From aed789e6ee4234fffa46d6c1cbbf8e07d6a6e5a4 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 10 Jul 2024 08:38:29 +0100
Subject: [PATCH 1/2] updated thanks to @papapenguin on discord community

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_1/cis_1.1.2.3.x.yml         | 2 +-
 templates/etc/systemd/system/tmp.mount.j2 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/section_1/cis_1.1.2.3.x.yml b/tasks/section_1/cis_1.1.2.3.x.yml
index 39f88be..5365584 100644
--- a/tasks/section_1/cis_1.1.2.3.x.yml
+++ b/tasks/section_1/cis_1.1.2.3.x.yml
@@ -25,7 +25,7 @@
 
 - name: |
          "1.1.2.3.2 | PATCH | Ensure nodev option set on /home partition
-          1.1.2.3.3 | PATCH | Ensure nosuid option set on /home partition
+          1.1.2.3.3 | PATCH | Ensure nosuid option set on /home partition"
   when:
       - item.mount == "/home"
       - amazon2cis_tmp_svc
diff --git a/templates/etc/systemd/system/tmp.mount.j2 b/templates/etc/systemd/system/tmp.mount.j2
index 1200d47..f7c4b23 100644
--- a/templates/etc/systemd/system/tmp.mount.j2
+++ b/templates/etc/systemd/system/tmp.mount.j2
@@ -15,7 +15,7 @@ After=swap.target
 What=tmpfs
 Where=/tmp
 Type=tmpfs
-Options=mode=1777,strictatime,{% if amazon2cis_rule_1_1_3 %}noexec,{% endif %}{% if amazon2cis_rule_1_1_4 %}nodev,{% endif %}{% if amazon2cis_rule_1_1_5 %}nosuid{% endif %}
+Options=mode=1777,strictatime,{% if amazon2cis_rule_1_1_2_1_2 %}nodev,{% endif %}{% if amazon2cis_rule_1_1_2_1_3 %}nosuid,{% endif %}{% if amazon2cis_rule_1_1_2_1_4 %}noexec{% endif %}
 
 # Make 'systemctl enable tmp.mount' work:
 [Install]

From 12c0312920fe62ca9c434f7be11883a4b76286db Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 10 Jul 2024 08:42:30 +0100
Subject: [PATCH 2/2] updated audit summary wording

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 vars/audit.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vars/audit.yml b/vars/audit.yml
index bb50f6d..d41ef37 100644
--- a/vars/audit.yml
+++ b/vars/audit.yml
@@ -34,7 +34,7 @@ audit_format: json
 
 audit_vars_path: "{{ audit_conf_dir }}/vars/{{ ansible_facts.hostname }}.yml"
 audit_results: |
-      The audit results are: {{ pre_audit_summary }}
+      The {% if not audit_only %}pre remediation{% endif %} audit results are: {{ pre_audit_summary }}
       {% if not audit_only %}The post remediation audit results are: {{ post_audit_summary }}{% endif %}
 
       Full breakdown can be found in {{ audit_log_dir }}