An Ansible role to install Lynis, an open source security auditing tool.
requirements.yml:
- src: infothrill.lynis
version: v4.2.0
Install:
ansible-galaxy install -r requirements.yml -p ./roles/
Playbook:
- hosts: servers
roles:
- role: infothrill.lynis
```yml
lynis_version: 3.0.8
lynis_version_sha256sum: 98373a4cc9d0471ab9bebb249e442fcf94b6bf6d4e9c6fc0b22bca1506646c63
```
The version and corresponding sha256sum of Lynis to install. Latest version
and hash can be found on the Lynis download page.
```yml
lynis_directory: /opt/lynis
```
The directory to hold the Lynis installation.
```yml
lynis_log_directory: /var/log/lynis
```
The directory for the Lynis logs. Used by the cron job. By default, Lynis will
output the report to stdout and log to /var/log/lynis.log and
/var/log/lynis-report.dat.
```yml
lynis_log_group: adm
```
The unix group that should own the generated logs.
```yml
lynis_config_directory: /etc/lynis
```
The directory to store cron related scripts and configuration.
```yml
lynis_cron: yes
lynis_cron_month: "*"
lynis_cron_day: "*"
lynis_cron_weekday: "*"
lynis_cron_hour: 3
lynis_cron_minute: 30
```
Lynis cron job configuration. The report, report log, and report data are
all written to the lynis_log_directory.
```yml
lynis_cron_rotate: 14
```
How many logs to keep in rotation (only meaningful when lynis_cron is true).
```yml
lynis_cron_initial_run: false
```
Set this to true to trigger an initial cron job run after initial installation or version change of lynis.
None.
MIT
This role was forked from https://github.com/tommarshall/ansible-role-lynis in 2018 by Paul Kremer.
- add ansible 7, python 3.11
- drop ansible 5, python 3.8
- updated lynis default version to 3.0.8
- dropped testing support for Debian Jessie, added Ubuntu 22.04
- dropped support for python older than 3.8
- dropped support for ansible older than 5
- Applied modern linting
- Switch to Github Actions for CI
- updated lynis default version to 3.0.3
- drop python 3.6 test support
- add python 3.7, 3.8, 3.9 test support
- drop ansible 2.8 testing support
- add ansible 3.0 testing support
- fix for issue #55
- updated lynis default version to 3.0.1
- Drop support for ansible <=2.7
- Add support for ansible 2.10
- Upgrade molecule to 3.x
- updated lynis default version to 3.0.0
- add support for ubuntu 20.04 (focal)
- updated lynis default version to 2.7.5
- add support for ansible 2.8
- add support for ansible 2.9
- drop support for ansible 2.4
- drop support for python2
- drop support for Ubuntu 14.04
- upgraded ansible-lint
- use ansible tempfile module
- use
ionicein cronjob
- only run log rotation when actually configured (
lynis_cron_rotate> 1)
- added feature to run lynis on initial install or version change (
lynis_cron_initial_run) - renamed variable
lynis_rotatetolynis_cron_rotate - removed molecule playbooks that are just upstream copies
- expanded cron configuration options
- updated lynis default version to 2.6.8
- drop support for EOL ansible version 2.2 and 2.3
- upgrade molecule
- initial release