fix filter error in ansible.builtin.file mode parameter (#486)

* fix filter error in ansible.builtin.file mode parameter * Change cinc supermarket * fix link to baseline * fix typo Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
dev-sec · Oct 18, 2021 · 5debcc0 · 5debcc0
1 parent aea4499
commit 5debcc0
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/molecule/ssh_hardening/verify.yml b/molecule/ssh_hardening/verify.yml
@@ -42,7 +42,7 @@
       shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
 
     - name: Execute cinc-auditor tests
-      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/nginx-baseline"
+      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/ssh-baseline/archive/refs/heads/master.zip"
       register: test_results
       changed_when: false
       ignore_errors: true

diff --git a/roles/ssh_hardening/tasks/ca_keys_and_principals.yml b/roles/ssh_hardening/tasks/ca_keys_and_principals.yml
@@ -11,7 +11,7 @@
 - name: Create ssh authorized principals directories
   file:
     path: '{{ item.path | dirname }}'
-    mode: '{{ item.directorymode | default(0700) }}'
+    mode: '{{ item.directorymode | default("700") }}'
     owner: '{{ item.directoryowner | default(ssh_owner) }}'
     group: '{{ item.directorygroup | default(ssh_group) }}'
     state: directory
@@ -21,7 +21,7 @@
   template:
     src: 'authorized_principals.j2'
     dest: '{{ item.path }}'
-    mode: '{{ item.filemode | default(0600) }}'
+    mode: '{{ item.filemode | default("600") }}'
     owner: '{{ item.owner| default(ssh_owner) }}'
     group: '{{ item.group | default(ssh_group) }}'
   loop: '{{ ssh_authorized_principals }}'