colin
/
UBUNTU24-CIS-Audit
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS-Audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
UBUNTU24-CIS-Audit/section_2/cis_2.1/cis_2.1.21.yml

47 lines
1.0 KiB
YAML
Raw Permalink Blame History

---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_is_mail_server }}
{{ if .Vars.ubtu24cis_rule_2_1_21 }}
command:
mta_listening_port25:
title: 2.1.21 Ensure mail transfer agent is configured for local-only mode
exit-status: 1
exec: 'ss -lntu | grep -E ":25\s" | grep -E -v "\s(127.0.0.1|\[?::1\]?):25\s"'
stdout: ['!/./']
meta:
server: 1
workstation: 1
CIS_ID:
- 2.1.21
CISv8:
- 4.8
CISv8_IG1: false
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
file:
/etc/postfix/main.conf:
title: 2.1.21 | Ensure mail transfer agent is configured for local-only mode
exists: true
contents:
- '/^inet_interfaces\s*=\s*loopback-only/'
- '!/^inet_interfaces\s*=\s*all/'
- '!/^(?i)inet_interfaces\s*=\s*ipv4/'
meta:
server: 1
workstation: 1
CIS_ID:
- 2.1.21
CISv8:
- 4.8
CISv8_IG1: false
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-7
{{ end }}
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink