RHEL9-CIS/tasks/audit_homedirperms.yml

---
- name: "SCORED | 6.2.8 | PATCH | Ensure users' home directories permissions are 750 or more restrictive"
  find:
      paths:
          - "{{ homedir }}"
      recurse: true
      file_type: any
  register: rhel_09_6_2_8_results
  when:
      - rhel9cis_rule_6_2_8|bool
  tags:
      - level1
      - patch
      - rule_6.2.8

- name: "SCORED | 6.2.8 | PATCH | Ensure users' home directories permissions are 750 or more restrictive"
  file:
      path: "{{ line_item.path }}"
      mode: 0640
  loop: "{{ rhel_09_6_2_8_results.files }}"
  loop_control:
      label: "{{ line_item.path }}"
      loop_var: line_item
  when:
      - rhel_09_6_2_8_results.files.isreg is defined
      - rhel9cis_rule_6_2_8|bool
  tags:
      - level1
      - patch
      - rule_6.2.8

- name: "SCORED | 6.2.8 | PATCH | Ensure users' home directories permissions are 750 or more restrictive"
  file:
      path: "{{ line_item.path }}"
      mode: 0750
  loop: "{{ rhel_09_6_2_8_results.files }}"
  loop_control:
      label: "{{ line_item.path }}"
      loop_var: line_item
  when:
      - rhel_09_6_2_8_results.files.isdir is defined
      - rhel9cis_rule_6_2_8|bool
  tags:
      - level1
      - patch
      - rule_6.2.8
Initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-01-07 09:06:18 +00:00			`---`
			`- name: "SCORED \| 6.2.8 \| PATCH \| Ensure users' home directories permissions are 750 or more restrictive"`
			`find:`
			`paths:`
			`- "{{ homedir }}"`
			`recurse: true`
			`file_type: any`
			`register: rhel_09_6_2_8_results`
			`when:`
			`- rhel9cis_rule_6_2_8\|bool`
			`tags:`
			`- level1`
			`- patch`
			`- rule_6.2.8`

			`- name: "SCORED \| 6.2.8 \| PATCH \| Ensure users' home directories permissions are 750 or more restrictive"`
			`file:`
			`path: "{{ line_item.path }}"`
			`mode: 0640`
			`loop: "{{ rhel_09_6_2_8_results.files }}"`
			`loop_control:`
			`label: "{{ line_item.path }}"`
			`loop_var: line_item`
			`when:`
			`- rhel_09_6_2_8_results.files.isreg is defined`
			`- rhel9cis_rule_6_2_8\|bool`
			`tags:`
			`- level1`
			`- patch`
			`- rule_6.2.8`

			`- name: "SCORED \| 6.2.8 \| PATCH \| Ensure users' home directories permissions are 750 or more restrictive"`
			`file:`
			`path: "{{ line_item.path }}"`
			`mode: 0750`
			`loop: "{{ rhel_09_6_2_8_results.files }}"`
			`loop_control:`
			`label: "{{ line_item.path }}"`
			`loop_var: line_item`
			`when:`
			`- rhel_09_6_2_8_results.files.isdir is defined`
			`- rhel9cis_rule_6_2_8\|bool`
			`tags:`
			`- level1`
			`- patch`
			`- rule_6.2.8`