mirror of
https://github.com/nikdoof/ansible-cis.git
synced 2025-12-13 09:32:15 +00:00
28 lines
580 B
YAML
28 lines
580 B
YAML
---
|
|
- name: Check if grub file exists
|
|
ansible.builtin.stat:
|
|
path: "{{ item }}"
|
|
register: grub_results
|
|
loop:
|
|
- /boot/grub2/grub.cfg
|
|
- /boot/grub2/grubenv
|
|
ignore_errors: true
|
|
- name: Change grub file modes
|
|
ansible.builtin.file:
|
|
path: "{{ item.item }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
loop: "{{ grub_results.results }}"
|
|
when: item.stat.exists
|
|
- name: Change MOTD files security
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
loop:
|
|
- /etc/motd
|
|
- /etc/issue
|
|
- /etc/issue.net
|