2017-08-23 03:23:16 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
- name: Remove read permission on some folders (/, /etc, ...)
|
|
|
|
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'changed' in command_result.stdout"
|
|
|
|
failed_when: False
|
2021-05-04 14:18:40 +02:00
|
|
|
loop:
|
2019-06-27 16:16:19 +02:00
|
|
|
- /
|
|
|
|
- /etc
|
|
|
|
- /usr
|
|
|
|
- /usr/bin
|
|
|
|
- /var
|
|
|
|
- /var/log
|
|
|
|
- /home
|
|
|
|
- /bin
|
|
|
|
- /sbin
|
|
|
|
- /lib
|
|
|
|
- /usr/lib
|
|
|
|
- /usr/include
|
|
|
|
- /usr/bin
|
|
|
|
- /usr/sbin
|
|
|
|
- /usr/share
|
|
|
|
- /usr/share/doc
|
|
|
|
- /etc/default
|
2017-08-23 03:23:16 +02:00
|
|
|
|
|
|
|
- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
|
|
|
|
shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'changed' in command_result.stdout"
|
|
|
|
failed_when: False
|
2021-05-04 14:18:40 +02:00
|
|
|
loop:
|
2019-06-27 16:16:19 +02:00
|
|
|
- /var/log/apt
|
|
|
|
- /var/lib/dpkg
|
|
|
|
- /var/log/munin
|
|
|
|
- /var/backups
|
|
|
|
- /etc/init.d
|
|
|
|
- /etc/apache2
|
|
|
|
- /etc/network
|
|
|
|
- /etc/phpmyadmin
|
|
|
|
- /var/log/installer
|
2017-08-23 03:23:16 +02:00
|
|
|
|
2017-09-06 19:30:21 +02:00
|
|
|
- name: Change group to www-data for /etc/phpmyadmin/
|
|
|
|
file:
|
|
|
|
dest: /etc/phpmyadmin/
|
|
|
|
group: www-data
|
2019-06-27 16:33:11 +02:00
|
|
|
state: directory
|
2017-09-06 19:30:21 +02:00
|
|
|
|
2017-08-23 03:23:16 +02:00
|
|
|
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
|
|
|
|
shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'changed' in command_result.stdout"
|
|
|
|
failed_when: False
|
2021-05-04 14:18:40 +02:00
|
|
|
loop:
|
2019-06-27 16:16:19 +02:00
|
|
|
- /bin/ping
|
|
|
|
- /bin/ping6
|
|
|
|
- /usr/bin/fping
|
|
|
|
- /usr/bin/fping6
|
|
|
|
- /usr/bin/mtr
|
2017-08-23 03:23:16 +02:00
|
|
|
|
|
|
|
- name: Set 640 permission on some files (/var/log/evolix.log, ...)
|
|
|
|
shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'changed' in command_result.stdout"
|
|
|
|
failed_when: False
|
2021-05-04 14:18:40 +02:00
|
|
|
loop:
|
2019-06-27 16:16:19 +02:00
|
|
|
- /var/log/evolix.log
|
|
|
|
- /etc/warnquota.conf
|