c229c4318e
This patch adds tasks that search the filesystem for files/directories without a valid user or group owner. Running find is disruptive to some systems, so this is disabled by default. The following controls are covered: - RHEL-07-020360 - RHEL-07-020370 Docs are included. Implements: blueprint security-rhel7-stig Change-Id: I5626c107663d8f3f12d71cc649de242dc4ee3409
529 B
529 B
---id: RHEL-07-020370 status: opt-in tag: file_perms ---
Searching an entire filesystem with find reduces system
performance and might impact certain applications negatively. Therefore,
the search for files and directories with an invalid group owner is
disabled by default.
Deployers can opt in for this search by setting the following Ansible variable:
security_search_for_invalid_group_owner: yesAny files or directories without a valid group owner are displayed in the Ansible output.