Fix risky-file-permissions because of unpecified mode
This commit is contained in:
parent
f788767839
commit
adde811f47
@ -4,6 +4,7 @@
|
|||||||
- name: Disable Kernel Modules
|
- name: Disable Kernel Modules
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: /mnt/etc/modprobe.d/cis.conf
|
dest: /mnt/etc/modprobe.d/cis.conf
|
||||||
|
mode: '0644'
|
||||||
content: |
|
content: |
|
||||||
CIS LVL 3 Restrictions
|
CIS LVL 3 Restrictions
|
||||||
install freevxfs /bin/true
|
install freevxfs /bin/true
|
||||||
@ -22,6 +23,7 @@
|
|||||||
- name: Create USB Rules
|
- name: Create USB Rules
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: /mnt/etc/udev/rules.d/10-cis_usb_devices.sh
|
dest: /mnt/etc/udev/rules.d/10-cis_usb_devices.sh
|
||||||
|
mode: '0644'
|
||||||
content: |
|
content: |
|
||||||
By default, disable all.
|
By default, disable all.
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"
|
ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"
|
||||||
@ -38,6 +40,7 @@
|
|||||||
- name: Create a consolidated sysctl configuration file
|
- name: Create a consolidated sysctl configuration file
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: /mnt/etc/sysctl.d/10-cis.conf
|
dest: /mnt/etc/sysctl.d/10-cis.conf
|
||||||
|
mode: '0644'
|
||||||
content: |
|
content: |
|
||||||
## CIS Sysctl configurations
|
## CIS Sysctl configurations
|
||||||
net.ipv4.conf.all.log_martians = 1
|
net.ipv4.conf.all.log_martians = 1
|
||||||
|
@ -39,6 +39,7 @@
|
|||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: "{{ hostname }}"
|
content: "{{ hostname }}"
|
||||||
dest: /mnt/etc/hostname
|
dest: /mnt/etc/hostname
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
- name: Add host entry to /etc/hosts
|
- name: Add host entry to /etc/hosts
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
@ -48,13 +49,15 @@
|
|||||||
|
|
||||||
- name: Create vconsole.conf
|
- name: Create vconsole.conf
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: KEYMAP=us-intl
|
content: KEYMAP=us
|
||||||
dest: /mnt/etc/vconsole.conf
|
dest: /mnt/etc/vconsole.conf
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
- name: Create locale.conf
|
- name: Create locale.conf
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: LANG=en_US.UTF-8
|
content: LANG=en_US.UTF-8
|
||||||
dest: /mnt/etc/locale.conf
|
dest: /mnt/etc/locale.conf
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
- name: SSH permit Password
|
- name: SSH permit Password
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
@ -131,6 +134,7 @@
|
|||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: custom.sh.j2
|
src: custom.sh.j2
|
||||||
dest: /mnt/etc/profile.d/custom.sh
|
dest: /mnt/etc/profile.d/custom.sh
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
- name: Setup Network
|
- name: Setup Network
|
||||||
block:
|
block:
|
||||||
|
@ -66,8 +66,10 @@
|
|||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/yum.repos.d
|
path: /etc/yum.repos.d
|
||||||
state: directory
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
- name: Create RHEL repository file
|
- name: Create RHEL repository file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ os | lower }}.repo.j2"
|
src: "{{ os | lower }}.repo.j2"
|
||||||
dest: /etc/yum.repos.d/{{ os | lower }}.repo
|
dest: /etc/yum.repos.d/{{ os | lower }}.repo
|
||||||
|
mode: '0644'
|
||||||
|
@ -21,6 +21,7 @@
|
|||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: /tmp/{{ item.dest_prefix }}-{{ hostname }}.yml
|
dest: /tmp/{{ item.dest_prefix }}-{{ hostname }}.yml
|
||||||
|
mode: '0644'
|
||||||
loop:
|
loop:
|
||||||
- { src: cloud-user-data.yml.j2, dest_prefix: cloud-user-data }
|
- { src: cloud-user-data.yml.j2, dest_prefix: cloud-user-data }
|
||||||
- { src: cloud-network-config.yml.j2, dest_prefix: cloud-network-config }
|
- { src: cloud-network-config.yml.j2, dest_prefix: cloud-network-config }
|
||||||
|
Loading…
Reference in New Issue
Block a user