add initial run task, rename role vars

README.md

@@ -14,7 +14,7 @@ an open source security auditing tool.
 requirements.yml:
 
     - src: infothrill.lynis
-      version: v1.2.0
+      version: v2.0.0
 
 Install:
 
@@ -44,7 +44,7 @@ The directory to hold the Lynis installation.
 ```yml
 lynis_log_directory: /var/log/lynis
 ```
-The directory for the Lynis logs. Used by the cron job. By default Lynis will
+The directory for the Lynis logs. Used by the cron job. By default, Lynis will
 output the report to `stdout` and log to `/var/log/lynis.log` and
 `/var/log/lynis-report.dat`.
 
@@ -66,13 +66,20 @@ lynis_cron_weekday: "*"
 lynis_cron_hour: 3
 lynis_cron_minute: 30
 ```
-Lynis cron job configuration. The report, report log, and report data are all written to the `lynis_log_directory`.
+Lynis cron job configuration. The report, report log, and report data are
+all written to the `lynis_log_directory`.
 
 ```yml
-lynis_rotate: 14
+lynis_cron_rotate: 14
 ```
 How many logs to keep in rotation (only meaningful when `lynis_cron` is true).
 
+```yml
+lynis_cron_initial_run: false
+```
+Set this to true to trigger an initial cron job run after initial
+installation or version change of lynis.
+
 ## Dependencies
 
 None.
@@ -88,15 +95,21 @@ in 2018 by Paul Kremer.
 
 ## Changes
 
+### v2.0.0
+
+* added feature to run lynis on initial install or version change (`lynis_cron_initial_run`)
+* renamed variable `lynis_rotate` to `lynis_cron_rotate`
+* removed molecule playbooks that are just upstream copies
+
 ### v1.2.0
 
 * expanded cron configuration options
-* updated to lynis default version 2.6.8
+* updated lynis default version to 2.6.8
 
 ### v1.1
 
 * drop support for EOL ansible version 2.2 and 2.3
-* update molecule
+* upgrade molecule
 
 ### v1.0
 

defaults/main.yml

@@ -17,4 +17,7 @@ lynis_cron_weekday: "*"
 lynis_cron_hour: 3
 lynis_cron_minute: 30
 # how many logs to keep in rotation:
-lynis_rotate: 14
+lynis_cron_rotate: 14
+# set this to true if the cron job automation should be triggered
+# after initial installation or version change
+lynis_cron_initial_run: false

molecule/default/prepare.yml

@@ -3,9 +3,11 @@
   hosts: all
   gather_facts: false
   roles:
-    - role: robertdebock.bootstrap
+    - {role: robertdebock.bootstrap, bootstrap_preview: false}
   post_tasks:
-    # some recent debian based docker images do not have /etc/cron.d:
+    # Some recent debian based docker images do not have /etc/cron.d .
+    # For the purpose of this test, we assume the target environment
+    # has cron, thus we install it:
     - name: "Ensure cron is installed"
       package:
         name: cron

tasks/cron.yml

@@ -42,3 +42,9 @@
     minute: "{{ lynis_cron_minute }}"
     user: root
     job: "{{ lynis_config_directory }}/cron.sh"
+
+- name: "[cron] initial audit run"
+  command: "{{ lynis_config_directory }}/cron.sh"
+  args:
+    chdir: /
+  when: lynis_cron_initial_run and ( _lynis_installed_version.stdout != lynis_version )

templates/logrotate.j2

@@ -2,7 +2,7 @@
 {{ lynis_log_directory }}/report.dat
 {{ lynis_log_directory }}/report.log
 {
-        rotate {{ lynis_rotate|default(14) }}
+        rotate {{ lynis_cron_rotate|default(14) }}
         missingok
         notifempty
         compress