Added test for category "malware"

.github/workflows/ansible-playbook.yml

@@ -101,3 +101,23 @@ jobs:
         with:
           name: lynis-shells.log
           path: /var/log/lynis.log
+  malware:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Install Lynis
+        run: ansible-playbook -v harden.yml --tags lynis --skip-tags slackware,centos
+      - name: Run Lynis (pre-harden)
+        run: sudo lynis audit system --skip-plugins --tests-from-group malware
+      - name: Run Ansible playbook for clamav, rkhunter & chkrootkit
+        run: ansible-playbook harden.yml --tags clamav,rkhunter,chkrootkit --skip-tags slackware,yara
+      - name: Run Lynis
+        run: sudo lynis audit system --skip-plugins --tests-from-group malware
+      - name: chmod Lynis log
+        run: sudo chmod -c 644 /var/log/lynis.log
+      - name: Archive Lynis log
+        uses: actions/upload-artifact@v4
+        with:
+          name: lynis-malware.log
+          path: /var/log/lynis.log

tasks/clamav.yml

@@ -14,7 +14,7 @@
         - debian
 
     - name: ClamAV Debian x86_64
-      when: (ansible_distribution == "Debian" or ansible_distribution == "Kali") and ansible_architecture == "x86_64"
+      when: (ansible_distribution == "Debian" or ansible_distribution == "Kali" or ansible_distribution == "Ubuntu") and ansible_architecture == "x86_64"
       tags:
         - packages
         - debian

tasks/debian_packages.yml

@@ -1,7 +1,7 @@
 ---
 - name: Install security software
   tags: debian
-  when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
+  when: ansible_distribution == "Debian" or ansible_distribution == "Kali" or ansible_distribution == "Ubuntu"
   become: true
   block:
     - name: Install security software
@@ -184,7 +184,7 @@
 
 - name: Configure chkrootkit
   become: true
-  when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
+  when: ansible_distribution == "Debian" or ansible_distribution == "Kali" or ansible_distribution == "Ubuntu"
   tags:
     - chkrootkit
     - debian

tasks/rkhunter.yml

@@ -7,12 +7,12 @@
       ansible.builtin.apt:
         name: rkhunter
         update_cache: true
-      when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
+      when: ansible_distribution == "Debian" or ansible_distribution == "Kali" or ansible_distribution == "Ubuntu"
       tags:
         - packages
         - debian
     - name: Get package_facts to check if libwww-perl package is installed (Debian)
-      when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
+      when: ansible_distribution == "Debian" or ansible_distribution == "Kali" or ansible_distribution == "Ubuntu"
       tags:
         - debian
         - check
@@ -47,7 +47,7 @@
         path: /etc/default/rkhunter
         regexp: '^({{ item.key }}=).*'
         replace: '\g<1>"{{ item.value }}"'
-      when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
+      when: ansible_distribution == "Debian" or ansible_distribution == "Kali" or ansible_distribution == "Ubuntu"
       with_dict:
         CRON_DAILY_RUN: "yes"
         APT_AUTOGEN: "yes"