roles/selinux/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

- name: install packages
  dnf:
    name: '{{ selinux_packages }}'
    state: present

- name: start auditd
  systemd:
    name: auditd
    enabled: yes
    state: started

- name: enable selinux
  lineinfile:
    path: /etc/selinux/config
    regexp: ^SELINUX=
    line: SELINUX={{ 'enforcing' if selinux_enabled else 'disabled' }}
    state: present
  register: selinux_config

- name: reboot to apply selinux mode
  reboot:
  when: selinux_config.changed