Issue with Regex looking for umask value in bashrc (5.6.5)

[5fxKu8VV8n]

Describe the Issue
In the task named "5.6.5 | PATCH | Ensure default user umask is 027 or more restrictive", ansible task is looking for the umask value in /etc/bashrc, /etc/profile and /etc/login.defs and the patch has to replace the actual value of umask (for example umask 022) to umask 027.
But it seems that, after testing the regex (^(?i)(\s+UMASK|UMASK)\s0[0-2][0-6]) using the line i have in my file /etc/bashrc ([ umask -eq 0 ] && umask 022), it does not match anything.

Expected Behavior
I expect that my /etc/bashrc has umask set to 027 after running the CIS compliance playbook.

Actual Behavior
After running the playbook, the value of umask in /etc/bashrc is still 022 and oscap compliance to cis is still not validated for this task.

Control(s) Affected
"Ensure the Default Bash Umask is Set Correctly"

Environment :

• branch being used: devel
• Ansible Version: 2.8.7
• Host Python Version: 2.7.5
• Ansible Server Python Version: 2.8.7

Possible Solution
I tried this regex for my case and it seems to work well :
(?i)(umask)\s0[0-2][0-6]

[uk-bolly]

hi @byjunks

Thank you for raising this issue, while i can see you are using an older version of ansible (glad its still works for you). You are correct your example would not be caught by the current regex. Feedback and real world examples like this help us to ensure we can capture as many variations as possible. The original regex was only failing as it expected it at the beginning of the line. The solution you have provided is therefor a much cleaner fix. I will add this to a new branch today ready for PR.

many thanks

uk-bolly

[snoopyx21]

Dear,

I want to raise the issue again.
It seems that this line in the file login.defs is not removed :
UMASK 022

I tried with this regex but it doesn't solve the issue : (?i)([uU][mM][aA][sS][kK]\s*\d*)

Best regards,
Constan