近期要安裝clamav,結合ansible-playbook進行一次批量安裝以及配置定時升級和檢查
[jumpserver@iZ25ejx9pmvZ playbook]$ cat /etc/redhat-release
CentOS release 6.5 (Final)
cat clamav-install.yml
--- - hosts: xx.xx.xx.xx remote_user: jumpserver sudo: yes tasks: - name: install epel-release yum: state=present name=epel-release - name: install clamav yum: state=present name=clamav - name: mkdir clamav shell: mkdir /usr/local/clamav ignore_errors: yes - name: mkdir clamav/update shell: mkdir /usr/local/clamav/update ignore_errors: yes - name: mkdir clamav/logs shell: mkdir /usr/local/clamav/logs ignore_errors: yes - name: chown clam shell: chown -R clam.clam /usr/local/clamav - name: update freshclam.conf lineinfile: dest: /etc/freshclam.conf regexp: 'DatabaseDirectory' line: 'DatabaseDirectory /usr/local/clamav/update' - name: crontab root add update clamav cron: name='update clamav' job='/usr/bin/freshclam >> /usr/local/clamav/logs/freshclam.$(date +"\%Y-\%m-\%d").log 2>&1' minute=10 hour=00 - name: crontab root add start clamav -r / cron: name='start clamav -r /' job='/usr/bin/clamscan -r / >> /usr/local/clamav/logs/clamd.$(date +"\%Y-\%m-\%d").log 2>&1' minute=30 hour=00
我這邊不是root執行的,使用的sudo。
由於執行了多次,所以mkdir會報錯,添加了 忽略錯誤參數。
ignore_errors: yes
1、先安裝軟件epel-release和clamav
2、創建目錄(可不操作,看個人習慣)
3、賦權限,clam用戶在yum中會創建
4、修改配置文件(看個人習慣,可使用默認的)
5、添加crontab,每天00:10升級病毒庫
6、添加crontab,每天00:30殺毒,具體的目錄可以修改
/usr/bin/clamscan -r /
具體的日志詳見下圖
[jumpserver@iZ25ejx9pmvZ playbook]$ ansible-playbook clamav-install.yml -s [DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default). This feature will be removed in version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [xx.xx.xx.xx] **************************************************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************************************************** ok: [xx.xx.xx.xx] TASK [install epel-release] ********************************************************************************************************************************* changed: [xx.xx.xx.xx] TASK [install clamav] *************************************************************************************************************************************** changed: [xx.xx.xx.xx] TASK [mkdir clamav] ***************************************************************************************************************************************** [WARNING]: Consider using the file module with state=directory rather than running mkdir. If you need to use command because file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message. fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav", "delta": "0:00:00.016856", "end": "2018-07-30 16:36:39.524068", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:39.507212", "stderr": "mkdir: cannot create directory `/usr/local/clamav': File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav': File exists"], "stdout": "", "stdout_lines": []} ...ignoring TASK [mkdir clamav/update] ********************************************************************************************************************************** fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav/update", "delta": "0:00:00.016897", "end": "2018-07-30 16:36:44.769502", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:44.752605", "stderr": "mkdir: cannot create directory `/usr/local/clamav/update': File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav/update': File exists"], "stdout": "", "stdout_lines": []} ...ignoring TASK [mkdir clamav/logs] ************************************************************************************************************************************ fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav/logs", "delta": "0:00:00.016787", "end": "2018-07-30 16:36:49.998214", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:49.981427", "stderr": "mkdir: cannot create directory `/usr/local/clamav/logs': File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav/logs': File exists"], "stdout": "", "stdout_lines": []} ...ignoring TASK [chown clam] ******************************************************************************************************************************************* [WARNING]: Consider using the file module with owner rather than running chown. If you need to use command because file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message. changed: [xx.xx.xx.xx] TASK [update freshclam.conf] ******************************************************************************************************************************** ok: [xx.xx.xx.xx] TASK [crontab root add update clamav] *********************************************************************************************************************** changed: [xx.xx.xx.xx] TASK [crontab root add start clamav -r /] ******************************************************************************************************************* changed: [xx.xx.xx.xx] PLAY RECAP ************************************************************************************************************************************************** xx.xx.xx.xx : ok=10 changed=6 unreachable=0 failed=0
執行完后
[jumpserver@xx-SVN local]$ id clam uid=498(clam) gid=498(clam) groups=498(clam) [jumpserver@xx-SVN local]$ rpm -qa clamav clamav-0.100.1-1.el6.x86_64 [jumpserver@xx-SVN ~]$ rpm -qa epel-release epel-release-6-8.noarch [jumpserver@xx-SVN clamav]$ sudo crontab -u root -l #Ansible: update clamav 10 00 * * * /usr/bin/freshclam >> /usr/local/clamav/logs/freshclam.$(date +"\%Y-\%m-\%d").log 2>&1 #Ansible: start clamav -r / 30 00 * * * /usr/bin/clamscan -r / >> /usr/local/clamav/logs/clamd.$(date +"\%Y-\%m-\%d").log 2>&1