From 11e6117daa8a29d83717515bc307fcd48ef3aa92 Mon Sep 17 00:00:00 2001
From: MVladislav <dev@mvladislav.online>
Date: Mon, 4 Nov 2024 00:55:49 +0100
Subject: [PATCH] fix(#0): S5 mode for ssh-pub file & S4 IPv6 ufw conf

---
 defaults/main.yml  | 2 +-
 tasks/section4.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index bf642e5..bc26e8c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -827,7 +827,7 @@ cis_ubuntu2404_section3_mode_default: "0644"
 cis_ubuntu2404_section5_owner_ssh: root
 cis_ubuntu2404_section5_group_ssh: root
 cis_ubuntu2404_section5_mode_ssh: "0600"
-cis_ubuntu2404_section5_mode_ssh_pub: "1410"
+cis_ubuntu2404_section5_mode_ssh_pub: "0644"
 cis_ubuntu2404_section5_owner_sudo: root
 cis_ubuntu2404_section5_group_sudo: root
 cis_ubuntu2404_section5_mode_sudo: "0400"
diff --git a/tasks/section4.yml b/tasks/section4.yml
index 53100ab..e9738e1 100644
--- a/tasks/section4.yml
+++ b/tasks/section4.yml
@@ -125,7 +125,7 @@
         from: "::1"
         log: false
       when:
-        - not cis_ubuntu2404_rule_3_1_1 and cis_ubuntu2404_required_ipv6
+        - not cis_ubuntu2404_rule_3_1_1 or (cis_ubuntu2404_rule_3_1_1 and cis_ubuntu2404_required_ipv6)
 
 - name: "SECTION4 | 4.2.5 | Ensure ufw outbound connections are configured"
   community.general.ufw: