commit b6d37c9399eadf7b20b0c55826fbe7855f372dcc Author: Rottler Tamas Date: Sun Apr 27 11:04:17 2025 +0200 first commit diff --git a/files/etcbackup.sh b/files/etcbackup.sh new file mode 100644 index 0000000..6ee8d1a --- /dev/null +++ b/files/etcbackup.sh @@ -0,0 +1,8 @@ +#!/bin/bash +BACKUPPATH=/var/backups +BACKUPFILE=etc.`hostname`.`date +%F`.tar.gz + +tar -czf $BACKUPPATH/$BACKUPFILE -C / etc +chmod 0640 $BACKUPPATH/$BACKUPFILE + +find $BACKUPPATH -name "etc.*.tar.gz" -mtime +28 -delete diff --git a/files/history.sh b/files/history.sh new file mode 100644 index 0000000..7c97ebe --- /dev/null +++ b/files/history.sh @@ -0,0 +1,6 @@ +if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then + export HISTSIZE=2000 + export HISTFILESIZE=2000 + export HISTTIMEFORMAT='%F %T ' + shopt -s histappend +fi diff --git a/files/sysstat_minutely.patch b/files/sysstat_minutely.patch new file mode 100644 index 0000000..c5bef8f --- /dev/null +++ b/files/sysstat_minutely.patch @@ -0,0 +1,13 @@ +--- sysstat.ori 2017-09-18 00:57:17.685443243 +0200 ++++ sysstat 2017-09-18 00:57:32.997442999 +0200 +@@ -2,8 +2,8 @@ + # script is located + PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin + +-# Activity reports every 10 minutes everyday +-5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 ++# Activity reports ++* * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 + + # Additional run at 23:59 to rotate the statistics file + 59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2 diff --git a/tasks/debian.yml b/tasks/debian.yml new file mode 100644 index 0000000..db47c0c --- /dev/null +++ b/tasks/debian.yml @@ -0,0 +1,29 @@ +--- +############################################################################## +# debian / ubuntu + +- name: sysstat enable + tags: sysstat + lineinfile: + dest: /etc/default/sysstat + regexp: "^ENABLED=" + line: 'ENABLED="true"' + +- name: sysstat every minute + tags: sysstat + patch: + src: sysstat_minutely.patch + dest: /etc/cron.d/sysstat + +- name: disable IPv6 in sysctl.conf + lineinfile: + dest: /etc/sysctl.conf + state: present + regexp: "^{{ item.a }}" + line: "{{ item.a }} = {{ item.v }}" + with_items: + - { a: "net.ipv6.conf.all.disable_ipv6", v: 1 } + - { a: "net.ipv6.conf.default.disable_ipv6", v: 1 } + - { a: "net.ipv6.conf.lo.disable_ipv6", v: 1 } + +# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..d520a98 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,51 @@ +--- +############################################################################## +# debian-ubuntu / redhat + +- name: include debian/ubuntu specific + include_tasks: debian.yml + when: (ansible_distribution == "Debian" or ansible_distribution == "Ubuntu") + +- name: include redhat specific + include_tasks: redhat.yml + when: ansible_distribution == "RedHat" + +############################################################################## + +- name: "disable sshd X11Forwarding" + copy: + content: "X11Forwarding no" + dest: /etc/ssh/sshd_config.d/x11forwarding.conf + +- name: bash profile.d + file: + path: "/etc/profile.d" + state: directory + mode: 0755 + +- name: bash history + copy: + src: history.sh + dest: /etc/profile.d/history.sh + mode: 0644 + +- name: /var/backups directory for etcbackup + file: + path: /var/backups + state: directory + mode: 0755 + +- name: etcbackup + copy: + src: etcbackup.sh + dest: /usr/local/sbin/etcbackup.sh + mode: 0755 + +- name: etcbackup cron + lineinfile: + dest: /etc/cron.d/etcbackup + regexp: "/usr/local/sbin/etcbackup.sh" + line: "50 22 * * * root /usr/local/sbin/etcbackup.sh" + create: yes + +# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: diff --git a/tasks/redhat.yml b/tasks/redhat.yml new file mode 100644 index 0000000..9694563 --- /dev/null +++ b/tasks/redhat.yml @@ -0,0 +1,7 @@ +--- +############################################################################## +# redhat + +# empty. + +# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: