From aab873f3a99b89e93dd633f84bd1b2dca6f03f99 Mon Sep 17 00:00:00 2001
From: Dan D <daniel.deremiah@windriver.com>
Date: Thu, 4 Jan 2024 20:33:32 -0800
Subject: [PATCH] Groups the Defaults together

Signed-off-by: Dan D <daniel.deremiah@windriver.com>
---
 tasks/section_4/cis_4.3.x.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tasks/section_4/cis_4.3.x.yml b/tasks/section_4/cis_4.3.x.yml
index a4a5c0f..a443285 100644
--- a/tasks/section_4/cis_4.3.x.yml
+++ b/tasks/section_4/cis_4.3.x.yml
@@ -19,7 +19,7 @@
       path: /etc/sudoers
       regexp: '^\s*Defaults\s+use_pty\s*$'
       line: 'Defaults use_pty'
-      insertafter: 'EOF'
+      insertafter: '^\s*Defaults'
   when:
       - ubtu20cis_rule_4_3_2
   tags:
@@ -35,7 +35,7 @@
       path: /etc/sudoers
       regexp: '^\s*Defaults\s+logfile\s*='
       line: 'Defaults logfile="{{ ubtu20cis_sudo_logfile }}"'
-      insertafter: 'EOF'
+      insertafter: '^\s*Defaults'
   when:
       - ubtu20cis_rule_4_3_3
   tags:
@@ -92,6 +92,7 @@
             regexp: '^\s*Defaults\s+timestamp_timeout\s*='
             line: "Defaults timestamp_timeout={{ ubtu20cis_sudo_timestamp_timeout }}"
             validate: '/usr/sbin/visudo -cf %s'
+            insertafter: '^\s*Defaults'
         when: ubtu20cis_4_3_6_timeout_files.stdout | length == 0
 
       - name: "4.3.6 | PATCH | Ensure sudo authentication timeout is configured correctly | Set value if has results"