colin
/
UBUNTU24-CIS-Audit
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS-Audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

seperated mount opts tests 

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-12-06 13:55:43 +00:00
parent 9ab737f351
commit 22f89f4b55
No known key found for this signature in database
GPG Key ID: 997FF7FE93AEB5B9
26 changed files with 874 additions and 446 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
section_1/cis_1.1/cis_1.1.2.1.2.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_1_2 }}
mount:
tmp_nodev_options:
title: 1.1.2.1.2 | Ensure nodev option set on /tmp partition
mountpoint: /tmp
exists: true
opts:
- nodev
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.1.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
tmp_nodev_fstab_options:
title: 1.1.2.1.2 | Ensure nodev option set on /tmp partition
exists: true
path: /etc/fstab
contents:
- '/\s\/tmp.*nodev/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.1.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

66
section_1/cis_1.1/cis_1.1.2.1.2_4.yml
View File

@ -1,66 +0,0 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_1_1 }}
mount:
tmp_options:
title: |
1.1.2.1.2 | Ensure nodev option set on /tmp partition
1.1.2.1.3 | Ensure nosuid option set on /tmp partition
1.1.2.1.4 | Ensure noexec option set on /tmp partition
mountpoint: /tmp
exists: true
opts:
{{ if .Vars.ubtu24cis_rule_1_1_2_1_2 }}
- nodev
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_1_3 }}
- nosuid
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_1_4 }}
- noexec
{{ end }}
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.1.2
- 1.1.2.1.3
- 1.1.2.1.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
tmp_fstab_options:
title: |
1.1.2.1.2 | Ensure nodev option set on /tmp partition
1.1.2.1.3 | Ensure nosuid option set on /tmp partition
1.1.2.1.4 | Ensure noexec option set on /tmp partition
exists: true
path: /etc/fstab
contents:
- '/\s\/tmp.*{{ if .Vars.ubtu24cis_rule_1_1_2_1_2 }}nodev{{ end }}/'
- '/\s\/tmp.*{{ if .Vars.ubtu24cis_rule_1_1_2_1_3 }}nosuid{{ end }}.*/'
- '/\s\/tmp.*{{ if .Vars.ubtu24cis_rule_1_1_2_1_4 }}noexec{{ end }}.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.1.2
- 1.1.2.1.3
- 1.1.2.1.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.1.3.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_1_3 }}
mount:
tmp_nosuid_options:
title: 1.1.2.1.3 | Ensure nosuid option set on /tmp partition
mountpoint: /tmp
exists: true
opts:
- nosuid
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.1.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
tmp_nosuid_fstab_options:
title: 1.1.2.1.3 | Ensure nosuid option set on /tmp partition
exists: true
path: /etc/fstab
contents:
- '/\s\/tmp.*nosuid.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.1.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.1.4.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_1_4 }}
mount:
tmp_noexec_options:
title: 1.1.2.1.4 | Ensure noexec option set on /tmp partition
mountpoint: /tmp
exists: true
opts:
- noexec
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.1.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
tmp_fstab_noexec_options:
title: 1.1.2.1.4 | Ensure noexec option set on /tmp partition
exists: true
path: /etc/fstab
contents:
- '/\s\/tmp.*noexec.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.1.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.2.2.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_2_2 }}
mount:
dev_shm_nodev_options:
title: 1.1.2.2.2 | Ensure nodev option set on /dev/shm partition
mountpoint: /dev/shm
exists: true
opts:
- nodev
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.2.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
dev_shm_nodev_fstab_options:
title: 1.1.2.2.2 | Ensure nodev option set on /dev/shm partition
exists: true
path: /etc/fstab
contents:
- '/\s\/dev\/shm.*nodev/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.2.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

