diff options
| author | Kamil BoratyĆski <kboratynski@users.noreply.github.com> | 2016-04-02 16:52:20 +0300 |
|---|---|---|
| committer | Michael Boelen <michael@cisofy.com> | 2016-04-02 16:52:20 +0300 |
| commit | 2e76c946daa01558f9def75d228fbb1e5476c499 (patch) | |
| tree | aa79ce9d6bc6629b51652202646cd5d5a0f28053 | |
| parent | c823931923aab02f163b8e5fe3effff3ec87502a (diff) | |
Initial Lynis Ansible role
* Moved to proper location.
* Added support for Debian-based distros.
* Added manual installation
* Modified for older versions compatiblity
* Added directory creation.
* Added unpack and cleanup tasks.
* Changed naming convention.
Fixed issue with absent.
* Added switch for Lynis source
* Changed naming convention.
* Added RHEL support.
* Made Debian-playbook more readble.
* Added missing tags.
| -rw-r--r-- | defaults/main.yml | 19 | ||||
| -rw-r--r-- | lynis.yml | 19 | ||||
| -rw-r--r-- | tasks/debian.yml | 11 | ||||
| -rw-r--r-- | tasks/main.yml | 26 | ||||
| -rw-r--r-- | tasks/manual.yml | 40 | ||||
| -rw-r--r-- | tasks/rhel.yml | 12 |
6 files changed, 108 insertions, 19 deletions
diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..d98210a --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,19 @@ +--- + + + +lynis_version: '2.2.0' +lynis_name: 'lynis-{{ lynis_version }}' + + + +lynis_tarball_url: 'https://cisofy.com/files/{{ lynis_name }}.tar.gz' +lynis_tarball_checksum: '64fe15be52fa77bce14250867da87e8c262fb0e9229517c4e2d2d5a38223bea4' + +lynis_tarball_unpackdest: '/opt' +lynis_tarball_unpackdest_dir: '{{ lynis_tarball_unpackdest }}/lynis' +lynis_tarball_dest: '{{ lynis_tarball_unpackdest_dir }}{{ lynis_name }}.tar.gz' + + + +lynis_use_packages: no diff --git a/lynis.yml b/lynis.yml deleted file mode 100644 index 6f98dfd..0000000 --- a/lynis.yml +++ /dev/null @@ -1,19 +0,0 @@ -# Ansible Playbook for Lynis deployment - -- name: Lynis | Create /usr/local/lynis - file: path=/usr/local/lynis state=directory - -- name: Lynis | Unarchive copied package - unarchive: src=/etc/ansible/files/packages/lynis-latest.tar.gz dest=/usr/local copy=yes - register: result - -- name: Lynis | Copy default Lynis profile from master to destination - copy: src=/etc/ansible/files/configs/lynis_custom.prf dest=/usr/local/lynis/custom.prf force=yes - when: result.changed == True - -- name: Lynis | Add Lynis to crontab if package files still exists (normally ran once) - cron: name="Run Lynis" hour="{{ 4|random }}" minute="{{ 59 |random }}" job="/usr/local/lynis/lynis -c --cronjob --upload --profile /usr/local/lynis/custom.prf" state=present - when: result.changed == True - -- name: Lynis | Delete Lynis tarball - file: path=/usr/local/lynis-latest.tar.gz state=absent diff --git a/tasks/debian.yml b/tasks/debian.yml new file mode 100644 index 0000000..7904de5 --- /dev/null +++ b/tasks/debian.yml @@ -0,0 +1,11 @@ +--- + +- name: Lynis | Install Lynis from apt + apt: + name=lynis + state=present + force=no + install_recommends=no + update_cache=yes + register: lynis_isinstalled + tags: lynis diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..fdc0abb --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,26 @@ +--- + + + +- name: Lynis | Install Lynis (Debian | Ubuntu) + include: debian.yml + when: + (ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu') and + (lynis_use_packages is defined and lynis_use_packages) + tags: lynis + + + +- name: Lynis | Install Lynis (CentOS | RHEL) + include: rhel.yml + when: + (ansible_os_family == 'CentOS' or ansible_os_family == 'RedHat') and + (lynis_use_packages is defined and lynis_use_packages) + tags: lynis + + + +- name: Lynis | Install Lynis manually (OS-independent) + include: manual.yml + when: lynis_use_packages is defined and not lynis_use_packages + tags: lynis diff --git a/tasks/manual.yml b/tasks/manual.yml new file mode 100644 index 0000000..46274fa --- /dev/null +++ b/tasks/manual.yml @@ -0,0 +1,40 @@ +--- + + + +- name: Lynis | Manual - create directories + file: + dest={{ lynis_tarball_unpackdest_dir }} + recurse=yes + state=directory + owner=root + group=root + tags: lynis + + + +- name: Lynis | Manual - download latest stable version + get_url: + sha256sum={{ lynis_tarball_checksum }} + url={{ lynis_tarball_url }} + dest={{ lynis_tarball_dest }} + force=no + validate_certs=yes + backup=yes + tags: lynis + + + +- name: Lynis | Manual - unpack + unarchive: + dest={{ lynis_tarball_unpackdest }} + src={{ lynis_tarball_dest }} + tags: lynis + + + +- name: Lynis | Manual - remove tarball + file: + dest={{ lynis_tarball_dest }} + state=absent + tags: lynis diff --git a/tasks/rhel.yml b/tasks/rhel.yml new file mode 100644 index 0000000..f3c8827 --- /dev/null +++ b/tasks/rhel.yml @@ -0,0 +1,12 @@ +--- + + + +- name: Lynis | Install Lynis from yum + yum: + name: lynis + state: present + update_cache: yes + disable_gpg_check: no + register: lynis_isinstalled + tags: lynis |