env-ansible/tasks/general/tests/lynis.yml

---
# Lynis hardness check.

- name: General | Tests | Lynis | Install
  git: 
    repo: https://github.com/CISOfy/lynis
    dest: "{{ lynis_install_dir }}"
    clone: yes
    force: yes

- name: General | Tests | Lynis | Ensure Permissions (Looking at you Parrot OS!)
  file: 
    path: "{{ lynis_install_dir }}"
    state: directory
    mode: '0644'
    owner: root
    group: "{{ root_group }}"
    recurse: yes

- name: General | Tests | Lynis | Ensure Permissions 2
  file: 
    path: "{{ lynis_install_dir }}/lynis"
    mode: '0755'

- name: General | Tests | Lynis | Run System Audit
  shell: "{{ lynis_install_dir }}/lynis audit system --no-colors > {{ lynis_report }} 2>&1"
  args:
    executable: "{{ bash_exec.stdout }}"

- name: General | Tests | Lynis | Make Report Readable
  file:
    path: "{{ lynis_report }}"
    mode: '0777'
Removing TODOs and fixing some consistency errors. 2021-01-31 17:21:39 -06:00			`---`
General FreeBSD and account improvements. 2021-02-03 21:17:48 -06:00			`# Lynis hardness check.`
Removing TODOs and fixing some consistency errors. 2021-01-31 17:21:39 -06:00
Better names. :) 2021-02-02 21:28:17 -06:00			`- name: General \| Tests \| Lynis \| Install`
Remove more FQCN's for Debian. 2021-01-31 17:17:14 -06:00			`git:`
End script with a Lynis hardness check. 2020-12-28 20:57:05 -06:00			`repo: https://github.com/CISOfy/lynis`
Debug looks terrible. Put it in a file and hope that the color codes are ignored. 2020-12-28 21:32:28 -06:00			`dest: "{{ lynis_install_dir }}"`
End script with a Lynis hardness check. 2020-12-28 20:57:05 -06:00			`clone: yes`
			`force: yes`

Change shell module to file module. 2021-07-11 11:11:33 -05:00			`- name: General \| Tests \| Lynis \| Ensure Permissions (Looking at you Parrot OS!)`
			`file:`
			`path: "{{ lynis_install_dir }}"`
			`state: directory`
Fix permissions, again. :) 2021-07-11 12:09:33 -05:00			`mode: '0644'`
Change shell module to file module. 2021-07-11 11:11:33 -05:00			`owner: root`
Add initial HUGO support, FreeBSD 13 support, and script for Ansible to hit dev branch. (#4) * Create HUGO file. * Add HUGO. * Add script for running system against development branch. * Add newline to end of file. * Comment unused blocks. * Add path of site that HUGO should host. * Newlines, comments, and HUGO path. (#2) (#3) * Create HUGO file. * Add HUGO. * Add script for running system against development branch. * Add newline to end of file. * Comment unused blocks. * Add path of site that HUGO should host. * FreeBSD is complaining about certbot not having dict object stdout. This whole playbook is supposed to be skipped though, lol. * FreeBSD 13 is still mad. Ansible 2.11.2, jinja 2.11.2 (same version number??), Python 3.8.10. * Fix root group to be existing variable. FreeBSD uses wheel. * Allow choosing Github branch dynamically. * `branch` needs to be at General level. Testing if this works... * Change other `localhost` to `everything`. * Update FreeBSD status. * Goodbye, Code-OSS on Linux! * Delete a terrible file. * Remove excess tag. * "Fix" SSHFS for FreeBSD. * Variablize FreeBSD's loading of fusefs. * Variablize /etc/rc.conf. Enable FuseFS more properly. * Add beginning ticks. * Add missing playbook. * Enable FreeBSD mount job. * Rearrange items to be more consistent with comment. * It seems FreeBSD removed the `gnome3` metapackage. Use `gnome3-lite` instead. Also add Telegram. * Python is to 3.8 now. * Expand on FreeBSD work. * Expand on FreeBSD work. * Add placeholders for Gitlab. * Add parameter for Gitlab install. * Add Gitlab playbook. * Ensure FreeBSD uses the correct Python install. * Add newline. * Fix NFS for FreeBSD workstations. * Remove unnecessary line, restricted install to Linux in playbook. * Fix mount options for FreeBSD. * Fix mount number, as well as system-specific facts. * Add placeholders for remote viewing. * Add RDP for FreeBSD. * Omg! It works! Add setting enforcement. * Always remove OSS. * Remove hosts from explicit dev testing. 2021-07-19 07:07:03 -05:00			`group: "{{ root_group }}"`
Change shell module to file module. 2021-07-11 11:11:33 -05:00			`recurse: yes`
Parrot OS did the clone with group `staff`? Ensure it's always owned by root:root. 2021-07-11 11:08:08 -05:00
Fix permissions, again. :) 2021-07-11 12:09:33 -05:00			`- name: General \| Tests \| Lynis \| Ensure Permissions 2`
			`file:`
			`path: "{{ lynis_install_dir }}/lynis"`
			`mode: '0755'`

Better names. :) 2021-02-02 21:28:17 -06:00			`- name: General \| Tests \| Lynis \| Run System Audit`
Try running in bash to clean up weird characters. 2021-02-06 07:27:57 -06:00			`shell: "{{ lynis_install_dir }}/lynis audit system --no-colors > {{ lynis_report }} 2>&1"`
			`args:`
			`executable: "{{ bash_exec.stdout }}"`
I guess command and shell hate having an FQCN. Now need to output the results. 2020-12-28 21:19:01 -06:00
Better names. :) 2021-02-02 21:28:17 -06:00			`- name: General \| Tests \| Lynis \| Make Report Readable`
Remove more FQCN's for Debian. 2021-01-31 17:17:14 -06:00			`file:`
Change shell chmod to file module. 2021-01-31 13:55:18 -06:00			`path: "{{ lynis_report }}"`
Adjust report permissions. 2021-02-06 07:37:31 -06:00			`mode: '0777'`