Kapisi/roles/Sharingan/tasks/scans.yml

66 lines
1.1 KiB
YAML

---
- name: Install lynis
register: lynis_pkg
become: yes
package:
name:
- lynis
- arch-audit
- clamav
state: present
- name: lynis config
register: lynis_conf
become: yes
copy:
src: lynis/custom.prf
dest: /etc/lynis/custom.prf
owner: root
group: root
mode: 0600
- name: Scanning services
become: yes
register: lynis_svc
copy:
src: "lynis/{{ item }}"
dest: /usr/lib/systemd/system/
owner: root
group: root
mode: 0664
loop:
- sharingan-scan.service
- sharingan-scan.timer
- name: Scanning services
become: yes
register: clam_svc
copy:
src: "clamav/{{ item }}"
dest: /usr/lib/systemd/system/
owner: root
group: root
mode: 0664
loop:
- freshclam.service
- freshclam.timer
- clamscan.service
- clamscan.timer
- systemd:
daemon_reload: yes
become: yes
when: clam_svc.changed or lynis_svc.changed
- name: Enable timers
become: yes
loop:
- freshclam.timer
- sharingan-scan.timer
service:
name: "{{ item }}"
state: restarted
enabled: yes