43 lines
933 B
YAML
43 lines
933 B
YAML
---
|
|
|
|
{{ if .Vars.ubtu24cis_level_1 }}
|
|
{{ if .Vars.ubtu24cis_rule_5_2_7 }}
|
|
file:
|
|
su_conf:
|
|
title: 5.2.7 | Ensure access to the su command is restricted
|
|
path: /etc/pam.d/su
|
|
exists: true
|
|
contents:
|
|
- '/^auth\s+required\s+pam_wheel.so use_uid group={{ .Vars.ubtu24cis_sugroup }}/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 5.2.7
|
|
CISv8: 3.3
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5:
|
|
- AC-6
|
|
command:
|
|
sugroup_etc_group:
|
|
title: 5.2.7 | Ensure access to the su command is restricted
|
|
exec: grep {{ .Vars.ubtu24cis_sugroup }} /etc/group | awk -F':' '{print $NF}'
|
|
exit-status: 0
|
|
stdout:
|
|
- '!/^[a-zA-Z]/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 5.2.7
|
|
CISv8: 3.3
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5:
|
|
- AC-6
|
|
{{ end }}
|
|
{{ end }}
|