---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_1_1_2_7_1 }}
mount:
  var_log_audit_options:
    title: |
      1.1.2.7.2 | Ensure nodev option set on /var/log/audit partition
      1.1.2.7.3 | Ensure nosuid option set on /var/log/audit partition
      1.1.2.7.4 | Ensure noexec option set on /var/log/audit partition
    mountpoint: '/var/log/audit'
    exists: true
    opts:
    {{ if .Vars.ubtu24cis_rule_1_1_2_7_2 }}
    - nodev
    {{ end }}
    {{ if .Vars.ubtu24cis_rule_1_1_2_7_3 }}
    - nosuid
    {{ end }}
    {{ if .Vars.ubtu24cis_rule_1_1_2_7_4 }}
    - noexec
    {{ end }}
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 1.1.2.7.2
      - 1.1.2.7.3
      - 1.1.2.7.4
      CISv8: 3.3
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - CM-7
      - AC-3
      - MP-2
file:
  var_log_audit_fstab_options:
     title: |
        1.1.2.7.2 | Ensure nodev option set on /var/log/audit partition
        1.1.2.7.3 | Ensure nosuid option set on /var/log/audit partition
        1.1.2.7.4 | Ensure noexec option set on /var/log/audit partition
     exists: true
     path: /etc/fstab
     contents:
     - '/\s\/var\/log\/audit\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_7_2 }}nodev{{ end }}/'
     - '/\s\/var\/log\/audit\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_7_3 }}nosuid{{ end }}.*/'
     - '/\s\/var\/log\/audit\s.*{{ if .Vars.ubtu24cis_rule_1_1_2_7_4 }}noexec{{ end }}.*/'
     meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 1.1.2.7.2
      - 1.1.2.7.3
      - 1.1.2.7.4
      CISv8: 3.3
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - CM-7
      - AC-3
      - MP-2
  {{ end }}
{{ end }}