first commit

files/etcbackup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+BACKUPPATH=/var/backups
+BACKUPFILE=etc.`hostname`.`date +%F`.tar.gz
+
+tar -czf $BACKUPPATH/$BACKUPFILE -C / etc
+chmod 0640 $BACKUPPATH/$BACKUPFILE
+
+find $BACKUPPATH -name "etc.*.tar.gz" -mtime +28 -delete

files/history.sh

@@ -0,0 +1,6 @@
+if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then
+    export HISTSIZE=2000
+    export HISTFILESIZE=2000
+    export HISTTIMEFORMAT='%F %T '
+    shopt -s histappend
+fi

files/sysstat_minutely.patch

@@ -0,0 +1,13 @@
+--- sysstat.ori 2017-09-18 00:57:17.685443243 +0200
++++ sysstat     2017-09-18 00:57:32.997442999 +0200
+@@ -2,8 +2,8 @@
+ # script is located
+ PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
+ 
+-# Activity reports every 10 minutes everyday
+-5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
++# Activity reports
++* * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
+ 
+ # Additional run at 23:59 to rotate the statistics file
+ 59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2

tasks/debian.yml

@@ -0,0 +1,29 @@
+---
+##############################################################################
+# debian / ubuntu
+
+- name: sysstat enable
+  tags: sysstat
+  lineinfile:
+    dest: /etc/default/sysstat
+    regexp: "^ENABLED="
+    line: 'ENABLED="true"'
+
+- name: sysstat every minute
+  tags: sysstat
+  patch:
+    src: sysstat_minutely.patch
+    dest: /etc/cron.d/sysstat
+
+- name: disable IPv6 in sysctl.conf
+  lineinfile:
+    dest: /etc/sysctl.conf
+    state: present
+    regexp: "^{{ item.a }}"
+    line: "{{ item.a }} = {{ item.v }}"
+  with_items:
+    - { a: "net.ipv6.conf.all.disable_ipv6", v: 1 }
+    - { a: "net.ipv6.conf.default.disable_ipv6", v: 1 }
+    - { a: "net.ipv6.conf.lo.disable_ipv6", v: 1 }
+
+# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:

tasks/main.yml

@@ -0,0 +1,51 @@
+---
+##############################################################################
+# debian-ubuntu / redhat
+
+- name: include debian/ubuntu specific
+  include_tasks: debian.yml
+  when: (ansible_distribution == "Debian" or ansible_distribution == "Ubuntu")
+
+- name: include redhat specific
+  include_tasks: redhat.yml
+  when: ansible_distribution == "RedHat"
+
+##############################################################################
+
+- name: "disable sshd X11Forwarding"
+  copy:
+    content: "X11Forwarding no"
+    dest: /etc/ssh/sshd_config.d/x11forwarding.conf
+
+- name: bash profile.d
+  file:
+    path: "/etc/profile.d"
+    state: directory
+    mode: 0755
+
+- name: bash history
+  copy:
+    src: history.sh
+    dest: /etc/profile.d/history.sh
+    mode: 0644
+
+- name: /var/backups directory for etcbackup
+  file:
+    path: /var/backups
+    state: directory
+    mode: 0755
+
+- name: etcbackup
+  copy:
+    src: etcbackup.sh
+    dest: /usr/local/sbin/etcbackup.sh
+    mode: 0755
+
+- name: etcbackup cron
+  lineinfile:
+    dest: /etc/cron.d/etcbackup
+    regexp: "/usr/local/sbin/etcbackup.sh"
+    line: "50 22   * * *   root   /usr/local/sbin/etcbackup.sh"
+    create: yes
+
+# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:

tasks/redhat.yml

@@ -0,0 +1,7 @@
+---
+##############################################################################
+# redhat
+
+# empty.
+
+# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: