Browse Source

Initial push

010010-020620
Micah Halter 1 year ago
parent
commit
6828cdd506
3 changed files with 31 additions and 1 deletions
  1. +4
    -1
      README.md
  2. +5
    -0
      playbook.yml
  3. +22
    -0
      roles/disa-v2r6/tasks/main.yml

+ 4
- 1
README.md View File

@ -1 +1,4 @@
# ansible-rhel7-stig
# ansible-rhel7-stig
This is a work in progress of an Ansible playbook that will audit and harden
RHEL7 to the DoD STIG v2r6.

+ 5
- 0
playbook.yml View File

@ -0,0 +1,5 @@
---
- hosts: localhost
become: yes
roles:
- {role: disa-v2r6, tags: ['disa'] }

+ 22
- 0
roles/disa-v2r6/tasks/main.yml View File

@ -0,0 +1,22 @@
---
- name: "CAT I | RHEL-07-010010 | The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values."
block:
- name: Check for packages with incorrect permissions
shell: |
( for i in `rpm -Va --nodeps --nosignature --nofiledigest --nosize --nomtime --nordev --nocaps --nolinkto --nouser --nogroup | egrep -i '^\.[M|U|G|.]{8}' | cut -d " " -f4,5`; do rpm -qf $i;done )
args:
warn: false
register: packages_with_incorrect_permissions
failed_when: packages_with_incorrect_permissions.rc > 1
changed_when: false
- name: Correct file ownership and permissions
shell: >
( rpm --setugids "{{ item }}"; rpm --setperms "{{ item }}" )
args:
warn: false
with_items: '{{ packages_with_incorrect_permissions.stdout_lines }}'
when:
- (packages_with_incorrect_permissions.stdout_lines | length > 0)
tags:
- RHEL-07-010010

Loading…
Cancel
Save