mateusz/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve infra-run portfolio credibility
lint / shell-yaml-ansible (push) Failing after 21s
Details

Browse Source
This commit is contained in:
Mateusz Suski
2026-05-08 21:18:22 +00:00
parent deb12a0b4f
commit ca5a876d03
87 changed files with 462 additions and 531 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infra-run/ansible/roles/cis-debian-ubuntu-hardening/tasks/postcheck.yml
+7 -3
View File
@@ -37,12 +37,16 @@
ansible.builtin.set_fact:
cis_package_validation_summary:
legacy_absent: "{{ cis_legacy_packages | difference(ansible_facts.packages.keys() | list) }}"
hardening_present: "{{ (cis_enabled_hardening_packages | default(cis_hardening_packages)) | intersect(ansible_facts.packages.keys() | list) }}"
hardening_present: >-
{{ (cis_enabled_hardening_packages | default(cis_hardening_packages))
| intersect(ansible_facts.packages.keys() | list) }}
audit_present: "{{ cis_audit_packages | intersect(ansible_facts.packages.keys() | list) }}"
- name: Build sysctl validation summary
ansible.builtin.set_fact:
cis_sysctl_validation_summary: "{{ cis_sysctl_validation_summary | default({}) | combine({item.item.key: item.stdout | default('unreadable')}) }}"
cis_sysctl_validation_summary: >-
{{ cis_sysctl_validation_summary | default({})
| combine({item.item.key: item.stdout | default('unreadable')}) }}
loop: "{{ cis_sysctl_validation.results | default([]) }}"
loop_control:
label: "{{ item.item.key }}"
@@ -65,7 +69,7 @@
- name: Publish validation summary
ansible.builtin.set_fact:
cis_validation_summary:
benchmark: "CIS-inspired controls for Debian 13 Trixie and Ubuntu Server 26.04 LTS"
benchmark: "selected controls for Debian 13 Trixie and Ubuntu Server 26.04 LTS"
sshd_config: "{{ 'OK' if cis_sshd_validate.rc == 0 else 'CRITICAL' }}"
services: "{{ cis_service_state_summary }}"
packages: "{{ cis_package_validation_summary }}"