search

florianutz / ubuntu2004_cis

Ubuntu CIS Hardening Ansible Role
MIT License
108 stars 67 forks source link

Item missing: "4.4 Ensure logrotate assigns appropriate permissions" #18

Closed xloto closed 3 years ago

xloto commented 3 years ago

Description Item "4.4 Ensure logrotate assigns appropriate permissions" from page 351 in CIS_Ubuntu_Linux_20.04_LTS_Benchmark_v1.0.0

Patch, not tested Add to tasks/section4.yml:

- name: "SCORED | 4.4 | PATCH | Ensure logrotate assigns appropriate permissions"
  lineinfile:
    dest: /etc/logrotate.conf
    regexp: '^\s*create\s+\d{3,}\s+'
    line: create 0640 root utmp
    state: present
  when:
      - ubuntu2004cis_rule_4_4
  tags:
      - level1
      - scored
      - patch
      - syslog
      - rule_4.4

Add to defaults/main.yml:

ubuntu2004cis_rule_4_4: true
xloto commented 3 years ago

@fprina Added this.

fprina commented 3 years ago

The remediation proposed by the document seems too restrictive #23