--- # Copyright 2015, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Gather variables for each operating system include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - "{{ ansible_distribution | lower }}.yml" - "{{ ansible_os_family | lower }}.yml" tags: - always # NOTE(major): This task differs from other OSA roles because it has # "always_run" set. This is required for check/audit mode to operate # properly. - name: Check init system command: cat /proc/1/comm register: _pid1_name changed_when: False always_run: True tags: - always - name: Set the name of pid1 set_fact: pid1_name: "{{ _pid1_name.stdout }}" tags: - always - name: Check for check/audit mode command: /bin/true register: noop_result changed_when: False tags: - always - name: Set facts set_fact: check_mode: "{{ noop_result | skipped }}" systemd_running: "{{ pid1_name == 'systemd' }}" linux_security_module: "{{ (ansible_os_family == 'Debian') | ternary('apparmor','selinux') }}" tags: - always - include: rhel6stig/main.yml when: - stig_version == 'rhel6' # NOTE(mhayden): RHEL 7 STIG content is still under development. Do not run # these tasks against a production environment at this time. - include: rhel7stig/main.yml when: - stig_version == 'rhel7'