63 lines
1.4 KiB
YAML
63 lines
1.4 KiB
YAML
---
|
|
- name: Configure osquery on the local system
|
|
hosts: localhost
|
|
connection: local
|
|
become: yes
|
|
tasks:
|
|
- name: Install osquery
|
|
apt:
|
|
name: osquery
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Create osquery user
|
|
user:
|
|
name: osquery
|
|
system: yes
|
|
create_home: no
|
|
state: present
|
|
|
|
- name: Copy osquery.flags file
|
|
copy:
|
|
src: osquery.flags
|
|
dest: /etc/osquery/osquery.flags
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Copy osquery.conf file
|
|
copy:
|
|
src: osquery.conf
|
|
dest: /etc/osquery/osquery.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Create log directory
|
|
file:
|
|
path: /var/log/osquery
|
|
state: directory
|
|
owner: osquery
|
|
group: osquery
|
|
mode: 0750
|
|
|
|
- name: Set up logrotate
|
|
copy:
|
|
content: |
|
|
/var/log/osquery/osqueryd.{INFO,ERROR,WARNING}* /var/log/osquery/osqueryd.results.log {
|
|
daily
|
|
rotate 3
|
|
compress
|
|
missingok
|
|
notifempty
|
|
create 0640 osquery osquery
|
|
postrotate
|
|
systemctl restart osqueryd > /dev/null 2>&1 || true
|
|
endscript
|
|
}
|
|
dest: /etc/logrotate.d/osquery
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|