---
# Platform-specific binary names for CIS permission targets
cis_fusermount_binary: "{{ 'fusermount3' if is_rhel | default(false) | bool else 'fusermount' }}"
cis_write_binary: "{{ 'write' if is_rhel | default(false) | bool else 'wall' }}"

cis_permission_targets:
  - { path: "/mnt/etc/ssh/sshd_config", mode: "0600" }
  - { path: "/mnt/etc/cron.hourly", mode: "0700" }
  - { path: "/mnt/etc/cron.daily", mode: "0700" }
  - { path: "/mnt/etc/cron.weekly", mode: "0700" }
  - { path: "/mnt/etc/cron.monthly", mode: "0700" }
  - { path: "/mnt/etc/cron.d", mode: "0700" }
  - { path: "/mnt/etc/crontab", mode: "0600" }
  - { path: "/mnt/etc/logrotate.conf", mode: "0644" }
  - { path: "/mnt/usr/sbin/pppd", mode: "0754" }
  - { path: "/mnt/usr/bin/{{ cis_fusermount_binary }}", mode: "0755" }
  - { path: "/mnt/usr/bin/{{ cis_write_binary }}", mode: "0755" }