colin
/
UBUNTU24-CIS-Audit
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS-Audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
UBUNTU24-CIS-Audit/section_5/cis_5.1/cis_5.1.3.yml

62 lines
1.5 KiB
YAML
Raw Permalink Blame History

---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_5_1_3 }}
command:
/etc/ssh/ssh_host_pub_key_user:
title: 5.1.3 | Ensure permissions on SSH pub host key files are configured | user
exec: "userkeys=$(sudo find /etc/ssh/ -name *_key.pub -type f ! -user root ); echo $userkeys"
exit-status: 0
stdout: ['!/./']
meta:
server: 1
workstation: 1
CIS_ID:
- 5.1.3
CISv8:
- 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- AC-3
- MP-2
/etc/ssh/ssh_host_pub_key_group:
title: 5.1.3 | Ensure permissions on SSH private host key files are configured | group
exec: "groupkeys=$(sudo find /etc/ssh/ -name *_key.pub -type f ! -group root ); echo $groupkeys"
exit-status: 0
stdout: ['!/./']
meta:
server: 1
workstation: 1
CIS_ID:
- 5.1.3
CISv8:
- 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- AC-3
- MP-2
/etc/ssh/ssh_host_pub_key_perms:
title: 5.1.3 | Ensure permissions on SSH private host key files are configured | perms
exec: "keysperm=$(sudo find /etc/ssh/ -name *_key.pub -type f -perm /137 ); echo $keyperms"
exit-status: 0
stdout: ['!/./']
meta:
server: 1
workstation: 1
CIS_ID:
- 5.1.3
CISv8:
- 3.3
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- AC-3
- MP-2
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink