Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/samjuk/ansible-ecomscan
Ansible role to manage running Ecomscan across multiple websites
https://github.com/samjuk/ansible-ecomscan
ansible devsecops ecomscan magento2 malware sansec scanning security shopware woocommerce wordpress
Last synced: 1 day ago
JSON representation
Ansible role to manage running Ecomscan across multiple websites
- Host: GitHub
- URL: https://github.com/samjuk/ansible-ecomscan
- Owner: SamJUK
- Created: 2024-05-20T22:54:45.000Z (9 months ago)
- Default Branch: master
- Last Pushed: 2024-07-24T22:18:26.000Z (7 months ago)
- Last Synced: 2024-08-23T17:31:57.193Z (6 months ago)
- Topics: ansible, devsecops, ecomscan, magento2, malware, sansec, scanning, security, shopware, woocommerce, wordpress
- Language: Shell
- Homepage:
- Size: 7.81 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Ansible Role - Ecomscan
An Ansible Role that installs and runs Ecomscan on Linux
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see defaults/main.yml):
```yaml
ecomscan_cron: true
```
Boolean to set if ecomscan should be run by cron (@Note: This requires a CRON schedule to be installed on your system)
```yaml
ecomscan_cron_expr: "0 */4 * * *"
```
Cron expresion to define how frequently to run the schedule scans
```yaml
ecomscan_binary_download: true
```
Boolean to set if we should try and download the latest copy of Ecomscan
```yaml
ecomscan_binary_source: 'https://ecomscan.com/downloads/linux-amd64/ecomscan'
```
The source url of the ecomscan binary, can be changed if use a different mirror.
```yaml
ecomscan_binary_path: ~/bin/ecomscan
```
File location of where to store the downloaded binary
```yaml
ecomscan_key: trial
```
Ecomscan license key to use for the scan
```yaml
ecomscan_report_email: [email protected]
```
Comma seperated list of email addresses to send the Ecomscan email report to
```yaml
ecomscan_project_root: /var/www/vhosts/magento2/htdocs/
```
The absolute file path to the Magento installation you want to scan
```yaml
ecomscan_minimum_confidence: 50
```
The minimum confidence value that Ecomscan uses to determine if a file is clean
```yaml
ecomscan_maximum_filesize: 20000000
```
The maximum file size in bytes to scan, anything larger will be skipped.
```yaml
ecomscan_deep: false
```
Boolean toggle to decide if Ecomscan should perform a deep or regular scan
```yaml
ecomscan_assert_no_malware: false
```
Boolean toggle to decide if we should assert that no malware is present. Is this is set to true, the playbook will exit with code `2`.
```yaml
ecomscan_assert_no_vulnerabilities: false
```
Boolean toggle to decide if we should assert that no vulnerabilities is present. Is this is set to true, the playbook will exit with code `2`
## Example Playbook
An example playbook usage
```yaml
# ~/ecomscan/playbooks/scan.yml
- name: Ecomscan
hosts: all
roles:
- { role: ecomscan, tags: ecomscan }
```
```yaml
# ~/ecomscan/hosts/all.yml
magento2:
hosts:
client1-prod:
ansible_host: 0.0.0.0
ansible_user: ansible
ecomscan_key: K2T11V4
ecomscan_report_email: [email protected],[email protected]
ecomscan_project_root: /var/www/vhosts/staging.client1.info/htdocs/current/
client2-stg:
ansible_host: 0.0.0.0
ansible_port: 711
ansible_user: client2_mage_stg
ecomscan_key: T3STK3Y
ecomscan_report_email: [email protected]
ecomscan_project_root: /var/www/vhosts/staging.client2.com/htdocs/release/
client2-prod:
ansible_host: 0.0.0.0
ansible_port: 711
ansible_user: client2_mage_prod
ecomscan_report_email: [email protected],[email protected]
ecomscan_project_root: /var/www/vhosts/prod.client2.com/htdocs/release/
```