---
# ansible-base task

- name: prepare logcheck directory structure
  tags:
    - logcheck
  file: >
    mode=0755
    path=/etc/logcheck/ignore.d.paranoid
    state=directory

# setup logcheck configuration. But note that package "logcheck" probably
# isn't installed at all, so we can't use the "logcheck" group!

- name: logcheck(8) rules for Ansible tools
  tags:
    - ansible
    - logcheck
  lineinfile: >
    create=yes
    dest=/etc/logcheck/ignore.d.paranoid/local-ansible
    group=0
    line='^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ansible-[[:alnum:]_]+:'
    mode=0644
    owner=root
    state=present

- name: logcheck(8) rules for SFTP requests of Ansible
  tags:
    - ansible
    - logcheck
  lineinfile: >
    create=yes
    dest=/etc/logcheck/ignore.d.paranoid/local-ansible
    group=0
    line='^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp by user root'
    mode=0644
    owner=root
    state=present