From 5c57162c9607b9a611cd911b21d74c6d66555bab Mon Sep 17 00:00:00 2001
From: Math Fortin <mathieu.fortin@autodesk.com>
Date: Mon, 22 Jan 2024 13:42:37 -0500
Subject: [PATCH] Update cis_4.6.x.yml

Avoid capturing commented out lines.
Removed parenthesis as the capture group is not used, so those were not required.

Signed-off-by: Math Fortin <mathieu.fortin@autodesk.com>
---
 tasks/section_4/cis_4.6.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_4/cis_4.6.x.yml b/tasks/section_4/cis_4.6.x.yml
index 88e787c..f9fe37a 100644
--- a/tasks/section_4/cis_4.6.x.yml
+++ b/tasks/section_4/cis_4.6.x.yml
@@ -92,7 +92,7 @@
       - name: "4.6.5 | PATCH | Ensure default user umask is 027 or more restrictive | Set umask for /etc/login.defs pam_umask settings"
         ansible.builtin.lineinfile:
             path: "{{ item.path }}"
-            regexp: '(?i)(umask\s*)'
+            regexp: '(?i)^\s*umask\s*'
             line: '{{ item.line }} 027'
         with_items:
             - { path: '/etc/bashrc', line: 'umask' }