---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_4_2_7 }}
command:
  ufw_def_deny:
    title: 4.2.7 | Ensure ufw default deny firewall policy
    exec: 'ufw status verbose | grep Default:'
    exit-status: 0
    stdout:
    - '/^Default: deny \(incoming\), deny \(outgoing\), disabled \(routed\)/'
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 4.2.7
      CISv8:
      - 4.4
      - 4.5
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - SC-7
  {{ end }}
{{ end }}