[WIP] role logwatch

README.rst

@@ -76,6 +76,9 @@ Currently the repository features the following roles:
 | iptables      | install iptables persistent services and configure        |
 |               | iptables rules                                            |
 +---------------+-----------------------------------------------------------+
+| logwatch      | Logwatch is a customizable, pluggable log-monitoring      |
+|               | system.                                                   |
++---------------+-----------------------------------------------------------+
 | mariadb       | manage a mariadb server and client (if mariadb is not     |
 |               | available, mysql will be installed instead)               |
 +---------------+-----------------------------------------------------------+

logwatch/defaults/main.yml

@@ -0,0 +1 @@
+---

logwatch/handlers/main.yml

@@ -0,0 +1 @@
+---

logwatch/meta/main.yml

@@ -0,0 +1,28 @@
+---
+
+dependencies: []
+
+galaxy_info:
+  author: 'Adfinis SyGroup AG'
+  description: 'Logwatch is a customizable, pluggable log-monitoring system.'
+  company: 'Adfinis SyGroup AG'
+  license: 'GNU General Public License v3'
+  min_ansible_version: '2.0.0'
+  platforms:
+    - name: Debian
+      versions:
+        - wheezy
+        - jessie
+    - name: Ubuntu
+      versions:
+        - trusty
+        - xenial
+    - name: CentOS
+      versions:
+        - 6
+        - 7
+  galaxy_tags:
+    - logwatch
+    - log
+    - audit
+    - monitoring

logwatch/tasks/configuration.yml

@@ -0,0 +1,16 @@
+---
+
+- name: create logwatch configuration
+  template:
+    src: etc/logwatch/conf/logwatch.conf.j2
+    dest: '{{ logwatch_main_conf }}'
+    owner: root
+    group: root
+    mode: 0644
+    seuser: system_u
+    serole: object_r
+    setype: etc_t
+    selevel: s0
+  tags:
+    - 'role::logwatch'
+    - 'role::logwatch:config'

logwatch/tasks/installation.yml

@@ -0,0 +1,10 @@
+---
+
+- name: install logwatch related packages
+  package:
+    name: '{{ item }}'
+    state: present
+  tags:
+    - 'role::logwatch'
+    - 'role::logwatch:install'
+  with_items: '{{ logwatch_packages }}'

logwatch/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- name: include os specific vars
+  include_vars: '{{ item }}'
+  with_first_found:
+    - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml'
+    - '{{ ansible_os_family }}.yml'
+  tags:
+    - 'role::logwatch'
+    - 'role::logwatch:install'
+    - 'role::logwatch:config'
+
+- include: installation.yml
+- include: configuration.yml

logwatch/templates/etc/logwatch/conf/logwatch.conf.j2

@@ -0,0 +1,130 @@
+# {{ ansible_managed }}
+########################################################
+# This was written and is maintained by:
+#    Kirk Bauer <[email protected]>
+#
+# Please send all comments, suggestions, bug reports,
+#    etc, to [email protected].
+#
+########################################################
+
+# NOTE:
+#   All these options are the defaults if you run logwatch with no
+#   command-line arguments.  You can override all of these on the
+#   command-line.
+
+# You can put comments anywhere you want to.  They are effective for the
+# rest of the line.
+
+# this is in the format of <name> = <value>.  Whitespace at the beginning
+# and end of the lines is removed.  Whitespace before and after the = sign
+# is removed.  Everything is case *insensitive*.
+
+# Yes = True  = On  = 1
+# No  = False = Off = 0
+
+# Default Log Directory
+# All log-files are assumed to be given relative to this directory.
+LogDir = /var/log
+
+# You can override the default temp directory (/tmp) here
+TmpDir = /var/cache/logwatch
+
+#Output/Format Options
+#By default Logwatch will print to stdout in text with no encoding.
+#To make email Default set Output = mail to save to file set Output = file
+Output = stdout
+#To make Html the default formatting Format = html
+Format = text
+#To make Base64 [aka uuencode] Encode = base64
+Encode = none
+
+# Default person to mail reports to.  Can be a local account or a
+# complete email address.  Variable Output should be set to mail, or
+# --output mail should be passed on command line to enable mail feature.
+MailTo = root
+# WHen using option --multiemail, it is possible to specify a different
+# email recipient per host processed.  For example, to send the report
+# for hostname host1 to [email protected], use:
+#Mailto_host1 = [email protected]
+# Multiple recipients can be specified by separating them with a space.
+
+# Default person to mail reports from.  Can be a local account or a
+# complete email address.
+MailFrom = Logwatch
+
+# if set, the results will be saved in <filename> instead of mailed
+# or displayed. Be sure to set Output = file also.
+#Filename = /tmp/logwatch
+
+# Use archives?  If set to 'Yes', the archives of logfiles
+# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
+# be searched in addition to the /var/log/messages file.
+# This usually will not do much if your range is set to just
+# 'Yesterday' or 'Today'... it is probably best used with Range = All.
+# By default this is now set to Yes. To turn off Archives uncomment this.
+#Archives = No
+
+# The default time range for the report...
+# The current choices are All, Today, Yesterday
+Range = yesterday
+
+# The default detail level for the report.
+# This can either be Low, Med, High or a number.
+# Low = 0
+# Med = 5
+# High = 10
+Detail = Low
+
+
+# The 'Service' option expects either the name of a filter
+# (in /usr/share/logwatch/scripts/services/*) or 'All'.
+# The default service(s) to report on.  This should be left as All for
+# most people.
+Service = All
+# You can also disable certain services (when specifying all)
+Service = "-zz-network"     # Prevents execution of zz-network service, which
+                            # prints useful network configuration info.
+Service = "-zz-sys"         # Prevents execution of zz-sys service, which
+                            # prints useful system configuration info.
+Service = "-eximstats"      # Prevents execution of eximstats service, which
+                            # is a wrapper for the eximstats program.
+# If you only cared about FTP messages, you could use these 2 lines
+# instead of the above:
+#Service = ftpd-messages   # Processes ftpd messages in /var/log/messages
+#Service = ftpd-xferlog    # Processes ftpd messages in /var/log/xferlog
+# Maybe you only wanted reports on PAM messages, then you would use:
+#Service = pam_pwdb        # PAM_pwdb messages - usually quite a bit
+#Service = pam             # General PAM messages... usually not many
+
+# You can also choose to use the 'LogFile' option.  This will cause
+# logwatch to only analyze that one logfile.. for example:
+#LogFile = messages
+# will process /var/log/messages.  This will run all the filters that
+# process that logfile.  This option is probably not too useful to
+# most people.  Setting 'Service' to 'All' above analyzes all LogFiles
+# anyways...
+
+#
+# By default we assume that all Unix systems have sendmail or a sendmail-like MTA.
+# The mailer code prints a header with To: From: and Subject:.
+# At this point you can change the mailer to anything that can handle this output
+# stream.
+# TODO test variables in the mailer string to see if the To/From/Subject can be set
+# From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt
+mailer = "/usr/sbin/sendmail -t"
+
+#
+# With this option set to a comma separted list of hostnames, only log entries
+# for these particular hosts will be processed.  This can allow a log host to
+# process only its own logs, or Logwatch can be run once per a set of hosts
+# included in the logfiles.
+# Example: HostLimit = hosta,hostb,myhost
+#
+# The default is to report on all log entries, regardless of its source host.
+# Note that some logfiles do not include host information and will not be
+# influenced by this setting.
+#
+#HostLimit = myhost
+
+# vi: shiftwidth=3 tabstop=3 et

logwatch/vars/Debian.yml

@@ -0,0 +1,8 @@
+---
+
+# logwatch packages
+logwatch_packages:
+  - logwatch
+
+# logwatch main configuration file
+logwatch_main_conf: /etc/logwatch/conf/logwatch.conf

logwatch/vars/RedHat.yml

@@ -0,0 +1,8 @@
+---
+
+# logwatch packages
+logwatch_packages:
+  - logwatch
+
+# logwatch main configuration file
+logwatch_main_conf: /etc/logwatch/conf/logwatch.conf