updated 5.6.5

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-09-22 08:44:43 +01:00 · 2023-09-22 08:44:43 +01:00 · 729fac3580
commit 729fac3580
parent 60f756adb5
2 changed files with 4 additions and 3 deletions
--- a/Changelog.md
+++ b/Changelog.md
@ -6,6 +6,7 @@
 - lint updates
 - .secrets updated
 - file mode quoted
+- updated 5.6.5 thansk to feedback from S!ghs on discord community

 ## 1.1.1 - Based on CIS v1.0.0

--- a/tasks/section_5/cis_5.6.x.yml
+++ b/tasks/section_5/cis_5.6.x.yml
@ -83,10 +83,10 @@
 - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive"
  block:
      - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/login.defs pam_umask settings"
-        ansible.builtin.lineinfile:
+        ansible.builtin.replace:
            path: "{{ item.path }}"
-            regexp: '(?i)(umask\s*)'
-            line: '{{ item.line }} 027'
+            regexp: (?i)(umask\s+\d\d\d)
+            replace: '{{ item.line }} 027'
        with_items:
            - { path: '/etc/bashrc', line: 'umask' }
            - { path: '/etc/profile', line: 'umask' }