RHEL9-CIS/tasks/section_4/cis_4.2.3.yml

---

- name: "4.2.3 | PATCH | Ensure permissions on all logfiles are configured"
  block:
      - name: "4.2.3 | AUDIT | Ensure permissions on all logfiles are configured | find files"
        ansible.builtin.find:
            paths: "/var/log"
            file_type: file
            recurse: true
        register: logfiles

      - name: "4.2.3 | AUDIT | Ensure permissions on all logfiles are configured | find files"
        ansible.builtin.file:
            path: "{{ item.path }}"
            mode: 0640
        loop: "{{ logfiles.files }}"
        loop_control:
            label: "{{ item.path }}"
  when:
      - rhel9cis_rule_4_2_3
  tags:
      - level1-server
      - level1-workstation
      - automated
      - patch
      - logfiles
      - rule_4.2.3