2018-06-15 15:34:11 +02:00
|
|
|
|
---
|
|
|
|
|
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
|
|
|
|
|
|
|
|
|
|
# ipr-cnrs.debian_security default variables [[[
|
|
|
|
|
# ==============================================
|
|
|
|
|
|
|
|
|
|
# Packages and installation [[[
|
|
|
|
|
# -----------------------------
|
|
|
|
|
|
|
|
|
|
# .. envvar:: deb_sec__base_packages [[[
|
|
|
|
|
#
|
|
|
|
|
# List of base packages to install.
|
|
|
|
|
deb_sec__required_packages:
|
|
|
|
|
- 'debsecan'
|
|
|
|
|
# ]]]
|
|
|
|
|
# .. envvar:: deb_sec__deploy_state [[[
|
|
|
|
|
#
|
|
|
|
|
# What is the desired state which this role should achieve? Possible options:
|
|
|
|
|
#
|
|
|
|
|
# ``present``
|
|
|
|
|
# Default. Ensure that required packages are installed and configured as
|
|
|
|
|
# requested.
|
|
|
|
|
#
|
|
|
|
|
# ``absent``
|
|
|
|
|
# Ensure that required packages are uninstalled and configuration removed.
|
|
|
|
|
#
|
|
|
|
|
deb_sec__deploy_state: 'present'
|
|
|
|
|
# ]]]
|
|
|
|
|
# ]]]
|
2018-06-15 16:21:09 +02:00
|
|
|
|
# Debsecan [[[
|
|
|
|
|
# ------------
|
|
|
|
|
|
|
|
|
|
# .. envvar:: deb_sec__debsecan_report [[[
|
|
|
|
|
#
|
|
|
|
|
# If daily reports should be enable. Possible options :
|
|
|
|
|
#
|
|
|
|
|
# ``true``
|
|
|
|
|
# Default.
|
|
|
|
|
#
|
|
|
|
|
# ``false``
|
|
|
|
|
#
|
|
|
|
|
deb_sec__debsecan_report: true
|
|
|
|
|
# ]]]
|
|
|
|
|
# .. envvar:: deb_sec__debsecan_suite [[[
|
|
|
|
|
#
|
|
|
|
|
# The suite name used to produce more informative output. Possible options are
|
|
|
|
|
# all Debian (and derivative) codename (eg. stretch) not the temporal
|
|
|
|
|
# name (eg. stable,…).
|
|
|
|
|
#
|
|
|
|
|
# ``ansible_distribution_release``
|
|
|
|
|
# Default. Use ansible variable to determine the current codename.
|
|
|
|
|
#
|
|
|
|
|
deb_sec__debsecan_suite: '{{ ansible_distribution_release }}'
|
|
|
|
|
# ]]]
|
|
|
|
|
# .. envvar:: deb_sec__debsecan_mailto [[[
|
|
|
|
|
#
|
|
|
|
|
# Mail address to which reports are sent.
|
|
|
|
|
#
|
|
|
|
|
# ``root``
|
|
|
|
|
# Default.
|
|
|
|
|
#
|
|
|
|
|
deb_sec__debsecan_mailto: 'root'
|
|
|
|
|
# ]]]
|
|
|
|
|
# .. envvar:: deb_sec__debsecan_source [[[
|
|
|
|
|
#
|
|
|
|
|
# The URL from which vulnerability data is downloaded.
|
2018-06-15 17:12:30 +02:00
|
|
|
|
#
|
2018-06-15 16:21:09 +02:00
|
|
|
|
# ``''``
|
|
|
|
|
# Default. Empty for the built-in default.
|
|
|
|
|
#
|
|
|
|
|
deb_sec__debsecan_source: ''
|
|
|
|
|
# ]]]
|
2018-06-15 17:12:30 +02:00
|
|
|
|
# .. envvar:: deb_sec__debsecan_cron_disabled [[[
|
|
|
|
|
#
|
|
|
|
|
# If the Debsecan job should be disabled. Possible options :
|
|
|
|
|
#
|
|
|
|
|
# ``false``
|
|
|
|
|
# Default. According to Debsecan package.
|
|
|
|
|
#
|
|
|
|
|
# ``true``
|
|
|
|
|
# Comment the job in the cron file.
|
|
|
|
|
#
|
|
|
|
|
deb_sec__debsecan_cron_disabled: false
|
|
|
|
|
# ]]]
|
|
|
|
|
# .. envvar:: deb_sec__debsecan_cron_job [[[
|
|
|
|
|
#
|
|
|
|
|
# The command to execute for Debsecan cron.
|
|
|
|
|
#
|
|
|
|
|
# ``test -x /usr/bin/debsecan && /usr/bin/debsecan --cron``
|
|
|
|
|
# Default. According to Debsecan package.
|
|
|
|
|
#
|
|
|
|
|
deb_sec__debsecan_cron_job: 'test -x /usr/bin/debsecan && /usr/bin/debsecan --cron'
|
|
|
|
|
# ]]]
|
|
|
|
|
# .. envvar:: deb_sec__debsecan_cron_special_time [[[
|
|
|
|
|
#
|
|
|
|
|
# Periodicity of the cron job for Debsecan.
|
|
|
|
|
#
|
|
|
|
|
# ``daily``
|
|
|
|
|
# Default. Run the job everyday.
|
|
|
|
|
#
|
|
|
|
|
deb_sec__debsecan_cron_special_time: 'daily'
|
|
|
|
|
# ]]]
|
|
|
|
|
# .. envvar:: deb_sec__debsecan_cron_user [[[
|
|
|
|
|
#
|
|
|
|
|
# User whose run the job.
|
|
|
|
|
#
|
|
|
|
|
# ``daemon``
|
|
|
|
|
# Default. According to Debsecan package.
|
|
|
|
|
#
|
|
|
|
|
deb_sec__debsecan_cron_user: 'daemon'
|
|
|
|
|
# ]]]
|
2018-06-15 16:21:09 +02:00
|
|
|
|
# ]]]
|