diff --git a/molecule/mysql_hardening/verify.yml b/molecule/mysql_hardening/verify.yml index 33fb90691..1a8bc6639 100644 --- a/molecule/mysql_hardening/verify.yml +++ b/molecule/mysql_hardening/verify.yml @@ -44,7 +44,7 @@ shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4" - name: Execute cinc-auditor tests - command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/mysql-baseline.git" + command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/mysql-baseline" register: test_results changed_when: false ignore_errors: true diff --git a/molecule/nginx_hardening/verify.yml b/molecule/nginx_hardening/verify.yml index aee89c012..56a0b1faa 100644 --- a/molecule/nginx_hardening/verify.yml +++ b/molecule/nginx_hardening/verify.yml @@ -47,7 +47,7 @@ shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4" - name: Execute cinc-auditor tests - command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/nginx-baseline.git" + command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/nginx-baseline" register: test_results changed_when: false ignore_errors: true diff --git a/molecule/os_hardening/verify.yml b/molecule/os_hardening/verify.yml index 5cff0e2a4..0d0beb84f 100644 --- a/molecule/os_hardening/verify.yml +++ b/molecule/os_hardening/verify.yml @@ -51,7 +51,7 @@ shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4" - name: Execute cinc-auditor tests - command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/linux-baseline.git" + command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/linux-baseline" register: test_results changed_when: false ignore_errors: true diff --git a/molecule/ssh_hardening/verify.yml b/molecule/ssh_hardening/verify.yml index 004fa408c..b1cd2d975 100644 --- a/molecule/ssh_hardening/verify.yml +++ b/molecule/ssh_hardening/verify.yml @@ -42,7 +42,7 @@ shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4" - name: Execute cinc-auditor tests - command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/ssh-baseline.git" + command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/nginx-baseline" register: test_results changed_when: false ignore_errors: true diff --git a/roles/os_hardening/handlers/main.yml b/roles/os_hardening/handlers/main.yml index af07f00f6..0d6ba194e 100644 --- a/roles/os_hardening/handlers/main.yml +++ b/roles/os_hardening/handlers/main.yml @@ -1,3 +1,9 @@ --- - name: Update-initramfs command: 'update-initramfs -u' + +- name: restart-auditd + command: + cmd: 'service auditd restart' # rhel: see: https://access.redhat.com/solutions/2664811 + warn: false # sadly 'service' module fails in that case also by using 'use: service' + when: molecule_yml is not defined # restarting auditd in a container does not work diff --git a/roles/os_hardening/tasks/auditd.yml b/roles/os_hardening/tasks/auditd.yml index 44e635e32..059087639 100644 --- a/roles/os_hardening/tasks/auditd.yml +++ b/roles/os_hardening/tasks/auditd.yml @@ -3,6 +3,7 @@ package: name: '{{ auditd_package }}' state: 'present' + tags: auditd - name: Configure auditd | package-08 template: @@ -11,3 +12,5 @@ owner: 'root' group: 'root' mode: '0640' + notify: 'restart-auditd' + tags: auditd