From 72c2b641d31c79f564c9ca45f498426e24dca632 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Thu, 19 Dec 2024 10:29:01 -0600
Subject: [PATCH] Ensure audit rules.d are set 0600

---
 shared/macros/10-bash.jinja                           | 2 +-
 shared/templates/audit_file_contents/ansible.template | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/shared/macros/10-bash.jinja b/shared/macros/10-bash.jinja
index 928f3f24d954..df31d0a4ffe8 100644
--- a/shared/macros/10-bash.jinja
+++ b/shared/macros/10-bash.jinja
@@ -390,7 +390,7 @@ then
     if [ ! -e "$key_rule_file" ]
     then
         touch "$key_rule_file"
-        chmod 0640 "$key_rule_file"
+        chmod 0600 "$key_rule_file"
     fi
     files_to_inspect+=("$key_rule_file")
 fi
diff --git a/shared/templates/audit_file_contents/ansible.template b/shared/templates/audit_file_contents/ansible.template
index a262386cfbf5..07a0ae4558e1 100644
--- a/shared/templates/audit_file_contents/ansible.template
+++ b/shared/templates/audit_file_contents/ansible.template
@@ -10,7 +10,7 @@
     )
 }}}
 
-- name: Remove any permissions from other group
-  file:
+- name: {{{ rule_title }}} - Remove any permissions from group and other
+  ansible.builtin.file:
     path: {{{ FILEPATH }}}
-    mode: o-rwx
+    mode: g-rwx,o-rwx