diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/selinux | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'roles/selinux')
-rw-r--r-- | roles/selinux/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/selinux/tasks/main.yml | 22 | ||||
-rw-r--r-- | roles/selinux/vars/main.yml | 4 |
3 files changed, 27 insertions, 0 deletions
diff --git a/roles/selinux/defaults/main.yml b/roles/selinux/defaults/main.yml new file mode 100644 index 0000000..1969f11 --- /dev/null +++ b/roles/selinux/defaults/main.yml @@ -0,0 +1 @@ +selinux_enabled: yes diff --git a/roles/selinux/tasks/main.yml b/roles/selinux/tasks/main.yml new file mode 100644 index 0000000..38a1e83 --- /dev/null +++ b/roles/selinux/tasks/main.yml @@ -0,0 +1,22 @@ +- name: install packages + dnf: + name: '{{ selinux_packages }}' + state: present + +- name: start auditd + systemd: + name: auditd + enabled: yes + state: started + +- name: enable selinux + lineinfile: + path: /etc/selinux/config + regexp: ^SELINUX= + line: SELINUX={{ 'enforcing' if selinux_enabled else 'disabled' }} + state: present + register: selinux_config + +- name: reboot to apply selinux mode + reboot: + when: selinux_config.changed diff --git a/roles/selinux/vars/main.yml b/roles/selinux/vars/main.yml new file mode 100644 index 0000000..25515b7 --- /dev/null +++ b/roles/selinux/vars/main.yml @@ -0,0 +1,4 @@ +selinux_packages: + - selinux-policy-targeted + - audit + - setroubleshoot-server |