updated features facts and audit fetch
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
c755e9ed71
commit
9ac5740127
|
|
@ -106,10 +106,6 @@ audit_conf_dest: "/opt"
|
|||
# Where the audit logs are stored
|
||||
audit_log_dir: '/opt'
|
||||
|
||||
## Ability to collect and take audit files moving to a centralised location
|
||||
# This enables the collection of the files from the host
|
||||
fetch_audit_output: false
|
||||
|
||||
# Method of getting,uploading the summary files
|
||||
## Ensure access and permissions are avaiable for these to occur.
|
||||
## options are
|
||||
|
|
|
|||
|
|
@ -10,14 +10,6 @@
|
|||
delegate_to: localhost
|
||||
become: false
|
||||
|
||||
- name: Audit_only | Get audits from systems and put in group dir
|
||||
when: fetch_audit_files
|
||||
ansible.builtin.fetch:
|
||||
dest: "{{ audit_capture_files_dir }}/{{ inventory_hostname }}/"
|
||||
flat: true
|
||||
mode: 'go-wx'
|
||||
src: "{{ pre_audit_outfile }}"
|
||||
|
||||
- name: Audit_only | Show Audit Summary
|
||||
when: audit_only
|
||||
ansible.builtin.debug:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
# Stage to copy audit output to a centralised location
|
||||
|
||||
- name: "FETCH_AUDIT_FILES | Fetch files and copy to controller"
|
||||
- name: "POST | FETCH | Fetch files and copy to controller"
|
||||
when: audit_output_collection_method == "fetch"
|
||||
ansible.builtin.fetch:
|
||||
src: "{{ item }}"
|
||||
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
# Added this option for continuity but could be changed by adjusting the variable audit_conf_dest
|
||||
# Allowing backup to one location
|
||||
- name: "FETCH_AUDIT_FILES | Copy files to location available to managed node"
|
||||
- name: "POST | FETCH | Copy files to location available to managed node"
|
||||
when: audit_output_collection_method == "copy"
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
|
|
@ -25,21 +25,21 @@
|
|||
mode: 'u-x,go-wx'
|
||||
flat: true
|
||||
failed_when: false
|
||||
register: discovered_audit_fetch_copy_state
|
||||
register: discovered_audit_copy_state
|
||||
loop:
|
||||
- pre_audit_outfile
|
||||
- post_audit_outfile
|
||||
- "{{ pre_audit_outfile }}"
|
||||
- "{{ post_audit_outfile }}"
|
||||
|
||||
- name: "FETCH_AUDIT_FILES | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
|
||||
- name: "POST | FETCH | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
|
||||
when:
|
||||
- (discovered_audit_fetch_state is defined and not discovered_audit_fetch_state.changed) or
|
||||
(discovered_audit_copy_state is defined and not discovered_audit_copy_state.changed)
|
||||
- (audit_output_collection_method == "fetch" and not discovered_audit_fetch_state.changed) or
|
||||
(audit_output_collection_method == "copy" and not discovered_audit_copy_state.changed)
|
||||
block:
|
||||
- name: "FETCH_AUDIT_FILES | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
|
||||
- name: "POST | FETCH | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
|
||||
ansible.builtin.debug:
|
||||
msg: "Warning!! Unable to write to localhost {{ audit_output_destination }} for audit file copy"
|
||||
|
||||
- name: "FETCH_AUDIT_FILES | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
|
||||
- name: "POST | FETCH | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
|
||||
vars:
|
||||
warn_control_id: "FETCH_AUDIT_FILES"
|
||||
ansible.builtin.import_tasks:
|
||||
|
|
|
|||
|
|
@ -169,13 +169,16 @@
|
|||
ansible.builtin.import_tasks:
|
||||
file: post_remediation_audit.yml
|
||||
|
||||
- name: Add ansible file showing Benchmark and levels applied
|
||||
when: create_benchmark_facts
|
||||
- name: Add ansible file showing Benchmark and levels applied if audit details not present
|
||||
when:
|
||||
- create_benchmark_facts
|
||||
- (post_audit_summary is defined) or
|
||||
(ansible_local['compliance_facts']['lockdown_audit_details']['audit_summary'] is undefined and post_audit_summary is undefined)
|
||||
tags:
|
||||
- always
|
||||
- benchmark
|
||||
block:
|
||||
- name: Create ansible facts directory
|
||||
- name: Create ansible facts directory if audit facts not present
|
||||
ansible.builtin.file:
|
||||
path: "{{ ansible_facts_path }}"
|
||||
state: directory
|
||||
|
|
@ -183,13 +186,13 @@
|
|||
group: root
|
||||
mode: 'u=rwx,go=rx'
|
||||
|
||||
- name: Create ansible facts file
|
||||
- name: Create ansible facts file and levels applied if audit facts not present
|
||||
ansible.builtin.template:
|
||||
src: etc/ansible/compliance_facts.j2
|
||||
dest: "{{ ansible_facts_path }}/compliance_facts.fact"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "u-x,go-wx"
|
||||
mode: 'u-x,go=r'
|
||||
|
||||
- name: Fetch audit files
|
||||
when:
|
||||
|
|
@ -198,7 +201,6 @@
|
|||
tags: always
|
||||
ansible.builtin.import_tasks:
|
||||
file: fetch_audit_output.yml
|
||||
|
||||
- name: Show Audit Summary
|
||||
when: run_audit
|
||||
tags: run_audit
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ Level_2_workstation_tag_run = true
|
|||
[lockdown_audit_details]
|
||||
{% if run_audit %}
|
||||
# Audit run
|
||||
audit_run_date = {{ '%Y-%m-%d - %H:%M:%S' | ansible.builtin.strftime }}
|
||||
audit_file_local_location = {{ audit_log_dir }}
|
||||
{% if not audit_only %}
|
||||
audit_summary = {{ post_audit_results }}
|
||||
|
|
|
|||
Loading…
Reference in New Issue