From bab0cc06635c98cf7dcf20eac04fe8151ee51ef7 Mon Sep 17 00:00:00 2001 From: Sam James Date: Mon, 20 May 2024 23:54:57 +0100 Subject: [PATCH] feat: init --- .github/workflows/test.yml | 16 +++++++ .gitignore | 3 ++ README.md | 89 ++++++++++++++++++++++++++++++++++++++ defaults/main.yml | 8 ++++ requirements.txt | 2 + tasks/main.yml | 23 ++++++++++ 6 files changed, 141 insertions(+) create mode 100644 .github/workflows/test.yml create mode 100644 .gitignore create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 requirements.txt create mode 100644 tasks/main.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..cf8b9c9 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,16 @@ +name: Test + +on: + push: + +jobs: + lint: + runs-on: ubuntu-latest + container: python:3.11.5 + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - run: pip install -r requirements.txt + - run: ansible-lint defaults tasks diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ebf869b --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.idea +.vscode +.DS_Store \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..e8db60c --- /dev/null +++ b/README.md @@ -0,0 +1,89 @@ +# Ansible Role - Ecomscan + +An Ansible Role that installs and runs Ecomscan on Linux + + +## Requirements +None. + +## Role Variables + +Available variables are listed below, along with default values (see defaults/main.yml): + +```yaml +ecomscan_binary_source: 'https://ecomscan.com/downloads/linux-amd64/ecomscan' +``` +The source url of the ecomscan binary, can be changed if use a different mirror. + +```yaml +ecomscan_binary_path: ~/bin/ecomscan +``` +File location of where to store the downloaded binary + +```yaml +ecomscan_key: trial +``` +Ecomscan license key to use for the scan + +```yaml +ecomscan_report_email: root@localhost.local +``` +Comma seperated list of email addresses to send the Ecomscan email report to + +```yaml +ecomscan_project_root: /var/www/vhosts/magento2/htdocs/ +``` +The absolute file path to the Magento installation you want to scan + +```yaml +ecomscan_minimum_confidence: 50 +``` +The minimum confidence value that Ecomscan uses to determine if a file is clean + +```yaml +ecomscan_maximum_filesize: 20000000 +``` +The maximum file size in bytes to scan, anything larger will be skipped. + +```yaml +ecomscan_deep: false +``` +Boolean toggle to decide if Ecomscan should perform a deep or regular scan + + +## Example Playbook +An example playbook usage +```yaml +# ~/ecomscan/playbooks/scan.yml +- name: Ecomscan + hosts: all + roles: + - { role: ecomscan, tags: ecomscan } +``` + +```yaml +# ~/ecomscan/hosts/all.yml +magento2: + hosts: + client1-prod: + ansible_host: 0.0.0.0 + ansible_user: ansible + ecomscan_key: K2T11V4 + ecomscan_report_email: me@me.com,info@client1.info + ecomscan_project_root: /var/www/vhosts/staging.client1.info/htdocs/current/ + + client2-stg: + ansible_host: 0.0.0.0 + ansible_port: 711 + ansible_user: client2_mage_stg + ecomscan_key: T3STK3Y + ecomscan_report_email: me@me.com + ecomscan_project_root: /var/www/vhosts/staging.client2.com/htdocs/release/ + + client2-prod: + ansible_host: 0.0.0.0 + ansible_port: 711 + ansible_user: client2_mage_prod + ecomscan_report_email: me@me.com,info@client2.com + ecomscan_project_root: /var/www/vhosts/prod.client2.com/htdocs/release/ +``` \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..7133ab5 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,8 @@ +ecomscan_binary_source: https://ecomscan.com/downloads/linux-amd64/ecomscan +ecomscan_binary_path: ~/bin/ecomscan +ecomscan_key: trial +ecomscan_report_email: root@localhost.local +ecomscan_project_root: /var/www/vhosts/magento2/htdocs/ +ecomscan_minimum_confidence: 50 +ecomscan_maximum_filesize: 20000000 +ecomscan_deep: false diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..e298e86 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +ansible>=2.15.0 +ansible-lint==6.18.0 \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..d442cc0 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,23 @@ +--- +- name: Download the Ecomscan binary + ansible.builtin.get_url: + url: "{{ ecomscan_binary_source }}" + dest: "{{ ecomscan_binary_path }}" + mode: '0644' + +- name: Perform Ecomscan + ansible.builtin.command: + cmd: > + {{ ecomscan_binary_path }} + --key={{ ecomscan_key }} + --min-confidence={{ ecomscan_minimum_confidence }} + --maxsize={{ ecomscan_maximum_filesize }} + --report={{ ecomscan_report_email }} + {{ ecomscan_deep | ternary('--deep', '') }} + {{ ecomscan_project_root }} + register: scan + changed_when: true + +- name: Summary + ansible.builtin.debug: + msg: "{{ scan.stdout_lines | select('match', '^>> Found:.*') | first }}"