updated thanks to @papapenguin on discord community

Signed-off-by: Mark Bolwell <[email protected]>
ansible-lockdown · Jul 10, 2024 · aed789e · aed789e
1 parent d97307e
commit aed789e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/tasks/section_1/cis_1.1.2.3.x.yml b/tasks/section_1/cis_1.1.2.3.x.yml
@@ -25,7 +25,7 @@
 
 - name: |
          "1.1.2.3.2 | PATCH | Ensure nodev option set on /home partition
-          1.1.2.3.3 | PATCH | Ensure nosuid option set on /home partition
+          1.1.2.3.3 | PATCH | Ensure nosuid option set on /home partition"
   when:
       - item.mount == "/home"
       - amazon2cis_tmp_svc

diff --git a/templates/etc/systemd/system/tmp.mount.j2 b/templates/etc/systemd/system/tmp.mount.j2
@@ -15,7 +15,7 @@ After=swap.target
 What=tmpfs
 Where=/tmp
 Type=tmpfs
-Options=mode=1777,strictatime,{% if amazon2cis_rule_1_1_3 %}noexec,{% endif %}{% if amazon2cis_rule_1_1_4 %}nodev,{% endif %}{% if amazon2cis_rule_1_1_5 %}nosuid{% endif %}
+Options=mode=1777,strictatime,{% if amazon2cis_rule_1_1_2_1_2 %}nodev,{% endif %}{% if amazon2cis_rule_1_1_2_1_3 %}nosuid,{% endif %}{% if amazon2cis_rule_1_1_2_1_4 %}noexec{% endif %}
 
 # Make 'systemctl enable tmp.mount' work:
 [Install]