From 334e203f8b426aaec1a681707259426e17fd07ba Mon Sep 17 00:00:00 2001
From: Sebastian Gumprich <sebastian.gumprich@38.de>
Date: Mon, 23 Jan 2017 19:50:02 +0100
Subject: [PATCH] install initramfs-tools

These are not installed by default on debian 8 but needed for module generation.

see: https://github.com/dev-sec/ansible-os-hardening/issues/111
---
 tasks/sysctl.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tasks/sysctl.yml b/tasks/sysctl.yml
index 0ef4bcd81..38f03cc64 100644
--- a/tasks/sysctl.yml
+++ b/tasks/sysctl.yml
@@ -6,6 +6,10 @@
   template: src='rhel_sysconfig_init.j2' dest='/etc/sysconfig/init' owner=root group=root mode=0544
   when: ansible_distribution == 'RedHat' or ansible_distribution == 'Fedora' or ansible_distribution == 'CentOS'
 
+- name: install initramfs-tools
+  apt: name='initramfs-tools' state=installed update_cache=true
+  when: ansible_os_family == 'Debian' and os_security_kernel_enable_module_loading
+
 - name: rebuild initramfs with starting pack of modules, if module loading at runtime is disabled
   template: src='modules.j2' dest='/etc/initramfs-tools/modules' owner=root group=root mode=0440
   when: ansible_os_family == 'Debian' and os_security_kernel_enable_module_loading