---

{{ if .Vars.ubtu24cis_level_2 }}
  {{ if .Vars.ubtu24cis_rule_6_2_4_3 }}
command:
  audit_logfile_group_setting:
    title: 6.2.4.3 | Ensure audit log files group owner is configured
    exec: grep log_group /etc/audit/audit* | awk '{ print $NF }'
    exit-status: 0
    stdout:
    - '/^(adm|root)$/'
    meta:
      server: 2
      workstation: 2
      CIS_ID:
      - 6.2.4.3
      CISv8:
      - 3.3
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AU-3
  audit_logfile_group:
    title: 6.2.4.3 | Ensure only authorized groups are assigned ownership of audit log files
    exec: for file in `grep ^log_file /etc/audit/auditd.conf | awk '{ print $NF }'`; do stat -Lc " %n_%G" $file; done
    exit-status: 0
    stdout:
    - '/.*_(adm|root)$/'
    meta:
      server: 2
      workstation: 2
      CIS_ID:
      - 6.2.4.3
      CISv8:
      - 3.3
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AU-3
  {{ end }}
{{ end }}