33 lines
1.3 KiB
YAML
33 lines
1.3 KiB
YAML
---
|
|
- name: "Compliance-Check: Führe OpenSCAP-Scan durch (sofern installiert)"
|
|
ansible.builtin.shell: >-
|
|
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard
|
|
--results {{ log_dir }}/oscap_result_{{ inventory_hostname }}.xml
|
|
/usr/share/xml/scap/ssg/content/ssg-$(lsb_release -si | tr '[:upper:]' '[:lower:]')-ds.xml
|
|
register: oscap_result
|
|
ignore_errors: true
|
|
changed_when: false
|
|
|
|
- name: "Compliance-Check: Führe Lynis-Scan durch (sofern installiert)"
|
|
ansible.builtin.shell: lynis audit system --quiet --logfile {{ log_dir }}/lynis_{{ inventory_hostname }}.log
|
|
register: lynis_result
|
|
ignore_errors: true
|
|
changed_when: false
|
|
|
|
- name: Sende Compliance-Report an Linux-Admins
|
|
community.general.mail:
|
|
host: "localhost"
|
|
port: 25
|
|
to: "{{ linux_admins_mail }}"
|
|
subject: "[COMPLIANCE] Report für {{ inventory_hostname }} am {{ ansible_date_time.iso8601 }}"
|
|
body: |
|
|
Compliance-Report für {{ inventory_hostname }} (FQDN: {{ ansible_fqdn }})
|
|
Zeit: {{ ansible_date_time.iso8601 }}
|
|
OpenSCAP-Exit: {{ oscap_result.rc | default('N/A') }}
|
|
Lynis-Exit: {{ lynis_result.rc | default('N/A') }}
|
|
Siehe Anhang für Details.
|
|
attach:
|
|
- "{{ log_dir }}/oscap_result_{{ inventory_hostname }}.xml"
|
|
- "{{ log_dir }}/lynis_{{ inventory_hostname }}.log"
|
|
ignore_errors: true
|