Skip to content

Ansible role to manage running Ecomscan across multiple websites

Notifications You must be signed in to change notification settings

SamJUK/ansible-ecomscan

Repository files navigation

Ansible Role - Ecomscan

https://github.com/samjuk/ansible-ecomscan/workflows/CI/badge.svg

An Ansible Role that installs and runs Ecomscan on Linux

Requirements

None.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

ecomscan_cron: true

Boolean to set if ecomscan should be run by cron (@Note: This requires a CRON schedule to be installed on your system)

ecomscan_cron_expr: "0 */4 * * *"

Cron expresion to define how frequently to run the schedule scans

ecomscan_binary_download: true

Boolean to set if we should try and download the latest copy of Ecomscan

ecomscan_binary_source: 'https://ecomscan.com/downloads/linux-amd64/ecomscan'

The source url of the ecomscan binary, can be changed if use a different mirror.

ecomscan_binary_path: ~/bin/ecomscan

File location of where to store the downloaded binary

ecomscan_key: trial

Ecomscan license key to use for the scan

ecomscan_report_email: [email protected]

Comma seperated list of email addresses to send the Ecomscan email report to

ecomscan_project_root: /var/www/vhosts/magento2/htdocs/

The absolute file path to the Magento installation you want to scan

ecomscan_minimum_confidence: 50

The minimum confidence value that Ecomscan uses to determine if a file is clean

ecomscan_maximum_filesize: 20000000

The maximum file size in bytes to scan, anything larger will be skipped.

ecomscan_deep: false

Boolean toggle to decide if Ecomscan should perform a deep or regular scan

ecomscan_assert_no_malware: false

Boolean toggle to decide if we should assert that no malware is present. Is this is set to true, the playbook will exit with code 2.

ecomscan_assert_no_vulnerabilities: false

Boolean toggle to decide if we should assert that no vulnerabilities is present. Is this is set to true, the playbook will exit with code 2

Example Playbook

An example playbook usage

# ~/ecomscan/playbooks/scan.yml
- name: Ecomscan
  hosts: all
  roles:
    - { role: ecomscan, tags: ecomscan }
# ~/ecomscan/hosts/all.yml
magento2:
  hosts:
    client1-prod:
      ansible_host: 0.0.0.0
      ansible_user: ansible
      ecomscan_key: K2T11V4
      ecomscan_report_email: [email protected],[email protected]
      ecomscan_project_root: /var/www/vhosts/staging.client1.info/htdocs/current/

    client2-stg:
      ansible_host: 0.0.0.0
      ansible_port: 711
      ansible_user: client2_mage_stg
      ecomscan_key: T3STK3Y
      ecomscan_report_email: [email protected]
      ecomscan_project_root: /var/www/vhosts/staging.client2.com/htdocs/release/

    client2-prod:
      ansible_host: 0.0.0.0
      ansible_port: 711
      ansible_user: client2_mage_prod
      ecomscan_report_email: [email protected],[email protected]
      ecomscan_project_root: /var/www/vhosts/prod.client2.com/htdocs/release/