mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 10:58:29 +00:00
hardening corrections
This commit is contained in:
nazunalika
parent
42abf5df58
commit
67e17edf7a
@ -213,6 +213,8 @@
|
|||||||
group: root
|
group: root
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
line: "install {{ item }} /bin/true"
|
line: "install {{ item }} /bin/true"
|
||||||
|
state: present
|
||||||
|
create: true
|
||||||
with_items: "{{ modprobe_unused_filesystems }}"
|
with_items: "{{ modprobe_unused_filesystems }}"
|
||||||
tags:
|
tags:
|
||||||
- harden
|
- harden
|
||||||
@ -223,7 +225,7 @@
|
|||||||
state: present
|
state: present
|
||||||
regexp: ^umask
|
regexp: ^umask
|
||||||
line: "umask 027"
|
line: "umask 027"
|
||||||
create: yes
|
create: true
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
@ -240,8 +242,8 @@
|
|||||||
content: |
|
content: |
|
||||||
Defaults use_pty
|
Defaults use_pty
|
||||||
Defaults logfile="/var/log/sudo.log"
|
Defaults logfile="/var/log/sudo.log"
|
||||||
tags:
|
tags:
|
||||||
- harden
|
- harden
|
||||||
|
|
||||||
- name: Remove packages not allowed by CIS
|
- name: Remove packages not allowed by CIS
|
||||||
package:
|
package:
|
||||||
@ -282,16 +284,6 @@
|
|||||||
- kernel
|
- kernel
|
||||||
- harden
|
- harden
|
||||||
|
|
||||||
- name: Append /etc/default/grub file
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/default/grub
|
|
||||||
line: for x in $(ls /etc/default/grub.d) ; do source /etc/default/grub.d/$x ; done
|
|
||||||
state: present
|
|
||||||
tags:
|
|
||||||
- grub
|
|
||||||
- kernel
|
|
||||||
- harden
|
|
||||||
|
|
||||||
- name: Grub command line defaults
|
- name: Grub command line defaults
|
||||||
copy:
|
copy:
|
||||||
dest: "/etc/default/grub.d/99-rocky.cfg"
|
dest: "/etc/default/grub.d/99-rocky.cfg"
|
||||||
@ -304,19 +296,6 @@
|
|||||||
- kernel
|
- kernel
|
||||||
- harden
|
- harden
|
||||||
|
|
||||||
- name: Grub command line defaults
|
|
||||||
template:
|
|
||||||
src: etc/default/grub.d/99-aoc.cfg.j2
|
|
||||||
dest: /etc/default/grub.d/99-aoc.cfg
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
backup: true
|
|
||||||
tags:
|
|
||||||
- grub
|
|
||||||
- kernel
|
|
||||||
- harden
|
|
||||||
|
|
||||||
- name: rebuild grub
|
- name: rebuild grub
|
||||||
command: /usr/sbin/grub2-mkconfig -o {{ grub_config_path_link }}
|
command: /usr/sbin/grub2-mkconfig -o {{ grub_config_path_link }}
|
||||||
tags:
|
tags:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user