You've already forked ansible-role-csf
feat: Initial Project 🎉
This commit is contained in:
117
tasks/configure.yml
Normal file
117
tasks/configure.yml
Normal file
@@ -0,0 +1,117 @@
|
||||
---
|
||||
# csf/tasks/configure.yml
|
||||
|
||||
- name: edit csf.conf
|
||||
lineinfile:
|
||||
dest: /etc/csf/csf.conf
|
||||
regexp: '^#? ?{{ item.option }} ='
|
||||
line: '{{ item.option }} = "{{ item.value }}"'
|
||||
state: present
|
||||
with_flattened:
|
||||
- '{{ csf_global_ini_core }}'
|
||||
- '{{ csf_global_ini }}'
|
||||
notify:
|
||||
- check csf conf
|
||||
- restart csf
|
||||
tags:
|
||||
- csf
|
||||
- csf_conf
|
||||
- configuration
|
||||
|
||||
- name: edit csf.{allow,ignore,pignore,fignore,dyndns}
|
||||
template:
|
||||
src: '{{ item }}.j2'
|
||||
dest: '/etc/csf/{{ item }}'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
loop:
|
||||
- 'csf.allow'
|
||||
- 'csf.ignore'
|
||||
- 'csf.pignore'
|
||||
- 'csf.fignore'
|
||||
- 'csf.dyndns'
|
||||
notify:
|
||||
- check csf conf
|
||||
- restart csf
|
||||
tags:
|
||||
- csf
|
||||
- csf_conf
|
||||
- configuration
|
||||
|
||||
- name: disable csf.blocklists
|
||||
replace:
|
||||
dest: /etc/csf/csf.blocklists
|
||||
regexp: '^(\w+\|.*)$'
|
||||
replace: '#\1'
|
||||
when: csf_blocklists is undefined
|
||||
notify:
|
||||
- check csf conf
|
||||
- restart csf
|
||||
tags:
|
||||
- csf
|
||||
- csf_conf
|
||||
- configuration
|
||||
|
||||
- name: enable csf.blocklists
|
||||
lineinfile:
|
||||
dest: /etc/csf/csf.blocklists
|
||||
regexp: '^#{{ item }}\|(.*)$'
|
||||
line: '{{ item }}|\1'
|
||||
state: present
|
||||
backrefs: yes
|
||||
loop: '{{ csf_blocklists }}'
|
||||
when: csf_blocklists is defined
|
||||
notify:
|
||||
- check csf conf
|
||||
- restart csf
|
||||
tags:
|
||||
- csf
|
||||
- csf_conf
|
||||
- configuration
|
||||
|
||||
- name: remove csfpre.sh hook
|
||||
file:
|
||||
path: '/etc/csf/csfpre.sh'
|
||||
state: absent
|
||||
when: csf_csfpre_sh is undefined
|
||||
tags:
|
||||
- csf
|
||||
- csf_conf
|
||||
- configuration
|
||||
|
||||
- name: remove csfpost.sh hook
|
||||
file:
|
||||
path: '/etc/csf/csfpost.sh'
|
||||
state: absent
|
||||
when: csf_csfpost_sh is undefined
|
||||
tags:
|
||||
- csf
|
||||
- csf_conf
|
||||
- configuration
|
||||
|
||||
- name: create csfpre.sh hook
|
||||
copy:
|
||||
content: "{{ vars['csf_csfpre_sh'] }}"
|
||||
dest: '/etc/csf/csfpre.sh'
|
||||
mode: 0700
|
||||
when: csf_csfpre_sh is defined
|
||||
notify:
|
||||
- restart csf
|
||||
tags:
|
||||
- csf
|
||||
- csf_conf
|
||||
- configuration
|
||||
|
||||
- name: create csfpost.sh hook
|
||||
copy:
|
||||
content: "{{ vars['csf_csfpost_sh'] }}"
|
||||
dest: '/etc/csf/csfpost.sh'
|
||||
mode: 0700
|
||||
when: csf_csfpost_sh is defined
|
||||
notify:
|
||||
- restart csf
|
||||
tags:
|
||||
- csf
|
||||
- csf_conf
|
||||
- configuration
|
||||
25
tasks/disable_firewall.yml
