Created a list of files/dirs to be looped instead of two tasks per file/dir.

Signed-off-by: Farid Joubbi <farid@joubbi.se>
2024-09-20 05:11:53 +00:00 · 2021-03-11 16:54:25 +01:00 · 2021-03-11 16:54:25 +01:00 · 4158e0bfb4
commit 4158e0bfb4
parent 4bad4779cd
1 changed files with 16 additions and 72 deletions
--- a/roles/os_hardening/tasks/cron.yml
+++ b/roles/os_hardening/tasks/cron.yml
@ -5,80 +5,24 @@
 # in how to gain elevated privileges or circumvent auditing controls.
 # CIS 5.1.2 - CIS 5.1.7
 #
- name: Check if /etc/crontab exists
-  stat:
-    path: /etc/crontab
-  register: osh_crontab
+- name: Find cron files and directories
+  find:
+    paths:
+      - /etc
+    patterns:
+      - cron.hourly
+      - cron.daily
+      - cron.weekly
+      - cron.monthly
+      - cron.d
+      - crontab
+    file_type: any
+  register: cron_directories

- name: Ensure permissions on /etc/crontab are configured
+- name: Ensure permissions on /etc/cron are configured
  ansible.builtin.file:
-    path: /etc/crontab
+    path: "{{ item.path }}"
    owner: root
    group: root
    mode: og-rwx
-  when: osh_crontab.stat.exists
-
- name: Check if /etc/cron.hourly exists
-  stat:
-    path: /etc/cron.hourly
-  register: osh_cron_hourly
-
- name: Ensure permissions on /etc/cron.hourly are configured
-  ansible.builtin.file:
-    path: /etc/cron.hourly
-    owner: root
-    group: root
-    mode: og-rwx
-  when: osh_cron_hourly.stat.exists
-
- name: Check if /etc/cron.daily exists
-  stat:
-    path: /etc/cron.daily
-  register: osh_cron_daily
-
- name: Ensure permissions on /etc/cron.daily are configured
-  ansible.builtin.file:
-    path: /etc/cron.daily
-    owner: root
-    group: root
-    mode: og-rwx
-  when: osh_cron_daily.stat.exists
-
- name: Check if /etc/cron.weekly exists
-  stat:
-    path: /etc/cron.weekly
-  register: osh_cron_weekly
-
- name: Ensure permissions on /etc/cron.weekly are configured
-  ansible.builtin.file:
-    path: /etc/cron.weekly
-    owner: root
-    group: root
-    mode: og-rwx
-  when: osh_cron_weekly.stat.exists
-
- name: Check if /etc/cron.monthly exists
-  stat:
-    path: /etc/cron.monthly
-  register: osh_cron_monthly
-
- name: Ensure permissions on /etc/cron.monthly are configured
-  ansible.builtin.file:
-    path: /etc/cron.monthly
-    owner: root
-    group: root
-    mode: og-rwx
-  when: osh_cron_monthly.stat.exists
-
- name: Check if /etc/cron.d exists
-  stat:
-    path: /etc/cron.d
-  register: osh_cron_d
-
- name: Ensure permissions on /etc/cron.d are configured
-  ansible.builtin.file:
-    path: /etc/cron.d
-    owner: root
-    group: root
-    mode: og-rwx
-  when: osh_cron_d.stat.exists
+  with_items: "{{ cron_directories.files }}"