---

{{ if .Vars.ubtu24cis_level_2 }}
  {{ if .Vars.ubtu24cis_rule_6_2_2_2 }}
command:
  auditd_max_log_action:
    title: 6.2.2.2 | Ensure audit logs are not automatically deleted
    exec: grep -E "^max_log_file_action" /etc/audit/auditd.conf
    exit-status: 0
    stdout:
    - 'max_log_file_action = {{ .Vars.ubtu24cis_auditd.max_log_file_action }}'
    meta:
      server: 2
      workstation: 2
      CIS_ID:
      - 6.2.2.2
      CISv8:
      - 8.3
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AU-8
  {{ end }}
{{ end }}