mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-10 01:04:13 +00:00
7e33ea0bae
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
43 lines
1.4 KiB
YAML
43 lines
1.4 KiB
YAML
---
|
|
- name: Verify
|
|
hosts: all
|
|
become: true
|
|
environment:
|
|
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
|
|
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
|
|
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
|
|
tasks:
|
|
- name: Install procps for debian systems
|
|
ansible.builtin.apt:
|
|
name: procps
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_distribution == 'Debian'
|
|
|
|
- name: Verify
|
|
hosts: localhost
|
|
environment:
|
|
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
|
|
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
|
|
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
|
|
tasks:
|
|
- name: Execute cinc-auditor tests
|
|
ansible.builtin.command: >
|
|
docker run
|
|
--volume /run/docker.sock:/run/docker.sock
|
|
docker.io/cincproject/auditor exec
|
|
-t docker://instance
|
|
--no-show-progress --no-color
|
|
--no-distinct-exit https://github.com/dev-sec/nginx-baseline/archive/refs/heads/master.zip
|
|
register: test_results
|
|
changed_when: false
|
|
ignore_errors: true
|
|
|
|
- name: Display details about the cinc-auditor results
|
|
ansible.builtin.debug:
|
|
msg: "{{ test_results.stdout_lines }}"
|
|
|
|
- name: Fail when tests fail
|
|
ansible.builtin.fail:
|
|
msg: Inspec failed to validate
|
|
when: test_results.rc != 0
|