env-ansible/tasks/hardness_check_lynis.yml

---

- name: Install Lynis
  git: 
    repo: https://github.com/CISOfy/lynis
    dest: "{{ lynis_install_dir }}"
    clone: yes
    force: yes

- name: Run Lynis Audit System
  shell: "{{ lynis_install_dir }}/lynis --no-colors audit system > {{ lynis_report }} 2>&1"

- name: Make Lynis Report Readable
  file:
    path: "{{ lynis_report }}"
    mode: '0444'
Removing TODOs and fixing some consistency errors. 2021-01-31 17:21:39 -06:00			`---`

End script with a Lynis hardness check. 2020-12-28 20:57:05 -06:00			`- name: Install Lynis`
Remove more FQCN's for Debian. 2021-01-31 17:17:14 -06:00			`git:`
End script with a Lynis hardness check. 2020-12-28 20:57:05 -06:00			`repo: https://github.com/CISOfy/lynis`
Debug looks terrible. Put it in a file and hope that the color codes are ignored. 2020-12-28 21:32:28 -06:00			`dest: "{{ lynis_install_dir }}"`
End script with a Lynis hardness check. 2020-12-28 20:57:05 -06:00			`clone: yes`
			`force: yes`

Debug looks terrible. Put it in a file and hope that the color codes are ignored. 2020-12-28 21:32:28 -06:00			`- name: Run Lynis Audit System`
Fix quotes so that I can remove lynis_exec variable. 2021-01-31 13:50:27 -06:00			`shell: "{{ lynis_install_dir }}/lynis --no-colors audit system > {{ lynis_report }} 2>&1"`
I guess command and shell hate having an FQCN. Now need to output the results. 2020-12-28 21:19:01 -06:00
Debug looks terrible. Put it in a file and hope that the color codes are ignored. 2020-12-28 21:32:28 -06:00			`- name: Make Lynis Report Readable`
Remove more FQCN's for Debian. 2021-01-31 17:17:14 -06:00			`file:`
Change shell chmod to file module. 2021-01-31 13:55:18 -06:00			`path: "{{ lynis_report }}"`
			`mode: '0444'`