Skip to content

Commit

Permalink
Added test for mac_frameworks
Browse files Browse the repository at this point in the history
  • Loading branch information
@pyllyukko
pyllyukko committed Dec 17, 2024
1 parent d0e6027 commit d65114a
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 3 deletions.
20 changes: 20 additions & 0 deletions .github/workflows/ansible-playbook.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,3 +123,23 @@ jobs:
with:
name: lynis-malware.log
path: /var/log/lynis.log
mac_frameworks:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Lynis
run: ansible-playbook -v harden.yml --tags lynis --skip-tags slackware,centos
- name: Run Lynis (pre-harden)
run: sudo lynis audit system --skip-plugins --tests-from-group mac_frameworks
- name: Run Ansible playbook for apparmor
run: ansible-playbook harden.yml --tags apparmor
- name: Run Lynis
run: sudo lynis audit system --skip-plugins --tests-from-group mac_frameworks
- name: chmod Lynis log
run: sudo chmod -c 644 /var/log/lynis.log
- name: Archive Lynis log
uses: actions/upload-artifact@v4
with:
name: lynis-mac_frameworks.log
path: /var/log/lynis.log
6 changes: 3 additions & 3 deletions tasks/apparmor.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
- name: Install AppArmor
when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
when: ansible_distribution == "Debian" or ansible_distribution == "Kali" or ansible_distribution == "Ubuntu"
become: true
ansible.builtin.apt:
name: ['apparmor', 'apparmor-profiles', 'apparmor-utils']
Expand Down Expand Up @@ -31,7 +31,7 @@
with_items:
- apparmor=1
- security=apparmor
when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
when: ansible_distribution == "Debian" or ansible_distribution == "Kali" or ansible_distribution == "Ubuntu"
tags:
- configuration
- apparmor
Expand Down Expand Up @@ -94,7 +94,7 @@
- usr.sbin.postqueue
- usr.lib.dovecot.dovecot-lda
become: true
when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
when: ansible_distribution == "Debian" or ansible_distribution == "Kali" or ansible_distribution == "Ubuntu"
block:
- name: Copy extra profiles
ansible.builtin.copy:
Expand Down

0 comments on commit d65114a

Please sign in to comment.