From c51712e910eefa5f978fe20eb1984acd17d99714 Mon Sep 17 00:00:00 2001
From: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Date: Tue, 6 Feb 2024 22:40:07 +0200
Subject: [PATCH] Check_mode: false, otherwise gets skipped

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
---
 tasks/section_5/cis_5.6.x.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/section_5/cis_5.6.x.yml b/tasks/section_5/cis_5.6.x.yml
index dffc2d8..6500d9c 100644
--- a/tasks/section_5/cis_5.6.x.yml
+++ b/tasks/section_5/cis_5.6.x.yml
@@ -103,7 +103,7 @@
             grep -E -q "^session\s*(optional|requisite|required)\s*pam_umask.so$" /etc/pam.d/system-auth
         ignore_errors: true
         no_log: true
-        check_mode: true
+        check_mode: false
         register: pam_umask_line_present_system
 
       - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | If needed, load session umask.so in system-auth"
@@ -119,7 +119,7 @@
             grep -E -q "^session\s*(optional|requisite|required)\s*pam_umask.so$" /etc/pam.d/password-auth
         ignore_errors: true
         no_log: true
-        check_mode: true
+        check_mode: false
         register: pam_umask_line_present_password
 
       - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | If needed, load session umask.so in password-auth"