sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

interactive users ilogic improvements thanks to @polski-g

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-05-23 16:05:01 +01:00
parent daf5a3f462
commit f83e5a69a2
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
5 changed files with 20 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/section_7/cis_7.2.x.yml
View file

@ -256,7 +256,7 @@
etype: group
permissions: rx
state: present
loop: "{{ prelim_interactive_users_home.stdout_lines }}"
loop: "{{ prelim_interactive_users | map(attribute='home') | list }}"
- name: "7.2.8 | PATCH | Ensure local interactive user home directories are configured | Set other ACL"
when: not system_is_container
@ -266,7 +266,7 @@
etype: other
permissions: 0
state: present
loop: "{{ prelim_interactive_users_home.stdout_lines }}"
loop: "{{ prelim_interactive_users | map(attribute='home') | list }}"
- name: "7.2.9 | PATCH | Ensure local interactive user dot files access is configured"
when:
@ -315,6 +315,6 @@
ansible.builtin.file:
path: '{{ item }}'
mode: 'go-w'
owner: "{{ rhel9cis_passwd | selectattr('dir', 'in', prelim_interactive_users_home.stdout_lines) | selectattr('dir', 'in', item) | map(attribute='uid') | last }}"
group: "{{ rhel9cis_passwd | selectattr('dir', 'in', prelim_interactive_users_home.stdout_lines) | selectattr('dir', 'in', item) | map(attribute='gid') | last }}"
owner: "{{ rhel9cis_passwd | selectattr('dir', 'in', prelim_interactive_users_raw.stdout_lines) | selectattr('dir', 'in', item) | map(attribute='uid') | last }}"
group: "{{ rhel9cis_passwd | selectattr('dir', 'in', prelim_interactive_users_raw.stdout_lines) | selectattr('dir', 'in', item) | map(attribute='gid') | last }}"
with_items: "{{ discovered_homedir_hidden_files.stdout_lines }}"