Describe the Issue
CIS-CAT fails for this test, because it expects an entry
session required pam_umask.so'
in /etc/pam.d/system-auth
Remediation does not cover issue.
Expected Behavior
CIS-CAT Assessment pass.
Actual Behavior
CIS-CAT Assessment fail.
Control(s) Affected
5.6.5 Ensure default user umask is 027 or more restrictive.
Environment :
branch being used: devel
Ansible Version: 2.15.4
Host Python Version: 3.9.6
Ansible Server Python Version: 3.9.16
Additional Details: N/A
Additional Notes
N/A
Possible Solution
Fix on cis_5.6.x.yml
- name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Force umask on sessions /etc/pam.d/system-auth"
ansible.builtin.lineinfile:
path: /etc/pam.d/system-auth
line: 'session required pam_umask.so'
insertafter: EOF
Describe the Issue CIS-CAT fails for this test, because it expects an entry session required pam_umask.so' in
/etc/pam.d/system-auth
Remediation does not cover issue.
Expected Behavior CIS-CAT Assessment pass.
Actual Behavior CIS-CAT Assessment fail.
Control(s) Affected 5.6.5 Ensure default user umask is 027 or more restrictive.
Environment :
Additional Notes N/A
Possible Solution Fix on cis_5.6.x.yml