sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Added login.defs 5.6.5

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-10-14 12:09:30 +01:00
parent 4fe4346f35
commit 2491357136
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tasks/section_5/cis_5.6.x.yml
View file

@ -87,6 +87,15 @@
- name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive" - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive"
block: block:
- name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/login.defs pam_umask settings"
replace:
path: /etc/login.defs
regexp: "{{ item.regexp }}"
replace: "{{ item.replace }}"
loop:
- { regexp: '(UMASK\s+)0[012][0-6]', replace: '\1 027' }
- { regexp: '(USERGROUPS_ENAB\s+)yes', replace: '\1 no' }
- name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/bashrc" - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/bashrc"
replace: replace:
path: /etc/bashrc path: /etc/bashrc