1 files changed, 19 insertions, 0 deletions

diff --git a/attackbox/tasks/harden.yaml b/attackbox/tasks/harden.yaml
index d45d5e3..4edb2c0 100644
--- a/attackbox/tasks/harden.yaml
+++ b/attackbox/tasks/harden.yaml
@@ -23,6 +23,25 @@
     - /etc/issue
     - /etc/motd
 
+- name: check if /etc/update-motd.d directory exists
+  stat:
+    path: /etc/update-motd.d
+  register: motd_dir
+
+- name: find files in /etc/update-motd.d
+  find:
+    paths: /etc/update-motd.d
+    file_type: file
+  register: motd_files
+  when: motd_dir.stat.exists
+
+- name: remove execute permissions from all files in /etc/update-motd.d
+  file:
+    path: "{{ item.path }}"
+    mode: u-x,g-x,o-x
+  loop: "{{ motd_files.files }}"
+  when: motd_dir.stat.exists
+
 - name: enforce root-only cron/at
   file:
     path: "{{ item }}"