Skip to content

Commit

Permalink
4.6.5 related to #27 thanks to @DianaMariaDDM
Browse files Browse the repository at this point in the history
Signed-off-by: Mark Bolwell <[email protected]>
  • Loading branch information
uk-bolly committed Feb 23, 2024
1 parent cd1c1f5 commit 2511f5a
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions tasks/section_4/cis_4.6.x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,14 +90,14 @@
- name: "4.6.5 | PATCH | Ensure default user umask is 027 or more restrictive"
block:
- name: "4.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/login.defs pam_umask settings"
ansible.builtin.lineinfile:
path: "{{ item.path }}"
regexp: '(?i)(umask\s*)'
line: '{{ item.line }} 027'
with_items:
- { path: '/etc/bashrc', line: 'umask' }
- { path: '/etc/profile', line: 'umask' }
- { path: '/etc/login.defs', line: 'UMASK' }
ansible.builtin.replace:
path: "{{ item }}"
regexp: ^(?i)(\s*umask)\s+(?!\d*[2,7]7)\d{3,4}
replace: '\1 027'
loop:
- /etc/bashrc
- /etc/profile
- /etc/login.defs

- name: "4.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/bashrc"
ansible.builtin.lineinfile:
Expand Down

0 comments on commit 2511f5a

Please sign in to comment.