2023-03-31 07:50:04 +00:00
|
|
|
---
|
|
|
|
|
- name: OpenBSD workaround - inspec detects OpenSBD as unix and not linux compatible
|
|
|
|
|
hosts: all
|
|
|
|
|
become: true
|
|
|
|
|
tasks:
|
2023-12-06 10:18:56 +00:00
|
|
|
- name: Use the type command instead of which to detect existing commands
|
2023-12-06 13:37:09 +00:00
|
|
|
ansible.builtin.file:
|
|
|
|
|
src: /usr/bin/which
|
|
|
|
|
dest: /usr/bin/type
|
2023-03-31 07:50:04 +00:00
|
|
|
state: hard
|
2023-12-06 14:27:21 +00:00
|
|
|
mode: "0770"
|
2023-12-06 13:37:09 +00:00
|
|
|
when: lookup('env', 'MOLECULE_DISTRO') == 'openbsd7'
|
2023-03-31 07:50:04 +00:00
|
|
|
|
|
|
|
|
- name: Verify
|
|
|
|
|
hosts: localhost
|
|
|
|
|
environment:
|
|
|
|
|
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
|
|
|
|
|
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
|
|
|
|
|
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
|
|
|
|
|
tasks:
|
2023-12-06 10:18:56 +00:00
|
|
|
- name: Get ssh-config
|
2023-12-06 13:37:09 +00:00
|
|
|
ansible.builtin.command:
|
|
|
|
|
cmd: vagrant ssh-config
|
2023-03-31 07:50:04 +00:00
|
|
|
chdir: "{{ molecule_ephemeral_directory }}"
|
|
|
|
|
register: ssh_config
|
|
|
|
|
changed_when: false
|
|
|
|
|
|
2023-12-06 10:18:56 +00:00
|
|
|
- name: Create ssh-config file
|
2023-12-06 13:37:09 +00:00
|
|
|
ansible.builtin.copy:
|
2023-03-31 07:50:04 +00:00
|
|
|
content: "{{ ssh_config.stdout_lines | join ('\n') }}"
|
|
|
|
|
dest: "{{ molecule_ephemeral_directory }}/ssh-config"
|
2023-12-06 14:27:21 +00:00
|
|
|
mode: "0400"
|
2023-03-31 07:50:04 +00:00
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
|
|
- name: Execute cinc-auditor tests
|
2023-12-06 10:18:56 +00:00
|
|
|
ansible.builtin.command: >
|
2024-02-04 09:54:22 +00:00
|
|
|
docker run --rm
|
2023-03-31 07:50:04 +00:00
|
|
|
--volume {{ molecule_ephemeral_directory }}:{{ molecule_ephemeral_directory }}
|
|
|
|
|
--volume ./waivers_{{ lookup('env', 'MOLECULE_DISTRO') }}.yaml:/waivers.yaml
|
|
|
|
|
docker.io/cincproject/auditor exec
|
|
|
|
|
--ssh-config-file={{ molecule_ephemeral_directory }}/ssh-config
|
|
|
|
|
-t ssh://{{ lookup('env', 'USER') }}
|
|
|
|
|
--sudo --no-show-progress --no-color
|
|
|
|
|
--waiver-file /waivers.yaml
|
|
|
|
|
--no-distinct-exit https://github.com/dev-sec/ssh-baseline/archive/refs/heads/master.zip
|
|
|
|
|
register: test_results
|
|
|
|
|
changed_when: false
|
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
|
|
- name: Display details about the cinc-auditor results
|
2023-12-06 10:18:56 +00:00
|
|
|
ansible.builtin.debug:
|
2023-03-31 07:50:04 +00:00
|
|
|
msg: "{{ test_results.stdout_lines }}"
|
|
|
|
|
|
|
|
|
|
- name: Fail when tests fail
|
2023-12-06 10:18:56 +00:00
|
|
|
ansible.builtin.fail:
|
2023-12-06 13:37:09 +00:00
|
|
|
msg: Inspec failed to validate
|
2023-03-31 07:50:04 +00:00
|
|
|
when: test_results.rc != 0
|
