sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(cis): add selectable profile and per-rule hardening toggles

Browse Source
This commit is contained in:
Sandwich
2026-05-25 04:37:33 +02:00
parent d2a19cfd5c
commit 2c35409519
23 changed files with 753 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/cis/tasks/files.yml
View File

@@ -1,5 +1,6 @@
---
- name: Ensure files exist
- name: Ensure cron and at access files exist
when: cis_effective_rules.cron_at_access | default(false)
ansible.builtin.file:
path: "{{ item }}"
state: touch
@@ -7,10 +8,19 @@
loop:
- /mnt/etc/at.allow
- /mnt/etc/cron.allow
- name: Ensure TCP wrapper files exist
when: cis_effective_rules.tcp_wrappers | default(false)
ansible.builtin.file:
path: "{{ item }}"
state: touch
mode: "0600"
loop:
- /mnt/etc/hosts.allow
- /mnt/etc/hosts.deny
- name: Ensure files do not exist
- name: Ensure cron and at deny files do not exist
when: cis_effective_rules.cron_at_access | default(false)
ansible.builtin.file:
path: "{{ item }}"
state: absent