Default file permission for firewalld.conf is 644 not 640 (CentOS). Even if I think that "others" don't need to read that, it always shows up as file with non-default permissions from default rpm package in security scans. e.g. "rpm -Va |grep ^.M" or more salty way: "salt '*' pkg.verify" / salt '*' pkg.modified firewalld mode=True; manual fix e.g. rpm --setperms firewalld-*.el7.noarch

This commit is contained in:
Angelo Verona 2017-12-28 02:45:05 +01:00
parent 28a15e1707
commit b1d6b52307

View File

@ -18,7 +18,7 @@ config_firewalld:
- name: /etc/firewalld/firewalld.conf - name: /etc/firewalld/firewalld.conf
- user: root - user: root
- group: root - group: root
- mode: 640 - mode: 644
- source: salt://firewalld/files/firewalld.conf - source: salt://firewalld/files/firewalld.conf
- template: jinja - template: jinja
- require: - require: