add ansible automation script

ansible/playbooks/run_lynis_audit.yml

@@ -0,0 +1,36 @@
+---
+- name: Run Lynis security audit on Proxmox hosts
+  hosts: proxmox
+  gather_facts: false
+
+  tasks:
+    - name: Update apt cache
+      ansible.builtin.apt:
+        update_cache: true
+      become: true
+
+    - name: Install Lynis
+      ansible.builtin.apt:
+        name: lynis
+        state: present
+      become: true
+
+    - name: Run Lynis audit
+      ansible.builtin.shell: |
+        lynis audit system
+      register: lynis_audit_output
+      changed_when: false
+      become: true
+
+    - name: Ensure log directory exists on local machine
+      ansible.builtin.file:
+        path: "{{ playbook_dir }}/logs"
+        state: directory
+      delegate_to: localhost
+      run_once: true
+
+    - name: Save Lynis audit report to local log file
+      ansible.builtin.copy:
+        content: "{{ lynis_audit_output.stdout }}"
+        dest: "{{ playbook_dir }}/logs/{{ inventory_hostname }}_lynis_report.log"
+      delegate_to: localhost