From 2e76c946daa01558f9def75d228fbb1e5476c499 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kamil=20Boraty=C5=84ski?= Date: Sat, 2 Apr 2016 15:52:20 +0200 Subject: Initial Lynis Ansible role * Moved to proper location. * Added support for Debian-based distros. * Added manual installation * Modified for older versions compatiblity * Added directory creation. * Added unpack and cleanup tasks. * Changed naming convention. Fixed issue with absent. * Added switch for Lynis source * Changed naming convention. * Added RHEL support. * Made Debian-playbook more readble. * Added missing tags. --- defaults/main.yml | 19 +++++++++++++++++++ lynis.yml | 19 ------------------- tasks/debian.yml | 11 +++++++++++ tasks/main.yml | 26 ++++++++++++++++++++++++++ tasks/manual.yml | 40 ++++++++++++++++++++++++++++++++++++++++ tasks/rhel.yml | 12 ++++++++++++ 6 files changed, 108 insertions(+), 19 deletions(-) create mode 100644 defaults/main.yml delete mode 100644 lynis.yml create mode 100644 tasks/debian.yml create mode 100644 tasks/main.yml create mode 100644 tasks/manual.yml create mode 100644 tasks/rhel.yml diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..d98210a --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,19 @@ +--- + + + +lynis_version: '2.2.0' +lynis_name: 'lynis-{{ lynis_version }}' + + + +lynis_tarball_url: 'https://cisofy.com/files/{{ lynis_name }}.tar.gz' +lynis_tarball_checksum: '64fe15be52fa77bce14250867da87e8c262fb0e9229517c4e2d2d5a38223bea4' + +lynis_tarball_unpackdest: '/opt' +lynis_tarball_unpackdest_dir: '{{ lynis_tarball_unpackdest }}/lynis' +lynis_tarball_dest: '{{ lynis_tarball_unpackdest_dir }}{{ lynis_name }}.tar.gz' + + + +lynis_use_packages: no diff --git a/lynis.yml b/lynis.yml deleted file mode 100644 index 6f98dfd..0000000 --- a/lynis.yml +++ /dev/null @@ -1,19 +0,0 @@ -# Ansible Playbook for Lynis deployment - -- name: Lynis | Create /usr/local/lynis - file: path=/usr/local/lynis state=directory - -- name: Lynis | Unarchive copied package - unarchive: src=/etc/ansible/files/packages/lynis-latest.tar.gz dest=/usr/local copy=yes - register: result - -- name: Lynis | Copy default Lynis profile from master to destination - copy: src=/etc/ansible/files/configs/lynis_custom.prf dest=/usr/local/lynis/custom.prf force=yes - when: result.changed == True - -- name: Lynis | Add Lynis to crontab if package files still exists (normally ran once) - cron: name="Run Lynis" hour="{{ 4|random }}" minute="{{ 59 |random }}" job="/usr/local/lynis/lynis -c --cronjob --upload --profile /usr/local/lynis/custom.prf" state=present - when: result.changed == True - -- name: Lynis | Delete Lynis tarball - file: path=/usr/local/lynis-latest.tar.gz state=absent diff --git a/tasks/debian.yml b/tasks/debian.yml new file mode 100644 index 0000000..7904de5 --- /dev/null +++ b/tasks/debian.yml @@ -0,0 +1,11 @@ +--- + +- name: Lynis | Install Lynis from apt + apt: + name=lynis + state=present + force=no + install_recommends=no + update_cache=yes + register: lynis_isinstalled + tags: lynis diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..fdc0abb --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,26 @@ +--- + + + +- name: Lynis | Install Lynis (Debian | Ubuntu) + include: debian.yml + when: + (ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu') and + (lynis_use_packages is defined and lynis_use_packages) + tags: lynis + + + +- name: Lynis | Install Lynis (CentOS | RHEL) + include: rhel.yml + when: + (ansible_os_family == 'CentOS' or ansible_os_family == 'RedHat') and + (lynis_use_packages is defined and lynis_use_packages) + tags: lynis + + + +- name: Lynis | Install Lynis manually (OS-independent) + include: manual.yml + when: lynis_use_packages is defined and not lynis_use_packages + tags: lynis diff --git a/tasks/manual.yml b/tasks/manual.yml new file mode 100644 index 0000000..46274fa --- /dev/null +++ b/tasks/manual.yml @@ -0,0 +1,40 @@ +--- + + + +- name: Lynis | Manual - create directories + file: + dest={{ lynis_tarball_unpackdest_dir }} + recurse=yes + state=directory + owner=root + group=root + tags: lynis + + + +- name: Lynis | Manual - download latest stable version + get_url: + sha256sum={{ lynis_tarball_checksum }} + url={{ lynis_tarball_url }} + dest={{ lynis_tarball_dest }} + force=no + validate_certs=yes + backup=yes + tags: lynis + + + +- name: Lynis | Manual - unpack + unarchive: + dest={{ lynis_tarball_unpackdest }} + src={{ lynis_tarball_dest }} + tags: lynis + + + +- name: Lynis | Manual - remove tarball + file: + dest={{ lynis_tarball_dest }} + state=absent + tags: lynis diff --git a/tasks/rhel.yml b/tasks/rhel.yml new file mode 100644 index 0000000..f3c8827 --- /dev/null +++ b/tasks/rhel.yml @@ -0,0 +1,12 @@ +--- + + + +- name: Lynis | Install Lynis from yum + yum: + name: lynis + state: present + update_cache: yes + disable_gpg_check: no + register: lynis_isinstalled + tags: lynis -- cgit v1.2.3