54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
---
|
|
# Lynis hardness check.
|
|
|
|
- name: General | Tests | Lynis | Set Facts
|
|
set_fact:
|
|
lynis_file: "{{ user_user.home }}/Reports/{{ ansible_hostname }}.{{ lynis_report }}"
|
|
|
|
- name: General | Tests | Lynis | Set Facts 2
|
|
set_fact:
|
|
lynis_temp_file: "{{ lynis_file }}.tmp"
|
|
|
|
- name: General | Tests | Lynis | Install
|
|
git:
|
|
repo: https://github.com/CISOfy/lynis
|
|
dest: "{{ lynis_install_dir }}"
|
|
clone: yes
|
|
force: yes
|
|
ignore_errors: yes
|
|
|
|
- name: General | Tests | Lynis | Ensure Permissions (Looking at you Parrot OS!)
|
|
file:
|
|
path: "{{ lynis_install_dir }}"
|
|
state: directory
|
|
mode: '0644'
|
|
owner: root
|
|
group: "{{ root_group }}"
|
|
recurse: yes
|
|
|
|
- name: General | Tests | Lynis | Ensure Permissions 2
|
|
file:
|
|
path: "{{ lynis_install_dir }}/lynis"
|
|
mode: '0755'
|
|
|
|
- name: General | Tests | Lynis | Ensure Folder Permissions
|
|
file:
|
|
path: "{{ lynis_install_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
recurse: no
|
|
|
|
- name: General | Tests | Lynis | Run System Audit
|
|
shell: "{{ item }}"
|
|
loop:
|
|
- "./lynis audit system --no-colors > {{ lynis_temp_file }} 2>&1"
|
|
- "mv {{ lynis_temp_file }} {{ lynis_file }}"
|
|
args:
|
|
executable: "{{ bash_exec.stdout }}"
|
|
chdir: "{{ lynis_install_dir }}"
|
|
|
|
- name: General | Tests | Lynis | Make Report Readable
|
|
file:
|
|
path: "{{ lynis_file }}"
|
|
mode: '0644'
|