From de7b2ea00cab133941abc82ba5e4c76b31b835cb Mon Sep 17 00:00:00 2001 From: Hyperling Date: Mon, 28 Dec 2020 21:32:28 -0600 Subject: [PATCH] Debug looks terrible. Put it in a file and hope that the color codes are ignored. --- facts/filesystem_names.yml | 24 ++++++++++++++++++++++++ facts/package_names.yml | 2 +- facts/service_names.yml | 5 ++++- local.yml | 1 + tasks/hardness_check_lynis.yml | 12 +++++------- 5 files changed, 35 insertions(+), 9 deletions(-) create mode 100644 facts/filesystem_names.yml diff --git a/facts/filesystem_names.yml b/facts/filesystem_names.yml new file mode 100644 index 0000000..8d1aa56 --- /dev/null +++ b/facts/filesystem_names.yml @@ -0,0 +1,24 @@ +--- +# Define what the file and folder names should be on each OS. + +- name: Set Pop!_OS Package Names + ansible.builtin.set_fact: + lynis_install_dir: /usr/local/lynis + lynis_report: /home/ling/lynis.log + when: ansible_distribution == "Pop!_OS" + + +# TODO Needs tested +- name: Set Ubuntu Package Names + ansible.builtin.set_fact: + lynis_install_dir: /usr/local/lynis + lynis_report: /root/lynis.log + when: ansible_distribution == "Ubuntu" + + +# TODO Needs tested +- name: Set FreeBSD Package Names + ansible.builtin.set_fact: + lynis_install_dir: /usr/local/lynis + lynis_report: /root/lynis.log + when: ansible_distribution == "FreeBSD" \ No newline at end of file diff --git a/facts/package_names.yml b/facts/package_names.yml index d32c4de..3c687c5 100644 --- a/facts/package_names.yml +++ b/facts/package_names.yml @@ -1,5 +1,5 @@ --- -# Define what the program name is on each OS so we can use package builtin. like this: +# Define what the program name is on each OS so we can use package builtin. - name: Set Pop!_OS Package Names ansible.builtin.set_fact: diff --git a/facts/service_names.yml b/facts/service_names.yml index 86871d3..884761f 100644 --- a/facts/service_names.yml +++ b/facts/service_names.yml @@ -1,10 +1,11 @@ --- -# Define what the program name is on each OS so we can use package builtin. like this: +# Define what the program name is on each OS so we can use service builtin. - name: Set Pop!_OS Service Names ansible.builtin.set_fact: cups: cups cups_pattern: cupsd + cups_browse: cups-browsed cups_browse_pattern: cups-browsed when: ansible_distribution == "Pop!_OS" @@ -15,6 +16,7 @@ ansible.builtin.set_fact: cups: cups cups_pattern: cupsd + cups_browse: cups-browsed cups_browse_pattern: cups-browsed when: ansible_distribution == "Ubuntu" @@ -25,6 +27,7 @@ ansible.builtin.set_fact: cups: cups cups_pattern: cupsd + cups_browse: cups-browsed cups_browse_pattern: cups-browsed when: ansible_distribution == "FreeBSD" \ No newline at end of file diff --git a/local.yml b/local.yml index a768f86..23f9093 100644 --- a/local.yml +++ b/local.yml @@ -6,6 +6,7 @@ become: true pre_tasks: + - include: facts/filesystem_names.yml - include: facts/package_names.yml - include: facts/service_names.yml diff --git a/tasks/hardness_check_lynis.yml b/tasks/hardness_check_lynis.yml index ee729e1..5fb1d52 100644 --- a/tasks/hardness_check_lynis.yml +++ b/tasks/hardness_check_lynis.yml @@ -1,14 +1,12 @@ - name: Install Lynis ansible.builtin.git: repo: https://github.com/CISOfy/lynis - dest: /usr/local/lynis + dest: "{{ lynis_install_dir }}" clone: yes force: yes -- name: Run Lynis - command: /usr/local/lynis/lynis audit system - register: lynis_report +- name: Run Lynis Audit System + command: /usr/local/lynis/lynis audit system > "{{ lynis_report }}" -- name: Lynis Report - debug: - var: lynis_report \ No newline at end of file +- name: Make Lynis Report Readable + command: chmod 444 "{{ lynis_report }}" \ No newline at end of file