ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-26 15:13:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

section 4 updates

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-12 11:38:53 +00:00
parent 95ad5fac9d
commit e62e5630b4
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
10 changed files with 413 additions and 270 deletions
Download patch file Download diff file Expand all files Collapse all files

15
tasks/section_4/cis_4.2.3.yml
View file

@ -1,9 +1,18 @@
---
- name: "4.2.3 | PATCH | Ensure permissions on all logfiles are configured"
command: find /var/log -type f -exec chmod g-wx,o-rwx "{}" +
changed_when: false
failed_when: false
block:
- name: "4.2.3 | AUDIT | Ensure permissions on all logfiles are configured | find files"
ansible.builtin.find:
paths: "/var/log"
type: file
register: logfiles
- name: "4.2.3 | AUDIT | Ensure permissions on all logfiles are configured | find files"
ansible.builtin.file:
paths: "{{ item.path }}"
mode: 0640
register: logfiles
when:
- rhel9cis_rule_4_2_3
tags: