From 6128104385705f77f6850e868fe394089c1c6fa8 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 20 Aug 2024 16:07:27 +0100
Subject: [PATCH] Added greate logfile logic is file changed

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_6/cis_6.2.4.1.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tasks/section_6/cis_6.2.4.1.yml b/tasks/section_6/cis_6.2.4.1.yml
index 07ba04b..dd584e0 100644
--- a/tasks/section_6/cis_6.2.4.1.yml
+++ b/tasks/section_6/cis_6.2.4.1.yml
@@ -27,6 +27,8 @@
       ansible.builtin.file:
         path: "{{ item }}"
         mode: 'u-x,g-wx,o-rwx'
+      failed_when: rhel9cis_logfile_list.state not in '[ file, absent ]'
+      register: rhel9cis_logfile_list
       loop: "{{ discovered_logfiles.stdout_lines }}"
 
     - name: "6.2.4.1 | PATCH | Ensure access to all logfiles has been configured | change permissions"
@@ -36,6 +38,8 @@
       ansible.builtin.file:
         path: "{{ item }}"
         mode: 'u-x,g-x,o-rwx'
+      failed_when: rhel9cis_logfile_list.state not in '[ file, absent ]'
+      register: rhel9cis_logfile_list
       loop: "{{ discovered_logfiles.stdout_lines }}"
 
     - name: "6.2.4.1 | PATCH | Ensure access to all logfiles has been configured | change permissions"
@@ -49,4 +53,6 @@
       ansible.builtin.file:
         path: "{{ item }}"
         mode: 'ug-x,o-wx'
+      failed_when: rhel9cis_logfile_list.state not in '[ file, absent ]'
+      register: rhel9cis_logfile_list
       loop: "{{ discovered_logfiles.stdout_lines }}"