wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-06 15:13:56 +02:00
Code Issues Projects Releases Wiki Activity

prompts

Browse source
This commit is contained in:
Dan Guido 2016-08-02 20:18:10 -04:00
parent 98a37240d5
commit c37782e805
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
security.yml
View file

@ -1,6 +1,6 @@
--- ---
- name: Security fixes - name: Security enhancements
hosts: vpn-host hosts: vpn-host
become: true become: true
vars_files: vars_files:
@ -34,7 +34,7 @@
# auditd # auditd
- name: Collect Use of Privileged Commands - name: Collect Use of privileged commands
shell: > shell: >
/usr/bin/find {/usr/local/sbin,/usr/local/bin,/sbin,/bin,/usr/sbin,/usr/bin} -xdev \( -perm -4000 -o -perm -2000 \) -type f | awk '{print "-a always,exit -F path=" $1 " -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged" }' /usr/bin/find {/usr/local/sbin,/usr/local/bin,/sbin,/bin,/usr/sbin,/usr/bin} -xdev \( -perm -4000 -o -perm -2000 \) -type f | awk '{print "-a always,exit -F path=" $1 " -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged" }'
args: args:
@ -71,10 +71,10 @@
# Core dumps # Core dumps
- name: Restrict Core Dumps - using pam limits - name: Restrict core dumps (with PAM)
lineinfile: dest=/etc/security/limits.conf line="* hard core 0" state=present lineinfile: dest=/etc/security/limits.conf line="* hard core 0" state=present
- name: Restrict Core Dumps - using sysctl - name: Restrict core dumps (with sysctl)
sysctl: name=fs.suid_dumpable value=0 ignoreerrors=yes sysctl_set=yes reload=yes state=present sysctl: name=fs.suid_dumpable value=0 ignoreerrors=yes sysctl_set=yes reload=yes state=present
# Kernel fixes # Kernel fixes