move FHS restrictions to a new file

2017-08-23 03:23:16 +02:00 · 2017-08-23 03:23:16 +02:00 · e10e971dbe
parent 453b78a59b
commit e10e971dbe
3 changed files with 66 additions and 60 deletions
--- a/packweb-apache/defaults/main.yml
+++ b/packweb-apache/defaults/main.yml
@ -2,3 +2,4 @@
 # defaults file for packweb-apache
 general_alert_email: "root@localhost"
 packweb_enable_evoadmin_vhost: True
+packweb_fhs_retrictions: True
--- a/packweb-apache/tasks/fhs_retrictions.yml
+++ b/packweb-apache/tasks/fhs_retrictions.yml
@ -0,0 +1,63 @@
+---
+
+- name: Remove read permission on some folders (/, /etc, ...)
+  shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
+  register: command_result
+  changed_when: "'changed' in command_result.stdout"
+  failed_when: False
+  with_items:
+  - /
+  - /etc
+  - /usr
+  - /usr/bin
+  - /var
+  - /var/log
+  - /home
+  - /bin
+  - /sbin
+  - /lib
+  - /usr/lib
+  - /usr/include
+  - /usr/bin
+  - /usr/sbin
+  - /usr/share
+  - /usr/share/doc
+  - /etc/default
+
+- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
+  shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
+  register: command_result
+  changed_when: "'changed' in command_result.stdout"
+  failed_when: False
+  with_items:
+  - /var/log/apt
+  - /var/lib/dpkg
+  - /var/log/munin
+  - /var/backups
+  - /etc/init.d
+  - /etc/apache2
+  - /etc/network
+  - /etc/phpmyadmin
+  - /var/log/installer
+
+- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
+  shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
+  register: command_result
+  changed_when: "'changed' in command_result.stdout"
+  failed_when: False
+  with_items:
+  - /bin/ping
+  - /bin/ping6
+  - /usr/bin/fping
+  - /usr/bin/fping6
+  - /usr/bin/mtr
+
+- name: Set 640 permission on some files (/var/log/evolix.log, ...)
+  shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
+  register: command_result
+  changed_when: "'changed' in command_result.stdout"
+  failed_when: False
+  with_items:
+  - /var/log/evolix.log
+  - /etc/warnquota.conf
+
--- a/packweb-apache/tasks/main.yml
+++ b/packweb-apache/tasks/main.yml
@ -48,66 +48,8 @@

 - include: awstats.yml

- name: Remove read permission on some folders (/, /etc, ...)
-  shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
-  register: command_result
-  changed_when: "'changed' in command_result.stdout"
-  failed_when: False
-  with_items:
-  - /
-  - /etc
-  - /usr
-  - /usr/bin
-  - /var
-  - /var/log
-  - /home
-  - /bin
-  - /sbin
-  - /lib
-  - /usr/lib
-  - /usr/include
-  - /usr/bin
-  - /usr/sbin
-  - /usr/share
-  - /usr/share/doc
-  - /etc/default
-
- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
-  shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
-  register: command_result
-  changed_when: "'changed' in command_result.stdout"
-  failed_when: False
-  with_items:
-  - /var/log/apt
-  - /var/lib/dpkg
-  - /var/log/munin
-  - /var/backups
-  - /etc/init.d
-  - /etc/apache2
-  - /etc/network
-  - /etc/phpmyadmin
-  - /var/log/installer
-
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
-  shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
-  register: command_result
-  changed_when: "'changed' in command_result.stdout"
-  failed_when: False
-  with_items:
-  - /bin/ping
-  - /bin/ping6
-  - /usr/bin/fping
-  - /usr/bin/fping6
-  - /usr/bin/mtr
-
- name: Set 640 permission on some files (/var/log/evolix.log, ...)
-  shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
-  register: command_result
-  changed_when: "'changed' in command_result.stdout"
-  failed_when: False
-  with_items:
-  - /var/log/evolix.log
-  - /etc/warnquota.conf
+- include: fhs_retrictions.yml
+  when: packweb_fhs_retrictions

 - name: Install Evoadmin
  include_role: