1. Overview
2. Role Variables
3. Example Playbook
4. Configuration
5. Known Issues
6. Development
7. License
8. Author Information

A role that provide some security tools for Debian.

• deb_sec__required_packages : List of required packages [default : debsecan].
• deb_sec__deploy_state : The desired state this role should achieve [default : present].
• deb_sec__debsecan_report : If daily reports should be enable [default : true].
• deb_sec__debsecan_suite : Suite name used to produce more informative output [default : {{ ansible_distribution_release }}].
• deb_sec__debsecan_mailto : Mail address to which reports are sent [default : root].
• deb_sec__debsecan_source : The URL from which vulnerability data is downloaded [default : ''].
• deb_sec__debsecan_cron_disabled : If the Debsecan job should be disabled [default : false].
• deb_sec__debsecan_cron_job : The command to execute for Debsecan cron [default : test -x /usr/bin/debsecan && /usr/bin/debsecan --cron].
• deb_sec__debsecan_cron_special_time : Periodicity of the cron job for Debsecan [default : daily].
• deb_sec__debsecan_cron_user : User whose run the job [default : daemon].

• Default behaviour :

- hosts: my.debian.host
  roles:
    - role: ipr-cnrs.debian_security

This role will :

• Install some security tools (eg. Debsecan,…).
• Configure and set a cron job for Debsecan.

This source code comes from our Gogs instance and the Github repo exist just to be able to send the role to Ansible Galaxy…

But feel free to send issue/PR anywhere :)

Thanks to this hook, Github automatically got updates from our Gogs instance :)

WTFPL

Jérémy Gardais

• Source : on IPR's Gogs
• IPR (Institut de Physique de Rennes)