V-38681: GID's in /etc/passwd & /etc/group
Implements: blueprint security-hardening Change-Id: I4fb3cf7d6ef2f09b3eee8601263474f749209551
This commit is contained in:
Major Hayden
parent
2b008d9905
commit
31d0e5d86d
11
doc/source/developer-notes/V-38681.rst
Normal file
11
doc/source/developer-notes/V-38681.rst
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
The Ansible tasks will run ``pwck`` to find any groups that are defined in
|
||||||
|
``/etc/passwd`` but not in ``/etc/group``. This could be a sign of an
|
||||||
|
accidental misconfiguration or a more serious security problem. If the command
|
||||||
|
returns output about missing groups, the playbook will fail.
|
||||||
|
|
||||||
|
To see the exact problems on the system when the playbook fails, run this
|
||||||
|
command as root:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
pwck -r | grep 'no group'
|
||||||
@ -251,3 +251,22 @@
|
|||||||
- auth
|
- auth
|
||||||
- cat2
|
- cat2
|
||||||
- V-38599
|
- V-38599
|
||||||
|
|
||||||
|
- name: V-38681 - Check for missing GID's in /etc/group
|
||||||
|
shell: "pwck -r | grep 'no group'"
|
||||||
|
register: v38681_result
|
||||||
|
changed_when: False
|
||||||
|
failed_when: v38681_result.rc > 1
|
||||||
|
tags:
|
||||||
|
- auth
|
||||||
|
- cat3
|
||||||
|
- V-38681
|
||||||
|
|
||||||
|
- name: V-38681 - All GID's in /etc/passwd must be defined in /etc/group
|
||||||
|
fail:
|
||||||
|
msg: "FAILED: GID's in /etc/passwd aren't in /etc/group"
|
||||||
|
when: v38681_result.rc != 1
|
||||||
|
tags:
|
||||||
|
- auth
|
||||||
|
- cat3
|
||||||
|
- V-38681
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user