---

{{ if .Vars.ubtu24cis_level_2 }}
  {{ if .Vars.ubtu24cis_rule_6_2_1_3 }}
command:
  auditd_grub:
    title: 6.2.1.3 | Ensure auditing for processes that start prior to auditd is enabled | bootloader file
    exec: grep "^\s*linux" /boot/grub/grub.cfg | grep -Evc "audit=1"
    exit-status: 1
    stdout:
    - '0'
    meta:
      server: 2
      workstation: 2
      CIS_ID:
      - 6.2.1.3
      CISv8:
      - 8.2
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AU-2
      - AU-3
      - AU-12
file:
  grub_audit_start:
    title: 6.2.1.3 | Ensure auditing for processes that start prior to auditd is enabled | default grub
    path: /etc/default/grub
    exists: true
    contents:
    - '/^GRUB_CMDLINE_LINUX=.*audit=1/'
    - '!/audit=0/'
    meta:
      server: 2
      workstation: 2
      CIS_ID:
      - 6.2.1.3
      CISv8:
      - 8.2
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AU-2
      - AU-3
      - AU-12
  {{ end }}
{{ end }}