Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 13:21:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Execute check of error logfile permissions only when log_error is defined (#477)

Browse source 
Signed-off-by: 123quhiwiwk <70281681+123quhiwiwk@users.noreply.github.com>
This commit is contained in:
123quhiwiwk 2021-08-24 09:41:55 +02:00 committed by GitHub
parent 78bab3f710
commit 4671a32062
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
roles/mysql_hardening/tasks/configure.yml
View file

@ -23,6 +23,7 @@
owner: '{{ mysql_hardening_user }}' owner: '{{ mysql_hardening_user }}'
group: '{{ mysql_hardening_group }}' group: '{{ mysql_hardening_group }}'
mode: '0640' mode: '0640'
when: mysql_settings.settings.log_error != ""
- name: Check mysql configuration-directory exists and has right permissions - name: Check mysql configuration-directory exists and has right permissions
file: file:

6
roles/mysql_hardening/tasks/main.yml
View file

@ -44,6 +44,12 @@
login_unix_socket: "{{ login_unix_socket | default(omit) }}" login_unix_socket: "{{ login_unix_socket | default(omit) }}"
register: mysql_version register: mysql_version
- name: Check MySQL/MariaDB settings
community.mysql.mysql_info:
filter: settings
login_unix_socket: "{{ login_unix_socket | default(omit) }}"
register: mysql_settings
# see https://stackoverflow.com/a/59451077/2953919 for the # see https://stackoverflow.com/a/59451077/2953919 for the
# dict2items and vice versa magic # dict2items and vice versa magic
- name: Drop the secure-auth parameter on MySQL >=8.0.3 (not mariadb) - name: Drop the secure-auth parameter on MySQL >=8.0.3 (not mariadb)