Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #427 from dev-sec/snoopotic-fix/add_auditd_restart_handler

Browse source 
add restart-auditd handler after configuration change
This commit is contained in:
schurzi 2021-03-29 21:15:46 +02:00 committed by GitHub
commit 2882a15ee1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
molecule/mysql_hardening/verify.yml
View file

@ -44,7 +44,7 @@
shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
- name: Execute cinc-auditor tests
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/mysql-baseline.git"
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/mysql-baseline"
register: test_results
changed_when: false
ignore_errors: true

2
molecule/nginx_hardening/verify.yml
View file

@ -47,7 +47,7 @@
shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
- name: Execute cinc-auditor tests
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/nginx-baseline.git"
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/nginx-baseline"
register: test_results
changed_when: false
ignore_errors: true

2
molecule/os_hardening/verify.yml
View file

@ -51,7 +51,7 @@
shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
- name: Execute cinc-auditor tests
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/linux-baseline.git"
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/linux-baseline"
register: test_results
changed_when: false
ignore_errors: true

2
molecule/ssh_hardening/verify.yml
View file

@ -42,7 +42,7 @@
shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
- name: Execute cinc-auditor tests
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/ssh-baseline.git"
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/nginx-baseline"
register: test_results
changed_when: false
ignore_errors: true

6
roles/os_hardening/handlers/main.yml
View file

@ -1,3 +1,9 @@
---
- name: Update-initramfs
command: 'update-initramfs -u'
- name: restart-auditd
command:
cmd: 'service auditd restart' # rhel: see: https://access.redhat.com/solutions/2664811
warn: false # sadly 'service' module fails in that case also by using 'use: service'
when: molecule_yml is not defined # restarting auditd in a container does not work

3
roles/os_hardening/tasks/auditd.yml
View file

@ -3,6 +3,7 @@
package:
name: '{{ auditd_package }}'
state: 'present'
tags: auditd
- name: Configure auditd | package-08
template:
@ -11,3 +12,5 @@
owner: 'root'
group: 'root'
mode: '0640'
notify: 'restart-auditd'
tags: auditd