Ensure audit rules.d are set 0600

ComplianceAsCode · Dec 19, 2024 · 72c2b64 · 72c2b64
1 parent a06c809
commit 72c2b64
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/shared/macros/10-bash.jinja b/shared/macros/10-bash.jinja
@@ -390,7 +390,7 @@ then
     if [ ! -e "$key_rule_file" ]
     then
         touch "$key_rule_file"
-        chmod 0640 "$key_rule_file"
+        chmod 0600 "$key_rule_file"
     fi
     files_to_inspect+=("$key_rule_file")
 fi

diff --git a/shared/templates/audit_file_contents/ansible.template b/shared/templates/audit_file_contents/ansible.template
@@ -10,7 +10,7 @@
     )
 }}}
 
-- name: Remove any permissions from other group
-  file:
+- name: {{{ rule_title }}} - Remove any permissions from group and other
+  ansible.builtin.file:
     path: {{{ FILEPATH }}}
-    mode: o-rwx
+    mode: g-rwx,o-rwx