66
section_1/cis_1.1/cis_1.1.2.2.2_4.yml
View File

@ -1,66 +0,0 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_2_1 }}
mount:
dev_shm_options:
title: |
1.1.2.2.2 | Ensure nodev option set on /dev/shm partition
1.1.2.2.3 | Ensure nosuid option set on /dev/shm partition
1.1.2.2.4 | Ensure noexec option set on /dev/shm partition
mountpoint: /dev/shm
exists: true
opts:
{{ if .Vars.ubtu24cis_rule_1_1_2_2_2 }}
- nodev
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_2_3 }}
- nosuid
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_2_4 }}
- noexec
{{ end }}
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.2.2
- 1.1.2.2.3
- 1.1.2.2.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
dev_shm_fstab_options:
title: |
1.1.2.2.2 | Ensure nodev option set on /dev/shm partition
1.1.2.2.3 | Ensure nosuid option set on /dev/shm partition
1.1.2.2.4 | Ensure noexec option set on /dev/shm partition
exists: true
path: /etc/fstab
contents:
- '/\s\/dev\/shm.*{{ if .Vars.ubtu24cis_rule_1_1_2_2_2 }}nodev{{ end }}/'
- '/\s\/dev\/shm.*{{ if .Vars.ubtu24cis_rule_1_1_2_2_3 }}nosuid{{ end }}.*/'
- '/\s\/dev\/shm.*{{ if .Vars.ubtu24cis_rule_1_1_2_2_4 }}noexec{{ end }}.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.2.2
- 1.1.2.2.3
- 1.1.2.2.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.2.3.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_2_3 }}
mount:
dev_shm_nosuid_options:
title: 1.1.2.2.3 | Ensure nosuid option set on /dev/shm partition
mountpoint: /dev/shm
exists: true
opts:
- nosuid
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.2.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
dev_shm_nosuid_fstab_options:
title: 1.1.2.2.3 | Ensure nosuid option set on /dev/shm partition
exists: true
path: /etc/fstab
contents:
- '/\s\/dev\/shm.*nosuid.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.2.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.2.4.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_2_4 }}
mount:
dev_shm_noexec_options:
title: 1.1.2.2.4 | Ensure noexec option set on /dev/shm partition
mountpoint: /dev/shm
exists: true
opts:
- noexec
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.2.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
dev_shm_noexec_fstab_options:
title: 1.1.2.2.4 | Ensure noexec option set on /dev/shm partition
exists: true
path: /etc/fstab
contents:
- '/\s\/dev\/shm.*noexec.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.2.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.3.2.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_3_2 }}
mount:
home_nodev_options:
title: 1.1.2.3.2 | Ensure nodev option set on /home partition
mountpoint: /home
exists: true
opts:
- nodev
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.3.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
home_nodev_fstab_options:
title: 1.1.2.3.2 | Ensure nodev option set on /home partition
exists: true
path: /etc/fstab
contents:
- '/\s\/home.*nodev/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.3.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

58
section_1/cis_1.1/cis_1.1.2.3.2_4.yml
View File

@ -1,58 +0,0 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_3_1 }}
mount:
home_options:
title: |
1.1.2.3.2 | Ensure nodev option set on /home partition
1.1.2.3.3 | Ensure nosuid option set on /home partition
mountpoint: /home
exists: true
opts:
{{ if .Vars.ubtu24cis_rule_1_1_2_3_2 }}
- nodev
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_3_3 }}
- nosuid
{{ end }}
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.3.2
- 1.1.2.3.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
home_fstab_options:
title: |
1.1.2.3.2 | Ensure nodev option set on /home partition
1.1.2.3.3 | Ensure nosuid option set on /home partition
exists: true
path: /etc/fstab
contents:
- '/\s\/home.*{{ if .Vars.ubtu24cis_rule_1_1_2_3_2 }}nodev{{ end }}/'
- '/\s\/home.*{{ if .Vars.ubtu24cis_rule_1_1_2_3_3 }}nosuid{{ end }}.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.3.2
- 1.1.2.3.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.3.3.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_3_3 }}
mount:
home_nosuid_options:
title: 1.1.2.3.3 | Ensure nosuid option set on /home partition
mountpoint: /home
exists: true
opts:
- nosuid
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.3.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
home_nosuid_fstab_options:
title: 1.1.2.3.3 | Ensure nosuid option set on /home partition
exists: true
path: /etc/fstab
contents:
- '/\s\/home.*nosuid.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.3.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.4.2.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_4_2 }}
mount:
var_nodev_options:
title: 1.1.2.4.2 | Ensure nodev option set on /var partition
mountpoint: '/var'
exists: true
opts:
- nodev
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.4.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_fstab_nodev_options:
title: 1.1.2.4.2 | Ensure nodev option set on /var partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\s.*nodev/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.4.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

