From 163900e277d318988c499852ad0b6429bbd0154d Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Thu, 19 Jan 2023 11:29:03 +0000
Subject: [PATCH] add file exclusions

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_4/cis_4.2.3.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tasks/section_4/cis_4.2.3.yml b/tasks/section_4/cis_4.2.3.yml
index 8a7ae83..a391254 100644
--- a/tasks/section_4/cis_4.2.3.yml
+++ b/tasks/section_4/cis_4.2.3.yml
@@ -9,13 +9,17 @@
             recurse: true
         register: logfiles
 
-      - name: "4.2.3 | AUDIT | Ensure permissions on all logfiles are configured | find files"
+      - name: "4.2.3 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
         ansible.builtin.file:
             path: "{{ item.path }}"
             mode: 0640
         loop: "{{ logfiles.files }}"
         loop_control:
             label: "{{ item.path }}"
+        when:
+            - item.path != "/var/log/btmp"
+            - item.path != "/var/log/utmp"
+            - item.path != "/var/log/wtmp"
   when:
       - rhel9cis_rule_4_2_3
   tags: