You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the Issue
In the task named "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive", ansible task is looking for the umask value in /etc/bashrc, /etc/profile and /etc/login.defs and the patch has to replace the actual value of umask (for example umask 022) to umask 027.
But it seems that, after testing the regex (^(?i)(\s+UMASK|UMASK)\s0[0-2][0-6]) using the line i have in my file /etc/bashrc ([ umask -eq 0 ] && umask 022), it does not match anything.
Expected Behavior
I expect that my /etc/bashrc has umask set to 027 after running the CIS compliance playbook.
Actual Behavior
After running the playbook, the value of umask in /etc/bashrc is still 022 and oscap compliance to cis is still not validated for this task.
Control(s) Affected
"Ensure the Default Bash Umask is Set Correctly"
Environment :
branch being used: devel
Ansible Version: 2.8.7
Host Python Version: 2.7.5
Ansible Server Python Version: 2.8.7
Possible Solution
I tried this regex for my case and it seems to work well :
(?i)(umask)\s0[0-2][0-6]
The text was updated successfully, but these errors were encountered:
Thank you for raising this issue, while i can see you are using an older version of ansible (glad its still works for you). You are correct your example would not be caught by the current regex. Feedback and real world examples like this help us to ensure we can capture as many variations as possible. The original regex was only failing as it expected it at the beginning of the line. The solution you have provided is therefor a much cleaner fix. I will add this to a new branch today ready for PR.
Describe the Issue
In the task named "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive", ansible task is looking for the umask value in /etc/bashrc, /etc/profile and /etc/login.defs and the patch has to replace the actual value of umask (for example umask 022) to umask 027.
But it seems that, after testing the regex (^(?i)(\s+UMASK|UMASK)\s0[0-2][0-6]) using the line i have in my file /etc/bashrc ([
umask
-eq 0 ] && umask 022), it does not match anything.Expected Behavior
I expect that my /etc/bashrc has umask set to 027 after running the CIS compliance playbook.
Actual Behavior
After running the playbook, the value of umask in /etc/bashrc is still 022 and oscap compliance to cis is still not validated for this task.
Control(s) Affected
"Ensure the Default Bash Umask is Set Correctly"
Environment :
Possible Solution
I tried this regex for my case and it seems to work well :
(?i)(umask)\s0[0-2][0-6]
The text was updated successfully, but these errors were encountered: