diff options
Diffstat (limited to 'attackbox/tasks/harden.yaml')
| -rw-r--r-- | attackbox/tasks/harden.yaml | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/attackbox/tasks/harden.yaml b/attackbox/tasks/harden.yaml index d45d5e3..4edb2c0 100644 --- a/attackbox/tasks/harden.yaml +++ b/attackbox/tasks/harden.yaml @@ -23,6 +23,25 @@ - /etc/issue - /etc/motd +- name: check if /etc/update-motd.d directory exists + stat: + path: /etc/update-motd.d + register: motd_dir + +- name: find files in /etc/update-motd.d + find: + paths: /etc/update-motd.d + file_type: file + register: motd_files + when: motd_dir.stat.exists + +- name: remove execute permissions from all files in /etc/update-motd.d + file: + path: "{{ item.path }}" + mode: u-x,g-x,o-x + loop: "{{ motd_files.files }}" + when: motd_dir.stat.exists + - name: enforce root-only cron/at file: path: "{{ item }}" |