fetch audit and compliance facts added

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-03-31 14:50:40 +01:00 · 2025-03-31 14:50:40 +01:00 · 576531e986
commit 576531e986
parent 82904557c7
4 changed files with 134 additions and 0 deletions
--- a/templates/etc/ansible/compliance_facts.j2
+++ b/templates/etc/ansible/compliance_facts.j2
@ -0,0 +1,39 @@
+# CIS Hardening Carried out
+# Added as part of ansible-lockdown CIS baseline
+# provided by Mindpoint Group - A Tyto Athene Company
+
+[Benchmark_Details]
+# Benchmark release
+Benchmark_release = CIS-{{ benchmark_version }}
+Benchmark_run_date = {{ '%Y-%m-%d - %H:%M:%S' | ansible.builtin.strftime }}
+# If options set (doesn't mean it ran all controls)
+level_1_hardening_enabled = {{ rhel9cis_level_1 }}
+level_2_hardening_enabled = {{ rhel9cis_level_2 }}
+
+{% if ansible_run_tags | length > 0 %}
+# If tags used to stipulate run level
+{% if 'level1-server' in ansible_run_tags %}
+Level_1_Server_tag_run = true
+{% endif %}
+{% if 'level2-server' in ansible_run_tags %}
+Level_2_Server_tag_run = true
+{% endif %}
+{% if 'level1-workstation' in ansible_run_tags %}
+Level_1_workstation_tag_run = true
+{% endif %}
+{% if 'level2-workstation' in ansible_run_tags %}
+Level_2_workstation_tag_run = true
+{% endif %}
+{% endif %}
+
+[Benchmark_Audit_Details]
+{% if run_audit %}
+# Audit run
+audit_file_location_local = {{ audit_log_dir }}
+{% if not audit_only %}
+audit_summary = {{ post_audit_results }}
+{% endif %}
+{% if fetch_audit_output %}
+audit_files_location_central = {{ audit_output_destination }}
+{% endif %}
+{% endif %}