Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
65 lines (57 sloc) 1.5 KB
- name: Harden all systems
hosts: cluster
become: yes
vars:
security_enable_firewalld: no
security_rhel7_initialize_aide: yes
security_enable_virus_scanner: yes
roles:
- ansible-hardening
tasks:
- cron:
name: aide
cron_file: aide
user: root
special_time: daily
state: absent
- name: Add crontab to check aide
become: true
cron:
minute="18"
hour="18"
job="/sbin/aide --check | /bin/mail -s \"$HOSTNAME - Daily aide integrity check run\" root"
name="Aide check"
- template:
src: templates/cron_clamav.sh.j2
dest: /usr/local/bin/cron_clamav.sh
owner: root
group: root
mode: 0655
- name: Add clamav to cron
become: true
cron:
minute="18"
hour="15"
job="/usr/local/bin/cron_clamav.sh"
name="Clamav"
- template:
src: templates/wireguard_fix.py.j2
dest: /usr/local/bin/wireguard_fix.py
owner: root
group: root
mode: 0655
- name: Add wireguard network fix to cron
cron:
minute="*/15"
job="/usr/local/bin/wireguard_fix.py"
name="Wireguard fix"
# https://bugzilla.redhat.com/show_bug.cgi?id=1263328#c19
- template:
src: templates/cron_policy.cil.j2
dest: /root/cron_policy.cil
owner: root
group: root
- command: semodule -i /root/cron_policy.cil
- service:
name: crond
state: restarted