colin
/
UBUNTU24-CIS-Audit
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS-Audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
UBUNTU24-CIS-Audit/section_6/cis_6.2.3/cis_6.2.3.7.yml

50 lines
2.0 KiB
YAML
Raw Permalink Blame History

---
{{ if .Vars.ubtu24cis_level_2 }}
{{ if .Vars.ubtu24cis_rule_6_2_3_7 }}
command:
auditd_access_cnf:
title: 6.2.3.7 | Ensure unsuccessful unauthorized file access attempts are collected | Conf
exec: sh -c "grep auid /etc/audit/rules.d/*.rules"
exit-status: 0
stdout:
- '/-a always,exit -F arch=b32 -S creat,open,openat,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=(unset|4294967295|-1) -k access/'
- '/-a always,exit -F arch=b32 -S creat,open,openat,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=(unset|4294967295|-1) -k access/'
- '/-a always,exit -F arch=b64 -S creat,open,openat,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=(unset|4294967295|-1) -k access/'
- '/-a always,exit -F arch=b64 -S creat,open,openat,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=(unset|4294967295|-1) -k access/'
meta:
server: 2
workstation: 2
CIS_ID:
- 6.2.3.7
CISv8:
- 8.5
CISv8_IG1: false
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- AU-3
auditd_access_live:
title: 6.2.3.7 |Ensure unsuccessful unauthorized file access attempts are collected | Live
exec: auditctl -l | grep access
exit-status: 0
stdout:
- '/-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat -F exit=-EACCES -F auid>=1000 -F auid!=(unset|4294967295|-1) -F key=access/'
- '/-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat -F exit=-EACCES -F auid>=1000 -F auid!=(unset|4294967295|-1) -F key=access/'
- '/-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat -F exit=-EPERM -F auid>=1000 -F auid!=(unset|4294967295|-1) -F key=access/'
- '/-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat -F exit=-EPERM -F auid>=1000 -F auid!=(unset|4294967295|-1) -F key=access/'
meta:
server: 2
workstation: 2
CIS_ID:
- 6.2.3.7
CISv8:
- 8.5
CISv8_IG1: false
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- AU-3
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink