summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/common/tasks/apt.yml6
-rw-r--r--roles/common/templates/etc/default/debsecan.j217
2 files changed, 23 insertions, 0 deletions
diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml
index d172384..57a4d10 100644
--- a/roles/common/tasks/apt.yml
+++ b/roles/common/tasks/apt.yml
@@ -35,6 +35,12 @@
- apt.conf.d/10periodic
- apt.conf.d/50unattended-upgrades
+- name: Configure the Debian Security Analyzer
+ template: src=etc/default/debsecan.j2
+ dest=/etc/default/debsecan
+ owner=root group=root
+ mode=0644
+
- name: Start cron
service: name=cron state=started
tags:
diff --git a/roles/common/templates/etc/default/debsecan.j2 b/roles/common/templates/etc/default/debsecan.j2
new file mode 100644
index 0000000..71fee1c
--- /dev/null
+++ b/roles/common/templates/etc/default/debsecan.j2
@@ -0,0 +1,17 @@
+# Configuration file for debsecan. Contents of this file should
+# adhere to the KEY=VALUE shell syntax. This file may be edited by
+# debsecan's scripts, but your modifications are preserved.
+
+# If true, enable daily reports, sent by email.
+REPORT=true
+
+# For better reporting, specify the correct suite here, using the code
+# name (that is, "sid" instead of "unstable").
+SUITE={{ ansible_lsb.codename }}
+
+# Mail address to which reports are sent.
+MAILTO=admin@fripost.org
+
+# The URL from which vulnerability data is downloaded. Empty for the
+# built-in default.
+SOURCE=