diff options
| author | heqnx <root@heqnx.com> | 2025-05-25 08:18:56 +0300 |
|---|---|---|
| committer | heqnx <root@heqnx.com> | 2025-05-25 08:18:56 +0300 |
| commit | 5a69b990f2965211efb7bc941593da0d144749db (patch) | |
| tree | 646d9955108dda61676ab710786afb59b199f691 | |
| parent | 2ccb5034924a75aac483f1060ae5d0d1a0293569 (diff) | |
| download | ansible-playbooks-5a69b990f2965211efb7bc941593da0d144749db.tar.gz ansible-playbooks-5a69b990f2965211efb7bc941593da0d144749db.zip | |
removing permissions for update-motd.d
| -rw-r--r-- | attackbox/tasks/harden.yaml | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/attackbox/tasks/harden.yaml b/attackbox/tasks/harden.yaml index d45d5e3..4edb2c0 100644 --- a/attackbox/tasks/harden.yaml +++ b/attackbox/tasks/harden.yaml @@ -23,6 +23,25 @@ - /etc/issue - /etc/motd +- name: check if /etc/update-motd.d directory exists + stat: + path: /etc/update-motd.d + register: motd_dir + +- name: find files in /etc/update-motd.d + find: + paths: /etc/update-motd.d + file_type: file + register: motd_files + when: motd_dir.stat.exists + +- name: remove execute permissions from all files in /etc/update-motd.d + file: + path: "{{ item.path }}" + mode: u-x,g-x,o-x + loop: "{{ motd_files.files }}" + when: motd_dir.stat.exists + - name: enforce root-only cron/at file: path: "{{ item }}" |