openstack/ansible-hardening
Code Issues Proposed changes

Fixing vsftpd install check

Browse Source 
Closes-bug: 1510566

Change-Id: Ibc5552466abd75dfd38bf6f305a64cbfa737f634
This commit is contained in:
Major Hayden 2015-10-27 09:40:36 -05:00
parent d449322762
commit 9e4807b3ad
2 changed files with 32 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
tasks/auth.yml
View File

@ -247,41 +247,6 @@
- cat2
- V-38457
- name: Check if vsftpd installed (for V-38599)
shell: dpkg --status vsftpd
register: v38599_result
changed_when: False
failed_when: False
tags:
- auth
- cat2
- V-38599
- name: Copy login banner (for V-38599)
copy:
src: login_banner.txt
dest: /etc/issue.net
when: v38599_result.rc == 0
notify:
- restart vsftpd
tags:
- auth
- cat2
- V-38599
- name: V-38599 - Set warning banner for FTPS/FTP logins
lineinfile:
dest: /etc/vsftpd/vsftpd.conf
regexp: "^(#)?banner_file"
line: "banner_file=/etc/issue.net"
when: v38599_result.rc == 0
notify:
- restart vsftpd
tags:
- auth
- cat2
- V-38599
- name: V-38681 - Check for missing GID's in /etc/group
shell: "pwck -r | grep 'no group'"
register: v38681_result

39
tasks/misc.yml
View File

@ -161,21 +161,46 @@
- cat3
- V-38684
- name: Check if vsftpd is installed (for V-38702)
stat:
path: /etc/vsftpd.conf
register: v38702_result
- name: Check if vsftpd installed (for V-38599 and V-38702)
shell: "dpkg --status vsftpd | grep \"^Status:.*ok installed\""
register: v38599_result
changed_when: False
failed_when: False
tags:
- cat2
- cat3
- V-38599
- V-38702
- name: Copy login banner (for V-38599)
copy:
src: login_banner.txt
dest: /etc/issue.net
when: v38599_result.rc == 0
notify:
- restart vsftpd
tags:
- cat2
- V-38599
- name: V-38599 - Set warning banner for FTPS/FTP logins
lineinfile:
dest: /etc/vsftpd/vsftpd.conf
regexp: "^(#)?banner_file"
line: "banner_file=/etc/issue.net"
when: v38599_result.rc == 0
notify:
- restart vsftpd
tags:
- cat2
- V-38599
- name: V-38702 - Enable xferlog
lineinfile:
dest: /etc/vsftpd.conf
regexp: "^(#)?xferlog_enable"
line: "xferlog_enable=YES"
when: v38702_result.stat.exists == True
when: v38599_result.rc == 0
notify:
- restart vsftpd
tags:
@ -187,7 +212,7 @@
dest: /etc/vsftpd.conf
regexp: "^(#)?xferlog_std_format"
line: "xferlog_std_format=NO"
when: v38702_result.stat.exists == True
when: v38599_result.rc == 0
notify:
- restart vsftpd
tags:
@ -199,7 +224,7 @@
dest: /etc/vsftpd.conf
regexp: "^(#)?log_ftp_protocol"
line: "log_ftp_protocol=YES"
when: v38702_result.stat.exists == True
when: v38599_result.rc == 0
notify:
- restart vsftpd
tags: