diff options
Diffstat (limited to 'roles/selinux/tasks/main.yml')
-rw-r--r-- | roles/selinux/tasks/main.yml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/roles/selinux/tasks/main.yml b/roles/selinux/tasks/main.yml new file mode 100644 index 0000000..38a1e83 --- /dev/null +++ b/roles/selinux/tasks/main.yml @@ -0,0 +1,22 @@ +- name: install packages + dnf: + name: '{{ selinux_packages }}' + state: present + +- name: start auditd + systemd: + name: auditd + enabled: yes + state: started + +- name: enable selinux + lineinfile: + path: /etc/selinux/config + regexp: ^SELINUX= + line: SELINUX={{ 'enforcing' if selinux_enabled else 'disabled' }} + state: present + register: selinux_config + +- name: reboot to apply selinux mode + reboot: + when: selinux_config.changed |