Some configuration and tools to harden the security of Debian system
Go to file
Jeremy Gardais a079b3f117
Debsecan: Configuration
2018-06-15 16:21:09 +02:00
defaults Debsecan: Configuration 2018-06-15 16:21:09 +02:00
meta Install debsecan 2018-06-15 15:34:11 +02:00
tasks Debsecan: Configuration 2018-06-15 16:21:09 +02:00
templates/etc/default Debsecan: Configuration 2018-06-15 16:21:09 +02:00
tests Install debsecan 2018-06-15 15:34:11 +02:00
CHANGELOG.md Debsecan: Configuration 2018-06-15 16:21:09 +02:00
README.md Debsecan: Configuration 2018-06-15 16:21:09 +02:00

README.md

Debian Security

  1. Overview
  2. Role Variables
  3. Example Playbook
  4. Configuration
  5. Known Issues
  6. Development
  7. License
  8. Author Information

Overview

A role that provide some security tools for Debian.

Role Variables

  • deb_sec__required_packages: List of required packages [default: debsecan].
  • deb_sec__deploy_state: The desired state this role should achieve [default: present].
  • deb_sec__debsecan_report: If daily reports should be enable [default: true].
  • deb_sec__debsecan_suite: Suite name used to produce more informative output [default: {{ ansible_distribution_release }}].
  • deb_sec__debsecan_mailto: Mail address to which reports are sent [default: root].
  • deb_sec__debsecan_source: The URL from which vulnerability data is downloaded [default: ''].

Example Playbook

  • Default behaviour:
- hosts: my.debian.host
  roles:
    - role: ipr-cnrs.debian_security

Configuration

This role will:

  • Install some security tools (eg. Debsecan,…).
  • Configure Debsecan.

Development

This source code comes from our Gogs instance and the Github repo exist just to be able to send the role to Ansible Galaxy…

But feel free to send issue/PR anywhere :)

Thanks to this hook, Github automatically got updates from our Gogs instance :)

License

WTFPL

Author Information

Jérémy Gardais