env-ansible/tasks/general/tests/lynis.yml

---
# Lynis hardness check.

- name: General | Tests | Lynis | Install
  git: 
    repo: https://github.com/CISOfy/lynis
    dest: "{{ lynis_install_dir }}"
    clone: yes
    force: yes

- name: General | Tests | Lynis | Ensure Permissions (Looking at you Parrot OS!)
  file: 
    path: "{{ lynis_install_dir }}"
    state: directory
    mode: '0644'
    owner: root
    group: "{{ root_group }}"
    recurse: yes

- name: General | Tests | Lynis | Ensure Permissions 2
  file: 
    path: "{{ lynis_install_dir }}/lynis"
    mode: '0755'

- name: General | Tests | Lynis | Run System Audit
  shell: "{{ lynis_install_dir }}/lynis audit system --no-colors > {{ lynis_report }} 2>&1"
  args:
    executable: "{{ bash_exec.stdout }}"

- name: General | Tests | Lynis | Make Report Readable
  file:
    path: "{{ lynis_report }}"
    mode: '0777'
Removing TODOs and fixing some consistency errors. 2021-01-31 17:21:39 -06:00			`---`
General FreeBSD and account improvements. 2021-02-03 21:17:48 -06:00			`# Lynis hardness check.`
Removing TODOs and fixing some consistency errors. 2021-01-31 17:21:39 -06:00
Better names. :) 2021-02-02 21:28:17 -06:00			`- name: General \| Tests \| Lynis \| Install`
Remove more FQCN's for Debian. 2021-01-31 17:17:14 -06:00			`git:`
End script with a Lynis hardness check. 2020-12-28 20:57:05 -06:00			`repo: https://github.com/CISOfy/lynis`
Debug looks terrible. Put it in a file and hope that the color codes are ignored. 2020-12-28 21:32:28 -06:00			`dest: "{{ lynis_install_dir }}"`
End script with a Lynis hardness check. 2020-12-28 20:57:05 -06:00			`clone: yes`
			`force: yes`

Change shell module to file module. 2021-07-11 11:11:33 -05:00			`- name: General \| Tests \| Lynis \| Ensure Permissions (Looking at you Parrot OS!)`
			`file:`
			`path: "{{ lynis_install_dir }}"`
			`state: directory`
Fix permissions, again. :) 2021-07-11 12:09:33 -05:00			`mode: '0644'`
Change shell module to file module. 2021-07-11 11:11:33 -05:00			`owner: root`
Fix root group to be existing variable. FreeBSD uses wheel. 2021-07-13 08:04:49 -05:00			`group: "{{ root_group }}"`
Change shell module to file module. 2021-07-11 11:11:33 -05:00			`recurse: yes`
Parrot OS did the clone with group `staff`? Ensure it's always owned by root:root. 2021-07-11 11:08:08 -05:00
Fix permissions, again. :) 2021-07-11 12:09:33 -05:00			`- name: General \| Tests \| Lynis \| Ensure Permissions 2`
			`file:`
			`path: "{{ lynis_install_dir }}/lynis"`
			`mode: '0755'`

Better names. :) 2021-02-02 21:28:17 -06:00			`- name: General \| Tests \| Lynis \| Run System Audit`
Try running in bash to clean up weird characters. 2021-02-06 07:27:57 -06:00			`shell: "{{ lynis_install_dir }}/lynis audit system --no-colors > {{ lynis_report }} 2>&1"`
			`args:`
			`executable: "{{ bash_exec.stdout }}"`
I guess command and shell hate having an FQCN. Now need to output the results. 2020-12-28 21:19:01 -06:00
Better names. :) 2021-02-02 21:28:17 -06:00			`- name: General \| Tests \| Lynis \| Make Report Readable`
Remove more FQCN's for Debian. 2021-01-31 17:17:14 -06:00			`file:`
Change shell chmod to file module. 2021-01-31 13:55:18 -06:00			`path: "{{ lynis_report }}"`
Adjust report permissions. 2021-02-06 07:37:31 -06:00			`mode: '0777'`