From 1cf3c4d58b405072aa5e9f1e6d186f4a9cd230b0 Mon Sep 17 00:00:00 2001
From: Shawn Hardwick <time4swim@gmail.com>
Date: Wed, 5 Feb 2025 12:02:23 -0500
Subject: [PATCH] Update regexp for rule 2.1.21 to be more strict when updating
 line in file; allows task to be idempotent with itself

Signed-off-by: Shawn Hardwick <time4swim@gmail.com>
---
 tasks/section_2/cis_2.1.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_2/cis_2.1.x.yml b/tasks/section_2/cis_2.1.x.yml
index 19cacd2..166cd5d 100644
--- a/tasks/section_2/cis_2.1.x.yml
+++ b/tasks/section_2/cis_2.1.x.yml
@@ -699,7 +699,7 @@
       notify: Restart postfix
       ansible.builtin.lineinfile:
         path: /etc/postfix/main.cf
-        regexp: '^(#)?inet_interfaces'
+        regexp: '^(#)?inet_interfaces\s*=(?!\s*loopback-only\s*).*'
         line: 'inet_interfaces = loopback-only'
 
     - name: "2.1.21 | WARN | Ensure mail transfer agents are configured for local-only mode | Message out other main agents"