From 57554f1ba9fb7464c808f00d4bd26475451243b9 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 8 Sep 2020 13:27:03 +0200
Subject: [PATCH] add ansible remediation

---
 .../tftpd_uses_secure_mode/ansible/shared.yml | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml

diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml
new file mode 100644
index 00000000000..9f5bdea58ee
--- /dev/null
+++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml
@@ -0,0 +1,31 @@
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,WRLinux 1019
+# reboot = false
+# complexity = low
+# strategy = configure
+# disruption = low
+
+{{{ ansible_instantiate_variables("tftpd_secure_directory") }}}
+
+- name: "Find out if the file exists and contains the line configuring server arguments"
+  find:
+    path: "/etc/xinetd.d"
+    patterns: "tftp"
+    contains: '^[\s]+server_args.*$'
+  register: tftpd_secure_config_line
+
+- name: "Ensure that TFTP server is configured to start with secure directory"
+  lineinfile:
+    path: "/etc/xinetd.d/tftp"
+    regexp: '^[\s]*(server_args[\s]+=[\s]+.*?)(-s[\s]+[/\.\w]+)*(.*)$'
+    line: '\1 -s {{ tftpd_secure_directory }} \3'
+    state: present
+    backrefs: true
+  when: tftpd_secure_config_line is defined and tftpd_secure_config_line.matched > 0
+
+- name: "Insert correct config line to start TFTP server with secure directory"
+  lineinfile:
+    path: "/etc/xinetd.d/tftp"
+    line: "server_args = -s {{ tftpd_secure_directory }}"
+    state: present
+    create: true
+  when: tftpd_secure_config_line is defined and tftpd_secure_config_line.matched == 0