58
section_1/cis_1.1/cis_1.1.2.4.2_3.yml
View File

@ -1,58 +0,0 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_4_1 }}
mount:
var_options:
title: |
1.1.2.4.2 | Ensure nodev option set on /var partition
1.1.2.4.3 | Ensure nosuid option set on /var partition
mountpoint: '/var'
exists: true
opts:
{{ if .Vars.ubtu24cis_rule_1_1_2_4_2 }}
- nodev
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_4_3 }}
- nosuid
{{ end }}
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.4.2
- 1.1.2.4.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_fstab_options:
title: |
1.1.2.4.2 | Ensure nodev option set on /var partition
1.1.2.4.3 | Ensure nosuid option set on /var partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_4_2 }}nodev{{ end }}/'
- '/\s\/var\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_4_3 }}nosuid{{ end }}.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.4.2
- 1.1.2.4.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.4.3.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_4_3 }}
mount:
var_nosuid_options:
title: 1.1.2.4.3 | Ensure nosuid option set on /var partition
mountpoint: '/var'
exists: true
opts:
- nosuid
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.4.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_nosuid_fstab_options:
title: 1.1.2.4.3 | Ensure nosuid option set on /var partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\s.*nosuid.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.4.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.5.2.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_5_2 }}
mount:
var_tmp_nodev_options:
title: 1.1.2.5.2 | Ensure nodev option set on /var/tmp partition
mountpoint: '/var/tmp'
exists: true
opts:
- nodev
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.5.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_tmp_nodev_fstab_options:
title: 1.1.2.5.2 | Ensure nodev option set on /var/tmp partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/tmp\s.*nodev/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.5.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

66
section_1/cis_1.1/cis_1.1.2.5.2_4.yml
View File

@ -1,66 +0,0 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_5_1 }}
mount:
var_tmp_options:
title: |
1.1.2.5.2 | Ensure nodev option set on /var/tmp partition
1.1.2.5.3 | Ensure nosuid option set on /var/tmp partition
1.1.2.5.4 | Ensure noexec option set on /var/tmp partition
mountpoint: '/var/tmp'
exists: true
opts:
{{ if .Vars.ubtu24cis_rule_1_1_2_5_2 }}
- nodev
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_5_3 }}
- nosuid
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_5_4 }}
- noexec
{{ end }}
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.5.2
- 1.1.2.5.3
- 1.1.2.5.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_tmp_fstab_options:
title: |
1.1.2.5.2 | Ensure nodev option set on /var/tmp partition
1.1.2.5.3 | Ensure nosuid option set on /var/tmp partition
1.1.2.5.4 | Ensure noexec option set on /var/tmp partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/tmp\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_5_2 }}nodev{{ end }}/'
- '/\s\/var\/tmp\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_5_3 }}nosuid{{ end }}.*/'
- '/\s\/var\/tmp\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_5_4 }}noexec{{ end }}.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.5.2
- 1.1.2.5.3
- 1.1.2.5.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.5.3.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_5_3 }}
mount:
var_tmp_nosuid_options:
title: 1.1.2.5.3 | Ensure nosuid option set on /var/tmp partition
mountpoint: '/var/tmp'
exists: true
opts:
- nosuid
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.5.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_tmp_nosuid_fstab_options:
title: 1.1.2.5.3 | Ensure nosuid option set on /var/tmp partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/tmp\s.*nosuid.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.5.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.5.4.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_5_4 }}
mount:
var_tmp_noexec_options:
title: 1.1.2.5.4 | Ensure noexec option set on /var/tmp partition
mountpoint: '/var/tmp'
exists: true
opts:
- noexec
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.5.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_tmp_noexec_fstab_options:
title: 1.1.2.5.4 | Ensure noexec option set on /var/tmp partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/tmp\s.*noexec.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.5.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.6.2.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_6_2 }}
mount:
var_log_nodev_options:
title: 1.1.2.6.2 | Ensure nodev option set on /var/log partition
mountpoint: '/var/log'
exists: true
opts:
- nodev
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.6.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_log_nodev_fstab_options:
title: 1.1.2.6.2 | Ensure nodev option set on /var/log partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/log\s.*nodev/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.6.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

