Closed txsastre closed 5 months ago
uk-bolly
commented
8 months ago hi @txsastre
The audit can run in an automated way from remediate, i you look at the defaults/main.yml you will see a few settings you may want to change. setup_audit run_audit
There is more information in the readthedocs there has been a few questions around this so watch the community as we may post a video to provide further information. Hope that helps uk-bolly
txsastre
commented
8 months ago hi there thank you very much I've changed in /defaults/main.yml
##########################################
## Refer to vars/auditd.yml for any other settings ##
# Allow audit to setup the requirements including installing git (if option chosen and downloading and adding goss binary to system)
setup_audit: true
# enable audits to run - this runs the audit and get the latest content
run_audit: true
# Only run Audit do not remediate
audit_only: true
# As part of audit_only
# This will enable files to be copied back to control node
fetch_audit_files: truebut it also has modified the clients (hardened)
also checked community in https://discord.io/ansible-lockdown but it does not load a video of how to configure all together would be really great.
by the way thank you very much for you playbooks and work
uk-bolly
commented
5 months ago hi @txsastre
I believe we have been speaking on discord, with the audit_only option? Can you confirm this is now working as expected and this can now be closed?
Many thanks
uk-bolly
txsastre
commented
5 months ago yes it it.
we solved the problems via Discord. This can be close. Thanks
Sorry about this question, I used the "remediate ansible" version and it's really great.
Now I would like to be able to run tests against the servers, as I read the remediation Ansible is not recommended for testing, here I am reading about Goss.
How does this work ? Can I run it from ansible ? Or do I have to run from each server
Sorry about this simple question but "goss" is very new for me.