openvpn: minimal rights on /etc/shellpki/ and crl.pem
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
205e699355
commit
07c3c0226f
|
@ -16,6 +16,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
* openvpn: minimal rights on /etc/shellpki/ and crl.pem
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
* evolinux-base: Update PermitRootLogin task to work on Debian 11
|
* evolinux-base: Update PermitRootLogin task to work on Debian 11
|
||||||
|
|
|
@ -74,8 +74,8 @@
|
||||||
insertafter: "{{ item.insertafter }}"
|
insertafter: "{{ item.insertafter }}"
|
||||||
line: "{{ item.line }}"
|
line: "{{ item.line }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { regexp: '^ chmod 644 /etc/shellpki/crl.pem$', line: " chmod 644 /etc/shellpki/crl.pem", insertafter: '^ chmod 640 "\${CACERT}"$' }
|
- { regexp: '^ chmod 604 /etc/shellpki/crl.pem$', line: " chmod 604 /etc/shellpki/crl.pem", insertafter: '^ chmod 640 "\${CACERT}"$' }
|
||||||
- { regexp: '^ chmod 755 /etc/shellpki/$', line: " chmod 755 /etc/shellpki/", insertafter: '^ chmod 644 /etc/shellpki/crl.pem$' }
|
- { regexp: '^ chmod 751 /etc/shellpki/$', line: " chmod 751 /etc/shellpki/", insertafter: '^ chmod 604 /etc/shellpki/crl.pem$' }
|
||||||
|
|
||||||
- name: Deploy OpenVPN server config
|
- name: Deploy OpenVPN server config
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -65,8 +65,8 @@
|
||||||
insertafter: "{{ item.insertafter }}"
|
insertafter: "{{ item.insertafter }}"
|
||||||
line: "{{ item.line }}"
|
line: "{{ item.line }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { regexp: '^ chmod 644 /etc/shellpki/crl.pem$', line: " chmod 644 /etc/shellpki/crl.pem", insertafter: '^ chmod 640 "\${CACERT}"$' }
|
- { regexp: '^ chmod 604 /etc/shellpki/crl.pem$', line: " chmod 604 /etc/shellpki/crl.pem", insertafter: '^ chmod 640 "\${CACERT}"$' }
|
||||||
- { regexp: '^ chmod 755 /etc/shellpki/$', line: " chmod 755 /etc/shellpki/", insertafter: '^ chmod 644 /etc/shellpki/crl.pem$' }
|
- { regexp: '^ chmod 751 /etc/shellpki/$', line: " chmod 751 /etc/shellpki/", insertafter: '^ chmod 604 /etc/shellpki/crl.pem$' }
|
||||||
|
|
||||||
- name: Deploy OpenVPN server config
|
- name: Deploy OpenVPN server config
|
||||||
template:
|
template:
|
||||||
|
|
Loading…
Reference in a new issue