码迷,mamicode.com
首页 > 其他好文 > 详细

centos系统通过ansible-palybook 安装 clamav

时间:2018-07-30 17:15:56      阅读:407      评论:0      收藏:0      [点我收藏+]

标签:tde   std   basedir   lin   uid   remove   tin   ror   tar   

近期要安装clamav,结合ansible-playbook进行一次批量安装以及配置定时升级和检查

 

cat clamav-install.yml

---
- hosts: xx.xx.xx.xx
  remote_user: jumpserver
  sudo: yes

  tasks:
  - name: install epel-release
    yum: state=present name=epel-release
  - name: install clamav
    yum: state=present name=clamav
  - name: mkdir clamav
    shell: mkdir /usr/local/clamav
    ignore_errors: yes
  - name: mkdir clamav/update
    shell: mkdir /usr/local/clamav/update
    ignore_errors: yes
  - name: mkdir clamav/logs
    shell: mkdir /usr/local/clamav/logs
    ignore_errors: yes
  - name: chown clam
    shell: chown -R clam.clam /usr/local/clamav
  - name: update freshclam.conf
    lineinfile:
     dest: /etc/freshclam.conf
     regexp: DatabaseDirectory
     line: DatabaseDirectory /usr/local/clamav/update
  - name: crontab root add update clamav
    cron: name=update clamav job=/usr/bin/freshclam >> /usr/local/clamav/logs/freshclam.$(date +"\%Y-\%m-\%d").log 2>&1 minute=10 hour=00
  - name: crontab root add start clamav -r /
    cron: name=start clamav -r / job=/usr/bin/clamscan -r / >> /usr/local/clamav/logs/clamd.$(date +"\%Y-\%m-\%d").log 2>&1 minute=30 hour=00

我这边不是root执行的,使用的sudo。

由于执行了多次,所以mkdir会报错,添加了 忽略错误参数。

ignore_errors: yes

 

1、先安装软件epel-release和clamav

2、创建目录(可不操作,看个人习惯)

3、赋权限,clam用户在yum中会创建

4、修改配置文件(看个人习惯,可使用默认的)

5、添加crontab,每天00:10升级病毒库

6、添加crontab,每天00:30杀毒,具体的目录可以修改

/usr/bin/clamscan -r /

 

具体的日志详见下图

[jumpserver@iZ25ejx9pmvZ playbook]$ ansible-playbook clamav-install.yml -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in 
version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is sudo (default). This feature will be removed in 
version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [xx.xx.xx.xx] ****************************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************
ok: [xx.xx.xx.xx]

TASK [install epel-release] *********************************************************************************************************************************
changed: [xx.xx.xx.xx]

TASK [install clamav] ***************************************************************************************************************************************
changed: [xx.xx.xx.xx]

TASK [mkdir clamav] *****************************************************************************************************************************************
 [WARNING]: Consider using the file module with state=directory rather than running mkdir.  If you need to use command because file is insufficient you can
add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message.

fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav", "delta": "0:00:00.016856", "end": "2018-07-30 16:36:39.524068", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:39.507212", "stderr": "mkdir: cannot create directory `/usr/local/clamav‘: File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav‘: File exists"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [mkdir clamav/update] **********************************************************************************************************************************
fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav/update", "delta": "0:00:00.016897", "end": "2018-07-30 16:36:44.769502", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:44.752605", "stderr": "mkdir: cannot create directory `/usr/local/clamav/update‘: File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav/update‘: File exists"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [mkdir clamav/logs] ************************************************************************************************************************************
fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav/logs", "delta": "0:00:00.016787", "end": "2018-07-30 16:36:49.998214", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:49.981427", "stderr": "mkdir: cannot create directory `/usr/local/clamav/logs‘: File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav/logs‘: File exists"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [chown clam] *******************************************************************************************************************************************
 [WARNING]: Consider using the file module with owner rather than running chown.  If you need to use command because file is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message.

changed: [xx.xx.xx.xx]

TASK [update freshclam.conf] ********************************************************************************************************************************
ok: [xx.xx.xx.xx]

TASK [crontab root add update clamav] ***********************************************************************************************************************
changed: [xx.xx.xx.xx]

TASK [crontab root add start clamav -r /] *******************************************************************************************************************
changed: [xx.xx.xx.xx]

PLAY RECAP **************************************************************************************************************************************************
xx.xx.xx.xx              : ok=10   changed=6    unreachable=0    failed=0   

 执行完后

[jumpserver@xx-SVN local]$ id clam
uid=498(clam) gid=498(clam) groups=498(clam)

[jumpserver@xx-SVN local]$ rpm -qa clamav
clamav-0.100.1-1.el6.x86_64

[jumpserver@xx-SVN ~]$ rpm -qa epel-release
epel-release-6-8.noarch

[jumpserver@xx-SVN clamav]$ sudo crontab -u root -l
#Ansible: update clamav
10 00 * * * /usr/bin/freshclam >> /usr/local/clamav/logs/freshclam.$(date +"\%Y-\%m-\%d").log 2>&1
#Ansible: start clamav -r /
30 00 * * * /usr/bin/clamscan -r / >> /usr/local/clamav/logs/clamd.$(date +"\%Y-\%m-\%d").log 2>&1

 

centos系统通过ansible-palybook 安装 clamav

标签:tde   std   basedir   lin   uid   remove   tin   ror   tar   

原文地址:https://www.cnblogs.com/liudan182/p/9391475.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!