diff options
| -rw-r--r-- | roles/common/tasks/apt.yml | 6 | ||||
| -rw-r--r-- | roles/common/templates/etc/default/debsecan.j2 | 17 |
2 files changed, 23 insertions, 0 deletions
diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index d172384..57a4d10 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -35,6 +35,12 @@ - apt.conf.d/10periodic - apt.conf.d/50unattended-upgrades +- name: Configure the Debian Security Analyzer + template: src=etc/default/debsecan.j2 + dest=/etc/default/debsecan + owner=root group=root + mode=0644 + - name: Start cron service: name=cron state=started tags: diff --git a/roles/common/templates/etc/default/debsecan.j2 b/roles/common/templates/etc/default/debsecan.j2 new file mode 100644 index 0000000..71fee1c --- /dev/null +++ b/roles/common/templates/etc/default/debsecan.j2 @@ -0,0 +1,17 @@ +# Configuration file for debsecan. Contents of this file should +# adhere to the KEY=VALUE shell syntax. This file may be edited by +# debsecan's scripts, but your modifications are preserved. + +# If true, enable daily reports, sent by email. +REPORT=true + +# For better reporting, specify the correct suite here, using the code +# name (that is, "sid" instead of "unstable"). +SUITE={{ ansible_lsb.codename }} + +# Mail address to which reports are sent. +MAILTO=admin@fripost.org + +# The URL from which vulnerability data is downloaded. Empty for the +# built-in default. +SOURCE= |