CIS role split and permission safety

2025-12-27 22:27:26 +01:00
parent f62dba3ed6
commit dda1287f23
9 changed files with 261 additions and 249 deletions
--- a/roles/cis/tasks/files.yml
+++ b/roles/cis/tasks/files.yml
@@ -0,0 +1,19 @@
+---
+- name: Ensure files exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: touch
+    mode: "0600"
+  loop:
+    - /mnt/etc/at.allow
+    - /mnt/etc/cron.allow
+    - /mnt/etc/hosts.allow
+    - /mnt/etc/hosts.deny
+
+- name: Ensure files do not exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /mnt/etc/at.deny
+    - /mnt/etc/cron.deny