move FHS restrictions to a new file
This commit is contained in:
parent
453b78a59b
commit
e10e971dbe
|
@ -2,3 +2,4 @@
|
|||
# defaults file for packweb-apache
|
||||
general_alert_email: "root@localhost"
|
||||
packweb_enable_evoadmin_vhost: True
|
||||
packweb_fhs_retrictions: True
|
||||
|
|
63
packweb-apache/tasks/fhs_retrictions.yml
Normal file
63
packweb-apache/tasks/fhs_retrictions.yml
Normal file
|
@ -0,0 +1,63 @@
|
|||
---
|
||||
|
||||
- name: Remove read permission on some folders (/, /etc, ...)
|
||||
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
- /
|
||||
- /etc
|
||||
- /usr
|
||||
- /usr/bin
|
||||
- /var
|
||||
- /var/log
|
||||
- /home
|
||||
- /bin
|
||||
- /sbin
|
||||
- /lib
|
||||
- /usr/lib
|
||||
- /usr/include
|
||||
- /usr/bin
|
||||
- /usr/sbin
|
||||
- /usr/share
|
||||
- /usr/share/doc
|
||||
- /etc/default
|
||||
|
||||
- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
|
||||
shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
- /var/log/apt
|
||||
- /var/lib/dpkg
|
||||
- /var/log/munin
|
||||
- /var/backups
|
||||
- /etc/init.d
|
||||
- /etc/apache2
|
||||
- /etc/network
|
||||
- /etc/phpmyadmin
|
||||
- /var/log/installer
|
||||
|
||||
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
|
||||
shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
- /bin/ping
|
||||
- /bin/ping6
|
||||
- /usr/bin/fping
|
||||
- /usr/bin/fping6
|
||||
- /usr/bin/mtr
|
||||
|
||||
- name: Set 640 permission on some files (/var/log/evolix.log, ...)
|
||||
shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
- /var/log/evolix.log
|
||||
- /etc/warnquota.conf
|
||||
|
|
@ -48,66 +48,8 @@
|
|||
|
||||
- include: awstats.yml
|
||||
|
||||
- name: Remove read permission on some folders (/, /etc, ...)
|
||||
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
- /
|
||||
- /etc
|
||||
- /usr
|
||||
- /usr/bin
|
||||
- /var
|
||||
- /var/log
|
||||
- /home
|
||||
- /bin
|
||||
- /sbin
|
||||
- /lib
|
||||
- /usr/lib
|
||||
- /usr/include
|
||||
- /usr/bin
|
||||
- /usr/sbin
|
||||
- /usr/share
|
||||
- /usr/share/doc
|
||||
- /etc/default
|
||||
|
||||
- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
|
||||
shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
- /var/log/apt
|
||||
- /var/lib/dpkg
|
||||
- /var/log/munin
|
||||
- /var/backups
|
||||
- /etc/init.d
|
||||
- /etc/apache2
|
||||
- /etc/network
|
||||
- /etc/phpmyadmin
|
||||
- /var/log/installer
|
||||
|
||||
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
|
||||
shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
- /bin/ping
|
||||
- /bin/ping6
|
||||
- /usr/bin/fping
|
||||
- /usr/bin/fping6
|
||||
- /usr/bin/mtr
|
||||
|
||||
- name: Set 640 permission on some files (/var/log/evolix.log, ...)
|
||||
shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
- /var/log/evolix.log
|
||||
- /etc/warnquota.conf
|
||||
- include: fhs_retrictions.yml
|
||||
when: packweb_fhs_retrictions
|
||||
|
||||
- name: Install Evoadmin
|
||||
include_role:
|
||||
|
|
Loading…
Reference in a new issue