mirror of
https://github.com/nikdoof/ansible-cis.git
synced 2025-12-17 20:09:24 +00:00
42 lines
772 B
YAML
42 lines
772 B
YAML
---
|
|
- name: Change grub file modes # noqa: ignore-errors
|
|
file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
ignore_errors: true
|
|
loop:
|
|
- /boot/grub2/grub.cfg
|
|
- /boot/grub2/grubenv
|
|
- name: Change MOTD files security
|
|
file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
loop:
|
|
- /etc/motd
|
|
- /etc/issue
|
|
- /etc/issue.net
|
|
- name: Set cron file security
|
|
file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
loop:
|
|
- /etc/crontab
|
|
- name: Set cron.* directory security
|
|
file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0700"
|
|
loop:
|
|
- /etc/cron.hourly
|
|
- /etc/cron.daily
|
|
- /etc/cron.weekly
|
|
- /etc/cron.monthly
|
|
- /etc/cron.d
|