---

{{ if .Vars.ubtu24cis_level_2 }}
{{ if not .Vars.ubtu24cis_apparmor_disable }}
  {{ if .Vars.ubtu24cis_rule_1_3_1_4 }}
command:
  apparmor_enf_only:
    title: 1.3.1.4 | Ensure all AppArmor Profiles are enforcing
    exec: if [ `apparmor_status | grep 'profiles are in complain mode.' | awk '{print $1}'` == 0 ]; then echo "Not Enforcing" ;fi
    exit-status: 0
    stdout:
    - '!/Not Enforcing/'
    meta:
      server: 2
      workstation: 2
      CIS_ID:
      - 1.3.1.4
      CISv8: 3.3
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5: AC-3
  {{ end }}
  {{ end }}
{{ end }}