---
- name: Ensure cron and at access files exist
  when: cis_effective_rules.cron_at_access | default(false)
  ansible.builtin.file:
    path: "{{ item }}"
    state: touch
    mode: "0600"
  loop:
    - /mnt/etc/at.allow
    - /mnt/etc/cron.allow

- name: Ensure TCP wrapper files exist
  when: cis_effective_rules.tcp_wrappers | default(false)
  ansible.builtin.file:
    path: "{{ item }}"
    state: touch
    mode: "0600"
  loop:
    - /mnt/etc/hosts.allow
    - /mnt/etc/hosts.deny

- name: Ensure cron and at deny files do not exist
  when: cis_effective_rules.cron_at_access | default(false)
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop:
    - /mnt/etc/at.deny
    - /mnt/etc/cron.deny