Default file permission for firewalld.conf is 644 not 640 (CentOS). Even if I think that "others" don't need to read that, it always shows up as file with non-default permissions from default rpm package in security scans. e.g. "rpm -Va |grep ^.M" or more salty way: "salt '*' pkg.verify" / salt '*' pkg.modified firewalld mode=True; manual fix e.g. rpm --setperms firewalld-*.el7.noarch
This commit is contained in:
parent
28a15e1707
commit
b1d6b52307
@ -18,7 +18,7 @@ config_firewalld:
|
|||||||
- name: /etc/firewalld/firewalld.conf
|
- name: /etc/firewalld/firewalld.conf
|
||||||
- user: root
|
- user: root
|
||||||
- group: root
|
- group: root
|
||||||
- mode: 640
|
- mode: 644
|
||||||
- source: salt://firewalld/files/firewalld.conf
|
- source: salt://firewalld/files/firewalld.conf
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- require:
|
- require:
|
||||||
|
Loading…
Reference in New Issue
Block a user