From a57c499638f1597d646a08927dbf96f174f412a5 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 1 Feb 2022 17:53:46 +0000
Subject: [PATCH] fixed UID logic

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_5/cis_5.5.x.yml | 4 ++--
 tasks/section_6/cis_6.2.x.yml | 7 +++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/tasks/section_5/cis_5.5.x.yml b/tasks/section_5/cis_5.5.x.yml
index 83f8d7e..bf77a52 100644
--- a/tasks/section_5/cis_5.5.x.yml
+++ b/tasks/section_5/cis_5.5.x.yml
@@ -13,7 +13,7 @@
             - item.id != "sync"
             - item.id != "shutdown"
             - item.id != "halt"
-            - item.gid < min_int_uid
+            - item.uid < 1000
             - item.shell != "      /bin/false"
             - item.shell != "      /usr/sbin/nologin"
 
@@ -28,7 +28,7 @@
             - item.id != "shutdown"
             - item.id != "sync"
             - item.id != "root"
-            - item.gid < min_int_uid
+            - item.uid < 1000
             - item.shell != "      /bin/false"
             - item.shell != "      /usr/sbin/nologin"
   when:
diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
index 7242132..8c0c9aa 100644
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@@ -134,9 +134,12 @@
       - name: "6.2.7 | L1 | AUDIT | Ensure users' home directories permissions are 750 or more restrictive"
         stat:
             path: "{{ item }}"
-        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid) | selectattr('uid', '!=', max_int_uid) | map(attribute='dir') | list }}"
+        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid | int) | selectattr('uid', '<', max_int_uid | int) | selectattr('dir', '!=', '/') | map(attribute='dir') | list }}"
         register: rhel_09_6_2_7_audit
 
+      - debug:
+          var: rhel_09_6_2_7_audit
+
       - name: "6.2.7 | L1 | AUDIT | Ensure users' home directories permissions are 750 or more restrictive"
         shell: find -H {{ item.0 | quote }} -not -type l -perm /027
         args:
@@ -500,7 +503,7 @@
         stat:
             path: "{{ item }}"
         register: rhel_09_6_2_20_audit
-        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid) | selectattr('uid', '!=', max_int_uid) | map(attribute='dir') | list }}"
+        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid | int) | selectattr('uid', '<', max_int_uid | int) | selectattr('dir', '!=', '/') | map(attribute='dir') | list }}"
 
       - name: "6.2.20 | L1 | AUDIT | Ensure all users' home directories exist"
         shell: find -H {{ item.0 | quote }} -not -type l -perm /027