Most likely wrong variable is used at "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions"

[csabapatyi]

Hi,

It seems to me that you are using wrong variable name in the "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions" check and because of this log file ownership is not configured correctly.

Current code:

      - name: "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
        ansible.builtin.file:
            path: "{{ item }}"
            mode: '0640'
        loop: "{{ discovered_logfiles_flattened }}"
        when:
            - rhel8cis_5_1_4_logfiles_flattened is defined
            - item != "/var/log/btmp"
            - item != "/var/log/utmp"
            - item != "/var/log/wtmp"

Correct code:

      - name: "5.1.4 | PATCH | Ensure permissions on all logfiles are configured | change permissions"
        ansible.builtin.file:
            path: "{{ item }}"
            mode: '0640'
        loop: "{{ discovered_logfiles_flattened }}"
        when:
            - discovered_logfiles_flattened is defined
            - item != "/var/log/btmp"
            - item != "/var/log/utmp"
            - item != "/var/log/wtmp"

Because rhel8cis_5_1_4_logfiles_flattened does not exists anywhere in the codebase, the PATCH never gets applied. I assume it is only some copy/paste error.

[uk-bolly]

hi @csabapatyi

Thank you again for your time regarding this issue. You should find that this fix was merged into devel and is now in the main branch. I will close this issue, please feel free to reopen if this is not resolved as expected.

Many thanks

uk-bolly