Removing the 6.1.12 duplicate task and adding it to the 6.1.10 task a…

…s it was implementing something needed by 6.1.10. Signed-off-by: Diana-Maria Dumitru <[email protected]>
ansible-lockdown · Feb 21, 2024 · a480622 · a480622
1 parent 75ea3ec
commit a480622
Showing 1 changed file with 6 additions and 15 deletions.
diff --git a/tasks/section_6/cis_6.1.x.yml b/tasks/section_6/cis_6.1.x.yml
@@ -191,13 +191,19 @@
         when:
             - amzn2023cis_6_1_10_perms_results.stdout_lines is defined
             - amzn2023cis_no_world_write_adjust
+
+      - name: "6.1.10 | PATCH | Ensure sticky bit is set on all world-writable directories"
+        ansible.builtin.shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
+        changed_when: false
+        failed_when: false
   when:
       - amzn2023cis_rule_6_1_10
   tags:
       - level1-server
       - patch
       - files
       - permissions
+      - stickybits
       - rule_6.1.10
       - nist_sp800-53r5_AC-3
       - nist_sp800-53r5_MP-2
@@ -278,21 +284,6 @@
       - nist_sp800-53r5_AC-3
       - nist_sp800-53r5_MP-2
 
-- name: "6.1.12 | PATCH | Ensure sticky bit is set on all world-writable directories"
-  ansible.builtin.shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
-  changed_when: false
-  failed_when: false
-  when:
-      - amzn2023cis_rule_6_1_12
-  tags:
-      - level1-server
-      - patch
-      - stickybits
-      - permissons
-      - rule_6.1.12
-      - nist_sp800-53r5_AC-3
-      - nist_sp800-53r5_MP-2
-
 - name: "6.1.12 | AUDIT | Ensure SUID and SGID files are reviewed"
   block:
       - name: "6.1.12 | AUDIT | Ensure SUID and SGID files are reviewed | Find all SUID executables"