# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*- --- - name: update facts shell: | # {{USR_LOCAL}}/bin/testforge_local_bin.bash true # old base - name: "update locales" command: | locale-gen --update - name: "update env" command: | env-update - name: "update eix" # now done monthly command: | echo eix-update - name: "update peruser facts" # broken this is yaml # /usr/local/bin/testforge_local_bin.bash {{item|expanduser}} command: | true with_items: - "~{{BOX_USER_NAME}}/{{ BASE_USER_CONFIG_DIR }}/facts.d" # the tar step just before this may have added certificates to # /usr/local/share and we may need to run this. Run it anyway - name: "update-ca-certificates" shell: | # morons: this return rc=0 even when there is an exception - with java7 - # org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct? update-ca-certificates -f -v > /tmp/U$$.log 2>&1 retval=$? [ $retval -eq 0 ] && exit 0 if grep Exception: /tmp/U$$.log ; then retval=1 cat /tmp/$$.log else retval=0 fi exit $retval # FixMe: was unused - name: "chmod /usr/local" shell: | # there are some exceptions in usr/local # chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" {{USR_LOCAL}} chmod -R g+rw,o-w {{USR_LOCAL}} # was TESTF_ # this should not be needed but it still is because we execute src/var_local_*sh # as BOX_USER so they need to be writable - *before* the src/ files are run. chmod a+x {{VAR_LOCAL}}/*bin/*sh {{VAR_LOCAL}}/src/*sh chmod g+rw {{USR_LOCAL}}/*bin/*sh {{USR_LOCAL}}/src/*sh # was unused - not - name: chmod /usr/local shell: | # do I need this? should it be in hourly? it breaks lynis but I think we still need it #? chmod -R g+rw,o-w {{USR_LOCAL}} # FixMe: it breaks lynis - fix it here chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" \ {{USR_LOCAL}}/src \ {{USR_LOCAL}}/share \ {{USR_LOCAL}}/bin \ {{USR_LOCAL}}/{{BASE_LIB}} \ {{USR_LOCAL}}/net exit 0 # was in testforge - to fix problems caused by taring - name: chmod /var/local shell: | # do I need this? should it be in hourly? it breaks lynis but I think we still need it #? chmod -R g+rw,o-w {{VAR_LOCAL}} # FixMe: it breaks lynis - fix it here chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" \ {{VAR_LOCAL}}/src \ {{VAR_LOCAL}}/share \ {{VAR_LOCAL}}/bin \ {{VAR_LOCAL}}/{{BASE_LIB}} \ {{VAR_LOCAL}}/net exit 0 # FixMe: somethings strange in /var/local/etc # drwxr-xr-x 2 1056888 1049089 4096 Nov 30 13:38 w3af # FixMe: was PENT_ # FixMe: unused - name: "strange ownership - coming from tar?" shell: | chown -R {{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}} {{VAR_LOCAL}}/src {{VAR_LOCAL}}/bin {{VAR_LOCAL}}/net - name: summary of logs debug: # lookup('vars', item ) returns a list of strings?; map yields generators # |map(attribute='stdout')|list|join('\n') -> 'str object' has no attribute 'stdout' msg: "{{ lookup('vars', item ) }}" when: - lookup('vars', item, default=[])|length > 0 # base proxy with_items: # proxy - proxy_log_hourly # testforge - testforge_log_hourly - testforge_log_daily - testforge_log_weekly - testforge_log_monthly - testforge_log_test # pydev - pydev_log_test # text - text_log_test - text_log_hourly # testing - testing_log_test # harden - harden_log_hourly - harden_log_daily - harden_log_weekly - harden_log_monthly - harden_log_test # logging - logging_log_daily - logging_log_test # hostvms - hostvms_log_bin - hostvms_log_test # pentest - pentest_log_weekly - pentest_log_test # privacy - privacy_log_hourly - privacy_log_daily - privacy_log_weekly - privacy_log_monthly - privacy_log_test # gpgkey - gpgkey_log_weekly # trading - trading_log_test # update - update_log_daily - update_log_test