Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 05:11:53 +00:00
Code Issues Projects Releases Packages Wiki Activity
ansible-collection-hardening/molecule/os_hardening_vm/verify.yml
Sebastian Gumprich e3273a8d54
disable pam tests (#691) 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-08-07 14:38:44 +02:00

60 lines
2 KiB
YAML
Raw Blame History

---
- name: Verify
hosts: all
become: true
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
tasks:
# temp. disabled - https://github.com/dev-sec/ansible-collection-hardening/issues/690
# - name: include PAM tests
# include_tasks: verify_tasks/pam.yml
# when: ansible_facts.distribution in ['Debian', 'Ubuntu'] or ansible_facts.os_family == 'RedHat'
- name: include YUM tests
include_tasks: verify_tasks/yum.yml
when: ansible_facts.os_family == 'RedHat'
- name: Verify
hosts: localhost
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
tasks:
- name: get ssh-config
command:
cmd: "vagrant ssh-config"
chdir: "{{ molecule_ephemeral_directory }}"
register: ssh_config
changed_when: false
- name: create ssh-config file
copy:
content: "{{ ssh_config.stdout_lines | join ('\n') }}"
dest: "{{ molecule_ephemeral_directory }}/ssh-config"
changed_when: false
- name: Execute cinc-auditor tests
command: >
docker run
--volume {{ molecule_ephemeral_directory }}:{{ molecule_ephemeral_directory }}
docker.io/cincproject/auditor exec
--ssh-config-file={{ molecule_ephemeral_directory }}/ssh-config
-t ssh://{{ lookup('env', 'USER') }}
--sudo --no-show-progress --no-color
--no-distinct-exit https://github.com/dev-sec/linux-baseline/archive/refs/heads/master.zip
register: test_results
changed_when: false
ignore_errors: true
- name: Display details about the cinc-auditor results
debug:
msg: "{{ test_results.stdout_lines }}"
- name: Fail when tests fail
fail:
msg: "Inspec failed to validate"
when: test_results.rc != 0
Reference in a new issue View git blame Copy permalink