File tree Expand file tree Collapse file tree 1 file changed +43
-0
lines changed
linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/ansible Expand file tree Collapse file tree 1 file changed +43
-0
lines changed Original file line number Diff line number Diff line change 1+ # platform = multi_platform_all
2+ # reboot = false
3+ # strategy = restrict
4+ # complexity = low
5+ # disruption = low
6+
7+ - name : {{{ rule_title }}} - Initialize variables
8+ set_fact :
9+ home_user_dirs : []
10+ world_writable_files : []
11+
12+ - name : {{{ rule_title }}} - Get user's home dir list
13+ ansible.builtin.getent :
14+ database : passwd
15+ register : passwd_database
16+
17+ - name : {{{ rule_title }}} - Fill home_user_dirs
18+ set_fact :
19+ home_user_dirs : " {{ home_user_dirs + [item.data[4]] }}"
20+ when : item.data[4] is defined and item.data[2]|int >= {{{ uid_min }}} and item.data[2]|int != {{{ nobody_uid }}}
21+ with_items : " {{ passwd_database.ansible_facts.getent_passwd | dict2items(key_name='user', value_name='data')}}"
22+
23+ - name : {{{ rule_title }}} - Get world writable files
24+ ansible.builtin.shell : |
25+ find / -xdev -type f -perm -0002 2> /dev/null
26+ register : world_writable_files
27+
28+ - name : {{{ rule_title }}} - Find referenced_files in init files
29+ ansible.builtin.find :
30+ paths : " {{ home_user_dirs }}"
31+ contains : " {{ item }}"
32+ hidden : true
33+ read_whole_file : yes
34+ recurse : true
35+ with_items : " {{ world_writable_files.stdout_lines }}"
36+ register : referenced_files
37+
38+ - name : {{{ rule_title }}} - Remove world writable permissions
39+ ansible.builtin.file :
40+ path : " {{ item.item }}"
41+ mode : " o-w"
42+ when : item.matched > 0
43+ with_items : " {{ referenced_files.results }}"
You can’t perform that action at this time.
0 commit comments