9b5d6d2826ae3ac00cbaf9135252160b31f845a8
[AnsibleRoles.git] / roles / ansible-base / tasks / main.yml
1 ---
2 # ansible-base task
3
4 - name: prepare logcheck directory structure
5   tags:
6     - logcheck
7   file: >
8     mode=755
9     path=/etc/logcheck/ignore.d.paranoid
10     state=directory
11
12 # setup logcheck configuration. But note that package "logcheck" probably
13 # isn't installed at all, so we can't use the "logcheck" group!
14
15 - name: logcheck(8) rules for Ansible tools
16   tags:
17     - ansible
18     - logcheck
19   lineinfile: >
20     create=yes
21     dest=/etc/logcheck/ignore.d.paranoid/local-ansible
22     group=root
23     line='^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ansible-[[:alnum:]]+:'
24     mode=644
25     owner=root
26     state=present
27
28 - name: logcheck(8) rules for SFTP requests of Ansible
29   tags:
30     - ansible
31     - logcheck
32   lineinfile: >
33     create=yes
34     dest=/etc/logcheck/ignore.d.paranoid/local-ansible
35     group=root
36     line='^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp by user root'
37     mode=644
38     owner=root
39     state=present