Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add more sysctl settings, allow overwriting #120

Merged
merged 4 commits into from
Jun 27, 2017
Merged

Conversation

rndmh3ro
Copy link
Member

No description provided.

@rndmh3ro rndmh3ro force-pushed the combined_sysctl branch from 9859227 to 5c48c74 Compare May 7, 2017 13:13
@rndmh3ro rndmh3ro requested review from ypid and fitz123 May 28, 2017 12:52
Copy link
Member

@ypid ypid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. One thing could be improved.

tasks/sysctl.yml Outdated
@@ -19,6 +19,10 @@
command: 'update-initramfs -u'
when: initramfs.changed

- name: create a combined sysctl-dict if overwrites are defined
set_fact: sysctl_config="{{ sysctl_config | combine(sysctl_overwrite) }}"
when: sysctl_overwrite | default(omit)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you checked that omit evaluates to False? I would not rely on that. Just use default() which defaults to False 😉

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I updated all the occurences!

Copy link
Member

@ypid ypid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, one minor detail could be improved in the update.

@@ -20,5 +20,5 @@
- name: remove suid/sgid bit from all binaries except in system and user whitelist
file: path='{{item}}' mode='a-s' state=file follow=yes
with_items:
- '{{ suid | default(omit) | difference(os_security_suid_sgid_whitelist) }}'
- '{{ suid | default() | difference(os_security_suid_sgid_whitelist) }}'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case better use with_flattened and default([]) :) Similar goes with the other uses of default in with_items.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated it!

@rndmh3ro rndmh3ro merged commit 6d21d24 into master Jun 27, 2017
@rndmh3ro rndmh3ro deleted the combined_sysctl branch June 27, 2017 18:59
rndmh3ro added a commit that referenced this pull request Jul 24, 2020
Add support to specify a list of revoked public keys
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
add more sysctl settings, allow overwriting
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
Add support to specify a list of revoked public keys
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants