General Improvements (#36)

* Add at and reword comment. * Add cronie, thought this was already done but last pull request got wonky. * Zypper is not happy about asking Brave repo to be added multiple times. * Replace deprecated `include` commands. * Add gcc. * Add another cc command for openSUSE. * include_tasks is not supporting ignore_errors like include used to, move to individual tasks. * Do a better job of removing libreoffice from local package manager. * Enhance reports. * Add basic VIM setup. * Undo some lynis changes, fix folder permissions so users can view. * Change lynis back to chdir and local execution. * Add doas. * Add check against old usage of setup.sh BRANCH. * Greatly reduce number of tasks, create temp file while building report. * Create temp file while building report.
2023-02-19 10:04:10 -06:00
parent 904dda6883
commit b162731c29
15 changed files with 211 additions and 80 deletions
--- a/tasks/general/tests/lynis.yml
+++ b/tasks/general/tests/lynis.yml
@ -1,6 +1,14 @@
 ---
 # Lynis hardness check.

+- name: General | Tests | Lynis | Set Facts
+  set_fact:
+    lynis_file: "{{ user_user.home }}/Reports/{{ lynis_report }}"
+
+- name: General | Tests | Lynis | Set Facts 2
+  set_fact:
+    lynis_temp_file: "{{ lynis_file }}.tmp"
+
 - name: General | Tests | Lynis | Rename Old Install
  shell: mv "/usr/local/lynis" "/usr/local/src/"
  ignore_errors: yes
@ -27,13 +35,23 @@
    path: "{{ lynis_install_dir }}/lynis"
    mode: '0755'

+- name: General | Tests | Lynis | Ensure Folder Permissions
+  file: 
+    path: "{{ lynis_install_dir }}"
+    state: directory
+    mode: '0755'
+    recurse: no
+
 - name: General | Tests | Lynis | Run System Audit
-  shell: "./lynis audit system --no-colors > {{ lynis_report }} 2>&1"
+  shell: "{{ item }}"
+  loop:
+    - "./lynis audit system --no-colors > {{ lynis_temp_file }} 2>&1"
+    - "mv {{ lynis_temp_file }} {{ lynis_file }}"
  args:
    executable: "{{ bash_exec.stdout }}"
    chdir: "{{ lynis_install_dir }}"

 - name: General | Tests | Lynis | Make Report Readable
  file:
-    path: "{{ lynis_report }}"
-    mode: '0777'
+    path: "{{ lynis_file }}"
+    mode: '0644'
--- a/tasks/general/tests/nmap.yml
+++ b/tasks/general/tests/nmap.yml
@ -1,13 +1,30 @@
 ---
 # Nmap port test

- name: General | Tests | nmap | Run Count
-  shell: "nmap --open localhost | grep -c open > {{ nmap_report }}; echo success"
+- name: General | Tests | nmap | Set Facts
+  set_fact:
+    nmap_file: "{{ user_user.home }}/Reports/{{ nmap_report }}"
+    nmap_separator: "\n*******************************\n\n"

- name: General | Tests | nmap | Run Open
-  shell: "nmap --open localhost | grep open >> {{ nmap_report }}; echo success"
+- name: General | Tests | nmap | Set Facts 2
+  set_fact:
+    nmap_temp_file: "{{ nmap_file }}.tmp"
+
+- name: General | Tests | nmap | Create Report
+  shell: "{{ item }}"
+  loop: 
+    - "date > {{ nmap_temp_file }}"
+    - "printf '{{ nmap_separator }}' >> {{ nmap_temp_file }}"
+    - "echo '-=Open Ports=-' >> {{ nmap_temp_file }}"
+    - "printf 'Number of open ports: ' >> {{ nmap_temp_file }}"
+    - "nmap --open localhost | grep -c open >> {{ nmap_temp_file }}; echo success"
+    - "nmap --open localhost | grep open >> {{ nmap_temp_file }}; echo success"
+    - "printf '{{ nmap_separator }}' >> {{ nmap_temp_file }}"
+    - "echo '-=Aggressive Vulnerability Check=-' >> {{ nmap_temp_file }}"
+    - "nmap -A localhost >> {{ nmap_temp_file }}; echo success"
+    - "mv {{ nmap_temp_file }} {{ nmap_file }}"

 - name: General | Tests | nmap | Make Viewable
  file:
-    path: "{{ nmap_report }}"
-    mode: '0777'
+    path: "{{ nmap_file }}"
+    mode: '0644'