roles/ansible-base/tasks/main.yml

   1 ---
   2 # ansible-base task
   3
   4 - name: prepare logcheck directory structure
   5   tags:
   6     - logcheck
   7   file: >
   8     mode=755
   9     path=/etc/logcheck/ignore.d.paranoid
  10     state=directory
  11
  12 # setup logcheck configuration. But note that package "logcheck" probably
  13 # isn't installed at all, so we can't use the "logcheck" group!
  14
  15 - name: logcheck(8) rules for Ansible tools
  16   tags:
  17     - ansible
  18     - logcheck
  19   lineinfile: >
  20     create=yes
  21     dest=/etc/logcheck/ignore.d.paranoid/local-ansible
  22     group=root
  23     line='^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ansible-[[:alnum:]]+:'
  24     mode=644
  25     owner=root
  26     state=present
  27
  28 - name: logcheck(8) rules for SFTP requests of Ansible
  29   tags:
  30     - ansible
  31     - logcheck
  32   lineinfile: >
  33     create=yes
  34     dest=/etc/logcheck/ignore.d.paranoid/local-ansible
  35     group=root
  36     line='^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp by user root'
  37     mode=644
  38     owner=root
  39     state=present