env-ansible/tasks/general/tests/lynis.yml

---
# Lynis hardness check.

- name: General | Tests | Lynis | Set Facts
  set_fact:
    lynis_file: "{{ user_user.home }}/Reports/{{ ansible_hostname }}.{{ lynis_report }}"

- name: General | Tests | Lynis | Set Facts 2
  set_fact:
    lynis_temp_file: "{{ lynis_file }}.tmp"

- name: General | Tests | Lynis | Rename Old Install
  shell: mv "/usr/local/lynis" "/usr/local/src/"
  ignore_errors: yes

- name: General | Tests | Lynis | Install
  git: 
    repo: https://github.com/CISOfy/lynis
    dest: "{{ lynis_install_dir }}"
    clone: yes
    force: yes
  ignore_errors: yes

- name: General | Tests | Lynis | Ensure Permissions (Looking at you Parrot OS!)
  file: 
    path: "{{ lynis_install_dir }}"
    state: directory
    mode: '0644'
    owner: root
    group: "{{ root_group }}"
    recurse: yes

- name: General | Tests | Lynis | Ensure Permissions 2
  file: 
    path: "{{ lynis_install_dir }}/lynis"
    mode: '0755'

- name: General | Tests | Lynis | Ensure Folder Permissions
  file: 
    path: "{{ lynis_install_dir }}"
    state: directory
    mode: '0755'
    recurse: no

- name: General | Tests | Lynis | Run System Audit
  shell: "{{ item }}"
  loop:
    - "./lynis audit system --no-colors > {{ lynis_temp_file }} 2>&1"
    - "mv {{ lynis_temp_file }} {{ lynis_file }}"
  args:
    executable: "{{ bash_exec.stdout }}"
    chdir: "{{ lynis_install_dir }}"

- name: General | Tests | Lynis | Make Report Readable
  file:
    path: "{{ lynis_file }}"
    mode: '0644'