openstack/ansible-hardening
Code Issues Proposed changes

V-38579: grub.conf owned by root

Browse Source 
Implements: blueprint security-hardening

Change-Id: Ibbc5cfe51484d01b304abf61bf944930eddd24c4
This commit is contained in:
Major Hayden 2015-10-07 16:39:54 -05:00
parent bfcf6c7423
commit a7964a4414
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/source/developer-notes/V-38579.rst Normal file
View File

@ -0,0 +1,2 @@
Ubuntu 14.04 sets the ownership on ``/boot/grub/grub.cfg`` to root by default.
The Ansible task will ensure that the secure default is maintained.

9
openstack-ansible-security/tasks/boot.yml
View File

@ -13,6 +13,15 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: V-38579 - Bootloader configuration files must be owned by root
file:
path: /boot/grub/grub.cfg
owner: root
tags:
- boot
- cat2
- V-38579
- name: V-38581 - Bootloader configuration files must be group-owned by root - name: V-38581 - Bootloader configuration files must be group-owned by root
file: file:
path: /boot/grub/grub.cfg path: /boot/grub/grub.cfg