---
- name: Enable cron
  ansible.builtin.service:
    name: "{{ cis_cron_service_name }}"
    state: started
    enabled: true
- name: Set cron file security
  ansible.builtin.file:
    path: "{{ item }}"
    owner: root
    group: root
    mode: "0600"
  loop:
    - /etc/crontab
- name: Set cron.* directory security
  ansible.builtin.file:
    path: "{{ item }}"
    owner: root
    group: root
    mode: "0700"
  loop:
    - /etc/cron.hourly
    - /etc/cron.daily
    - /etc/cron.weekly
    - /etc/cron.monthly
    - /etc/cron.d