From 3d49e470c91aae1d4948162dbf7bd907eebdcd1b Mon Sep 17 00:00:00 2001
From: David Pearson <david.pearson1@digital.homeoffice.gov.uk>
Date: Thu, 7 Nov 2024 00:02:34 +0000
Subject: [PATCH] fix logrotate_configuration enforcement

add condition to check of $enforce is set
---
 manifests/rules/logrotate_configuration.pp | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/manifests/rules/logrotate_configuration.pp b/manifests/rules/logrotate_configuration.pp
index 8c17d7ff..f82f7624 100644
--- a/manifests/rules/logrotate_configuration.pp
+++ b/manifests/rules/logrotate_configuration.pp
@@ -16,16 +16,15 @@
 # @example
 #   class { 'cis_security_hardening::rules::logrotate_configuration':
 #       enforce => true,
-#       permission => '640'
+#       permission => '0640'
 #   }
 #
 # @api private
 class cis_security_hardening::rules::logrotate_configuration (
   Boolean $enforce    = false,
-  String $permission  = '640',
+  String $permission  = '0640',
 ) {
-  if
-  cis_security_hardening::hash_key($facts, 'cis_security_hardening') and
+  if ($enforce) and cis_security_hardening::hash_key($facts, 'cis_security_hardening') and
   cis_security_hardening::hash_key($facts['cis_security_hardening'], 'logrotate_conf') {
     $facts['cis_security_hardening']['logrotate_conf'].each |$file, $data| {
       $match   = "${data['action']} ${data['mode']} ${data['user']} ${data['group']}"