Merge pull request #255 from ansible-lockdown/PR_252-6_2_9

Pr 252 6 2 9
ansible-lockdown · Feb 15, 2023 · 34bb386 · 34bb386
2 parents 89b2a7a + 136faf6
commit 34bb386
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 0 deletions.
diff --git a/Changelog.md b/Changelog.md
@@ -1,5 +1,15 @@
 # Changes to rhel8CIS
 
+## 1.5.4
+
+PR
+
+Many thanks to @dulin-gnet and community feedback on this one  
+Changed default to not follow symlinks due to number of issues it has been causing.  
+Can still be changed using the new variable rhel_08_6_2_9_follow_home_symlinks
+
+- [#252](https://github.com/ansible-lockdown/RHEL8-CIS/pull/252)
+
 ## 1.5.3
 
 Issues.

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -658,6 +658,13 @@ rhel8cis_rpm_audit_file: /var/tmp/rpm_file_check
 rhel8cis_no_world_write_adjust: true
 rhel8cis_passwd_label: "{{ (this_item | default(item)).id }}: {{ (this_item | default(item)).dir }}"
 
+
+# 6.2.9 - adjusting symlinks in home directories
+# Default in ansible is true this causes lots of issues for many users
+# set as variable so can be overridden but default is not to follow.
+
+rhel_08_6_2_9_follow_home_symlinks: false
+
 # 6.2.12
 rhel8cis_dotperm_ansiblemanaged: true
 #### Goss Configuration Settings ####

diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
@@ -273,6 +273,7 @@
             default: true
             state: present
             recursive: true
+            follow: "{{ rhel_08_6_2_9_follow_home_symlinks }}"
             etype: "{{ item.1.etype }}"
             permissions: "{{ item.1.mode }}"
         when: