sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Merge pull request #99 from ansible-lockdown/umask

Browse source 
updated 5.6.5
This commit is contained in:
uk-bolly 2023-09-22 12:49:48 +01:00 committed by GitHub
commit 3525cb6aab
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Changelog.md
View file

@ -6,6 +6,7 @@
- lint updates - lint updates
- .secrets updated - .secrets updated
- file mode quoted - file mode quoted
- updated 5.6.5 thansk to feedback from S!ghs on discord community
## 1.1.1 - Based on CIS v1.0.0 ## 1.1.1 - Based on CIS v1.0.0

6
tasks/section_5/cis_5.6.x.yml
View file

@ -83,10 +83,10 @@
- name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive" - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive"
block: block:
- name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/login.defs pam_umask settings" - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/login.defs pam_umask settings"
ansible.builtin.lineinfile: ansible.builtin.replace:
path: "{{ item.path }}" path: "{{ item.path }}"
regexp: '(?i)(umask\s*)' regexp: (?i)(umask\s+\d\d\d)
line: '{{ item.line }} 027' replace: '{{ item.line }} 027'
with_items: with_items:
- { path: '/etc/bashrc', line: 'umask' } - { path: '/etc/bashrc', line: 'umask' }
- { path: '/etc/profile', line: 'umask' } - { path: '/etc/profile', line: 'umask' }