From 4b62f0fc3518352b1d0d36758f7945bfa8fa05b9 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 4 Aug 2025 09:56:30 +0100
Subject: [PATCH] Updated post steps inline with pre steps for file permissions

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/post_remediation_audit.yml | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/tasks/post_remediation_audit.yml b/tasks/post_remediation_audit.yml
index 68e7035..357a23f 100644
--- a/tasks/post_remediation_audit.yml
+++ b/tasks/post_remediation_audit.yml
@@ -1,22 +1,13 @@
 ---
 
 - name: Post Audit | Run post_remediation {{ benchmark }} audit  # noqa name[template]
-  ansible.builtin.command: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ post_audit_outfile }} -g \"{{ group_names }}\""
+  ansible.builtin.shell: "umask 0022 && {{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ post_audit_outfile }} -g \"{{ group_names }}\""  # noqa yaml[line-length]
   changed_when: true
   environment:
     AUDIT_BIN: "{{ audit_bin }}"
     AUDIT_CONTENT_LOCATION: "{{ audit_conf_dest | default('/opt') }}"
     AUDIT_FILE: goss.yml
 
-- name: Post Audit | ensure audit files readable by users
-  ansible.builtin.file:
-    path: "{{ item }}"
-    mode: '0644'
-    state: file
-  loop:
-    - "{{ post_audit_outfile }}"
-    - "{{ pre_audit_outfile }}"
-
 - name: Post Audit | Capture audit data if json format
   when: audit_format == "json"
   block: