Initial import of existing role

tasks/file_security.yaml

@@ -0,0 +1,41 @@
+---
+- name: Change grub file modes  # noqa: ignore-errors
+  file:
+    path: "{{ item }}"
+    owner: root
+    group: root
+    mode: "0600"
+  ignore_errors: true
+  loop:
+    - /boot/grub2/grub.cfg
+    - /boot/grub2/grubenv
+- name: Change MOTD files security
+  file:
+    path: "{{ item }}"
+    owner: root
+    group: root
+    mode: "0644"
+  loop:
+    - /etc/motd
+    - /etc/issue
+    - /etc/issue.net
+- name: Set cron file security
+  file:
+    path: "{{ item }}"
+    owner: root
+    group: root
+    mode: "0600"
+  loop:
+    - /etc/crontab
+- name: Set cron.* directory security
+  file:
+    path: "{{ item }}"
+    owner: root
+    group: root
+    mode: "0700"
+  loop:
+    - /etc/cron.hourly
+    - /etc/cron.daily
+    - /etc/cron.weekly
+    - /etc/cron.monthly
+    - /etc/cron.d