You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58 lines
1.4 KiB
58 lines
1.4 KiB
5 years ago
|
---
|
||
|
|
|
||
|
|
- name: Install packages
|
||
|
|
yum:
|
||
|
|
name:
|
||
|
|
- clamav
|
||
|
|
- clamav-data-empty
|
||
|
|
- clamav-server-systemd
|
||
|
|
- clamav-update
|
||
|
|
|
||
|
|
- name: Create clamav user account
|
||
|
|
user:
|
||
|
|
name: clamav
|
||
|
|
system: True
|
||
|
|
shell: /sbin/nologin
|
||
|
|
comment: "ClamAV antivirus user account"
|
||
|
|
|
||
|
|
- name: Set SELinux
|
||
|
|
seboolean: name={{ item }} state=True persistent=True
|
||
|
|
with_items:
|
||
|
|
- clamd_use_jit
|
||
|
|
- antivirus_can_scan_system
|
||
|
|
when: ansible_selinux.status == 'enabled'
|
||
|
|
|
||
|
|
- name: Deploy freshclam configuration
|
||
|
|
template: src=freshclam.conf.j2 dest=/etc/freshclam.conf mode=644
|
||
|
|
notify: restart freshclam
|
||
|
|
|
||
|
|
- name: Deploy clamd configuration
|
||
|
|
template: src=clamd.conf.j2 dest=/etc/clamd.conf
|
||
|
|
notify: restart clamd
|
||
|
|
|
||
|
|
- name: Deploy systemd units
|
||
|
|
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
|
||
|
|
with_items:
|
||
|
|
- freshclam.service
|
||
|
|
- clamd.service
|
||
|
|
notify:
|
||
|
|
- restart freshclam
|
||
|
|
- restart clamd
|
||
|
|
register: clamav_units
|
||
|
|
|
||
|
|
- name: Deploy tmpfiles.d fragment
|
||
|
|
copy:
|
||
|
|
content: 'd /var/run/clamav 755 {{ clam_user }} {{ clam_group }}'
|
||
|
|
dest: /etc/tmpfiles.d/clamav.conf
|
||
|
|
notify: systemd-tmpfiles
|
||
|
|
|
||
|
|
- name: Reload systemd
|
||
|
|
command: systemctl daemon-reload
|
||
|
|
when: clamav_units.changed
|
||
|
|
|
||
|
|
- name: Start and enable freshclam
|
||
|
|
service: name=freshclam state=started enabled=True
|
||
|
|
|
||
|
|
- name: Handle clamd service
|
||
|
|
service: name=clamd state={{ clam_enable_clamd | ternary('started','stopped') }} enabled={{ clam_enable_clamd }}
|