From c805ee398bb42415473461631af0af338d765786 Mon Sep 17 00:00:00 2001
From: rjacobs1990 <ricardojacobs20@gmail.com>
Date: Mon, 12 Feb 2024 14:47:12 +0100
Subject: [PATCH 1/3] fix: idempotency molecule issue fixed for logfiles #173

Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>
---
 tasks/section_4/cis_4.2.3.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_4/cis_4.2.3.yml b/tasks/section_4/cis_4.2.3.yml
index 19bfce8..867b253 100644
--- a/tasks/section_4/cis_4.2.3.yml
+++ b/tasks/section_4/cis_4.2.3.yml
@@ -13,7 +13,7 @@
       - name: "4.2.3 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
         ansible.builtin.file:
             path: "{{ item.path }}"
-            mode: '0640'
+            mode: "{% if item.mode != '0600' %}0640{% endif %}"
         loop: "{{ logfiles.files }}"
         loop_control:
             label: "{{ item.path }}"

From 8652390bebfc84ab8707ef5cdac2b2d6c8646226 Mon Sep 17 00:00:00 2001
From: rjacobs1990 <ricardojacobs20@gmail.com>
Date: Mon, 12 Feb 2024 15:55:42 +0100
Subject: [PATCH 2/3] fix: idempotency molecule issue fixed for logfiles and
 prevent skipping 0600 #173

Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>
---
 tasks/section_4/cis_4.2.3.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_4/cis_4.2.3.yml b/tasks/section_4/cis_4.2.3.yml
index 867b253..bebd40f 100644
--- a/tasks/section_4/cis_4.2.3.yml
+++ b/tasks/section_4/cis_4.2.3.yml
@@ -13,7 +13,7 @@
       - name: "4.2.3 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
         ansible.builtin.file:
             path: "{{ item.path }}"
-            mode: "{% if item.mode != '0600' %}0640{% endif %}"
+            mode: "{{ '0640' if item.mode != '0600' else '0600' }}"
         loop: "{{ logfiles.files }}"
         loop_control:
             label: "{{ item.path }}"

From 742165cd726ff8238a0e6bc569259ae35fd726a6 Mon Sep 17 00:00:00 2001
From: rjacobs1990 <ricardojacobs20@gmail.com>
Date: Mon, 12 Feb 2024 16:21:31 +0100
Subject: [PATCH 3/3] fix: more readable condition and prevent skipping 0600
 #173

Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>
---
 tasks/section_4/cis_4.2.3.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_4/cis_4.2.3.yml b/tasks/section_4/cis_4.2.3.yml
index bebd40f..823975a 100644
--- a/tasks/section_4/cis_4.2.3.yml
+++ b/tasks/section_4/cis_4.2.3.yml
@@ -13,7 +13,7 @@
       - name: "4.2.3 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
         ansible.builtin.file:
             path: "{{ item.path }}"
-            mode: "{{ '0640' if item.mode != '0600' else '0600' }}"
+            mode: "{{ '0600' if item.mode == '0600' else '0640' }}"
         loop: "{{ logfiles.files }}"
         loop_control:
             label: "{{ item.path }}"