mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-10 09:14:18 +00:00
Created a list of files/dirs to be looped instead of two tasks per file/dir.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
This commit is contained in:
Farid Joubbi
parent
4bad4779cd
commit
4158e0bfb4
1 changed files with 16 additions and 72 deletions
|
|
@ -5,80 +5,24 @@
|
|||
# in how to gain elevated privileges or circumvent auditing controls.
|
||||
# CIS 5.1.2 - CIS 5.1.7
|
||||
#
|
||||
- name: Check if /etc/crontab exists
|
||||
stat:
|
||||
path: /etc/crontab
|
||||
register: osh_crontab
|
||||
- name: Find cron files and directories
|
||||
find:
|
||||
paths:
|
||||
- /etc
|
||||
patterns:
|
||||
- cron.hourly
|
||||
- cron.daily
|
||||
- cron.weekly
|
||||
- cron.monthly
|
||||
- cron.d
|
||||
- crontab
|
||||
file_type: any
|
||||
register: cron_directories
|
||||
|
||||
- name: Ensure permissions on /etc/crontab are configured
|
||||
- name: Ensure permissions on /etc/cron are configured
|
||||
ansible.builtin.file:
|
||||
path: /etc/crontab
|
||||
path: "{{ item.path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: og-rwx
|
||||
when: osh_crontab.stat.exists
|
||||
|
||||
- name: Check if /etc/cron.hourly exists
|
||||
stat:
|
||||
path: /etc/cron.hourly
|
||||
register: osh_cron_hourly
|
||||
|
||||
- name: Ensure permissions on /etc/cron.hourly are configured
|
||||
ansible.builtin.file:
|
||||
path: /etc/cron.hourly
|
||||
owner: root
|
||||
group: root
|
||||
mode: og-rwx
|
||||
when: osh_cron_hourly.stat.exists
|
||||
|
||||
- name: Check if /etc/cron.daily exists
|
||||
stat:
|
||||
path: /etc/cron.daily
|
||||
register: osh_cron_daily
|
||||
|
||||
- name: Ensure permissions on /etc/cron.daily are configured
|
||||
ansible.builtin.file:
|
||||
path: /etc/cron.daily
|
||||
owner: root
|
||||
group: root
|
||||
mode: og-rwx
|
||||
when: osh_cron_daily.stat.exists
|
||||
|
||||
- name: Check if /etc/cron.weekly exists
|
||||
stat:
|
||||
path: /etc/cron.weekly
|
||||
register: osh_cron_weekly
|
||||
|
||||
- name: Ensure permissions on /etc/cron.weekly are configured
|
||||
ansible.builtin.file:
|
||||
path: /etc/cron.weekly
|
||||
owner: root
|
||||
group: root
|
||||
mode: og-rwx
|
||||
when: osh_cron_weekly.stat.exists
|
||||
|
||||
- name: Check if /etc/cron.monthly exists
|
||||
stat:
|
||||
path: /etc/cron.monthly
|
||||
register: osh_cron_monthly
|
||||
|
||||
- name: Ensure permissions on /etc/cron.monthly are configured
|
||||
ansible.builtin.file:
|
||||
path: /etc/cron.monthly
|
||||
owner: root
|
||||
group: root
|
||||
mode: og-rwx
|
||||
when: osh_cron_monthly.stat.exists
|
||||
|
||||
- name: Check if /etc/cron.d exists
|
||||
stat:
|
||||
path: /etc/cron.d
|
||||
register: osh_cron_d
|
||||
|
||||
- name: Ensure permissions on /etc/cron.d are configured
|
||||
ansible.builtin.file:
|
||||
path: /etc/cron.d
|
||||
owner: root
|
||||
group: root
|
||||
mode: og-rwx
|
||||
when: osh_cron_d.stat.exists
|
||||
with_items: "{{ cron_directories.files }}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue