mirror of
https://github.com/nikdoof/ansible-cis.git
synced 2025-12-20 13:29:30 +00:00
25 lines
603 B
YAML
25 lines
603 B
YAML
---
|
|
- name: Install auditd
|
|
ansible.builtin.package:
|
|
name: "{{ cis_auditd_package }}"
|
|
state: present
|
|
- name: Start auditd
|
|
ansible.builtin.service:
|
|
name: auditd
|
|
state: started
|
|
enabled: true
|
|
- name: Copy main CIS benchmark ruleset
|
|
ansible.builtin.copy:
|
|
src: auditd/cis-hardening.rules
|
|
dest: /etc/audit/rules.d/cis-hardening.rules
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
- name: Copy privileged commands ruleset
|
|
ansible.builtin.copy:
|
|
src: auditd/privileged.rules
|
|
dest: /etc/audit/rules.d/privileged.rules
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|