Hello Guys,
Its an extended version of my previous project where an i need to also generate the report after applying the CIS compliance to RHEL 9 server. I also need to display the report so what i did is i have installed httpd server on top of report genration and display it in the html format on the same server
here is my sample playbook.
---
- name: Genrate openscaf report | Rhel 9
hosts: all
gather_facts: true
become: true
tasks:
- name: Install all required packages
ansible.builtin.dnf:
name: "{{ item }}"
state: present
loop:
- openscap-scanner
- scap-security-guide
- name: Get stats of the file
ansible.builtin.stat:
path: /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
register: file_data
- name: Assert that the file exists
ansible.builtin.assert:
that:
- file_data.stat.exists
fail_msg: "The required file /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml does not exist."
success_msg: "File existence verified we have profile."
- name: Create directory for compliance report
ansible.builtin.file:
path: /var/log/compliance
state: directory
mode: '0755'
- name: scan and genrate report
ansible.builtin.shell: |
oscap xccdf eval \
--profile xccdf_org.ssgproject.content_profile_cis_server_l1 \
--results /var/log/compliance/cis-l1-results.xml \
--report /var/log/compliance/cis-l1-report.html \
/usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
register: report
ignore_errors: true
- name: "install some issential package"
ansible.builtin.dnf:
name: "{{ item }}"
state: present
loop:
- httpd
- python3-pip
- name: Install bottle python package
ansible.builtin.pip:
name: json2html
- name: "start httpd service"
service:
name: httpd
state: started
enabled: true
- name: make sure port 80 is allowed in firewall
ansible.posix.firewalld:
service: http
permanent: true
state: enabled
immediate: true
- name: Move report to html root for validation
ansible.builtin.copy:
src: /var/log/compliance/cis-l1-report.html
dest: /var/www/html/cis-l1-report.html
mode: '0644'
remote_src: true
No comments:
Post a Comment