sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Updated layout

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-03-10 15:08:12 +00:00
parent b170c4ac73
commit ebdb8b9129
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/section_4/cis_4.1.4.x.yml
View file

@ -8,14 +8,14 @@
block: block:
- name: "4.1.4.1 | AUDIT | Ensure audit log files are mode 0640 or less permissive | discover file" - name: "4.1.4.1 | AUDIT | Ensure audit log files are mode 0640 or less permissive | discover file"
ansible.builtin.shell: grep ^log_file /etc/audit/auditd.conf | awk '{ print $NF }' ansible.builtin.shell: grep ^log_file /etc/audit/auditd.conf | awk '{ print $NF }'
register: audit_discovered_logfile
changed_when: false changed_when: false
register: audit_discovered_logfile
- name: "4.1.4.1 | AUDIT | Ensure audit log files are mode 0640 or less permissive | stat file" - name: "4.1.4.1 | AUDIT | Ensure audit log files are mode 0640 or less permissive | stat file"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ audit_discovered_logfile.stdout }}" path: "{{ audit_discovered_logfile.stdout }}"
register: auditd_logfile
changed_when: false changed_when: false
register: auditd_logfile
- name: | - name: |
"4.1.4.1 | PATCH | Ensure audit log files are mode 0640 or less permissive" "4.1.4.1 | PATCH | Ensure audit log files are mode 0640 or less permissive"