sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix risky-file-permissions because of unpecified mode

Browse Source
This commit is contained in:
Sandwich 2024-10-28 18:37:44 +01:00
parent f788767839
commit adde811f47
4 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
roles/cis/tasks/main.yml
View File

@ -4,6 +4,7 @@
- name: Disable Kernel Modules - name: Disable Kernel Modules
ansible.builtin.copy: ansible.builtin.copy:
dest: /mnt/etc/modprobe.d/cis.conf dest: /mnt/etc/modprobe.d/cis.conf
mode: '0644'
content: | content: |
CIS LVL 3 Restrictions CIS LVL 3 Restrictions
install freevxfs /bin/true install freevxfs /bin/true
@ -22,6 +23,7 @@
- name: Create USB Rules - name: Create USB Rules
ansible.builtin.copy: ansible.builtin.copy:
dest: /mnt/etc/udev/rules.d/10-cis_usb_devices.sh dest: /mnt/etc/udev/rules.d/10-cis_usb_devices.sh
mode: '0644'
content: | content: |
By default, disable all. By default, disable all.
ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0" ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"
@ -38,6 +40,7 @@
- name: Create a consolidated sysctl configuration file - name: Create a consolidated sysctl configuration file
ansible.builtin.copy: ansible.builtin.copy:
dest: /mnt/etc/sysctl.d/10-cis.conf dest: /mnt/etc/sysctl.d/10-cis.conf
mode: '0644'
content: | content: |
## CIS Sysctl configurations ## CIS Sysctl configurations
net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.all.log_martians = 1

6
roles/configuration/tasks/main.yml
View File

@ -39,6 +39,7 @@
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ hostname }}" content: "{{ hostname }}"
dest: /mnt/etc/hostname dest: /mnt/etc/hostname
mode: '0644'
- name: Add host entry to /etc/hosts - name: Add host entry to /etc/hosts
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
@ -48,13 +49,15 @@
- name: Create vconsole.conf - name: Create vconsole.conf
ansible.builtin.copy: ansible.builtin.copy:
content: KEYMAP=us-intl content: KEYMAP=us
dest: /mnt/etc/vconsole.conf dest: /mnt/etc/vconsole.conf
mode: '0644'
- name: Create locale.conf - name: Create locale.conf
ansible.builtin.copy: ansible.builtin.copy:
content: LANG=en_US.UTF-8 content: LANG=en_US.UTF-8
dest: /mnt/etc/locale.conf dest: /mnt/etc/locale.conf
mode: '0644'
- name: SSH permit Password - name: SSH permit Password
ansible.builtin.replace: ansible.builtin.replace:
@ -131,6 +134,7 @@
ansible.builtin.template: ansible.builtin.template:
src: custom.sh.j2 src: custom.sh.j2
dest: /mnt/etc/profile.d/custom.sh dest: /mnt/etc/profile.d/custom.sh
mode: '0644'
- name: Setup Network - name: Setup Network
block: block:

2
roles/environment/tasks/main.yml
View File

@ -66,8 +66,10 @@
ansible.builtin.file: ansible.builtin.file:
path: /etc/yum.repos.d path: /etc/yum.repos.d
state: directory state: directory
mode: '0755'
- name: Create RHEL repository file - name: Create RHEL repository file
ansible.builtin.template: ansible.builtin.template:
src: "{{ os | lower }}.repo.j2" src: "{{ os | lower }}.repo.j2"
dest: /etc/yum.repos.d/{{ os | lower }}.repo dest: /etc/yum.repos.d/{{ os | lower }}.repo
mode: '0644'

1
roles/virtualization/tasks/libvirt.yml
View File

@ -21,6 +21,7 @@
ansible.builtin.template: ansible.builtin.template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: /tmp/{{ item.dest_prefix }}-{{ hostname }}.yml dest: /tmp/{{ item.dest_prefix }}-{{ hostname }}.yml
mode: '0644'
loop: loop:
- { src: cloud-user-data.yml.j2, dest_prefix: cloud-user-data } - { src: cloud-user-data.yml.j2, dest_prefix: cloud-user-data }
- { src: cloud-network-config.yml.j2, dest_prefix: cloud-network-config } - { src: cloud-network-config.yml.j2, dest_prefix: cloud-network-config }