From 5445766fe28eaa67c66eef2d20a9f83b9f0492bf Mon Sep 17 00:00:00 2001
From: George Nalen <georgen@mindpointgroup.com>
Date: Thu, 17 Apr 2025 16:39:08 -0500
Subject: [PATCH] adjust for crontab group on cron.allow issue #33

Signed-off-by: George Nalen <georgen@mindpointgroup.com>
---
 tasks/section_2/cis_2.4.1.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_2/cis_2.4.1.x.yml b/tasks/section_2/cis_2.4.1.x.yml
index a81990b..99bb0d4 100644
--- a/tasks/section_2/cis_2.4.1.x.yml
+++ b/tasks/section_2/cis_2.4.1.x.yml
@@ -154,5 +154,5 @@
       ansible.builtin.file:
         path: /etc/cron.allow
         owner: root
-        group: root
+        group: '{{ ("crontab" in discovered_cron_allow_status.stat.gr_name ) | ternary(omit,"root") }}'
         mode: 'u-x,g-wx,o-rwx'