Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Enable gpg-check on all yum-repositories

Browse source
This commit is contained in:
Sebastian Gumprich 2015-05-19 21:01:32 +00:00
parent b9cc7bf9d8
commit 82fea53ba7
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
roles/ansible-os-hardening/tasks/main.yml
View file

@ -20,6 +20,21 @@
- '/bin'
- '{{os_env_extra_user_paths}}'
- name: activate gpg-check for yum-repos in yum.conf
lineinfile: dest='/etc/yum.conf' regexp='^gpgcheck=0' line='gpgcheck=1' backrefs=yes
when: ansible_os_family == 'RedHat' or ansible_os_family == 'Oracle Linux'
- name: get yum-repository-files
shell: 'find /etc/yum.repos.d/ -type f -name *.repo'
register: yum_repos
when: ansible_os_family == 'RedHat' or ansible_os_family == 'Oracle Linux'
- name: activate gpg-check for yum-repos in yum-repositories
lineinfile: dest='{{ item }}' regexp='^gpgcheck=0' line='gpgcheck=1' backrefs=yes
with_items:
- '{{ yum_repos.stdout_lines }}'
when: ansible_os_family == 'RedHat' or ansible_os_family == 'Oracle Linux'
#- name: remove suid/sgid bit from binaries in blacklist
# file: path='{{item}}' mode='a-s'
# ignore_errors: true