From c6627a000e10a51d33b0672e720353fc3f33bc29 Mon Sep 17 00:00:00 2001
From: Dan D <daniel.deremiah@windriver.com>
Date: Wed, 29 Nov 2023 11:54:03 -0800
Subject: [PATCH] Fixes case sensitive umask setting

Signed-off-by: Dan D <daniel.deremiah@windriver.com>
---
 tasks/section_4/cis_4.5.x.yml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/tasks/section_4/cis_4.5.x.yml b/tasks/section_4/cis_4.5.x.yml
index 9f851614..cc89671b 100644
--- a/tasks/section_4/cis_4.5.x.yml
+++ b/tasks/section_4/cis_4.5.x.yml
@@ -75,14 +75,13 @@
 
       - name: "4.5.4 | PATCH | Ensure default user umask is 027 or more restrictive"
         ansible.builtin.lineinfile:
-            path: "{{ item }}"
-            regexp: '(?i)(umask\s*)'
-            line: '\g<1>{{ ubtu20cis_bash_umask }}'
-            backrefs: true
+            path: "{{ item.path }}"
+            regexp: '(?i)(umask\s*\d\d\d)'
+            line: '{{ item.line }} {{ ubtu22cis_bash_umask }}'
         with_items:
-            - /etc/bash.bashrc
-            - /etc/profile
-            - /etc/login.defs
+            - { path: '/etc/bash.bashrc', line: 'umask' }
+            - { path: '/etc/profile', line: 'umask' }
+            - { path: '/etc/login.defs', line: 'UMASK' }
 
       - name: "4.5.4 | PATCH | Ensure default user umask is 027 or more restrictive"
         ansible.builtin.lineinfile: