From c9b97bec6e16da7b849a62b278c1c44822bf5572 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 17 Jan 2023 12:31:47 +0000
Subject: [PATCH] fixed loop

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_1/cis_1.4.x.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml
index 61174d2..af1579f 100644
--- a/tasks/section_1/cis_1.4.x.yml
+++ b/tasks/section_1/cis_1.4.x.yml
@@ -22,14 +22,14 @@
   block:
       - name: "1.4.2 | PATCH | Ensure permissions on bootloader config are configured"
         ansible.builtin.file:
-            path: /boot/grub2/grub.cfg
+            path: "/boot/grub2/{{ item.path }}"
             owner: root
             group: root
-            mode: 0600
+            mode: "{{ item.mode }}"
         loop:
-            - grub.cfg
-            - grubenv
-            - user.cfg
+            - { path: 'grub.cfg', mode: '0700' }
+            - { path: 'grubenv', mode: '0600' }
+            - { path: 'user.cfg', mode: '0600' }
 
   when:
       - rhel9cis_rule_1_4_2