2018-06-15 15:34:11 +02:00
|
|
|
---
|
|
|
|
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
|
|
|
|
#
|
|
|
|
# tasks file for debian_security
|
|
|
|
|
|
|
|
# Manage required system packages [[[1
|
|
|
|
- name: Ensure required packages are in there desired state
|
|
|
|
package:
|
2023-01-24 09:33:17 +01:00
|
|
|
name: '{{ (deb_sec__required_packages | flatten) }}'
|
2018-06-15 15:34:11 +02:00
|
|
|
state: '{{ "present" if (deb_sec__deploy_state == "present")
|
|
|
|
else "absent" }}'
|
|
|
|
install_recommends: False
|
2019-02-27 13:47:11 +01:00
|
|
|
register: pkg_result
|
|
|
|
until: pkg_result is success
|
|
|
|
|
2018-06-15 16:21:09 +02:00
|
|
|
# Debsecan [[[1
|
2018-06-15 17:12:30 +02:00
|
|
|
# Configuration [[[
|
2018-06-15 16:21:09 +02:00
|
|
|
- name: Debsecan configuration
|
|
|
|
template:
|
|
|
|
src: 'etc/default/debsecan.j2'
|
|
|
|
dest: '/etc/default/debsecan'
|
|
|
|
owner: 'root'
|
|
|
|
group: 'root'
|
|
|
|
mode: '0644'
|
|
|
|
when: (deb_sec__deploy_state == "present")
|
2018-06-15 17:12:30 +02:00
|
|
|
# ]]]
|
|
|
|
# Cron job [[[
|
|
|
|
- name: Debsecan disable default cron file
|
|
|
|
file:
|
|
|
|
path: '/etc/cron.d/debsecan'
|
|
|
|
state: absent
|
|
|
|
|
|
|
|
- name: Debsecan manage cron job
|
|
|
|
cron:
|
|
|
|
cron_file: '/etc/cron.d/debsecan_ansible'
|
|
|
|
name: 'debsecan_ansible'
|
|
|
|
job: '{{ deb_sec__debsecan_cron_job }}'
|
|
|
|
disabled: '{{ deb_sec__debsecan_cron_disabled }}'
|
|
|
|
special_time: '{{ deb_sec__debsecan_cron_special_time }}'
|
|
|
|
user: '{{ deb_sec__debsecan_cron_user }}'
|
|
|
|
when: (deb_sec__deploy_state == "present")
|
|
|
|
|
|
|
|
- name: Debsecan purge cron job
|
|
|
|
file:
|
|
|
|
path: '/etc/cron.d/debsecan_ansible'
|
|
|
|
state: absent
|
|
|
|
when: (deb_sec__deploy_state == "absent")
|
|
|
|
# ]]]
|