ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #99 from ansible-lockdown/umask

Browse source 
updated 5.6.5
This commit is contained in:
uk-bolly 2023-09-22 12:49:48 +01:00 committed by GitHub
commit 3525cb6aab
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Changelog.md
View file

@ -6,6 +6,7 @@
- lint updates
- .secrets updated
- file mode quoted
- updated 5.6.5 thansk to feedback from S!ghs on discord community
## 1.1.1 - Based on CIS v1.0.0

6
tasks/section_5/cis_5.6.x.yml
View file

@ -83,10 +83,10 @@
- name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive"
block:
- name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/login.defs pam_umask settings"
ansible.builtin.lineinfile:
ansible.builtin.replace:
path: "{{ item.path }}"
regexp: '(?i)(umask\s*)'
line: '{{ item.line }} 027'
regexp: (?i)(umask\s+\d\d\d)
replace: '{{ item.line }} 027'
with_items:
- { path: '/etc/bashrc', line: 'umask' }
- { path: '/etc/profile', line: 'umask' }