Merge "Explicitly create clamav socket directory"

tasks/rhel7stig/misc.yml

@@ -159,7 +159,7 @@
   lineinfile:
     dest: /etc/clamd.d/scan.conf
     regexp: "^(#)?LocalSocket (.*)$"
-    line: 'LocalSocket \2'
+    line: "LocalSocket {{ clamav_service_details['socket_path'] }}"
     backrefs: yes
   when:
     - clamav_install_check.stat.exists
@@ -171,6 +171,22 @@
     - misc
     - V-72213
 
+- name: Ensure ClamAV socket directory exists
+  file:
+    path: "{{ clamav_service_details['socket_path'] | dirname }}"
+    user: "{{ clamav_service_details['user'] }}"
+    group: "{{ clamav_service_details['group'] }}"
+    mode: "{{ clamav_service_details['mode'] }}"
+  when:
+    - clamav_install_check.stat.exists
+    - security_enable_virus_scanner | bool
+    - ansible_facts['os_family'] | lower == 'redhat'
+  notify:
+    - restart clamav
+  tags:
+    - misc
+    - V-72213
+
 - name: Allow automatic freshclam updates
   lineinfile:
     dest: /etc/sysconfig/freshclam

vars/redhat-7.yml

@@ -40,6 +40,13 @@ ssh_service: sshd
 chrony_service: chronyd
 clamav_service: 'clamd@scan'
 
+# Clamav paparms
+clamav_service_details:
+  user: clamscan
+  group: virusgroup
+  socket_path: /run/clamd.scan/clamd.sock
+  mode: 0710
+
 # Commands
 grub_update_cmd: "/usr/sbin/grub2-mkconfig -o {{ grub_config_file_boot }}"
 ssh_keysign_path: /usr/libexec/openssh

vars/redhat-8.yml

@@ -40,6 +40,13 @@ ssh_service: sshd
 chrony_service: chronyd
 clamav_service: 'clamd@scan'
 
+# Clamav paparms
+clamav_service_details:
+  user: clamscan
+  group: virusgroup
+  socket_path: /run/clamd.scan/clamd.sock
+  mode: 0710
+
 # Commands
 grub_update_cmd: "/usr/sbin/grub2-mkconfig -o {{ grub_config_file_boot }}"
 ssh_keysign_path: /usr/libexec/openssh