불필요 검사 제외

ansible/security_check/roles/security_check/tasks/create_readme.yml

@@ -0,0 +1,53 @@
+---
+- name: check status [1]
+  shell: |
+    grep -H '☆ 취약 개수 = [1-9]' *.txt | cut -d: -f1
+  args:
+    chdir: /volume1/platform/05_Security_check/
+  register: check_status
+  when: "'nas' in group_names"
+
+- name: check status [2]
+  shell: |
+    grep -H '☆ 취약 개수 = [0]' *.txt | cut -d: -f1
+  args:
+    chdir: /volume1/platform/05_Security_check/
+  register: check_ok
+  when: "'nas' in group_names"
+
+- debug:
+    msg: "취약점 {{ check_status.stdout_lines }} 발견"
+  when: "'nas' in group_names"
+
+- debug:
+    msg: "취약점 {{ check_ok.stdout_lines }} 양호"
+  when: "'nas' in group_names"
+
+- name: Create README.md
+  template:
+    src: README.md.j2
+    dest: "{{ playbook_dir }}/README.md"
+  delegate_to: 127.0.0.1
+  when: "'nas' in group_names"
+
+- name: git push
+  shell: |
+    pwd
+    ls -al
+    git config --global user.email "sa_8001@ex-em.com"
+    git config --global user.name "ByeonJungHun"
+    git clone https://{{ git_user }}:{{ git_key }}@github.com/CloudMOA/security_check.git ~/security_check
+    cp ./README.md ~/security_check/README.md
+    cd ~/security_check
+    cat README.md
+    pwd
+    ls -al
+    git add .
+    git commit -m "검사 결과 업데이트"
+    git push
+  delegate_to: 127.0.0.1
+  when: "'nas' in group_names"
+
+- debug:
+    msg: "결과 확인 : https://github.com/CloudMOA/security_check.git"
+  when: "'nas' in group_names"

ansible/security_check/roles/security_check/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- include: start.yml
+
+- include: create_readme.yml

ansible/security_check/roles/security_check/tasks/start.yml

@@ -0,0 +1,64 @@
+---
+- name: Create Result Directory
+  file:
+    path: ~/checklist/
+    state: directory
+  delegate_to: 127.0.0.1
+  when: "'nas' in group_names"
+
+- name: Old Result File Delete
+  shell: |
+    rm -rf /volume1/platform/05_Security_check/*
+  when: "'nas' in group_names"
+
+- name: Copy Security Check Script
+  copy:
+    src: "{{ role_path }}/files/ubuntu.sh"
+    dest: /tmp/ubuntu.sh
+  when: ansible_distribution == 'Ubuntu'
+
+- name: Start Security Check Script (become -> true)
+  shell: |
+    chdir
+    bash /tmp/ubuntu.sh
+    rm -rf /tmp/ubuntu.sh
+  become: true
+  when: ansible_distribution == 'Ubuntu'
+
+- name: Copy Result File to Local
+  fetch:
+    src: "/tmp/{{ ansible_hostname }}.{{ ansible_host }}.txt"
+    dest: "~/checklist/"
+    flat: yes
+  when: ansible_distribution == 'Ubuntu'
+
+- name: Delete Result File (become -> true)
+  file:
+    path: "/tmp/{{ ansible_hostname }}.txt"
+    state: absent
+  become: true
+  when: ansible_distribution == 'Ubuntu'
+
+- name: Find Copy File Name
+  shell: ls -l ~/checklist/ | awk 'NR>1 {print $9}'
+  register: copy_file
+  delegate_to: 127.0.0.1
+  when: "'nas' in group_names"
+
+- debug:
+    msg: "파일 {{ copy_file.stdout_lines }} 발견"
+  when: "'nas' in group_names"
+
+- name: Copy Result File to NAS
+  copy:
+    src: "~/checklist/{{ item }}"
+    dest: /volume1/platform/05_Security_check
+  with_items: "{{ copy_file.stdout_lines }}"
+  when: "'nas' in group_names"
+
+- name: Delete Result File (become -> true)
+  file:
+    path: "~/checklist/"
+    state: absent
+  delegate_to: 127.0.0.1
+  when: "'nas' in group_names"