RHEL8-CIS icon indicating copy to clipboard operation
RHEL8-CIS copied to clipboard

Published 20 hours ago verified publisher icon ansible-lockdown

Most likely wrong variable is used at "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions"

Open csabapatyi opened this issue 3 weeks ago • 0 comments

Hi,

It seems to me that you are using wrong variable name in the "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions" check and because of this log file ownership is not configured correctly.

Current code:

      - name: "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
        ansible.builtin.file:
            path: "{{ item }}"
            mode: '0640'
        loop: "{{ discovered_logfiles_flattened }}"
        when:
            - rhel8cis_5_1_4_logfiles_flattened is defined
            - item != "/var/log/btmp"
            - item != "/var/log/utmp"
            - item != "/var/log/wtmp"

Correct code:

      - name: "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
        ansible.builtin.file:
            path: "{{ item }}"
            mode: '0640'
        loop: "{{ discovered_logfiles_flattened }}"
        when:
            - discovered_logfiles_flattened is defined
            - item != "/var/log/btmp"
            - item != "/var/log/utmp"
            - item != "/var/log/wtmp"

Because rhel8cis_5_1_4_logfiles_flattened does not exists anywhere in the codebase, the PATCH never gets applied. I assume it is only some copy/paste error.

csabapatyi avatar Jun 24 '24 06:06 csabapatyi