标签:tde std basedir lin uid remove tin ror tar
近期要安装clamav,结合ansible-playbook进行一次批量安装以及配置定时升级和检查
cat clamav-install.yml
--- - hosts: xx.xx.xx.xx remote_user: jumpserver sudo: yes tasks: - name: install epel-release yum: state=present name=epel-release - name: install clamav yum: state=present name=clamav - name: mkdir clamav shell: mkdir /usr/local/clamav ignore_errors: yes - name: mkdir clamav/update shell: mkdir /usr/local/clamav/update ignore_errors: yes - name: mkdir clamav/logs shell: mkdir /usr/local/clamav/logs ignore_errors: yes - name: chown clam shell: chown -R clam.clam /usr/local/clamav - name: update freshclam.conf lineinfile: dest: /etc/freshclam.conf regexp: ‘DatabaseDirectory‘ line: ‘DatabaseDirectory /usr/local/clamav/update‘ - name: crontab root add update clamav cron: name=‘update clamav‘ job=‘/usr/bin/freshclam >> /usr/local/clamav/logs/freshclam.$(date +"\%Y-\%m-\%d").log 2>&1‘ minute=10 hour=00 - name: crontab root add start clamav -r / cron: name=‘start clamav -r /‘ job=‘/usr/bin/clamscan -r / >> /usr/local/clamav/logs/clamd.$(date +"\%Y-\%m-\%d").log 2>&1‘ minute=30 hour=00
我这边不是root执行的,使用的sudo。
由于执行了多次,所以mkdir会报错,添加了 忽略错误参数。
ignore_errors: yes
1、先安装软件epel-release和clamav
2、创建目录(可不操作,看个人习惯)
3、赋权限,clam用户在yum中会创建
4、修改配置文件(看个人习惯,可使用默认的)
5、添加crontab,每天00:10升级病毒库
6、添加crontab,每天00:30杀毒,具体的目录可以修改
/usr/bin/clamscan -r /
具体的日志详见下图
[jumpserver@iZ25ejx9pmvZ playbook]$ ansible-playbook clamav-install.yml -s [DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is ‘sudo‘ (default). This feature will be removed in version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [xx.xx.xx.xx] **************************************************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************************************************** ok: [xx.xx.xx.xx] TASK [install epel-release] ********************************************************************************************************************************* changed: [xx.xx.xx.xx] TASK [install clamav] *************************************************************************************************************************************** changed: [xx.xx.xx.xx] TASK [mkdir clamav] ***************************************************************************************************************************************** [WARNING]: Consider using the file module with state=directory rather than running mkdir. If you need to use command because file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message. fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav", "delta": "0:00:00.016856", "end": "2018-07-30 16:36:39.524068", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:39.507212", "stderr": "mkdir: cannot create directory `/usr/local/clamav‘: File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav‘: File exists"], "stdout": "", "stdout_lines": []} ...ignoring TASK [mkdir clamav/update] ********************************************************************************************************************************** fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav/update", "delta": "0:00:00.016897", "end": "2018-07-30 16:36:44.769502", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:44.752605", "stderr": "mkdir: cannot create directory `/usr/local/clamav/update‘: File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav/update‘: File exists"], "stdout": "", "stdout_lines": []} ...ignoring TASK [mkdir clamav/logs] ************************************************************************************************************************************ fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav/logs", "delta": "0:00:00.016787", "end": "2018-07-30 16:36:49.998214", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:49.981427", "stderr": "mkdir: cannot create directory `/usr/local/clamav/logs‘: File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav/logs‘: File exists"], "stdout": "", "stdout_lines": []} ...ignoring TASK [chown clam] ******************************************************************************************************************************************* [WARNING]: Consider using the file module with owner rather than running chown. If you need to use command because file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message. changed: [xx.xx.xx.xx] TASK [update freshclam.conf] ******************************************************************************************************************************** ok: [xx.xx.xx.xx] TASK [crontab root add update clamav] *********************************************************************************************************************** changed: [xx.xx.xx.xx] TASK [crontab root add start clamav -r /] ******************************************************************************************************************* changed: [xx.xx.xx.xx] PLAY RECAP ************************************************************************************************************************************************** xx.xx.xx.xx : ok=10 changed=6 unreachable=0 failed=0
执行完后
[jumpserver@xx-SVN local]$ id clam uid=498(clam) gid=498(clam) groups=498(clam) [jumpserver@xx-SVN local]$ rpm -qa clamav clamav-0.100.1-1.el6.x86_64 [jumpserver@xx-SVN ~]$ rpm -qa epel-release epel-release-6-8.noarch [jumpserver@xx-SVN clamav]$ sudo crontab -u root -l #Ansible: update clamav 10 00 * * * /usr/bin/freshclam >> /usr/local/clamav/logs/freshclam.$(date +"\%Y-\%m-\%d").log 2>&1 #Ansible: start clamav -r / 30 00 * * * /usr/bin/clamscan -r / >> /usr/local/clamav/logs/clamd.$(date +"\%Y-\%m-\%d").log 2>&1
centos系统通过ansible-palybook 安装 clamav
标签:tde std basedir lin uid remove tin ror tar
原文地址:https://www.cnblogs.com/liudan182/p/9391475.html
