initial commit

3 files changed, 27 insertions, 0 deletions

diff --git a/roles/selinux/defaults/main.yml b/roles/selinux/defaults/main.yml
new file mode 100644
index 0000000..1969f11
--- /dev/null
+++ b/roles/selinux/defaults/main.yml
@@ -0,0 +1 @@
+selinux_enabled: yes
diff --git a/roles/selinux/tasks/main.yml b/roles/selinux/tasks/main.yml
new file mode 100644
index 0000000..38a1e83
--- /dev/null
+++ b/roles/selinux/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: install packages
+  dnf:
+    name: '{{ selinux_packages }}'
+    state: present
+
+- name: start auditd
+  systemd:
+    name: auditd
+    enabled: yes
+    state: started
+
+- name: enable selinux
+  lineinfile:
+    path: /etc/selinux/config
+    regexp: ^SELINUX=
+    line: SELINUX={{ 'enforcing' if selinux_enabled else 'disabled' }}
+    state: present
+  register: selinux_config
+
+- name: reboot to apply selinux mode
+  reboot:
+  when: selinux_config.changed
diff --git a/roles/selinux/vars/main.yml b/roles/selinux/vars/main.yml
new file mode 100644
index 0000000..25515b7
--- /dev/null
+++ b/roles/selinux/vars/main.yml
@@ -0,0 +1,4 @@
+selinux_packages:
+  - selinux-policy-targeted
+  - audit
+  - setroubleshoot-server