5.6.5 Ensure default user umask is 027 or more restrictive: CIS-CAT check fails.

[brisky]

Describe the Issue CIS-CAT fails for this test, because it expects an entry session required pam_umask.so' in /etc/pam.d/system-auth

Remediation does not cover issue.

Expected Behavior CIS-CAT Assessment pass.

Actual Behavior CIS-CAT Assessment fail.

Control(s) Affected 5.6.5 Ensure default user umask is 027 or more restrictive.

Environment :

• branch being used: devel
• Ansible Version: 2.15.4
• Host Python Version: 3.9.6
• Ansible Server Python Version: 3.9.16
• Additional Details: N/A

Additional Notes N/A

Possible Solution Fix on cis_5.6.x.yml

      - name: "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Force umask on sessions /etc/pam.d/system-auth"
        ansible.builtin.lineinfile:
            path: /etc/pam.d/system-auth
            line: 'session     required            pam_umask.so'
            insertafter: EOF

[brisky]

Should have been opened in RHEL9-CIS.