DLPX-86524 CIS: remove non-existent paths from the default PATH variable (#495)

dbshah12 · web-flow · commit b3bb7d86b3ba · 2024-09-19T11:01:52.000+05:30
* DLPX-86524 CIS: remove non-existent paths from the default PATH variable PR URL: https://www.github.com/delphix/delphix-platform/pull/495 * DLPX-86524 Update path in /etc/security/pam_env.conf
diff --git a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
@@ -718,3 +718,23 @@
     name: "nullmailer"
     state: "stopped"
   when: not ansible_is_chroot
+
+#
+# Add the correct path to /etc/security/pam_env.conf and remove any invalid
+# paths from /etc/environment to ensure that non-existent paths are not
+# included in the global PATH.
+#
+- lineinfile:
+    path: /etc/security/pam_env.conf
+    state: present
+    regexp: '^\s*PATH\s+DEFAULT='
+    line: 'PATH DEFAULT=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin'
+
+#
+# MIN_UPGRADE_VERSION(28.0.0.0)
+# This can be removed once the minimum upgrade version is 28.0.0.0.
+#
+- lineinfile:
+    path: /etc/environment
+    state: absent
+    regexp: '^\s*PATH\s*='
