0,0 +1,6 @@ +- name: Rapport SELinux + copy: + src: eaureport.sh + dest: /etc/cron.daily/eaureport.sh + mode: 0755 + when: ansible_selinux.status != "disabled" diff --git a/roles/diagnostics/tasks/services.yml b/roles/diagnostics/tasks/services.yml new file mode 100644 index 0000000..1baee1f --- /dev/null +++ b/roles/diagnostics/tasks/services.yml @@ -0,0 +1,9 @@ +- name: Activation et démarrage du service lm_sensors + service: name=lm_sensors state=started enabled=yes + when: ansible_architecture == "x86_64" and + ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + +- name: Activation et démarrage du service Smartd + service: name=smartd state=started enabled=yes + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + diff --git a/roles/diagnostics/templates/diskcheck.sh.j2 b/roles/diagnostics/templates/diskcheck.sh.j2 new file mode 100644 index 0000000..137dfdc --- /dev/null +++ b/roles/diagnostics/templates/diskcheck.sh.j2 @@ -0,0 +1,15 @@ +#!/usr/bin/bash + + +{% if ansible_devices.sda is defined and ansible_devices.sda.removable == "0" %} +smartctl -t long /dev/sda +{% endif %} +{% if ansible_devices.sdb is defined and ansible_devices.sdb.removable == "0" %} +smartctl -t long /dev/sdb +{% endif %} +{% if ansible_devices.sdc is defined and ansible_devices.sdc.removable == "0" %} +smartctl -t long /dev/sdc +{% endif %} +{% if ansible_devices.sdd is defined and ansible_devices.sdd.removable == "0" %} +smartctl -t long /dev/sdd +{% endif %} diff --git a/roles/diagnostics/templates/diskreport.sh.j2 b/roles/diagnostics/templates/diskreport.sh.j2 new file mode 100644 index 0000000..e27f70e --- /dev/null +++ b/roles/diagnostics/templates/diskreport.sh.j2 @@ -0,0 +1,15 @@ +#!/usr/bin/bash + + +{% if ansible_devices.sda is defined and ansible_devices.sda.removable == "0" %} +smartctl -HAl error /dev/sda +{% endif %} +{% if ansible_devices.sdb is defined and ansible_devices.sdb.removable == "0" %} +smartctl -HAl error /dev/sdb +{% endif %} +{% if ansible_devices.sdc is defined and ansible_devices.sdc.removable == "0" %} +smartctl -HAl error /dev/sdc +{% endif %} +{% if ansible_devices.sdd is defined and ansible_devices.sdd.removable == "0" %} +smartctl -HAl error /dev/sdd +{% endif %} diff --git a/site.yml b/site.yml index 912c584..adf64da 100644 --- a/site.yml +++ b/site.yml @@ -5,6 +5,7 @@ roles: - common +- import_playbook: diagnostics.yml - import_playbook: ntpserver.yml - import_playbook: mtaserver.yml - import_playbook: clients.yml -- cgit