Merge pull request #19 from alivx/feature/implement_6.2.7

(feature) Implement task 6.2.7 (change file permissions)
alivx · Jan 8, 2021 · e85de9a · e85de9a
2 parents a278a3e + 37c9d98
commit e85de9a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -115,3 +115,5 @@ outputfiles: /home/ali/ #Output dir of some command
 disable_autofs: true
 disable_usb: true
 install_apparmor: true
+# 6.2.7 Ensure users' dot files are not group or world accessible
+fix_dot_file_permissions: yes
diff --git a/tasks/section_6_System_Maintenance.yaml b/tasks/section_6_System_Maintenance.yaml
@@ -366,7 +366,16 @@
     - name: 6.2.7 Ensure users' dot files are not group or world writable | save output
       copy:
         dest: "{{ outputfiles }}/6.2.7"
-        content: "{{ output_6_2_7.stdout_lines }}"
+        content: "{{ output_6_2_7.stdout }}"
+    - name: 6.2.7 Ensure users' dot files are not group or world writable | correct file permissions
+      # files with go+w will be touched twice, as they figure twice in the filter result
+      file:
+        path: "{{ item.split()[-1] }}"
+        mode: g-w,o-w
+      with_items: "{{ output_6_2_7.stdout_lines }}"
+      when:
+        - fix_dot_file_permissions
+        - output_6_2_7.stdout
   tags:
     - section6
     - level_1_server