Ensure permissions on /etc/crontab are configured

[joubbi]

See #375

I'm not sure how to do the baseline change.
I looked at the baseline code and decided to leave it to someone else.
I got unsure about how to define the test since the file/directory (/etc/crontab, /etc/cron.daily...) doesn't have to exist.
The permissions should be correct only if the file/directory exists.

[rndmh3ro]

Thanks, two things should be adressed.

After having tests, we can merge this.

[rndmh3ro]

related test: dev-sec/linux-baseline#150

[schurzi]

@joubbi are you able to complete this in the comming days, or should I take over?

[joubbi]

I changed it to a list that is looped instead. The code is prettier and very compact. Unfortunately the output is not as nice.

[schurzi]

THank you @joubbi for this nice addition!

[yabinma]

Sorry, a question please, I did find the cron.yml included in the PR. But why the cron hardening tasks are not called in my test?
It is a Ubuntu 20.04 system.
While installed the role, 'ansible-galaxy install dev-sec.os-hardening' and ran the playbook, in the report, there are no cron tasks log found(auditd and limits tasks included, there are the logs for both). Thanks for any comment.

[schurzi]

@maxatcn please don't use old PRs to ask questions or report bugs. This is not manageable for us.

As to your issue. There should at least be a task named Import tasks for cron that will appear in your logs, and this task determines, if the cron hardening is included. If it is skipped the usual reason is you set some tags in your playbook.