50 lines
866 B
YAML
50 lines
866 B
YAML
---
|
|
|
|
- name: Install lynis
|
|
register: lynis_pkg
|
|
become: yes
|
|
package:
|
|
name:
|
|
- lynis
|
|
- arch-audit
|
|
- clamav
|
|
state: present
|
|
|
|
- name: lynis config
|
|
register: lynis_conf
|
|
become: yes
|
|
copy:
|
|
src: lynis/custom.prf
|
|
dest: /etc/lynis/custom.prf
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: Scanning services
|
|
become: yes
|
|
register: lynis_svc
|
|
copy:
|
|
src: "lynis/{{ item }}"
|
|
dest: /usr/lib/systemd/system/
|
|
owner: root
|
|
group: root
|
|
mode: 0664
|
|
loop:
|
|
- sharingan-scan.service
|
|
- sharingan-scan.timer
|
|
|
|
- systemd:
|
|
daemon_reload: yes
|
|
become: yes
|
|
when: lynis_svc.changed
|
|
|
|
- name: Enable timers
|
|
become: yes
|
|
service:
|
|
name: sharingan-scan.timer
|
|
state: restarted
|
|
enabled: yes
|
|
|
|
- import_tasks: "./vscan.yml"
|
|
when: vscan_enabled is defined
|