chore: update ansible-auditship role with new configurations, tasks, and improvements

leucos · leucos · commit 75bbd68e7c77 · 2025-07-31T19:03:03.000+02:00
diff --git a/.ansible/roles/devopsworks.auditship b/.ansible/roles/devopsworks.auditship
@@ -0,0 +1 @@
+/home/leucos/dev/sysadmin/ansible-roles/ansible-auditship
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,7 +1,6 @@
----
 name: CI
 
-on:
+'on':
   push:
     branches: [main, master]
   pull_request:
@@ -62,7 +61,7 @@ jobs:
         run: |
           python3 -m pip install --upgrade pip
           python3 -m pip install ansible molecule molecule-plugins[podman]
-          
+
       - name: Install Podman
         run: |
           sudo apt-get update
@@ -72,4 +71,4 @@ jobs:
         run: molecule test
         env:
           PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
+          ANSIBLE_FORCE_COLOR: '1'
diff --git a/.yamllint b/.yamllint
@@ -1,4 +1,3 @@
----
 extends: default
 
 rules:
@@ -7,5 +6,11 @@ rules:
     level: warning
   comments:
     min-spaces-from-content: 1
+  comments-indentation: false
   document-start:
-    present: false
+    present: false
+  braces:
+    max-spaces-inside: 1
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,2 +1 @@
----
 auditship_force_install: false
diff --git a/meta/main.yml b/meta/main.yml
@@ -1,21 +1,19 @@
----
-
 dependencies: []
 
 galaxy_info:
   author: DevopsWorks
-  company: DevopsWorks 
+  company: DevopsWorks
   description: ansible-auditship role (https://gitlab.com/devopsworks/tools/auditship)
   license: MIT
   min_ansible_version: "2.4"
   role_name: auditship
   namespace: devopsworks
   platforms:
-  - name: Ubuntu
-    versions:
-    - all
-  - name: Debian
-    versions:
-    - all
+    - name: Ubuntu
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
   galaxy_tags:
-  - system
+    - system
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -1,4 +1,3 @@
----
 - name: Converge
   hosts: all
   become: true
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -1,4 +1,3 @@
----
 dependency:
   name: galaxy
 
@@ -54,4 +53,4 @@ scenario:
     - side_effect
     - verify
     - cleanup
-    - destroy
+    - destroy
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
@@ -1,4 +1,3 @@
----
 - name: Prepare
   hosts: all
   become: true
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -1,4 +1,3 @@
----
 - name: Verify
   hosts: all
   become: true
@@ -50,4 +49,4 @@
       ansible.builtin.command: /usr/local/bin/auditship -version
       register: version_output
       changed_when: false
-      failed_when: version_output.rc != 0
+      failed_when: version_output.rc != 0
diff --git a/tasks/auditship.yml b/tasks/auditship.yml
@@ -1,24 +1,28 @@
----
 - name: Finds latest auditship version
   ansible.builtin.uri:
     url: https://gitlab.com/api/v4/projects/71363433/releases
     status_code:
       - 200
   register: __auditship_repo_info
-  check_mode: no
+  check_mode: false
 
-- ansible.builtin.set_fact:
+- name: Set auditship version facts
+  ansible.builtin.set_fact:
     __auditship_latest_version: '{{ __auditship_repo_info.json.0["name"] }}'
     __auditship_latest_num_version: '{{ __auditship_repo_info.json.0["name"] | regex_replace("v","") }}'
 
 - name: Fetches latest version
   ansible.builtin.get_url:
-    url: https://gitlab.com/api/v4/projects/71363433/packages/generic/auditship/{{ __auditship_latest_num_version }}/auditship-linux-amd64-{{ __auditship_latest_version }}.gz
+    url: >
+      https://gitlab.com/api/v4/projects/71363433/packages/generic/auditship/
+      {{ __auditship_latest_num_version }}/auditship-linux-amd64-{{ __auditship_latest_version }}.gz
     dest: /tmp/auditship.gz
+    mode: '0644'
 
 - name: Fetch & unarchive auditship
-  # can not use unachive, does not support gz
+  # can not use unarchive, does not support gz
   ansible.builtin.shell: gunzip -cd /tmp/auditship.gz > /usr/local/bin/auditship && chmod 755 /usr/local/bin/auditship
+  changed_when: true
 
 - name: Add auditd plugin config
   ansible.builtin.template:
@@ -27,12 +31,12 @@
     dest: /etc/audit/plugins.d/auditship.conf
     owner: root
     group: root
-    mode: 0640
+    mode: '0640'
 
 - name: Add logrotate config
   ansible.builtin.get_url:
     url: https://gitlab.com/devopsworks/tools/auditship/-/raw/master/auditship.logrotate.conf?ref_type=heads
     dest: /etc/logrotate.d/auditship
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,12 +1,12 @@
----
 - name: Checks if auditship is already present
   ansible.builtin.stat:
     path: /usr/local/bin/auditship
   register: __auditship
   tags:
     - always
 
-- include_tasks:
+- name: Include auditship installation tasks
+  ansible.builtin.include_tasks:
     file: auditship.yml
     apply:
       tags:

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+/home/leucos/dev/sysadmin/ansible-roles/ansible-auditship`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1 @@`
`1`		`----`
`2`	`1`	`auditship_force_install: false`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`----`
`2`	`1`	`- name: Converge`
`3`	`2`	`hosts: all`
`4`	`3`	`become: true`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`----`
`2`	`1`	`- name: Prepare`
`3`	`2`	`hosts: all`
`4`	`3`	`become: true`