End script with a Lynis hardness check.

local.yml

@@ -3,7 +3,6 @@
 
 # Everything
 - hosts: all
-  connection: local
   become: true  
 
   pre_tasks:
@@ -23,3 +22,11 @@
 
   tasks:
     - include: tasks/flatpaks.yml
+
+
+# Display hardness checks
+- hosts: all
+  become: true
+
+  tasks:
+    - include: tasks/hardness_check_lynis.yml

tasks/hardness_check_lynis.yml

@@ -0,0 +1,11 @@
+- name: Install Lynis
+  ansible.builtin.git: 
+    repo: https://github.com/CISOfy/lynis
+    dest: /usr/local/
+    clone: yes
+    force: yes
+
+- name: Run Lynis
+  ansible.builtin.shell:
+    chdir: /usr/local/lynis/
+    cmd: lynis audit system