From 88a497b1955d61b1e57771a07b44190639261ebd Mon Sep 17 00:00:00 2001
From: Christopher Papke <chris.papke@thalesgroup.com>
Date: Tue, 7 Jan 2025 12:57:02 -0800
Subject: [PATCH] Use shell for grep with shell expansions

Signed-off-by: Christopher Papke <chris.papke@thalesgroup.com>
---
 tasks/section_5/cis_5.3.2.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_5/cis_5.3.2.x.yml b/tasks/section_5/cis_5.3.2.x.yml
index eddf5ee..91e7186 100644
--- a/tasks/section_5/cis_5.3.2.x.yml
+++ b/tasks/section_5/cis_5.3.2.x.yml
@@ -141,7 +141,7 @@
     - rule_5.3.2.5
   block:
     - name: "5.3.2.5 | AUDIT | Ensure pam_unix module is enabled"
-      ansible.builtin.command: grep -P -- '\b(pam_unix\.so)\b' /etc/authselect/"$(head -1 /etc/authselect/authselect.conf)"/{system,password}-auth
+      ansible.builtin.shell: grep -P -- '\b(pam_unix\.so)\b' /etc/authselect/"$(head -1 /etc/authselect/authselect.conf)"/{system,password}-auth
       changed_when: false
       failed_when: discovered_discovered_authselect_pam_unix.rc not in [ 0, 1 ]
       register: discovered_discovered_authselect_pam_unix