cleaned up linting and added AAP on Code ready

2021-12-06 16:01:14 -06:00
parent a12658cbcc
commit 12f51112ab
135 changed files with 724 additions and 403 deletions
--- a/playbooks/security/hardening.yml
+++ b/playbooks/security/hardening.yml
@@ -1,31 +0,0 @@
---
- name: harden linux systems
-  hosts: "{{ HOSTS | default('web') }}"
-  become: true
-  vars:
-    - harden_firewall: false
-    - harden_time: false
-    - harden_ssh: false
-    - harden_pci: false
-
-  tasks:
-    - name: Configure Firewall
-      when: harden_firewall | bool
-      include_role:
-        name: linux-system-roles.firewall
-
-    - name: Configure Timesync
-      when: harden_time | bool
-      include_role:
-        name: redhat.rhel_system_roles.timesync
-
-    - name: SSH Hardening
-      when: harden_ssh | bool
-      include_role:
-        name: dev-sec.ssh-hardening
-
-    # run with --skip-tags accounts_passwords_pam_faillock_deny
-    - name: Apply PCI Baseline
-      when: harden_pci | bool
-      include_role:
-        name: redhatofficial.rhel8_pci_dss
--- a/playbooks/security/openscap.yml
+++ b/playbooks/security/openscap.yml
@@ -1,45 +0,0 @@
---
- name: build openscap report for rhel7
-  hosts: web
-  gather_facts: false
-
-  vars:
-    file_path: "/var/www/html/openscap/"
-    ssg_schema: "/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml"
-
-  tasks:
-    - name: make sure openscap-scanner and scap-security guide are installed
-      yum:
-        name:
-          - openscap-scanner
-          - scap-security-guide
-        state: present
-
-    - name: Check if  SCAP Security Guide (SSG) profile is available
-      stat:
-        path: "{{ssg_schema}}"
-
-    - name: create HTML report
-      command: "oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results report.xml --report index.html {{ssg_schema}}"
-      register: command_result
-      failed_when: "'Error' in command_result.stderr"
-
-    - name: Create directory if it does falset exist
-      become: true
-      file:
-        path: "{{file_path}}"
-        state: directory
-
-    - name: move files into httpd
-      become: true
-      copy:
-        src: ./{{item}}
-        dest: "{{file_path}}/{{item}}"
-        remote_src: true
-      loop:
-        - report.xml
-        - index.html
-
-    - name: DISPLAY LINK TO INVENTORY REPORT
-      debug:
-        msg: "Please go to http://{{ansible_host}}/openscap"