fix 5.4.4 to be valid with current CIS (#46)

tasks/section5.yml

@@ -580,24 +580,29 @@
 
 - name: "SCORED | 5.4.4 | PATCH | Ensure default user umask is 027 or more restrictive"
   block:
+    - name: "SCORED | 5.4.4 | PATCH | Ensure default user umask is 027 or more restrictive - /etc/bash.bashrc"
+      lineinfile:
+        state: present
+        dest: /etc/bash.bashrc
+        create: true
+        regexp: '^umask '
+        line: 'umask 027'
 
-      - name: "SCORED | 5.4.4 | PATCH | Check if bashrc exists"
-        stat:
-            path: "/etc/bashrc"
-        register: bashrc_present
-
-      - name: "SCORED | 5.4.4 | PATCH | Ensure default user umask is 027 or more restrictive - /etc/bashrc"
-        replace:
-            path: /etc/bashrc
-            regexp: '(^\s+umask) 002'
-            replace: '\1 027'
-        when: bashrc_present.stat.exists
-
-      - name: "SCORED | 5.4.4 | PATCH | Ensure default user umask is 027 or more restrictive - /etc/profile"
-        replace:
-            path: /etc/profile
-            regexp: '(^\s+umask) 002'
-            replace: '\1 027'
+    - name: "SCORED | 5.4.4 | PATCH | Ensure default user umask is 027 or more restrictive - /etc/profile"
+      lineinfile:
+        state: present
+        dest: /etc/profile
+        create: true
+        regexp: '^umask '
+        line: 'umask 027'
+
+    - name: "SCORED | 5.4.4 | PATCH | Ensure default user umask is 027 or more restrictive - /etc/profile.d/99-umask.sh"
+      lineinfile:
+        state: present
+        dest: /etc/profile.d/99-umask.sh
+        create: true
+        regexp: '^umask '
+        line: 'umask 027'
   when:
       - ubuntu1804cis_rule_5_4_4
   tags: