RHEL8-CIS
RHEL8-CIS copied to clipboard
Most likely wrong variable is used at "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
Hi,
It seems to me that you are using wrong variable name in the "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions" check and because of this log file ownership is not configured correctly.
Current code:
- name: "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
ansible.builtin.file:
path: "{{ item }}"
mode: '0640'
loop: "{{ discovered_logfiles_flattened }}"
when:
- rhel8cis_5_1_4_logfiles_flattened is defined
- item != "/var/log/btmp"
- item != "/var/log/utmp"
- item != "/var/log/wtmp"
Correct code:
- name: "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
ansible.builtin.file:
path: "{{ item }}"
mode: '0640'
loop: "{{ discovered_logfiles_flattened }}"
when:
- discovered_logfiles_flattened is defined
- item != "/var/log/btmp"
- item != "/var/log/utmp"
- item != "/var/log/wtmp"
Because rhel8cis_5_1_4_logfiles_flattened
does not exists anywhere in the codebase, the PATCH never gets applied. I assume it is only some copy/paste error.