From 4571d2f654e4c6eb76c5795cf3b7e34182a16f7d Mon Sep 17 00:00:00 2001
From: pyllyukko <pyllyukko@maimed.org>
Date: Tue, 17 Dec 2024 19:28:10 +0200
Subject: [PATCH] Revert "kernel_hardening: Use Lynis from the playbook itself"

This reverts commit b4bebc89190c91ae5e754dc0a9961d2b0f8dab17.

The sysctl handler is run only after the Lynis tests (in the playbook),
so we'll run Lynis from the Actions instead.
---
 .github/workflows/ansible-playbook.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ansible-playbook.yml b/.github/workflows/ansible-playbook.yml
index b5d797b2..3d8b55c8 100644
--- a/.github/workflows/ansible-playbook.yml
+++ b/.github/workflows/ansible-playbook.yml
@@ -173,7 +173,9 @@ jobs:
       - name: Run Lynis (pre-harden)
         run: sudo lynis audit system --skip-plugins --tests-from-group kernel_hardening
       - name: Run Ansible playbook for kernel
-        run: ansible-playbook harden.yml --tags kernel --extra-vars run_lynis_after_hardening=true
+        run: ansible-playbook harden.yml --tags kernel
+      - name: Run Lynis
+        run: sudo lynis audit system --skip-plugins --tests-from-group kernel_hardening
       - name: chmod Lynis log
         run: sudo chmod -c 644 /var/log/lynis.log
       - name: Archive Lynis log