---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_config_aide }}
    {{ if .Vars.ubtu24cis_rule_6_3_2 }}
      {{ if eq .Vars.ubtu24cis_aide_scan "cron" }}
command:
  aide_cron:
    title: 6.3.2 | Ensure filesystem integrity is regularly checked | aide cron
    exit-status:
      or:
      - 0
      - 2
    exec: "grep -rs aide /etc/cron.* /etc/crontab /var/spool/cron/*"
    stdout:
    - '!/^#/'
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 6.3.2
      CISv8: 8.5
      CISv8_IG1: false
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5: NA
      {{ end }}
service:
    {{ if eq .Vars.ubtu24cis_aide_scan "timer" }}
  aidecheck:
    title: 6.3.2 | Ensure filesystem integrity is regularly checked | aidecheck service
    name: aidecheck.service
    enabled: true
    running: true
    skip: false
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 6.3.2
       CISv8: 8.5
      CISv8_IG1: false
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5: NA
  aidecheck.timer:
    title: 6.3.2 | Ensure filesystem integrity is regularly checked | aidecheck timer
    name: aidecheck.timer
    enabled: true
    running: true
    skip: false
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 6.3.2
      CISv8: 8.5
      CISv8_IG1: false
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5: NA
      {{ end }}
    {{ end }}
  {{ end }}
{{ end }}