c229c4318e
This patch adds tasks that search the filesystem for files/directories without a valid user or group owner. Running find is disruptive to some systems, so this is disabled by default. The following controls are covered: - RHEL-07-020360 - RHEL-07-020370 Docs are included. Implements: blueprint security-rhel7-stig Change-Id: I5626c107663d8f3f12d71cc649de242dc4ee3409
19 lines
516 B
ReStructuredText
19 lines
516 B
ReStructuredText
---
|
|
id: RHEL-07-020360
|
|
status: opt-in
|
|
tag: file_perms
|
|
---
|
|
|
|
Searching an entire filesystem with ``find`` reduces system performance and
|
|
might impact certain applications negatively. Therefore, the search for files
|
|
and directories with an invalid owner is **disabled by default**.
|
|
|
|
Deployers can opt in for this search by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_search_for_invalid_owner: yes
|
|
|
|
Any files or directories without a valid user owner are displayed in the
|
|
Ansible output.
|