From a48ca0e080c3e49595e0c6bf05767f23cfaeaac4 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 12 Nov 2024 08:20:16 +0000
Subject: [PATCH] updated of 6.2.10 inline with control

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_6/cis_6.2.x.yml | 20 +++-----------------
 1 file changed, 3 insertions(+), 17 deletions(-)

diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
index e1fc4d9..628d3f5 100644
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@@ -345,24 +345,10 @@
         loop_control:
             label: "{{ item.id }}"
 
-      # set default ACLs so the homedir has an effective umask of 0027
-      - name: "6.2.10 | PATCH | Ensure local interactive user home directories exist | Set group ACL"
-        ansible.posix.acl:
-            path: "{{ item }}"
-            default: true
-            etype: group
-            permissions: rx
-            state: present
-        loop: "{{ discovered_interactive_users_home.stdout_lines }}"
-        when: not system_is_container
-
-      - name: "6.2.10 | PATCH | Ensure local interactive user home directories exist | Set other ACL"
-        ansible.posix.acl:
+      - name: "6.2.10 | PATCH | Ensure local interactive user home directories exist | Permissions"
+        ansible.builtin.file:
             path: "{{ item }}"
-            default: true
-            etype: other
-            permissions: 0
-            state: present
+            mode: 'g-w,o-rwx'
         loop: "{{ discovered_interactive_users_home.stdout_lines }}"
         when: not system_is_container