mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-27 23:43:06 +00:00
Merge 'devel' of kris9854/RHEL9-CIS-fix into devel
This commit is contained in:
Kristian Ebdrup
commit
d4471a3016
65 changed files with 801 additions and 461 deletions
|
|
@ -5,23 +5,31 @@
|
|||
- name: "6.1.1 | AUDIT | Audit system file permissions | Audit the packages"
|
||||
shell: rpm -Va --nomtime --nosize --nomd5 --nolinkto
|
||||
args:
|
||||
warn: no
|
||||
warn: false
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: rhel9cis_6_1_1_packages_rpm
|
||||
|
||||
- name: "6.1.1 | AUDIT | Audit system file permissions | Create list and warning"
|
||||
block:
|
||||
- name: "6.1.1 | Audit system file permissions | Add file discrepancy list to system"
|
||||
- name: "6.1.1 | AUDIT | Audit system file permissions | Add file discrepancy list to system"
|
||||
copy:
|
||||
dest: "{{ rhel9cis_rpm_audit_file }}"
|
||||
content: "{{ rhel9cis_6_1_1_packages_rpm.stdout }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0640
|
||||
|
||||
- name: "6.1.1 | AUDIT | Audit system file permissions | Message out alert for package descrepancies"
|
||||
debug:
|
||||
msg: |
|
||||
"Warning! You have some package descrepancies issues.
|
||||
"Warning!! You have some package descrepancies issues.
|
||||
The file list can be found in {{ rhel9cis_rpm_audit_file }}"
|
||||
|
||||
- name: "6.1.1 | AUDIT | Audit system file permissions | warning count"
|
||||
set_fact:
|
||||
control_number: "{{ control_number }} + [ 'rule_6.1.1' ]"
|
||||
warn_count: "{{ warn_count | int + 1 }}"
|
||||
when: rhel9cis_6_1_1_packages_rpm.stdout|length > 0
|
||||
|
||||
- name: "6.1.1 | AUDIT | Audit system file permissions | Message out no package descrepancies"
|
||||
|
|
@ -41,7 +49,7 @@
|
|||
- name: "6.1.2 | PATCH | Ensure sticky bit is set on all world-writable directories"
|
||||
shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
|
||||
args:
|
||||
warn: no
|
||||
warn: false
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
when:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue