sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Fix UMASK hardening

Browse source 
Signed-off-by: Adam Lewandowski <adam.lewandowski@plxis.com>
This commit is contained in:
Adam Lewandowski 2022-05-09 13:47:12 -04:00
parent e93d1ca735
commit b9a3e3d2c6
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/section_5/cis_5.6.x.yml
View file

@ -91,13 +91,13 @@
replace:
path: /etc/bashrc
regexp: '^(?i)(\s+UMASK|UMASK)\s0[0-2][0-6]'
replace: 'UMASK 027'
replace: '\1 027'
- name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/profile"
replace:
path: /etc/profile
regexp: '^(?i)(\s+UMASK|UMASK)\s0[0-2][0-6]'
replace: 'UMASK 027'
replace: '\1 027'
when:
- rhel9cis_rule_5_6_5
tags: