51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
---
|
|
- name: build openscap report for rhel7
|
|
hosts: all
|
|
gather_facts: false
|
|
|
|
vars:
|
|
file_path: "/var/www/html/openscap/"
|
|
ssg_schema: "/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml"
|
|
|
|
tasks:
|
|
- name: make sure openscap-scanner and scap-security guide are installed
|
|
yum:
|
|
name:
|
|
- openscap-scanner
|
|
- scap-security-guide
|
|
state: present
|
|
|
|
- name: Check if SCAP Security Guide (SSG) profile is available
|
|
stat:
|
|
path: "{{ssg_schema}}"
|
|
|
|
# - name: create HTML report
|
|
# command: "oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_standard --results report.xml --report index.html {{ssg_schema}}"
|
|
# register: command_result
|
|
# failed_when: "'Error' in command_result.stderr"
|
|
|
|
- name: create HTML report
|
|
command: "oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results report.xml --report index.html {{ssg_schema}}"
|
|
register: command_result
|
|
failed_when: "'Error' in command_result.stderr"
|
|
|
|
- name: Create directory if it does not exist
|
|
become: yes
|
|
file:
|
|
path: "{{file_path}}"
|
|
state: directory
|
|
|
|
- name: move files into httpd
|
|
become: yes
|
|
copy:
|
|
src: ./{{item}}
|
|
dest: "{{file_path}}/{{item}}"
|
|
remote_src: yes
|
|
loop:
|
|
- report.xml
|
|
- index.html
|
|
|
|
- name: DISPLAY LINK TO INVENTORY REPORT
|
|
debug:
|
|
msg: "Please go to http://{{ansible_host}}/openscap"
|