Initial Debian 8 support
This patch sets up the security role so that it applies cleanly to systems running Debian 8. Change-Id: I15f003b8f57922b354143a86ccb34df77759e723
This commit is contained in:
parent
5eb302c24a
commit
4e9a8a1d6a
@ -13,6 +13,17 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Check if AppArmor is disabled at boot time
|
||||
shell: "dmesg | grep -i apparmor"
|
||||
register: dmesg_apparmor_output
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
tags:
|
||||
- high
|
||||
- V-71989
|
||||
|
||||
- name: Ensure AppArmor is running
|
||||
service:
|
||||
name: apparmor
|
||||
@ -22,6 +33,7 @@
|
||||
- ansible_os_family == "Debian"
|
||||
- security_rhel7_enable_linux_security_module | bool
|
||||
- not check_mode
|
||||
- '"AppArmor disabled by boot time parameter" not in dmesg_apparmor_output.stdout'
|
||||
tags:
|
||||
- high
|
||||
- V-71989
|
||||
|
@ -91,7 +91,7 @@
|
||||
src: 20auto-upgrades
|
||||
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
||||
when:
|
||||
- ansible_os_family | lower == 'ubuntu'
|
||||
- ansible_os_family | lower == 'debian'
|
||||
- security_rhel7_automatic_package_updates | bool
|
||||
tags:
|
||||
- packages
|
||||
|
@ -13,9 +13,10 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
## Variables for Ubuntu 14.04 (trusty) and Ubuntu 16.04 (xenial)
|
||||
# The following variables apply only to Ubuntu 14.04 (trusty) and Ubuntu 16.04
|
||||
# (xenial) and deployers should not override them.
|
||||
## Variables for Ubuntu and Debian
|
||||
# The following variables apply only to Ubuntu 14.04 (trusty), Ubuntu 16.04
|
||||
# (xenial), and Debian 8 (jessie). Deployers should not need to override these
|
||||
# variables.
|
||||
#
|
||||
# For more details, see 'vars/main.yml'.
|
||||
|
Loading…
x
Reference in New Issue
Block a user