The use is easy, just download this project to your machine, modify the inventory with your targets machines ( Keep in mind is important to use the same pattern as it's in the example ), modify if you want the variables, and drop your generated tailored rule set to the tailored folder, and you are ready to go
All the variables are setted in the file: Group_vars/all.yml - Every single one is commented, so the user can know exatly what it configures
Some of the roles are experimental, like the autofix, is not heavily tested and can make some issues in your target systems, Use it at your own risk
This Ansible will use several roles for every action it takes, you can find them all in roles folder
1️⃣- You will need to get the repo in order to launch or run it.
git clone https://github.com/pvcasillasg/OpenScap_Ansible.gitThere you go, but, now what?
2️⃣- Well in this point you will need to provide a custom tailored rule set from Scap Workbench ( good luck with that, i''m personally think is a little tricky )
Tip
Use the same pattern as the default xml: ssg-rhel9-ds.xml => ssg-rhel9-ds-tailored.xml
3️⃣- OK, i have my tailor roule set and it matches the pattern you told me, so now? EASY! let's modify this to make it work how you want
The easiest way is to open your favorite text editor, and go directly to the main.yml folder.
Quick explanation of the control_vars:
⬇️❗ Uses de openscap generate remedies module, to create a ansible playbook which help you to solve several issues ❗⬇️
autogenerate_ansible: false / true⬇️❗ Will execute a scan report, and fetch the pre and pro reports to your machine and skip the rest of code ❗⬇️
only_post: false / trueCaution
auto_fix: false / trueYou setted up your control variables? Are you sure? worth expend a moment to double check, i'll wait.
Checked? all good? Ok, fine.
Now you will modify your inventorie, so you can use this where you want, i will explain as much as i can if you are new to ansible, don't worry
You can change the inventory as you want
Warning
5️⃣ - Well, that's all, easy to configure in order to make it running! So let's execute it
ansible-playbook -i inventories/$env/$hosts.ymlYeah, that's it, you dont need any extra variables, or anything else.
Tip
If you want to execute this only in a specific host, instead of remove the rest of them from the inventory, you can use:
ansible-playbook -i inventories/$env/$hosts.yml -l $target_hostPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
Feel free to contact me if you need help!
