Debsecan: Configuration

This commit is contained in:
Jeremy Gardais 2018-06-15 16:21:09 +02:00
parent 40856f2e06
commit a079b3f117
Signed by: jegardai
GPG Key ID: E759BAA22501AF32
5 changed files with 81 additions and 3 deletions

View File

@ -2,3 +2,4 @@
### Features
* Install debsecan
* Debsecan: Configuration

View File

@ -15,9 +15,13 @@ A role that provide some security tools for Debian.
## Role Variables
* **deb_sec__required_packages**: List of required packages [default: `debsecan`]
* **deb_sec__deploy_state**: The desired state this role should achieve. [default: `present`].
* **deb_sec__required_packages**: List of required packages [default: `debsecan`].
* **deb_sec__deploy_state**: The desired state this role should achieve [default: `present`].
* **deb_sec__debsecan_report**: If daily reports should be enable [default: `true`].
* **deb_sec__debsecan_suite**: Suite name used to produce more informative output [default: `{{ ansible_distribution_release }}`].
* **deb_sec__debsecan_mailto**: Mail address to which reports are sent [default: `root`].
* **deb_sec__debsecan_source**: The URL from which vulnerability data is downloaded [default: `''`].
*
## Example Playbook
* Default behaviour:
@ -32,6 +36,7 @@ A role that provide some security tools for Debian.
This role will:
* Install some security tools (eg. Debsecan,…).
* Configure Debsecan.
## Development

View File

@ -27,3 +27,47 @@ deb_sec__required_packages:
deb_sec__deploy_state: 'present'
# ]]]
# ]]]
# Debsecan [[[
# ------------
# .. envvar:: deb_sec__debsecan_report [[[
#
# If daily reports should be enable. Possible options:
#
# ``true``
# Default.
#
# ``false``
#
deb_sec__debsecan_report: true
# ]]]
# .. envvar:: deb_sec__debsecan_suite [[[
#
# The suite name used to produce more informative output. Possible options are
# all Debian (and derivative) codename (eg. stretch) not the temporal
# name (eg. stable,…).
#
# ``ansible_distribution_release``
# Default. Use ansible variable to determine the current codename.
#
deb_sec__debsecan_suite: '{{ ansible_distribution_release }}'
# ]]]
# .. envvar:: deb_sec__debsecan_mailto [[[
#
# Mail address to which reports are sent.
#
# ``root``
# Default.
#
deb_sec__debsecan_mailto: 'root'
# ]]]
# .. envvar:: deb_sec__debsecan_source [[[
#
# The URL from which vulnerability data is downloaded.
# ``''``
# Default. Empty for the built-in default.
#
deb_sec__debsecan_source: ''
# ]]]
# ]]]

View File

@ -12,3 +12,12 @@
install_recommends: False
with_flattened:
- '{{ deb_sec__required_packages }}'
# Debsecan [[[1
- name: Debsecan configuration
template:
src: 'etc/default/debsecan.j2'
dest: '/etc/default/debsecan'
owner: 'root'
group: 'root'
mode: '0644'
when: (deb_sec__deploy_state == "present")

View File

@ -0,0 +1,19 @@
# {{ ansible_managed }}
#
# Configuration file for debsecan. Contents of this file should
# adhere to the KEY=VALUE shell syntax. This file may be edited by
# debsecan's scripts, but your modifications are preserved.
# If true, enable daily reports, sent by email.
REPORT={{ deb_sec__debsecan_report }}
# For better reporting, specify the correct suite here, using the code
# name (that is, "sid" instead of "unstable").
SUITE={{ deb_sec__debsecan_suite }}
# Mail address to which reports are sent.
MAILTO={{ deb_sec__debsecan_mailto }}
# The URL from which vulnerability data is downloaded. Empty for the
# built-in default.
SOURCE={{ deb_sec__debsecan_source }}