sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

lint

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-12 13:47:13 +00:00
parent 3321547bfa
commit dae7d03c34
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
7 changed files with 48 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/section_4/cis_4.2.2.x.yml
View file

@ -183,14 +183,14 @@
- name: "4.2.2.7 | AUDIT | Ensure journald default file permissions configured | Set live file"
ansible.builtin.set_fact:
systemd_conf_file: /etc/tmpfiles.d/systemd.conf
systemd_conf_file: /etc/tmpfiles.d/systemd.conf
when: rhel9cis_4_2_2_7_override_stat.exists
- name: "4.2.2.7 | PATCH | Ensure journald default file permissions configured | Set permission"
ansible.builtin.lineinfile:
path: "{{ /etc/tmpfiles.d/systemd.conf | default('/usr/lib/tmpfiles.d/systemd.conf') }}"
regexp: "^z \/var\/log\/journal\/%m\/system.journal (!?06(0|4)0) root"
line: 'z /var/log/journal/%m/system.journal 0640 root systemd-journal - -'
path: "{{ systemd_conf_file | default('/usr/lib/tmpfiles.d/systemd.conf') }}"
regexp: "^z \/var\/log\/journal\/%m\/system.journal (!?06(0|4)0) root"
line: 'z /var/log/journal/%m/system.journal 0640 root systemd-journal - -'
when:
- rhel9cis_rule_4_2_2_7