From b9a3e3d2c6c7ed102d08bd8069ddd8c85224444d Mon Sep 17 00:00:00 2001
From: Adam Lewandowski <adam.lewandowski@plxis.com>
Date: Mon, 9 May 2022 13:47:12 -0400
Subject: [PATCH] Fix UMASK hardening

Signed-off-by: Adam Lewandowski <adam.lewandowski@plxis.com>
---
 tasks/section_5/cis_5.6.x.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/section_5/cis_5.6.x.yml b/tasks/section_5/cis_5.6.x.yml
index 91540ea..0541f9b 100644
--- a/tasks/section_5/cis_5.6.x.yml
+++ b/tasks/section_5/cis_5.6.x.yml
@@ -91,13 +91,13 @@
         replace:
             path: /etc/bashrc
             regexp: '^(?i)(\s+UMASK|UMASK)\s0[0-2][0-6]'
-            replace: 'UMASK 027'
+            replace: '\1 027'
 
       - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/profile"
         replace:
             path: /etc/profile
             regexp: '^(?i)(\s+UMASK|UMASK)\s0[0-2][0-6]'
-            replace: 'UMASK 027'
+            replace: '\1 027'
   when:
       - rhel9cis_rule_5_6_5
   tags: