From fdcee67e0a18a0cbf28b2496fbea3a4dcdfc4d71 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Fri, 14 Feb 2025 11:58:46 +0000
Subject: [PATCH] addressed #15 thanks tou @WhiteRoseLK

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_7/cis_7.2.x.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/section_7/cis_7.2.x.yml b/tasks/section_7/cis_7.2.x.yml
index e5a555a..a94f48a 100644
--- a/tasks/section_7/cis_7.2.x.yml
+++ b/tasks/section_7/cis_7.2.x.yml
@@ -309,7 +309,7 @@
     warn_control_id: '7.2.10'
   block:
     - name: "7.2.10 | AUDIT | Ensure local interactive user dot files access is configured | Check for files"
-      ansible.builtin.shell: find /home/ -name "\.*" -perm /g+w,o+w
+      ansible.builtin.shell: find /home/ /root/ -name "\.*" -type f -perm /u+x,g+wx,o+wx
       changed_when: false
       failed_when: discovered_homedir_dot_files.rc not in [ 0, 1 ]
       check_mode: false
@@ -336,5 +336,5 @@
         - ubtu24cis_dotperm_ansiblemanaged
       ansible.builtin.file:
         path: '{{ item }}'
-        mode: 'go-w'
+        mode: 'u-x,go-wx'
       with_items: "{{ discovered_homedir_dot_files.stdout_lines }}"