Skip to content

Commit

Permalink
Revert "kernel_hardening: Use Lynis from the playbook itself"
Browse files Browse the repository at this point in the history 
This reverts commit b4bebc8.

The sysctl handler is run only after the Lynis tests (in the playbook),
so we'll run Lynis from the Actions instead.
  • Loading branch information
@pyllyukko
pyllyukko committed Dec 17, 2024
1 parent b4bebc8 commit 4571d2f
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion .github/workflows/ansible-playbook.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,9 @@ jobs:
- name: Run Lynis (pre-harden)
run: sudo lynis audit system --skip-plugins --tests-from-group kernel_hardening
- name: Run Ansible playbook for kernel
run: ansible-playbook harden.yml --tags kernel --extra-vars run_lynis_after_hardening=true
run: ansible-playbook harden.yml --tags kernel
- name: Run Lynis
run: sudo lynis audit system --skip-plugins --tests-from-group kernel_hardening
- name: chmod Lynis log
run: sudo chmod -c 644 /var/log/lynis.log
- name: Archive Lynis log
Expand Down

0 comments on commit 4571d2f

Please sign in to comment.