From 1ec17228ff358c8e4c1de45d1044ee98711397f5 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 12 May 2025 17:08:31 +0100
Subject: [PATCH] Updated logic thanks to @UZziell #40

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_2/cis_2.3.3.x.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/section_2/cis_2.3.3.x.yml b/tasks/section_2/cis_2.3.3.x.yml
index 19177b9..4f4f516 100644
--- a/tasks/section_2/cis_2.3.3.x.yml
+++ b/tasks/section_2/cis_2.3.3.x.yml
@@ -15,9 +15,9 @@
       ansible.builtin.template:
         src: "{{ item }}.j2"
         dest: "/{{ item }}"
-        mode: 'go-r'
+        mode: 'g=r,o-rwx'
         owner: root
-        group: root
+        group: "{% if ubtu24cis_rule_2_3_3_2 %}_chrony{% else %}root{% endif %}"
       loop:
         - etc/chrony/sources.d/pool.sources
         - etc/chrony/sources.d/server.sources