---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_1_6_1 }}
file:
  etc_motd_content:
    title: 1.6.1 | Ensure message of the day is configured properly | motd file correct
    path: /etc/motd
    exists: true
    contents:
    - {{ .Vars.ubtu24cis_warning_banner }}
    - '!/(\\v|\\r|\\m|\\s)/'
    - '!/\/etc\/os-release/'
    - '!/(?i)ubuntu/'
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 1.6.1
      CISv8: NA
      CISv8_IG1: NA
      CISv8_IG2: NA
      CISv8_IG3: NA
      NIST800-53R5:
      - CM-6
      - CM-1
      - CM-3
{{ if .Vars.ubtu24cis_disable_dynamic_motd }}
  disable_dyn_motd:
    title: 1.6.1 | Ensure message of the day is configured properly | stop dynamic load
    path: /etc/pam.d/sshd
    exists: true
    contents:
    - '/#\s*session\s+optional\s+pam_motd.so\s+motd=/run/motd.dynamic/'
    - '/#\s*session\s+optional\s+pam_motd.so noupdate/'
    - '!/^session\s+optional\s+pam_motd.so noupdate/'
    - '!/^session\s+optional\s+pam_motd.so\s+motd=/run/motd.dynamic/'
{{ end }}
{{ if not .Vars.ubtu24cis_disable_dynamic_motd }}
command:
  check_motd_files:
    title: 1.6.1 | Ensure message of the day is configured properly | dynamic motd files
    exec: "grep -Eis \"(\\\v|\\\r|\\\m|\\\s|$(grep '^ID=' /etc/os-release | cut -d= -f2 | sed -e 's/\"//g'))\" /etc/update-motd.d/*"
    exit-status:
      or:
      - 0
      - 1
      - 2
    stdout:
    - '!/.*/'
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 1.6.1
      CISv8: NA
      CISv8_IG1: NA
      CISv8_IG2: NA
      CISv8_IG3: NA
      Mitre_Techniques:
      - T1082
      - T1082.000
      - T1592
      - T1592.004
      Mitre_Tactics: TA0007
      Mitre_Mitigations: NA
    {{ end }}
  {{ end }}
{{ end }}