ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 22:37:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Updated audit file permissions when running audit thansk to @steve-hayes

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-08-04 10:15:48 +01:00
parent 1bdef212bd
commit ef2c4d4ddb
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
2 changed files with 3 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/pre_remediation_audit.yml
View file

@ -47,7 +47,7 @@
remote_src: "{{ (audit_conf_source is contains('http')) | ternary(true, false) }}"
extra_opts: "{{ (audit_conf_source is contains('github')) | ternary('--strip-components=1', []) }}"
- name: Pre Audit Setup | Check goss is available
- name: Pre Audit Setup | Check Goss is available
when: run_audit
block:
- name: Pre Audit Setup | Check for goss file
@ -71,7 +71,7 @@
mode: 'go-rwx'
- name: Pre Audit | Run pre_remediation audit {{ benchmark }} # noqa name[template]
ansible.builtin.command: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ pre_audit_outfile }} -g \"{{ group_names }}\"" # noqa yaml[line-length]
ansible.builtin.shell: "umask 0022 && {{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ pre_audit_outfile }} -g \"{{ group_names }}\"" # noqa yaml[line-length]
changed_when: true
environment:
AUDIT_BIN: "{{ audit_bin }}"