---

{{ if .Vars.ubtu24cis_level_2 }}
  {{ if .Vars.ubtu24cis_rule_6_2_1_4 }}
command:
  auditd_grub_backlog:
    title: 6.2.1.4 | Ensure audit_backlog_limit is sufficient | bootloader file
    exec: grep "^\s*linux" /boot/grub/grub.cfg | grep -Evc "audit_backlog_limit="
    exit-status: 1
    stdout:
    - '0'
    meta:
      server: 2
      workstation: 2
      CIS_ID:
      - 6.2.1.4
      CISv8:
      - 8.2
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AU-2
      - AU-3
      - AU-12
file:
  grub_audit_backlog:
    title: 6.2.1.4 | Ensure audit_backlog_limit is sufficient | default grub
    path: /etc/default/grub
    exists: true
    contents:
    - '/GRUB_CMDLINE_LINUX=".*audit_backlog_limit={{ .Vars.ubtu24cis_auditd.auditd_backlog_limit }}/'
    - '/audit_backlog_limit=(819[2-9]|8[2-9]{2,}|9[0-9]{3,}|[1-9]{5,})/'
    meta:
      server: 2
      workstation: 2
      CIS_ID:
      - 6.2.1.4
      CISv8:
      - 8.2
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AU-2
      - AU-3
      - AU-12
  {{ end }}
{{ end }}