Normal file
25
tasks/disable_firewall.yml
Normal file
@@ -0,0 +1,25 @@
|
||||
---
|
||||
# csf/tasks/disable_firewall.yml
|
||||
|
||||
- name: disable firewalld (RedHat case)
|
||||
service:
|
||||
name: firewalld
|
||||
state: stopped
|
||||
enabled: no
|
||||
when:
|
||||
- ansible_facts.os_family == 'RedHat'
|
||||
- ansible_facts.service_mgr == 'systemd'
|
||||
ignore_errors: true
|
||||
tags:
|
||||
- services
|
||||
|
||||
- name: disable ufw (Ubuntu case)
|
||||
service:
|
||||
name: ufw
|
||||
state: stopped
|
||||
enabled: no
|
||||
when:
|
||||
- ansible_facts.distribution == 'Ubuntu'
|
||||
ignore_errors: true
|
||||
tags:
|
||||
- services
|
||||
44
tasks/install.yml
Normal file
44
tasks/install.yml
Normal file
@@ -0,0 +1,44 @@
|
||||
---
|
||||
# csf/tasks/install.yml
|
||||
|
||||
- name: install required packages
|
||||
package:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
update_cache: yes
|
||||
with_flattened:
|
||||
- '{{ csf_required_packages }}'
|
||||
- '{{ csf_required_packages_dist }}'
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: check /usr/sbin/csf file
|
||||
stat:
|
||||
path: /usr/sbin/csf
|
||||
register: csf_sbin_file
|
||||
|
||||
- name: download csf.tgz
|
||||
get_url:
|
||||
url: 'https://download.configserver.com/csf.tgz'
|
||||
dest: '{{ csf_tmp_dir }}/csf.tgz'
|
||||
checksum: 'sha256:https://www.configserver.com/checksums.txt'
|
||||
when: not csf_sbin_file.stat.exists
|
||||
tags:
|
||||
- download
|
||||
|
||||
- name: unpack csf.tgz
|
||||
unarchive: # noqa 208
|
||||
src: '{{ csf_tmp_dir }}/csf.tgz'
|
||||
dest: '{{ csf_tmp_dir }}'
|
||||
remote_src: yes
|
||||
creates: '{{ csf_tmp_dir }}/csf/install.sh'
|
||||
when: not csf_sbin_file.stat.exists
|
||||
|
||||
- name: run CSF installer
|
||||
command: sh install.sh
|
||||
args:
|
||||
chdir: '{{ csf_tmp_dir }}/csf'
|
||||
creates: /etc/csf/csf.conf
|
||||
when: not csf_sbin_file.stat.exists
|
||||
notify:
|
||||
- run csftest.pl
|
||||
37
tasks/main.yml
Normal file
37
tasks/main.yml
Normal file
@@ -0,0 +1,37 @@
|
||||
---
|
||||
# csf/tasks/main.yml
|
||||
|
||||
- name: include OS-specific variables
|
||||
include_vars: '{{ item }}'
|
||||
with_first_found:
|
||||
- '{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml'
|
||||
- '{{ ansible_facts.os_family }}.yml'
|
||||
- 'main.yml'
|
||||
tags:
|
||||
- csf
|
||||
- vars
|
||||
- packages
|
||||
|
||||
- import_tasks: disable_firewall.yml
|
||||
tags:
|
||||
- csf
|
||||
|
||||
- import_tasks: install.yml
|
||||
tags:
|
||||
- csf
|
||||
|
||||
- import_tasks: configure.yml
|
||||
tags:
|
||||
- csf
|
||||
|
||||
- name: ensure csf/lfd started/enabled
|
||||
service:
|
||||
name: '{{ item }}'
|
||||
state: started
|
||||
enabled: yes
|
||||
loop:
|
||||
- csf
|
||||
- lfd
|
||||
tags:
|
||||
- csf
|
||||
- services
|
||||
Reference in New Issue
Block a user