diff options
| author | Micah <micah@leap.se> | 2015-09-22 15:04:33 -0400 |
|---|---|---|
| committer | Micah <micah@leap.se> | 2015-10-13 10:01:39 -0400 |
| commit | d6b521372243b79105a1513d4559572dfab6db54 (patch) | |
| tree | c54d7433278c2a5b89ea5e2b47e5332efa79d912 /puppet/modules/clamav/manifests/daemon.pp | |
| parent | b748aeffbdd72d50a7665b9c21c96a9750a840c0 (diff) | |
add clamav filtering, with sanesecurity signature updating and provider whitelisting (#3625)
Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
Diffstat (limited to 'puppet/modules/clamav/manifests/daemon.pp')
| -rw-r--r-- | puppet/modules/clamav/manifests/daemon.pp | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/puppet/modules/clamav/manifests/daemon.pp b/puppet/modules/clamav/manifests/daemon.pp new file mode 100644 index 00000000..9aebf9b0 --- /dev/null +++ b/puppet/modules/clamav/manifests/daemon.pp @@ -0,0 +1,86 @@ +class clamav::daemon { + + $domain_hash = hiera('domain') + $domain = $domain_hash['full_suffix'] + + package { [ 'clamav-daemon', 'arj' ]: + ensure => installed; + } + + service { + 'clamav-daemon': + ensure => running, + name => clamav-daemon, + pattern => '/usr/sbin/clamd', + enable => true, + hasrestart => true, + subscribe => File['/etc/default/clamav-daemon']; + } + + file { + '/var/run/clamav': + ensure => directory, + mode => '0750', + owner => clamav, + group => postfix; + + '/var/lib/clamav': + mode => '0755', + owner => clamav, + group => clamav; + + '/etc/default/clamav-daemon': + source => 'puppet:///modules/clamav/clamav-daemon_default', + mode => '0644', + owner => root, + group => root; + + # this file contains additional domains that we want the clamav + # phishing process to look for (our domain) + '/var/lib/clamav/local.pdb': + content => template('clamav/local.pdb.erb'), + mode => '0644', + owner => clamav, + group => clamav; + } + + file_line { + 'clamav_daemon_tmp': + path => '/etc/clamav/clamd.conf', + line => 'TemporaryDirectory /var/tmp', + require => Package['clamav-daemon'], + notify => Service['clamav-daemon']; + + 'enable_phishscanurls': + path => '/etc/clamav/clamd.conf', + match => 'PhishingScanURLs no', + line => 'PhishingScanURLs yes', + require => Package['clamav-daemon'], + notify => Service['clamav-daemon']; + + 'clamav_LogSyslog_true': + path => '/etc/clamav/clamd.conf', + match => '^LogSyslog false', + line => 'LogSyslog true', + require => Package['clamav-daemon'], + notify => Service['clamav-daemon']; + + 'clamav_MaxThreads': + path => '/etc/clamav/clamd.conf', + match => 'MaxThreads 20', + line => 'MaxThreads 100', + require => Package['clamav-daemon'], + notify => Service['clamav-daemon']; + } + + # remove LogFile line + file_line { + 'clamav_LogFile': + path => '/etc/clamav/clamd.conf', + match => '^LogFile .*', + line => '', + require => Package['clamav-daemon'], + notify => Service['clamav-daemon']; + } + +} |