Change directory_permissions_etc_iptables to 700

[Mab879]

Description:

Change directory_permissions_etc_iptables to 0700

Rationale:

Directories need exec.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

New content has different text for rule 'xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables'.
--- xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables
+++ xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables
@@ -3,7 +3,7 @@
 Verify Permissions On /etc/iptables Directory
 
 [description]:
-To properly set the permissions of /etc/iptables, run the command: $ sudo chmod 0600 /etc/iptables
+To properly set the permissions of /etc/iptables, run the command: $ sudo chmod 0700 /etc/iptables
 
 [reference]:
 R50

OCIL for rule 'xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables' differs.
--- ocil:ssg-directory_permissions_etc_iptables_ocil:questionnaire:1
+++ ocil:ssg-directory_permissions_etc_iptables_ocil:questionnaire:1
@@ -2,6 +2,6 @@
 run the command:
 $ ls -l /etc/iptables
 If properly configured, the output should indicate the following permissions:
-0600
-      Is it the case that /etc/iptables does not have unix mode 0600?
+0700
+      Is it the case that /etc/iptables does not have unix mode 0700?
       
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables' differs.
--- xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables
+++ xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables
@@ -1,7 +1,7 @@
 # Remediation is applicable only in certain platforms
 if rpm --quiet -q iptables; then
 
-find -H /etc/iptables/ -maxdepth 1 -perm /u+xs,g+xwrs,o+xwrt -type d -exec chmod u-xs,g-xwrs,o-xwrt {} \;
+find -H /etc/iptables/ -maxdepth 1 -perm /u+s,g+xwrs,o+xwrt -type d -exec chmod u-s,g-xwrs,o-xwrt {} \;
 
 else
     >&2 echo 'Remediation is not applicable, nothing was done'

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables' differs.
--- xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables
+++ xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables
@@ -11,7 +11,7 @@
   - no_reboot_needed
 
 - name: Find /etc/iptables/ file(s)
-  command: 'find -H /etc/iptables/ -maxdepth 1 -perm /u+xs,g+xwrs,o+xwrt  -type d '
+  command: 'find -H /etc/iptables/ -maxdepth 1 -perm /u+s,g+xwrs,o+xwrt  -type d '
   register: files_found
   changed_when: false
   failed_when: false
@@ -29,7 +29,7 @@
 - name: Set permissions for /etc/iptables/ file(s)
   file:
     path: '{{ item }}'
-    mode: u-xs,g-xwrs,o-xwrt
+    mode: u-s,g-xwrs,o-xwrt
     state: directory
   with_items:
   - '{{ files_found.stdout_lines }}'

[github-actions]

Change in Ansible shell module found.

Please consider using more suitable Ansible module than shell if possible.

[codeclimate]

Code Climate has analyzed commit 14177a6 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.5% (0.0% change).

View more on Code Climate.

[marcusburghardt]

LGTM