---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_5_2_6 }}
command:
  sudo_timeout:
    title: 5.2.6 | Ensure sudo authentication timeout is configured correctly
    exec: grep -rP "timestamp_timeout=\K[0-9]*" /etc/sudoers*
    exit-status: 0
    stdout:
    - '!/timestamp_timeout=(-1|1[6-9]|[2-9][0-9]|[1-9][0-9]{2,})/'
    - '/timestamp_timeout=([5-9]|1[0-5])/'
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 5.2.6
      CISv8:
      - 5.4
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AC-6
  {{ end }}
{{ end }}