18 lines
860 B
YAML
18 lines
860 B
YAML
---
|
|
# Platform-specific binary names for CIS permission targets
|
|
cis_fusermount_binary: "{{ 'fusermount3' if is_rhel | default(false) | bool else 'fusermount' }}"
|
|
cis_write_binary: "{{ 'write' if is_rhel | default(false) | bool else 'wall' }}"
|
|
|
|
cis_permission_targets:
|
|
- { path: "/mnt/etc/ssh/sshd_config", mode: "0600" }
|
|
- { path: "/mnt/etc/cron.hourly", mode: "0700" }
|
|
- { path: "/mnt/etc/cron.daily", mode: "0700" }
|
|
- { path: "/mnt/etc/cron.weekly", mode: "0700" }
|
|
- { path: "/mnt/etc/cron.monthly", mode: "0700" }
|
|
- { path: "/mnt/etc/cron.d", mode: "0700" }
|
|
- { path: "/mnt/etc/crontab", mode: "0600" }
|
|
- { path: "/mnt/etc/logrotate.conf", mode: "0644" }
|
|
- { path: "/mnt/usr/sbin/pppd", mode: "0754" }
|
|
- { path: "/mnt/usr/bin/{{ cis_fusermount_binary }}", mode: "0755" }
|
|
- { path: "/mnt/usr/bin/{{ cis_write_binary }}", mode: "0755" }
|