add AV scanning

defaults/main.yml

@@ -4,3 +4,5 @@ smb_users:
     passwd: 'stephanearmanet_defaultpasswd'
   - username: "testuser1"
     passwd: "tiiiestuser1"
+
+smb_interface: eth0

meta/main.yml

@@ -9,7 +9,5 @@ galaxy_info:
     - name: CentOS
       versions:
         - 7
-dependencies: []
-# List your role dependencies here, one per line.
-# Be sure to remove the '[]' above if you add dependencies
-# to this list.
+dependencies:
+  - role: ics-ans-role-repository

molecule/default/molecule.yml

@@ -10,6 +10,8 @@ provisioner:
   inventory:
     group_vars:
       default_group:
+    host_vars:
+      ics-ans-role-samba-default:
 scenario:
   name: default
 verifier:

tasks/main.yml

@@ -5,15 +5,27 @@
     state: present
   with_items:
     - samba
+    - clamd
 
-- name: enable samba services
-  service:
-    name: "{{ item }}"
-    state: started
-    enabled: true
+- name: copy clamav initial DB
+  copy:
+    src: "{{ item }}"
+    dest: "/var/lib/clamav/{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
   with_items:
-    - smb
-    - nmb
+    - bytecode.cvd
+    - daily.cvd
+    - main.cvd
+
+- name: copy clamd config file
+  copy:
+    src: "scan.conf"
+    dest: "/etc/clamd.d/scan.conf"
+    owner: root
+    group: root
+    mode: 0755
 
 - name: setup smb.conf
   template:
@@ -24,6 +36,16 @@
     mode: 0755
   notify: restart_samba
 
+- name: enable services
+  service:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+  with_items:
+    - smb
+    - nmb
+    - clamd@scan
+
 - name: create local user
   user:
     name: "{{ item.username }}"
@@ -39,7 +61,7 @@
 - name: create samba user
   shell: "(pdbedit --user={{ item.username }} 2>&1 > /dev/null) || (echo {{ item.passwd }};echo {{ item.passwd }}) | smbpasswd -s -a {{ item.username }}"
   with_items: "{{smb_users}}"
-  no_log: false
+  no_log: true
   register: create_user_output
   changed_when: "'Added user' in create_user_output.stdout"
   when: user_created.changed

templates/smb.conf.j2

@@ -4,21 +4,27 @@
         security = user
 
         passdb backend = tdbsam
+        log level = 3
+        log file = /var/log/samba/samba.log
+        interfaces = {{ smb_interface }}
 
         printing = bsd
         printcap name = /dev/null
         disable spoolss = yes
         load printers = no
 
-{% for user in smb_users %}
-[ {{user.username}} ]
-        path = /home/{{ user.username }}
-        comment = {{ user.username }} Directories
-        valid users = {{ user.username }}
-        browseable = No
-        read only = No
-        inherit acls = Yes
-{% endfor %}
-
-
 
+[homes]
+   comment = Home Directory
+   read only = No
+   browseable = No
+   valid users = %S
+   vfs objects = virusfilter
+   virusfilter:scanner = clamav
+   virusfilter:socket path = /run/clamd.scan/clamd.sock
+   virusfilter:connect timeout = 30000
+   virusfilter:scan on open = yes
+   #virusfilter:scan on close = yes
+   virusfilter:max file size = 1000000000
+   virusfilter:infected file action = quarantine
+   virusfilter:quarantine directory = /var/tmp/quarantine