From b1d6b523071b9f51744d48f06df36e17eb58692d Mon Sep 17 00:00:00 2001
From: Angelo Verona <angelo@verona.one>
Date: Thu, 28 Dec 2017 02:45:05 +0100
Subject: [PATCH] Default file permission for firewalld.conf is 644 not 640
 (CentOS). Even if I think that "others" don't need to read that, it always
 shows up as file with non-default permissions from default rpm package in
 security scans. e.g. "rpm -Va |grep ^.M" or more salty way: "salt '*'
 pkg.verify" / salt '*' pkg.modified firewalld mode=True; manual fix e.g. rpm
 --setperms firewalld-*.el7.noarch

---
 firewalld/config.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/firewalld/config.sls b/firewalld/config.sls
index dbf16cd..0a10c57 100644
--- a/firewalld/config.sls
+++ b/firewalld/config.sls
@@ -18,7 +18,7 @@ config_firewalld:
     - name: /etc/firewalld/firewalld.conf
     - user: root
     - group: root
-    - mode: 640
+    - mode: 644
     - source: salt://firewalld/files/firewalld.conf
     - template: jinja
     - require: