ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

change logic thanks to @rjacobs1990 see #175

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-02-19 14:17:11 +00:00
parent 3313a1f2c3
commit 8e7e73bbb4
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tasks/section_4/cis_4.1.4.x.yml
View file

@ -64,12 +64,11 @@
- name: "4.1.4.5 | PATCH | Ensure audit configuration files are 640 or more restrictive" - name: "4.1.4.5 | PATCH | Ensure audit configuration files are 640 or more restrictive"
ansible.builtin.file: ansible.builtin.file:
path: "{{ item.path }}" path: "{{ item.path }}"
mode: '0640' mode: "{{ '0600' if item.mode == '0600' else '0640' }}"
loop: "{{ auditd_conf_files.files }}" loop: "{{ auditd_conf_files.files }}"
loop_control: loop_control:
label: "{{ item.path }}" label: "{{ item.path }}"
when: when:
- item.mode != '06(0|4)0'
- rhel9cis_rule_4_1_4_5 - rhel9cis_rule_4_1_4_5
tags: tags:
- level2-server - level2-server