---

- name: "4.2.3 | PATCH | Ensure permissions on all logfiles are configured"
  block:
      - name: "4.2.3 | AUDIT | Ensure permissions on all logfiles are configured | find files"
        ansible.builtin.find:
            paths: "/var/log"
            type: file
        register: logfiles

      - name: "4.2.3 | AUDIT | Ensure permissions on all logfiles are configured | find files"
        ansible.builtin.file:
            paths: "{{ item.path }}"
            mode: 0640
        register: logfiles
  when:
      - rhel9cis_rule_4_2_3
  tags:
      - level1-server
      - level1-workstation
      - automated
      - patch
      - logfiles
      - rule_4.2.3