From 5a69b990f2965211efb7bc941593da0d144749db Mon Sep 17 00:00:00 2001
From: heqnx <root@heqnx.com>
Date: Sun, 25 May 2025 08:18:56 +0300
Subject: removing permissions for update-motd.d

---
 attackbox/tasks/harden.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/attackbox/tasks/harden.yaml b/attackbox/tasks/harden.yaml
index d45d5e3..4edb2c0 100644
--- a/attackbox/tasks/harden.yaml
+++ b/attackbox/tasks/harden.yaml
@@ -23,6 +23,25 @@
     - /etc/issue
     - /etc/motd
 
+- name: check if /etc/update-motd.d directory exists
+  stat:
+    path: /etc/update-motd.d
+  register: motd_dir
+
+- name: find files in /etc/update-motd.d
+  find:
+    paths: /etc/update-motd.d
+    file_type: file
+  register: motd_files
+  when: motd_dir.stat.exists
+
+- name: remove execute permissions from all files in /etc/update-motd.d
+  file:
+    path: "{{ item.path }}"
+    mode: u-x,g-x,o-x
+  loop: "{{ motd_files.files }}"
+  when: motd_dir.stat.exists
+
 - name: enforce root-only cron/at
   file:
     path: "{{ item }}"
-- 
cgit v1.2.3