diff --git a/tasks/section_4/cis_4.2.3.yml b/tasks/section_4/cis_4.2.3.yml index bebd40f..823975a 100644 --- a/tasks/section_4/cis_4.2.3.yml +++ b/tasks/section_4/cis_4.2.3.yml @@ -13,7 +13,7 @@ - name: "4.2.3 | PATCH | Ensure permissions on all logfiles are configured | change permissions" ansible.builtin.file: path: "{{ item.path }}" - mode: "{{ '0640' if item.mode != '0600' else '0600' }}" + mode: "{{ '0600' if item.mode == '0600' else '0640' }}" loop: "{{ logfiles.files }}" loop_control: label: "{{ item.path }}"