From ddaccd0beaad9d5376a354141fc70b9ffe2824eb Mon Sep 17 00:00:00 2001
From: Abhishek Shukla <abhishek.shukla@delphix.com>
Date: Wed, 19 Jul 2023 15:27:03 +0530
Subject: [PATCH] DLPX-87205 CIS: default umask

PR URL: https://www.github.com/delphix/delphix-platform/pull/471
---
 .../common/etc/profile.d/set-umask-for-all-users.sh |  3 +++
 .../roles/delphix-platform/tasks/main.yml           | 13 ++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 files/common/etc/profile.d/set-umask-for-all-users.sh

diff --git a/files/common/etc/profile.d/set-umask-for-all-users.sh b/files/common/etc/profile.d/set-umask-for-all-users.sh
new file mode 100644
index 00000000..4b6031ac
--- /dev/null
+++ b/files/common/etc/profile.d/set-umask-for-all-users.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+umask 027
diff --git a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
index a712dc18..61be8205 100644
--- a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
+++ b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
@@ -713,4 +713,15 @@
     block: |
       . /etc/bash_completion.d/systemctl
       . /etc/bash_completion.d/zfs
-      PATH=$PATH:/opt/delphix/server/bin
\ No newline at end of file
+      PATH=$PATH:/opt/delphix/server/bin
+
+#
+# CIS: Set default umask (DLPX-87205)
+# We need to set default umask as 027 in the /etc/bash.bashrc file,
+# so that the same can be applied for all the users on the engine.
+#
+- blockinfile:
+    path: /etc/bash.bashrc
+    block: |
+      # Set default umask value.
+      umask 027