ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Make task flexible by checking if the current file group owner is ssh_key

Browse source 
Signed-off-by: Thomas Rumbaut <thomas@rumbaut.be>
This commit is contained in:
Thomas Rumbaut 2025-10-02 16:05:54 +02:00 committed by GitHub
parent c69fedcf0a
commit 6429c1b8ef
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/section_5/cis_5.1.x.yml
View file

@ -41,8 +41,8 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ item.path }}" path: "{{ item.path }}"
owner: root owner: root
group: root group: "{{ 'ssh_keys' if (item.group == 'ssh_keys') else 'root' }}"
mode: 'u-x,go-rwx' mode: "{{ 'u-x,g-wx,o-rwx' if (item.group == 'ssh_keys') else 'u-x,go-rwx' }}"
loop: "{{ discovered_ssh_private_host_key.files }}" loop: "{{ discovered_ssh_private_host_key.files }}"
loop_control: loop_control:
label: "{{ item.path }}" label: "{{ item.path }}"