Mateusz Suski
49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
---
|
|
- name: Remove legacy network packages
|
|
ansible.builtin.apt:
|
|
name: "{{ cis_legacy_packages }}"
|
|
state: absent
|
|
purge: false
|
|
when: cis_remove_legacy_packages | bool
|
|
|
|
- name: Build enabled hardening package list
|
|
ansible.builtin.set_fact:
|
|
cis_enabled_hardening_packages: >-
|
|
{{
|
|
['sudo']
|
|
+ (['chrony'] if cis_enable_chrony | bool else [])
|
|
+ (['rsyslog'] if cis_enable_rsyslog | bool else [])
|
|
}}
|
|
|
|
- name: Install baseline hardening packages
|
|
ansible.builtin.apt:
|
|
name: "{{ cis_enabled_hardening_packages }}"
|
|
state: present
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
|
|
- name: Install auditd when enabled
|
|
ansible.builtin.apt:
|
|
name: auditd
|
|
state: present
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
when: cis_install_auditd | bool
|
|
|
|
- name: Install audispd plugins when available
|
|
ansible.builtin.apt:
|
|
name: audispd-plugins
|
|
state: present
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
register: cis_audispd_plugins_install
|
|
failed_when: false
|
|
when: cis_install_auditd | bool
|
|
|
|
- name: Report audispd plugins availability
|
|
ansible.builtin.debug:
|
|
msg: "WARNING: audispd-plugins was not installed; package may be unavailable for this release."
|
|
when:
|
|
- cis_install_auditd | bool
|
|
- cis_audispd_plugins_install is failed
|