36 lines
933 B
YAML
36 lines
933 B
YAML
---
|
|
- name: Run Lynis security audit on Proxmox hosts
|
|
hosts: proxmox
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Update apt cache
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
become: true
|
|
|
|
- name: Install Lynis
|
|
ansible.builtin.apt:
|
|
name: lynis
|
|
state: present
|
|
become: true
|
|
|
|
- name: Run Lynis audit
|
|
ansible.builtin.shell: |
|
|
lynis audit system
|
|
register: lynis_audit_output
|
|
changed_when: false
|
|
become: true
|
|
|
|
- name: Ensure log directory exists on local machine
|
|
ansible.builtin.file:
|
|
path: "{{ playbook_dir }}/logs"
|
|
state: directory
|
|
delegate_to: localhost
|
|
run_once: true
|
|
|
|
- name: Save Lynis audit report to local log file
|
|
ansible.builtin.copy:
|
|
content: "{{ lynis_audit_output.stdout }}"
|
|
dest: "{{ playbook_dir }}/logs/{{ inventory_hostname }}_lynis_report.log"
|
|
delegate_to: localhost |