---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if not .Vars.ubtu24cis_ipv6_required }}
   {{ if .Vars.ubtu24cis_rule_3_1_1 }}
     {{ if eq .Vars.ubtu24cis_ipv6_disable "grub" }}
command:
  grub_ipv6:
    title: 3.1.1 | Ensure IPv6 status is identified | via grub boot
    exec: grep -i "^[^#]\s.*ipv6" /boot/grub/grub.cfg
    exit-status: 0
    stdout:
    - '/^\s*linux.*ipv6.disable=1/'
    - '!/ipv6.disable=0/'
    meta:
      server: 2
      workstation: 2
      CIS_ID: 3.1.1
      CISv8:
      - 4.8
      CISv8_IG1: false
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - CM-7
  ipv6_etc_default_grub:
    title: 3.1.1 | Ensure IPv6 status is identified | default grub
    exec: grep -i "GRUB_CMDLINE_LINUX=.*ipv6" /etc/default/grub
    exit-status: 0
    stdout:
    - '/^GRUB_CMDLINE_LINUX=.*ipv6.disable=1/'
    - '!/ipv6.disable=0/'
    meta:
      server: 2
      workstation: 2
      CIS_ID: 3.1.1
      CISv8:
      - 4.8
      CISv8_IG1: false
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - CM-7
    {{ end }}
    {{ if eq .Vars.ubtu24cis_ipv6_disable "sysctl" }}
 file:
  ipv6_disabled:
    title: 3.1.1 | Ensure IPv6 status is identified | sysctl all disable
    path: /proc/sys/net/ipv6/conf/all/disable_ipv6
    exists: true
    contents:
    - '/^1/'
    meta:
      server: 2
      workstation: 2
      CIS_ID: 3.3.1
      CISv8:
      - 4.8
      CISv8_IG1: false
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - CM-7
      {{ end }}
    {{ end }}
  {{ end }}
{{ end }}