Default file permission for firewalld.conf is 644 not 640 (CentOS). Even if I think that "others" don't need to read that, it always shows up as file with non-default permissions from default rpm package in security scans. e.g. "rpm -Va |grep ^.M" or more salty way: "salt '*' pkg.verify" / salt '*' pkg.modified firewalld mode=True; manual fix e.g. rpm --setperms firewalld-*.el7.noarch · b1d6b52307 - firewalld-formula - Natrinicle

Default file permission for firewalld.conf is 644 not 640 (CentOS). Even if I think that "others" don't need to read that, it always shows up as file with non-default permissions from default rpm package in security scans. e.g. "rpm -Va |grep ^.M" or more salty way: "salt '' pkg.verify" / salt '' pkg.modified firewalld mode=True; manual fix e.g. rpm --setperms firewalld-*.el7.noarch

tags/v0.6.2

Angelo Verona 7 년 전

부모

28a15e1707

커밋

b1d6b52307

1개의 변경된 파일과 1개의 추가작업 그리고 1개의 파일을 삭제

분할 보기 변경상태 보기

							
								+ 1
								
								- 1
							
firewalld/config.sls파일 보기
								
			@@ -18,7 +18,7 @@ config_firewalld:
		
			    - name: /etc/firewalld/firewalld.conf
		
			    - user: root
		
			    - group: root
		
			    - mode: 640
		
			    - mode: 644
		
			    - source: salt://firewalld/files/firewalld.conf
		
			    - template: jinja
		
			    - require: