41 lines
955 B
YAML
41 lines
955 B
YAML
---
|
|
|
|
{{ if .Vars.ubtu24cis_level_1 }}
|
|
{{ if .Vars.ubtu24cis_rule_5_4_1_5 }}
|
|
command:
|
|
inactive_passwd:
|
|
title: 5.4.1.5 | Ensure inactive password lock is configured | password
|
|
exec: useradd -D | grep INACTIVE
|
|
exit-status: 0
|
|
stdout:
|
|
- '/^INACTIVE=([1-9]|[1-3][0-9]|4[0-5])$/'
|
|
- '!/INACTIVE=(-1|4[6-9]|[5-9][0-9]{1,})/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 5.4.1.5
|
|
CISv8: 5.2
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5: NA
|
|
inactive_users:
|
|
title: 5.4.1.5 | Ensure inactive password lock is configured | users
|
|
exec: "cat /etc/shadow | grep -v '!*' | awk -F':' '{ if ($7 > 45 ){ print $1 } }'"
|
|
stdout:
|
|
- '!/.*/'
|
|
exit-status: 0
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 5.4.1.5
|
|
CISv8: 5.2
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5: NA
|
|
{{ end }}
|
|
{{ end }}
|