From 32e4f82ff25a5c409a23e8a393b530e8208eb95f Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Fri, 12 Mar 2021 17:09:46 +0000 Subject: [PATCH] roles-lists: Initial version of role Add support for archiving mailing lists from roles. --- roles/roles-lists/files/archiver.sh | 27 ++++++++++++++ roles/roles-lists/files/sendmail-spamc.pp | Bin 0 -> 1125 bytes roles/roles-lists/files/sendmail-spamc.te | 14 +++++++ roles/roles-lists/meta/main.yml | 5 +++ roles/roles-lists/tasks/main.yml | 43 ++++++++++++++++++++++ 5 files changed, 89 insertions(+) create mode 100755 roles/roles-lists/files/archiver.sh create mode 100644 roles/roles-lists/files/sendmail-spamc.pp create mode 100644 roles/roles-lists/files/sendmail-spamc.te create mode 100644 roles/roles-lists/meta/main.yml create mode 100644 roles/roles-lists/tasks/main.yml diff --git a/roles/roles-lists/files/archiver.sh b/roles/roles-lists/files/archiver.sh new file mode 100755 index 0000000..42ead36 --- /dev/null +++ b/roles/roles-lists/files/archiver.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +function err { + echo "$*" | mail -s "archiver: mail archiving failed" root + exit 1 +} + +_group=$1 +_list=$2 + +if [ -z "$_group" ] || [ -z "$_list" ]; then + echo "Usage: $(basename "$0") " + exit 1 +fi + +_dir="/roles/${_group}/library/archive/${_list}" +_mbox="${_dir}/$(date +%Y-%m)" + +if [ ! -d "$_dir" ]; then + if ! mkdir -p "$_dir" ; then + err "ERROR: Failed to create archive directory '${_dir}'" + fi +fi + +if ! "/usr/bin/spamc" >> "${_mbox}" ; then + err "ERROR: Failed to archive mail into '${_mbox}'" +fi diff --git a/roles/roles-lists/files/sendmail-spamc.pp b/roles/roles-lists/files/sendmail-spamc.pp new file mode 100644 index 0000000000000000000000000000000000000000..7f9f0076ddd3360b40d616b576dff739fbe1eb15 GIT binary patch literal 1125 zcmcJOOG?B*5QgLUL_`HIFc(mC<} z`Bzs>ru+5%`E4VLB5*8tk@!gL-SzS&ulm*Uw$A#(FC=v$fVL+<4h5aBvNFkw)2>O% zbW<`HXXj4LTy)0PR3P4&K^PcoKfyNMZB zbsXBH>fme(>c&?(oXzo(`u@qMA#U9ejp{pJDYni`us>OyAz|cDljs+U!+~U!rCT_q zi5)&+%7Q%lZ@&a+?82?1!&U(L9bGw0$=0w3sH zwd7QsI6!M$9>fiLR6p_QhX?emEAbIG=u!QLZ;tOo*2Fb|EIo$g{k3lv)8xR Oc5##KZM8KieUcA&D@ox1 literal 0 HcmV?d00001 diff --git a/roles/roles-lists/files/sendmail-spamc.te b/roles/roles-lists/files/sendmail-spamc.te new file mode 100644 index 0000000..3743b0c --- /dev/null +++ b/roles/roles-lists/files/sendmail-spamc.te @@ -0,0 +1,14 @@ + +module sendmail-spamc 1.0; + +require { + type spamc_exec_t; + type sendmail_t; + class file { execute execute_no_trans getattr map open read }; +} + +#============= sendmail_t ============== + +#!!!! This avc can be allowed using the boolean 'domain_can_mmap_files' +allow sendmail_t spamc_exec_t:file map; +allow sendmail_t spamc_exec_t:file { execute execute_no_trans getattr open read }; diff --git a/roles/roles-lists/meta/main.yml b/roles/roles-lists/meta/main.yml new file mode 100644 index 0000000..c8c45d7 --- /dev/null +++ b/roles/roles-lists/meta/main.yml @@ -0,0 +1,5 @@ +--- + +dependencies: + - {role: "selinux"} + - {role: "sendmail"} diff --git a/roles/roles-lists/tasks/main.yml b/roles/roles-lists/tasks/main.yml new file mode 100644 index 0000000..13b056b --- /dev/null +++ b/roles/roles-lists/tasks/main.yml @@ -0,0 +1,43 @@ +--- + +- name: install archiver + copy: + dest: /etc/smrsh/archiver + src: archiver.sh + mode: 0755 + owner: root + group: "{{ ansible_wheel }}" + +- name: link legacy archiver + file: + dest: /etc/smrsh/archiver.pl + src: /etc/smrsh/archiver + state: link + owner: root + group: "{{ ansible_wheel }}" + follow: false + +- name: copy selinux module + copy: + dest: /usr/local/share/selinux/sendmail-spamc.pp + src: sendmail-spamc.pp + mode: 0644 + owner: root + group: "{{ ansible_wheel }}" + +- name: check if selinux module is loaded + command: + argv: + - semodule + - -l + register: result + check_mode: false + changed_when: false + +- name: insall selinux module + command: + argv: + - semodule + - -i + - /usr/local/share/selinux/sendmail-spamc.pp + when: '"sendmail-spamc" not in result.stdout_lines'