Got rkhunter working for HIDS; operational fixes for Sharingan

2022-05-03 16:57:52 -05:00
parent d0146770a4
commit 01dde4008d
40 changed files with 299 additions and 580 deletions
--- a/roles/Sharingan/tasks/scans.yml
+++ b/roles/Sharingan/tasks/scans.yml
@@ -0,0 +1,55 @@
+---
+
+ - name: Install lynis
+   register: lynis_pkg
+   become: yes
+   package:
+     name:
+       - lynis
+       - arch-audit
+       - clamav
+     state: present
+
+ - name: lynis config
+   register: lynis_conf
+   become: yes
+   copy:
+     src: lynis/custom.prf
+     dest: /etc/lynis/custom.prf
+     owner: root
+     group: root
+     mode: 0600
+
+ - name: Scanning services
+   become: yes
+   copy:
+     src: "lynis/{{ item }}" 
+     dest: /usr/lib/systemd/system/
+     owner: root
+     group: root
+     mode: 0664
+   loop:
+     - sharingan-scan.service
+     - sharingan-scan.timer
+
+ - name: Scanning services
+   become: yes
+   copy:
+     src: "clamav/{{ item }}" 
+     dest: /usr/lib/systemd/system/
+     owner: root
+     group: root
+     mode: 0664
+   loop:
+     - freshclam.service
+     - freshclam.timer
+
+ - name: Enable timers
+   become: yes
+   loop:
+     - freshclam.timer
+     - sharingan-scan.timer
+   service:
+     name: "{{ item }}"
+     state: restarted
+     enabled: yes