Merge pull request #91 from conorsch/support-centos7

Adds support for CentOS 7

Author: Sebastian Gumprich

.kitchen.yml

@@ -38,6 +38,10 @@ platforms:
   driver_config:
     box: opscode-centos-6.5
     box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
+- name: centos-7.2
+  driver_config:
+    box: opscode-centos-7.2
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-7.2_chef-provisionerless.box
 - name: oracle-6.4
   driver_config:
     box: oracle-6.4

tasks/minimize_access.yml

@@ -1,15 +1,23 @@
 ---
-- name: minimize access
-  file: path='{{item}}' mode='go-w' recurse=yes
+# Using a two-pass approach for checking directories in order to support symlinks.
+- name: find directories for minimizing access
+  stat:
+    path: "{{ item }}"
+  register: minimize_access_directories
   with_items:
     - '/usr/local/sbin'
     - '/usr/local/bin'
     - '/usr/sbin'
-    - '/usr/bin' 
+    - '/usr/bin'
     - '/sbin'
     - '/bin'
     - '{{os_env_extra_user_paths}}'
 
+- name: minimize access
+  file: path='{{item.stat.path}}' mode='go-w' recurse=yes
+  when: item.stat.isdir
+  with_items: "{{ minimize_access_directories.results }}"
+
 - name: change shadow ownership to root and mode to 0600 | DTAG SEC Req 3.21-7
   file: dest='/etc/shadow' owner={{ os_shadow_perms.owner }} group={{ os_shadow_perms.group }} mode={{ os_shadow_perms.mode }}
 

tasks/sysctl.yml

@@ -29,7 +29,6 @@
   sysctl:
     name: '{{ item.key }}'
     value: '{{ item.value }}'
-    sysctl_set: yes
     state: present
     reload: yes
     ignoreerrors: yes