diff --git a/ansible.cfg b/ansible.cfg index 1988601..60b9f33 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,8 +1,10 @@ [defaults] -inventory = checklist -roles_path = roles +become = true +inventory = checklist +roles_path = roles deprecation_warnings = false display_skipped_hosts = no -ansible_home = . +ansible_home = . stdout_callback = debug host_key_checking = false + diff --git a/checklist b/checklist index da72629..b048da4 100644 --- a/checklist +++ b/checklist @@ -3,8 +3,8 @@ server nas [server] -10.10.43.111 ansible_port=2222 ansible_user=dev2 -10.10.43.112 ansible_port=2222 ansible_user=dev2 +10.10.43.200 ansible_port=2222 ansible_user=dev2 +10.10.43.201 ansible_port=2222 ansible_user=dev2 [nas] -10.10.43.42 ansible_port=2222 ansible_user=exemdev2 \ No newline at end of file +10.10.43.42 ansible_port=2222 ansible_user=exemdev2 diff --git a/roles/security_check/.DS_Store b/roles/security_check/.DS_Store new file mode 100644 index 0000000..3959d3f Binary files /dev/null and b/roles/security_check/.DS_Store differ diff --git a/roles/security_check/files/rocky.sh b/roles/security_check/files/rocky.sh index 7d64139..05d80d3 100644 --- a/roles/security_check/files/rocky.sh +++ b/roles/security_check/files/rocky.sh @@ -1,6 +1,6 @@ #!/bin/bash -resultfile="/tmp/$(hostname)_$(date '+%F-%H:%M').txt" +resultfile="/tmp/$(hostname).txt" U_01() { echo "" >> $resultfile 2>&1 diff --git a/roles/security_check/files/ubuntu.sh b/roles/security_check/files/ubuntu.sh index 27902b4..290c037 100644 --- a/roles/security_check/files/ubuntu.sh +++ b/roles/security_check/files/ubuntu.sh @@ -1,6 +1,6 @@ #!/bin/bash -resultfile="/tmp/$(hostname)_$(date '+%F-%H:%M').txt" +resultfile="/tmp/$(hostname).txt" U_01() { echo "" >> $resultfile 2>&1 diff --git a/roles/security_check/tasks/create_readme.yml b/roles/security_check/tasks/create_readme.yml new file mode 100644 index 0000000..f2a5f2f --- /dev/null +++ b/roles/security_check/tasks/create_readme.yml @@ -0,0 +1,12 @@ +--- +- name: check status + shell: | + grep -H '☆ 취약 개수 = [1-9]' *.txt | cut -d: -f1 + args: + chdir: /volume1/platform/05_Security_check/ + register: check_status + when: "'nas' in group_names" + +- debug: + msg: "{{ check_status.stdout_lines }}" + when: "'nas' in group_names" \ No newline at end of file diff --git a/roles/security_check/tasks/main.yml b/roles/security_check/tasks/main.yml index 50662fb..6fcfe9a 100644 --- a/roles/security_check/tasks/main.yml +++ b/roles/security_check/tasks/main.yml @@ -1,2 +1,4 @@ --- - include: start.yml + +- include: create_readme.yml diff --git a/roles/security_check/tasks/start.yml b/roles/security_check/tasks/start.yml index 87ee3c5..b5028a0 100644 --- a/roles/security_check/tasks/start.yml +++ b/roles/security_check/tasks/start.yml @@ -24,24 +24,16 @@ rm -rf /tmp/ubuntu.sh when: ansible_distribution == 'Ubuntu' -- name: File Name Search - shell: | - ls |grep {{ ansible_hostname }} - register: result - when: ansible_distribution == 'Ubuntu' - args: - chdir: /tmp/ - - name: Copy Result File to Local fetch: - src: "/tmp/{{ result.stdout }}" + src: "/tmp/{{ ansible_hostname }}.txt" dest: "/resultdir/" flat: yes when: ansible_distribution == 'Ubuntu' - name: Delete Result File file: - path: "/tmp/{{ result.stdout }}" + path: "/tmp/{{ ansible_hostname }}.txt" state: absent when: ansible_distribution == 'Ubuntu' @@ -57,4 +49,10 @@ dest: /volume1/platform/05_Security_check with_items: "{{ copy_file.stdout_lines }}" when: "'nas' in group_names" - \ No newline at end of file + +- name: Delete Result File + file: + path: "/resultdir" + state: absent + delegate_to: 127.0.0.1 + when: ansible_distribution == 'Ubuntu' \ No newline at end of file diff --git a/roles/security_check/templates/README.md.j2 b/roles/security_check/templates/README.md.j2 new file mode 100644 index 0000000..e69de29