Merge pull request #427 from ansible-lockdown/6_2_10

uk-bolly · web-flow · commit e0f8a3e86765 · 2024-11-12T13:52:33.000Z
updated of 6.2.10 inline with control
diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
@@ -345,24 +345,10 @@
         loop_control:
             label: "{{ item.id }}"
 
-      # set default ACLs so the homedir has an effective umask of 0027
-      - name: "6.2.10 | PATCH | Ensure local interactive user home directories exist | Set group ACL"
-        ansible.posix.acl:
-            path: "{{ item }}"
-            default: true
-            etype: group
-            permissions: rx
-            state: present
-        loop: "{{ discovered_interactive_users_home.stdout_lines }}"
-        when: not system_is_container
-
-      - name: "6.2.10 | PATCH | Ensure local interactive user home directories exist | Set other ACL"
-        ansible.posix.acl:
+      - name: "6.2.10 | PATCH | Ensure local interactive user home directories exist | Permissions"
+        ansible.builtin.file:
             path: "{{ item }}"
-            default: true
-            etype: other
-            permissions: 0
-            state: present
+            mode: 'g-w,o-rwx'
         loop: "{{ discovered_interactive_users_home.stdout_lines }}"
         when: not system_is_container
 