66
section_1/cis_1.1/cis_1.1.2.6.2_4.yml
View File

@ -1,66 +0,0 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_6_1 }}
mount:
var_log_options:
title: |
1.1.2.6.2 | Ensure nodev option set on /var/log partition
1.1.2.6.3 | Ensure nosuid option set on /var/log partition
1.1.2.6.4 | Ensure noexec option set on /var/log partition
mountpoint: '/var/log'
exists: true
opts:
{{ if .Vars.ubtu24cis_rule_1_1_2_6_2 }}
- nodev
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_6_3 }}
- nosuid
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_6_4 }}
- noexec
{{ end }}
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.6.2
- 1.1.2.6.3
- 1.1.2.6.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_log_fstab_options:
title: |
1.1.2.6.2 | Ensure nodev option set on /var/log partition
1.1.2.6.3 | Ensure nosuid option set on /var/log partition
1.1.2.6.4 | Ensure noexec option set on /var/log partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/log\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_6_2 }}nodev{{ end }}/'
- '/\s\/var\/log\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_6_3 }}nosuid{{ end }}.*/'
- '/\s\/var\/log\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_6_4 }}noexec{{ end }}.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.6.2
- 1.1.2.6.3
- 1.1.2.6.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.6.3.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_6_3 }}
mount:
var_log_nosuid_options:
title: 1.1.2.6.3 | Ensure nosuid option set on /var/log partition
mountpoint: '/var/log'
exists: true
opts:
- nosuid
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.6.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_log_nosuid_fstab_options:
title: 1.1.2.6.3 | Ensure nosuid option set on /var/log partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/log\s.*nosuid.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.6.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.6.4.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_6_1 }}
mount:
var_log_noexec_options:
title: 1.1.2.6.4 | Ensure noexec option set on /var/log partition
mountpoint: '/var/log'
exists: true
opts:
- noexec
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.6.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_log_noexec_fstab_options:
title: 1.1.2.6.4 | Ensure noexec option set on /var/log partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/log\s.*noexec.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.6.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.7.2.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_7_2 }}
mount:
var_log_nodev_audit_options:
title: 1.1.2.7.2 | Ensure nodev option set on /var/log/audit partition
mountpoint: '/var/log/audit'
exists: true
opts:
- nodev
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.7.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_log_audit_nodev_fstab_options:
title: 1.1.2.7.2 | Ensure nodev option set on /var/log/audit partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/log\/audit\s.*nodev/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.7.2
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

66
section_1/cis_1.1/cis_1.1.2.7.2_4.yml
View File

@ -1,66 +0,0 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_7_1 }}
mount:
var_log_audit_options:
title: |
1.1.2.7.2 | Ensure nodev option set on /var/log/audit partition
1.1.2.7.3 | Ensure nosuid option set on /var/log/audit partition
1.1.2.7.4 | Ensure noexec option set on /var/log/audit partition
mountpoint: '/var/log/audit'
exists: true
opts:
{{ if .Vars.ubtu24cis_rule_1_1_2_7_2 }}
- nodev
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_7_3 }}
- nosuid
{{ end }}
{{ if .Vars.ubtu24cis_rule_1_1_2_7_4 }}
- noexec
{{ end }}
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.7.2
- 1.1.2.7.3
- 1.1.2.7.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_log_audit_fstab_options:
title: |
1.1.2.7.2 | Ensure nodev option set on /var/log/audit partition
1.1.2.7.3 | Ensure nosuid option set on /var/log/audit partition
1.1.2.7.4 | Ensure noexec option set on /var/log/audit partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/log\/audit\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_7_2 }}nodev{{ end }}/'
- '/\s\/var\/log\/audit\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_7_3 }}nosuid{{ end }}.*/'
- '/\s\/var\/log\/audit\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_7_4 }}noexec{{ end }}.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.7.2
- 1.1.2.7.3
- 1.1.2.7.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.7.3.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_7_1 }}
mount:
var_log_audit_options:
title: 1.1.2.7.3 | Ensure nosuid option set on /var/log/audit partition
mountpoint: '/var/log/audit'
exists: true
opts:
- nosuid
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.7.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_log_audit_nosuid_fstab_options:
title: 1.1.2.7.3 | Ensure nosuid option set on /var/log/audit partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/log\/audit\s.*nosuid.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.7.3
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}

46
section_1/cis_1.1/cis_1.1.2.7.4.yml Normal file
View File

@ -0,0 +1,46 @@
---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_1_2_7_4 }}
mount:
var_log_audit_noexec_options:
title: 1.1.2.7.4 | Ensure noexec option set on /var/log/audit partition
mountpoint: '/var/log/audit'
exists: true
opts:
- noexec
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.7.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
file:
var_log_audit_noexec_fstab_options:
title: 1.1.2.7.4 | Ensure noexec option set on /var/log/audit partition
exists: true
path: /etc/fstab
contents:
- '/\s\/var\/log\/audit\s.*noexec.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.1.2.7.4
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
- AC-3
- MP-2
{{ end }}
{{ end }}