From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sat, 4 Feb 2023 01:23:43 -0500
Subject: initial commit

---
 roles/selinux/tasks/main.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 roles/selinux/tasks/main.yml

(limited to 'roles/selinux/tasks')

diff --git a/roles/selinux/tasks/main.yml b/roles/selinux/tasks/main.yml
new file mode 100644
index 0000000..38a1e83
--- /dev/null
+++ b/roles/selinux/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: install packages
+  dnf:
+    name: '{{ selinux_packages }}'
+    state: present
+
+- name: start auditd
+  systemd:
+    name: auditd
+    enabled: yes
+    state: started
+
+- name: enable selinux
+  lineinfile:
+    path: /etc/selinux/config
+    regexp: ^SELINUX=
+    line: SELINUX={{ 'enforcing' if selinux_enabled else 'disabled' }}
+    state: present
+  register: selinux_config
+
+- name: reboot to apply selinux mode
+  reboot:
+  when: selinux_config.changed
-- 
cgit