centos系统通过ansible-palybook 安装 clamav

Posted 2020-12-26 liudan182

近期要安装clamav，结合ansible-playbook进行一次批量安装以及配置定时升级和检查

 

cat clamav-install.yml

---
- hosts: xx.xx.xx.xx
  remote_user: jumpserver
  sudo: yes

  tasks:
  - name: install epel-release
    yum: state=present name=epel-release
  - name: install clamav
    yum: state=present name=clamav
  - name: mkdir clamav
    shell: mkdir /usr/local/clamav
    ignore_errors: yes
  - name: mkdir clamav/update
    shell: mkdir /usr/local/clamav/update
    ignore_errors: yes
  - name: mkdir clamav/logs
    shell: mkdir /usr/local/clamav/logs
    ignore_errors: yes
  - name: chown clam
    shell: chown -R clam.clam /usr/local/clamav
  - name: update freshclam.conf
    lineinfile:
     dest: /etc/freshclam.conf
     regexp: ‘DatabaseDirectory‘
     line: ‘DatabaseDirectory /usr/local/clamav/update‘
  - name: crontab root add update clamav
    cron: name=‘update clamav‘ job=‘/usr/bin/freshclam >> /usr/local/clamav/logs/freshclam.$(date +"\%Y-\%m-\%d").log 2>&1‘ minute=10 hour=00
  - name: crontab root add start clamav -r /
    cron: name=‘start clamav -r /‘ job=‘/usr/bin/clamscan -r / >> /usr/local/clamav/logs/clamd.$(date +"\%Y-\%m-\%d").log 2>&1‘ minute=30 hour=00

我这边不是root执行的，使用的sudo。

由于执行了多次，所以mkdir会报错，添加了 忽略错误参数。

ignore_errors: yes

 

1、先安装软件epel-release和clamav

2、创建目录（可不操作，看个人习惯）

3、赋权限，clam用户在yum中会创建

4、修改配置文件（看个人习惯，可使用默认的）

5、添加crontab，每天00:10升级病毒库

6、添加crontab，每天00:30杀毒，具体的目录可以修改

/usr/bin/clamscan -r /

 

具体的日志详见下图

[[email protected] playbook]$ ansible-playbook clamav-install.yml -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in 
version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Instead of sudo/sudo_user, use become/become_user and make sure become_method is ‘sudo‘ (default). This feature will be removed in 
version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [xx.xx.xx.xx] ****************************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************
ok: [xx.xx.xx.xx]

TASK [install epel-release] *********************************************************************************************************************************
changed: [xx.xx.xx.xx]

TASK [install clamav] ***************************************************************************************************************************************
changed: [xx.xx.xx.xx]

TASK [mkdir clamav] *****************************************************************************************************************************************
 [WARNING]: Consider using the file module with state=directory rather than running mkdir.  If you need to use command because file is insufficient you can
add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message.

fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav", "delta": "0:00:00.016856", "end": "2018-07-30 16:36:39.524068", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:39.507212", "stderr": "mkdir: cannot create directory `/usr/local/clamav‘: File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav‘: File exists"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [mkdir clamav/update] **********************************************************************************************************************************
fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav/update", "delta": "0:00:00.016897", "end": "2018-07-30 16:36:44.769502", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:44.752605", "stderr": "mkdir: cannot create directory `/usr/local/clamav/update‘: File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav/update‘: File exists"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [mkdir clamav/logs] ************************************************************************************************************************************
fatal: [xx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "mkdir /usr/local/clamav/logs", "delta": "0:00:00.016787", "end": "2018-07-30 16:36:49.998214", "msg": "non-zero return code", "rc": 1, "start": "2018-07-30 16:36:49.981427", "stderr": "mkdir: cannot create directory `/usr/local/clamav/logs‘: File exists", "stderr_lines": ["mkdir: cannot create directory `/usr/local/clamav/logs‘: File exists"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [chown clam] *******************************************************************************************************************************************
 [WARNING]: Consider using the file module with owner rather than running chown.  If you need to use command because file is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message.

changed: [xx.xx.xx.xx]

TASK [update freshclam.conf] ********************************************************************************************************************************
ok: [xx.xx.xx.xx]

TASK [crontab root add update clamav] ***********************************************************************************************************************
changed: [xx.xx.xx.xx]

TASK [crontab root add start clamav -r /] *******************************************************************************************************************
changed: [xx.xx.xx.xx]

PLAY RECAP **************************************************************************************************************************************************
xx.xx.xx.xx              : ok=10   changed=6    unreachable=0    failed=0   

 执行完后

[[email protected]SVN local]$ id clam
uid=498(clam) gid=498(clam) groups=498(clam)

[[email protected]-SVN local]$ rpm -qa clamav
clamav-0.100.1-1.el6.x86_64

[[email protected]-SVN ~]$ rpm -qa epel-release
epel-release-6-8.noarch

[[email protected]-SVN clamav]$ sudo crontab -u root -l
#Ansible: update clamav
10 00 * * * /usr/bin/freshclam >> /usr/local/clamav/logs/freshclam.$(date +"\%Y-\%m-\%d").log 2>&1
#Ansible: start clamav -r /
30 00 * * * /usr/bin/clamscan -r / >> /usr/local/clamav/logs/clamd.$(date +"\%Y-\%m-\%d").log 2>&1