mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-10 09:14:18 +00:00
Created a list of files/dirs to be looped instead of two tasks per file/dir.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
This commit is contained in:
Farid Joubbi
parent
4bad4779cd
commit
4158e0bfb4
1 changed files with 16 additions and 72 deletions
|
|
@ -5,80 +5,24 @@
|
||||||
# in how to gain elevated privileges or circumvent auditing controls.
|
# in how to gain elevated privileges or circumvent auditing controls.
|
||||||
# CIS 5.1.2 - CIS 5.1.7
|
# CIS 5.1.2 - CIS 5.1.7
|
||||||
#
|
#
|
||||||
- name: Check if /etc/crontab exists
|
- name: Find cron files and directories
|
||||||
stat:
|
find:
|
||||||
path: /etc/crontab
|
paths:
|
||||||
register: osh_crontab
|
- /etc
|
||||||
|
patterns:
|
||||||
|
- cron.hourly
|
||||||
|
- cron.daily
|
||||||
|
- cron.weekly
|
||||||
|
- cron.monthly
|
||||||
|
- cron.d
|
||||||
|
- crontab
|
||||||
|
file_type: any
|
||||||
|
register: cron_directories
|
||||||
|
|
||||||
- name: Ensure permissions on /etc/crontab are configured
|
- name: Ensure permissions on /etc/cron are configured
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/crontab
|
path: "{{ item.path }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: og-rwx
|
mode: og-rwx
|
||||||
when: osh_crontab.stat.exists
|
with_items: "{{ cron_directories.files }}"
|
||||||
|
|
||||||
- name: Check if /etc/cron.hourly exists
|
|
||||||
stat:
|
|
||||||
path: /etc/cron.hourly
|
|
||||||
register: osh_cron_hourly
|
|
||||||
|
|
||||||
- name: Ensure permissions on /etc/cron.hourly are configured
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/cron.hourly
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: og-rwx
|
|
||||||
when: osh_cron_hourly.stat.exists
|
|
||||||
|
|
||||||
- name: Check if /etc/cron.daily exists
|
|
||||||
stat:
|
|
||||||
path: /etc/cron.daily
|
|
||||||
register: osh_cron_daily
|
|
||||||
|
|
||||||
- name: Ensure permissions on /etc/cron.daily are configured
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/cron.daily
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: og-rwx
|
|
||||||
when: osh_cron_daily.stat.exists
|
|
||||||
|
|
||||||
- name: Check if /etc/cron.weekly exists
|
|
||||||
stat:
|
|
||||||
path: /etc/cron.weekly
|
|
||||||
register: osh_cron_weekly
|
|
||||||
|
|
||||||
- name: Ensure permissions on /etc/cron.weekly are configured
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/cron.weekly
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: og-rwx
|
|
||||||
when: osh_cron_weekly.stat.exists
|
|
||||||
|
|
||||||
- name: Check if /etc/cron.monthly exists
|
|
||||||
stat:
|
|
||||||
path: /etc/cron.monthly
|
|
||||||
register: osh_cron_monthly
|
|
||||||
|
|
||||||
- name: Ensure permissions on /etc/cron.monthly are configured
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/cron.monthly
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: og-rwx
|
|
||||||
when: osh_cron_monthly.stat.exists
|
|
||||||
|
|
||||||
- name: Check if /etc/cron.d exists
|
|
||||||
stat:
|
|
||||||
path: /etc/cron.d
|
|
||||||
register: osh_cron_d
|
|
||||||
|
|
||||||
- name: Ensure permissions on /etc/cron.d are configured
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/cron.d
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: og-rwx
|
|
||||||
when: osh_cron_d.stat.exists
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue