Skip to content
Permalink
Browse files

[debops.dhcpd] Secure dhcpd configuration

The dhcpd.conf file used to be world-readable, which is a security
issue when nsupdate keys are stored in this file (see dhcpd_keys
variable). This change sets the file mode of the dhcpd configuration
files (/etc/default/isc-dhcp-server and /etc/dhcp/dhcpd.conf under
Debian) to 0640.
  • Loading branch information...
imrejonk committed Sep 6, 2019
1 parent 3cbae8b commit aa96d8359a6f2411f8c775f7a03290f2026a7c34
Showing with 1 addition and 1 deletion.
  1. +1 −1 ansible/roles/debops.dhcpd/tasks/main.yml
@@ -24,7 +24,7 @@
dest: '/{{ item }}'
owner: 'root'
group: 'root'
mode: '0644'
mode: '0640'
with_items: "{{ dhcpd_templates }}"
notify: [ 'Restart dhcp server' ]
register: dhcpd_register_config

0 comments on commit aa96d83

Please sign in to comment.
You can’t perform that action at this time.