ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-25 14:43:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

6.2.8 rewrite

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-26 15:01:12 +00:00
parent b5a5d3e951
commit aa5b2c30c4
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
1 changed files with 11 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

21
tasks/section_6/cis_6.2.x.yml
View file

@ -216,24 +216,26 @@
ansible.builtin.stat:
path: "{{ item }}"
register: root_path_perms
loop: "{{ root_paths | split(':') }}"
loop: "{{ rhel9cis_6_2_8_root_paths.stdout | split(':') }}"
- name: "6.2.8 | AUDIT | Ensure root PATH Integrity | Check for owner and permissions"
- ansible.builtin.debug:
msg: "{{ root_path_perms.results }}"
- name: "6.2.8 | AUDIT | Ensure root PATH Integrity | Set permissions"
ansible.builtin.file:
path: "{{ item.stat.path }}"
state: directory
owner: root
group: root
mode: 0755
follow: true
mode: "0755"
follow: false
loop: "{{ root_path_perms.results }}"
loop_control:
label: "{{ item.stat }}"
label: "{{ item }}"
when:
- item.stat.pw_name != 'root' or
item.stat.gr_name != 'root' or
item.stat.woth or
item.stat.wgrp
- item.stat.exists
- item.stat.isdir
- item.stat.pw_name != 'root' or item.stat.gr_name != 'root' or item.stat.woth or item.stat.wgrp
when:
- rhel9cis_rule_6_2_8
tags:
@ -418,7 +420,6 @@
- name: "6.2.16 | PATCH | Ensure local interactive user dot files are not group or world writable"
block:
- name: "6.2.16 | AUDIT | Ensure local interactive user dot files are not group or world writable | Check for files"
ansible.builtin.find:
path: /home