ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

lint and var renaming

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-11-04 18:39:01 +00:00
parent fa13b06b1f
commit 879d9c9a1b
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
18 changed files with 84 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/section_7/cis_7.1.x.yml
View file

@ -187,18 +187,18 @@
ansible.builtin.shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002
failed_when: false
changed_when: false
register: rhel_09_7_1_11_perms_results
register: discovered_world_writable
- name: "7.1.11 | PATCH | Ensure no world writable files exist | Adjust world-writable files if they exist (Configurable)"
when:
- rhel_09_7_1_11_perms_results.stdout_lines is defined
- rhel_09_7_1_11_perms_results.stdout_lines | length > 0
- discovered_world_writable.stdout_lines is defined
- discovered_world_writable.stdout_lines | length > 0
- rhel9cis_no_world_write_adjust
ansible.builtin.file:
path: '{{ item }}'
mode: o-w
state: touch
loop: "{{ rhel_09_7_1_11_perms_results.stdout_lines }}"
loop: "{{ discovered_world_writable.stdout_lines }}"
- name: "7.1.11 | PATCH | Ensure no world writable files exist | Adjust world-writable directories add sticky bit"
ansible.builtin.shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -o+w ! -perm -1002 2>/dev/null | xargs chmod a+t