colin
/
UBUNTU24-CIS
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

addressed #15 thanks tou @WhiteRoseLK 

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-02-14 11:58:46 +00:00
parent 2bb9240aae
commit fdcee67e0a
No known key found for this signature in database
GPG Key ID: 997FF7FE93AEB5B9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tasks/section_7/cis_7.2.x.yml
View File

@ -309,7 +309,7 @@
warn_control_id: '7.2.10'
block:
- name: "7.2.10 | AUDIT | Ensure local interactive user dot files access is configured | Check for files"
ansible.builtin.shell: find /home/ -name "\.*" -perm /g+w,o+w
ansible.builtin.shell: find /home/ /root/ -name "\.*" -type f -perm /u+x,g+wx,o+wx
changed_when: false
failed_when: discovered_homedir_dot_files.rc not in [ 0, 1 ]
check_mode: false
@ -336,5 +336,5 @@
- ubtu24cis_dotperm_ansiblemanaged
ansible.builtin.file:
path: '{{ item }}'
mode: 'go-w'
mode: 'u-x,go-wx'
with_items: "{{ discovered_homedir_dot_files.stdout_lines }}"