cellinfo
/
ansible.debian_security
2
0
Fork 0
Code Issues Pull Requests Releases Activity

Debsecan: Configuration

This commit is contained in:
Jeremy Gardais 2018-06-15 16:21:09 +02:00
parent 40856f2e06
commit a079b3f117
Signed by: jegardai
GPG Key ID: E759BAA22501AF32
5 changed files with 81 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -2,3 +2,4 @@
### Features ### Features
* Install debsecan * Install debsecan
* Debsecan: Configuration

11
README.md
View File

@ -15,9 +15,13 @@ A role that provide some security tools for Debian.
## Role Variables ## Role Variables
* **deb_sec__required_packages**: List of required packages [default: `debsecan`] * **deb_sec__required_packages**: List of required packages [default: `debsecan`].
* **deb_sec__deploy_state**: The desired state this role should achieve. [default: `present`]. * **deb_sec__deploy_state**: The desired state this role should achieve [default: `present`].
* **deb_sec__debsecan_report**: If daily reports should be enable [default: `true`].
* **deb_sec__debsecan_suite**: Suite name used to produce more informative output [default: `{{ ansible_distribution_release }}`].
* **deb_sec__debsecan_mailto**: Mail address to which reports are sent [default: `root`].
* **deb_sec__debsecan_source**: The URL from which vulnerability data is downloaded [default: `''`].
*
## Example Playbook ## Example Playbook
* Default behaviour: * Default behaviour:
@ -32,6 +36,7 @@ A role that provide some security tools for Debian.
This role will: This role will:
* Install some security tools (eg. Debsecan,…). * Install some security tools (eg. Debsecan,…).
* Configure Debsecan.
## Development ## Development

44
defaults/main.yml
View File

@ -27,3 +27,47 @@ deb_sec__required_packages:
deb_sec__deploy_state: 'present' deb_sec__deploy_state: 'present'
# ]]] # ]]]
# ]]] # ]]]
# Debsecan [[[
# ------------
# .. envvar:: deb_sec__debsecan_report [[[
#
# If daily reports should be enable. Possible options:
#
# ``true``
# Default.
#
# ``false``
#
deb_sec__debsecan_report: true
# ]]]
# .. envvar:: deb_sec__debsecan_suite [[[
#
# The suite name used to produce more informative output. Possible options are
# all Debian (and derivative) codename (eg. stretch) not the temporal
# name (eg. stable,…).
#
# ``ansible_distribution_release``
# Default. Use ansible variable to determine the current codename.
#
deb_sec__debsecan_suite: '{{ ansible_distribution_release }}'
# ]]]
# .. envvar:: deb_sec__debsecan_mailto [[[
#
# Mail address to which reports are sent.
#
# ``root``
# Default.
#
deb_sec__debsecan_mailto: 'root'
# ]]]
# .. envvar:: deb_sec__debsecan_source [[[
#
# The URL from which vulnerability data is downloaded.
# ``''``
# Default. Empty for the built-in default.
#
deb_sec__debsecan_source: ''
# ]]]
# ]]]

9
tasks/main.yml
View File

@ -12,3 +12,12 @@
install_recommends: False install_recommends: False
with_flattened: with_flattened:
- '{{ deb_sec__required_packages }}' - '{{ deb_sec__required_packages }}'
# Debsecan [[[1
- name: Debsecan configuration
template:
src: 'etc/default/debsecan.j2'
dest: '/etc/default/debsecan'
owner: 'root'
group: 'root'
mode: '0644'
when: (deb_sec__deploy_state == "present")

19
templates/etc/default/debsecan.j2 Normal file
View File

@ -0,0 +1,19 @@
# {{ ansible_managed }}
#
# Configuration file for debsecan. Contents of this file should
# adhere to the KEY=VALUE shell syntax. This file may be edited by
# debsecan's scripts, but your modifications are preserved.
# If true, enable daily reports, sent by email.
REPORT={{ deb_sec__debsecan_report }}
# For better reporting, specify the correct suite here, using the code
# name (that is, "sid" instead of "unstable").
SUITE={{ deb_sec__debsecan_suite }}
# Mail address to which reports are sent.
MAILTO={{ deb_sec__debsecan_mailto }}
# The URL from which vulnerability data is downloaded. Empty for the
# built-in default.
SOURCE={{ deb_sec__debsecan_source }}