1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
--- # tasks file for clamav - name: include assert.yml include_tasks: assert.yml run_once: yes - name: install clamav software package: name: "{{ clamav_packages }}" state: present notify: - ensure logfiles exists - stop clamav - update virus definitions - name: allowing system virus scanning seboolean: name: antivirus_can_scan_system state: yes persistent: yes when: - ansible_selinux is defined - ansible_selinux | bool - ansible_selinux.status == "enabled" - name: allowing jit seboolean: name: clamd_use_jit state: yes persistent: yes when: - ansible_selinux is defined - ansible_selinux | bool - ansible_selinux.status == "enabled" - name: install required selinux software package: name: "{{ clamav_requirements }}" state: present when: - ansible_selinux is defined - ansible_selinux | bool - ansible_selinux.status == "enabled" - name: place selinux type enforcement copy: src: my-clamd.te dest: /etc/my-clamd.te mode: "0640" notify: - create selinux mod for clamav - create selinux pp for clamav - load selinux pp for clamav when: - ansible_selinux is defined - ansible_selinux | bool - ansible_selinux.status == "enabled" - name: place freshclam.conf template: src: freshclam.conf.j2 dest: "{{ clamav_config_dir }}/freshclam.conf" mode: "0640" - name: create database directory file: path: "{{ clamav_database_directory }}" state: directory mode: "0755" - name: flush handlers meta: flush_handlers - name: configure clamav software lineinfile: dest: "{{ clamav_config_dir }}/{{ clamav_config_file }}" line: "{{ item.line }}" create: yes state: "{{ item.state | default('present') }}" mode: "0640" loop: "{{ clamav_configuration }}" notify: - restart clamav - name: check update virus definitions async_status: jid: "{{ updatevirusdefinitions.ansible_job_id }}" register: clamav_job_result until: clamav_job_result.finished retries: 15 delay: 60 when: - updatevirusdefinitions is defined - name: start and enable clamav service service: name: "{{ item }}" state: started enabled: yes loop: "{{ clamav_services }}"
