2016-11-07 14:00:57 +01:00
|
|
|
---
|
|
|
|
- name: evomaintenance is installed
|
2017-05-09 23:57:24 +02:00
|
|
|
apt:
|
|
|
|
name: evomaintenance
|
|
|
|
allow_unauthenticated: yes
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: configuration is applied
|
|
|
|
template:
|
|
|
|
src: evomaintenance.j2
|
|
|
|
dest: /etc/evomaintenance.cf
|
|
|
|
|
|
|
|
- name: list users with a shell
|
|
|
|
shell: "cat /etc/passwd | grep -vE \"^root:\" | grep -E \":/[^:]+sh$\" | cut -d: -f6"
|
|
|
|
changed_when: False
|
2017-03-24 14:15:09 +01:00
|
|
|
check_mode: no
|
2016-11-07 14:00:57 +01:00
|
|
|
register: home_of_shell_users
|
|
|
|
|
|
|
|
- include: trap.yml home={{ item }}
|
|
|
|
with_items: "{{ home_of_shell_users.stdout_lines }}"
|
|
|
|
|
|
|
|
- name: minifirewall section for evomaintenance
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/default/minifirewall
|
|
|
|
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
|
|
|
insertafter: "^# EvoMaintenance"
|
|
|
|
with_items: "{{ evomaintenance_hosts }}"
|
|
|
|
|
|
|
|
- name: remove minifirewall example rule for the proxy
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/default/minifirewall
|
|
|
|
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
|
|
|
state: absent
|