Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

add gpgcheck rhnplugin.conf, consolidate task

Browse source
This commit is contained in:
Sebastian Gumprich 2015-05-28 21:33:56 +00:00 committed by Christoph Hartmann
parent 66e258da7e
commit c9252b167f
1 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
roles/ansible-os-hardening/tasks/yum.yml
View file

@ -1,10 +1,4 @@
--- ---
- name: activate gpg-check for yum-repos in yum.conf
shell: "sed -i 's/gpgcheck=0/gpgcheck=1/g' /etc/yum.conf"
- name: activate gpg-check for yum-repos in yum-repositories
shell: "sed -i 's/gpgcheck=0/gpgcheck=1/g' /etc/yum.repos.d/*.repo"
- name: remove unused repositories - name: remove unused repositories
file: name='/etc/yum.repos.d/{{item}}.repo' state=absent file: name='/etc/yum.repos.d/{{item}}.repo' state=absent
with_items: with_items:
@ -13,6 +7,15 @@
- 'CentOS-Vault' - 'CentOS-Vault'
when: os_security_packages_clean when: os_security_packages_clean
- name: activate gpg-check for yum-repos
shell: "sed -i 's/gpgcheck=0/gpgcheck=1/g' {{item}}"
with_items:
- '/etc/yum.conf'
- '/etc/yum.repos.d/*.repo'
- name: activate gpg-check for yum rhn if it exists
shell: sed -i 's/gpgcheck=0/gpgcheck=1/g' /etc/yum/pluginconf.d/rhnplugin.conf removes='/etc/yum/pluginconf.d/rhnplugin.conf'
- name: remove packages - name: remove packages
yum: name='{{item}}' state=removed yum: name='{{item}}' state=removed
with_items: with_items: