ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

add file exclusions

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-19 11:29:03 +00:00
parent 184832d2ac
commit 163900e277
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tasks/section_4/cis_4.2.3.yml
View file

@ -9,13 +9,17 @@
recurse: true
register: logfiles
- name: "4.2.3 | AUDIT | Ensure permissions on all logfiles are configured | find files"
- name: "4.2.3 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
ansible.builtin.file:
path: "{{ item.path }}"
mode: 0640
loop: "{{ logfiles.files }}"
loop_control:
label: "{{ item.path }}"
when:
- item.path != "/var/log/btmp"
- item.path != "/var/log/utmp"
- item.path != "/var/log/wtmp"
when:
- rhel9cis_rule_4_2_3
tags: