nikdoof/ansible-cis
1
0
Fork 0
mirror of https://github.com/nikdoof/ansible-cis.git synced 2025-12-21 05:49:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support for Debian

Browse Source
This commit is contained in:
Andrew Williams
2024-07-13 18:12:23 +01:00
parent 038970aaea
commit 14f054dce9
8 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tasks/aide.yaml
View File

@@ -2,7 +2,7 @@
- name: Install AIDE
ansible.builtin.package:
name: aide
state: installed
state: present
notify: init aide
- name: Install AIDE crontab
ansible.builtin.copy:

9
tasks/auditd.yaml
View File

@@ -1,4 +1,13 @@
---
- name: Install auditd
ansible.builtin.package:
name: auditd
state: present
- name: Start auditd
ansible.builtin.service:
name: auditd
state: started
enabled: true
- name: Copy main CIS benchmark ruleset
ansible.builtin.copy:
src: auditd/cis-hardening.rules

4
tasks/cron.yaml
View File

@@ -1,7 +1,7 @@
---
- name: Enable crond
- name: Enable cron
ansible.builtin.service:
name: crond
name: "{{ cis_cron_service_name }}"
state: started
enabled: true
- name: Set cron file security

6
tasks/main.yaml
View File

@@ -1,4 +1,10 @@
---
- name: CIS - Get OS specific vars
include_vars: "{{ item }}"
with_first_found:
- "os/{{ ansible_os_family }}/{{ ansible_distribution_major_version }}.yaml"
- "os/{{ ansible_os_family }}.yaml"
- include_tasks: auditd.yaml
- include_tasks: limits.yaml
- include_tasks: proc.yaml