Sandwich
a6b051d9e4
- Normalize new system_cfg + hypervisor_cfg and keep legacy vm_* and hypervisor_* aliases - Support multiple system.disks (creation + optional mount + fstab generation) - Add system_check safety role (production + existing system detection) - Update README and example inventories
22 lines
971 B
YAML
22 lines
971 B
YAML
---
|
|
cis_permission_targets: >-
|
|
{{
|
|
[
|
|
{ "path": "/mnt/etc/ssh/sshd_config", "mode": "0600" },
|
|
{ "path": "/mnt/etc/cron.hourly", "mode": "0700" },
|
|
{ "path": "/mnt/etc/cron.daily", "mode": "0700" },
|
|
{ "path": "/mnt/etc/cron.weekly", "mode": "0700" },
|
|
{ "path": "/mnt/etc/cron.monthly", "mode": "0700" },
|
|
{ "path": "/mnt/etc/cron.d", "mode": "0700" },
|
|
{ "path": "/mnt/etc/crontab", "mode": "0600" },
|
|
{ "path": "/mnt/etc/logrotate.conf", "mode": "0644" },
|
|
{ "path": "/mnt/usr/sbin/pppd", "mode": "0754" } if os != "rhel" else None,
|
|
{
|
|
"path": "/mnt/usr/bin/"
|
|
+ ("fusermount3" if os in ["archlinux", "fedora", "rocky"] or os == "rhel" or (os == "debian" and (os_version | string) == "12") else "fusermount"),
|
|
"mode": "755"
|
|
},
|
|
{ "path": "/mnt/usr/bin/" + ("write.ul" if os == "debian" and (os_version | string) == "11" else "write"), "mode": "755" }
|
|
] | reject("none")
|
|
}}
|