Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-14 02:47:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #93 from conorsch/support-check-mode

Browse source 
Supports --check mode
This commit is contained in:
Sebastian Gumprich 2016-07-16 19:50:40 +02:00 committed by GitHub
commit e436ebe66e
2 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
tasks/rhosts.yml
View file

@ -2,6 +2,7 @@
- name: Get user accounts | DTAG SEC Req 3.21-4
command: "awk -F: '{print $1}' /etc/passwd"
changed_when: False
always_run: True
register: users
- name: delete rhosts-files from system | DTAG SEC Req 3.21-4

2
tasks/user_accounts.yml
View file

@ -3,6 +3,7 @@
- name: get UID_MIN from login.defs
shell: awk '/^\s*UID_MIN\s*([0-9]*).*?$/ {print $2}' /etc/login.defs removes=/etc/login.defs
register: uid_min
always_run: True
changed_when: False
- name: calculate UID_MAX from UID_MIN by substracting 1
@ -20,6 +21,7 @@
- name: get all system accounts
command: awk -F'':'' '{ if ( $3 <= {{uid_max|quote}} ) print $1}' /etc/passwd removes=/etc/passwd
changed_when: False
always_run: True
register: sys_accs
- name: remove always ignored system accounts from list