Merge pull request #50 from dev-sec/modes

add modes to template and file tasks
dev-sec · Sep 19, 2020 · bfc80e8 · bfc80e8
2 parents 25623b0 + 17f2140
commit bfc80e8
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/tasks/configure.yml b/tasks/configure.yml
@@ -3,7 +3,7 @@
 - name: protect my.cnf
   file:
     path: '{{ mysql_hardening_mysql_conf_file }}'
-    mode: '0400'
+    mode: '0640'
     owner: '{{ mysql_cnf_owner }}'
     group: '{{ mysql_cnf_owner }}'
     follow: true
@@ -15,21 +15,23 @@
     state: directory
     owner: '{{ mysql_hardening_user }}'
     group: '{{ mysql_hardening_user }}'
+    mode: '0750'
 
 - name: ensure permissions on mysql-logfile are correct
   file:
     path: '{{ mysql_hardening_log_file }}'
     state: file
     owner: '{{ mysql_hardening_user }}'
     group: '{{ mysql_hardening_group }}'
+    mode: '0640'
 
 - name: check mysql configuration-directory exists and has right permissions
   file:
     path: '{{ mysql_hardening_mysql_confd_dir }}'
     state: directory
     owner: '{{ mysql_hardening_user }}'
     group: '{{ mysql_hardening_group }}'
-    mode: '0570'
+    mode: '0750'
 
 - name: check include-dir directive is present in my.cnf
   lineinfile:
@@ -46,7 +48,7 @@
     dest: '{{ mysql_hardening_mysql_hardening_conf_file }}'
     owner: '{{ mysql_cnf_owner }}'
     group: '{{ mysql_cnf_group }}'
-    mode: '0460'
+    mode: '0640'
   notify: restart mysql
 
 - name: enable mysql