Fixes #277: Correct 20auto-upgrades filename in chapter 11 example.

Author: geerlingguy

security/main.yml

@@ -74,6 +74,25 @@
         state: started
         enabled: yes
 
+    # Automating updates for Debian systems.
+    - name: Install unattended upgrades package.
+      apt:
+        name: unattended-upgrades
+        state: present
+      when: ansible_os_family == 'Debian'
+
+    - name: Copy unattended-upgrades configuration files in place.
+      template:
+        src: "../templates/{{ item }}.j2"
+        dest: "/etc/apt/apt.conf.d/{{ item }}"
+        owner: root
+        group: root
+        mode: 0644
+      with_items:
+        - 20auto-upgrades
+        - 50unattended-upgrades
+      when: ansible_os_family == 'Debian'
+
     # Configuring a firewall with `firewalld` on RHEL.
     - name: Ensure firewalld is running.
       service:

security/templates/20auto-upgrades.j2

@@ -0,0 +1,3 @@
+# File: /etc/apt/apt.conf.d/20auto-upgrades
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";

security/templates/50unattended-upgrades.j2

@@ -0,0 +1,13 @@
+# File: /etc/apt/apt.conf.d/50unattended-upgrades
+Unattended-Upgrade::Automatic-Reboot "false";
+
+Unattended-Upgrade::DevRelease "false";
+
+Unattended-Upgrade::Allowed-Origins {
+        "${distro_id}:${distro_codename}";
+        "${distro_id}:${distro_codename}-security";
+        "${distro_id}ESM:${distro_codename}";
+//      "${distro_id}:${distro_codename}-updates";
+//      "${distro_id}:${distro_codename}-proposed";
+//      "${distro_id}:${distro_codename}-backports";
+};

tests/security.yml

@@ -1,3 +1,11 @@
 ---
+- hosts: all
+
+  tasks:
+    - name: Install Python SELinux library.
+      yum:
+        name: python3-libselinux
+        state: present
+
 # Security test.
 - import_playbook: ../security/main.yml