Skip to content

Commit

Permalink
Added test for file_permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@pyllyukko
pyllyukko committed Dec 17, 2024
1 parent b47ba5f commit 7670da2
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions .github/workflows/ansible-playbook.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,3 +143,23 @@ jobs:
with:
name: lynis-mac_frameworks.log
path: /var/log/lynis.log
file_permissions:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Lynis
run: ansible-playbook -v harden.yml --tags lynis --skip-tags slackware,centos
- name: Run Lynis (pre-harden)
run: sudo lynis audit system --skip-plugins --tests-from-group file_permissions
- name: Run Ansible playbook for cron & permissions
run: ansible-playbook harden.yml --tags cron,permissions
- name: Run Lynis
run: sudo lynis audit system --skip-plugins --tests-from-group file_permissions
- name: chmod Lynis log
run: sudo chmod -c 644 /var/log/lynis.log
- name: Archive Lynis log
uses: actions/upload-artifact@v4
with:
name: lynis-file_permissions.log
path: /var/log/lynis.log

0 comments on commit 7670da2

Please sign in to comment.