feat: init

.github/workflows/test.yml

@@ -0,0 +1,16 @@
+name: Test
+
+on:
+ push:
+
+jobs:
+ lint:
+ runs-on: ubuntu-latest
+ container: python:3.11.5
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ - run: pip install -r requirements.txt
+ - run: ansible-lint defaults tasks

.gitignore

@@ -0,0 +1,3 @@
+.idea
+.vscode
+.DS_Store

README.md

@@ -0,0 +1,89 @@
+# Ansible Role - Ecomscan
+
+An Ansible Role that installs and runs Ecomscan on Linux
+
+
+## Requirements
+None.
+
+## Role Variables
+
+Available variables are listed below, along with default values (see defaults/main.yml):
+
+```yaml
+ecomscan_binary_source: 'https://ecomscan.com/downloads/linux-amd64/ecomscan'
+```
+The source url of the ecomscan binary, can be changed if use a different mirror.
+
+```yaml
+ecomscan_binary_path: ~/bin/ecomscan
+```
+File location of where to store the downloaded binary
+
+```yaml
+ecomscan_key: trial
+```
+Ecomscan license key to use for the scan
+
+```yaml
+ecomscan_report_email: root@localhost.local
+```
+Comma seperated list of email addresses to send the Ecomscan email report to
+
+```yaml
+ecomscan_project_root: /var/www/vhosts/magento2/htdocs/
+```
+The absolute file path to the Magento installation you want to scan
+
+```yaml
+ecomscan_minimum_confidence: 50
+```
+The minimum confidence value that Ecomscan uses to determine if a file is clean
+
+```yaml
+ecomscan_maximum_filesize: 20000000
+```
+The maximum file size in bytes to scan, anything larger will be skipped.
+
+```yaml
+ecomscan_deep: false
+```
+Boolean toggle to decide if Ecomscan should perform a deep or regular scan
+
+
+## Example Playbook
+An example playbook usage
+```yaml
+# ~/ecomscan/playbooks/scan.yml
+- name: Ecomscan
+ hosts: all
+ roles:
+ - { role: ecomscan, tags: ecomscan }
+```
+
+```yaml
+# ~/ecomscan/hosts/all.yml
+magento2:
+ hosts:
+ client1-prod:
+ ansible_host: 0.0.0.0
+ ansible_user: ansible
+ ecomscan_key: K2T11V4
+ ecomscan_report_email: me@me.com,info@client1.info
+ ecomscan_project_root: /var/www/vhosts/staging.client1.info/htdocs/current/
+
+ client2-stg:
+ ansible_host: 0.0.0.0
+ ansible_port: 711
+ ansible_user: client2_mage_stg
+ ecomscan_key: T3STK3Y
+ ecomscan_report_email: me@me.com
+ ecomscan_project_root: /var/www/vhosts/staging.client2.com/htdocs/release/
+
+ client2-prod:
+ ansible_host: 0.0.0.0
+ ansible_port: 711
+ ansible_user: client2_mage_prod
+ ecomscan_report_email: me@me.com,info@client2.com
+ ecomscan_project_root: /var/www/vhosts/prod.client2.com/htdocs/release/
+```

defaults/main.yml

@@ -0,0 +1,8 @@
+ecomscan_binary_source: https://ecomscan.com/downloads/linux-amd64/ecomscan
+ecomscan_binary_path: ~/bin/ecomscan
+ecomscan_key: trial
+ecomscan_report_email: root@localhost.local
+ecomscan_project_root: /var/www/vhosts/magento2/htdocs/
+ecomscan_minimum_confidence: 50
+ecomscan_maximum_filesize: 20000000
+ecomscan_deep: false

requirements.txt

@@ -0,0 +1,2 @@
+ansible>=2.15.0
+ansible-lint==6.18.0

tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Download the Ecomscan binary
+ ansible.builtin.get_url:
+ url: "{{ ecomscan_binary_source }}"
+ dest: "{{ ecomscan_binary_path }}"
+ mode: '0644'
+
+- name: Perform Ecomscan
+ ansible.builtin.command:
+ cmd: >
+ {{ ecomscan_binary_path }}
+ --key={{ ecomscan_key }}
+ --min-confidence={{ ecomscan_minimum_confidence }}
+ --maxsize={{ ecomscan_maximum_filesize }}
+ --report={{ ecomscan_report_email }}
+ {{ ecomscan_deep | ternary('--deep', '') }}
+ {{ ecomscan_project_root }}
+ register: scan
+ changed_when: true
+
+- name: Summary
+ ansible.builtin.debug:
+ msg: "{{ scan.stdout_lines | select('match', '^>> Found:.*') | first }}"