---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_5_1_2 }}
command:
  /etc/ssh/ssh_host_prv_key_user:
    title: 5.1.2 | Ensure permissions on SSH private host key files are configured | user
    exec: "userkeys=$(sudo find /etc/ssh/ -name *_key -type f ! -user root ); echo $userkeys"
    exit-status: 0
    stdout: ['!/./']
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 5.1.2
      CISv8:
      - 3.3
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AC-3
      - MP-2
  /etc/ssh/ssh_host_prv_key_group:
    title: 5.1.2 | Ensure permissions on SSH private host key files are configured | group
    exec: "groupkeys=$(sudo find /etc/ssh/ -name *_key -type f ! -group root ); echo $groupkeys"
    exit-status: 0
    stdout: ['!/./']
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 5.1.2
      CISv8:
      - 3.3
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AC-3
      - MP-2
  /etc/ssh/ssh_host_prv_key_perms:
    title: 5.1.2 | Ensure permissions on SSH private host key files are configured | perms
    exec: "keyperms=$(sudo find /etc/ssh/ -name *_key -type f -perm /137 ); echo $keyperms"
    exit-status: 0
    stdout: ['!/./']
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 5.1.2
      CISv8:
      - 3.3
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AC-3
      - MP-2
  {{ end }}
{{ end }}