diff --git a/tasks/rhel7stig/misc.yml b/tasks/rhel7stig/misc.yml index b31d6ff5..005158bb 100644 --- a/tasks/rhel7stig/misc.yml +++ b/tasks/rhel7stig/misc.yml @@ -159,7 +159,7 @@ lineinfile: dest: /etc/clamd.d/scan.conf regexp: "^(#)?LocalSocket (.*)$" - line: 'LocalSocket \2' + line: "LocalSocket {{ clamav_service_details['socket_path'] }}" backrefs: yes when: - clamav_install_check.stat.exists @@ -171,6 +171,22 @@ - misc - V-72213 +- name: Ensure ClamAV socket directory exists + file: + path: "{{ clamav_service_details['socket_path'] | dirname }}" + user: "{{ clamav_service_details['user'] }}" + group: "{{ clamav_service_details['group'] }}" + mode: "{{ clamav_service_details['mode'] }}" + when: + - clamav_install_check.stat.exists + - security_enable_virus_scanner | bool + - ansible_facts['os_family'] | lower == 'redhat' + notify: + - restart clamav + tags: + - misc + - V-72213 + - name: Allow automatic freshclam updates lineinfile: dest: /etc/sysconfig/freshclam diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index 7796cd4a..058ddb4b 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -40,6 +40,13 @@ ssh_service: sshd chrony_service: chronyd clamav_service: 'clamd@scan' +# Clamav paparms +clamav_service_details: + user: clamscan + group: virusgroup + socket_path: /run/clamd.scan/clamd.sock + mode: 0710 + # Commands grub_update_cmd: "/usr/sbin/grub2-mkconfig -o {{ grub_config_file_boot }}" ssh_keysign_path: /usr/libexec/openssh diff --git a/vars/redhat-8.yml b/vars/redhat-8.yml index 79409456..375c0c3b 100644 --- a/vars/redhat-8.yml +++ b/vars/redhat-8.yml @@ -40,6 +40,13 @@ ssh_service: sshd chrony_service: chronyd clamav_service: 'clamd@scan' +# Clamav paparms +clamav_service_details: + user: clamscan + group: virusgroup + socket_path: /run/clamd.scan/clamd.sock + mode: 0710 + # Commands grub_update_cmd: "/usr/sbin/grub2-mkconfig -o {{ grub_config_file_boot }}" ssh_keysign_path: /usr/libexec/openssh