58 lines
1.5 KiB
YAML
58 lines
1.5 KiB
YAML
---
|
|
|
|
{{ if .Vars.ubtu24cis_level_2 }}
|
|
{{ if .Vars.ubtu24cis_rule_6_2_3_8 }}
|
|
command:
|
|
auditd_identity_cnf:
|
|
title: 6.2.3.8 | Ensure events that modify user/group information are collected | Config
|
|
exec: grep identity /etc/audit/rules.d/*.rules
|
|
exit-status: 0
|
|
stdout:
|
|
- '-w /etc/group -p wa -k identity'
|
|
- '-w /etc/passwd -p wa -k identity'
|
|
- '-w /etc/gshadow -p wa -k identity'
|
|
- '-w /etc/shadow -p wa -k identity'
|
|
- '-w /etc/nsswitch.conf -p wa -k identity'
|
|
- '-w /etc/pam.conf -p wa -k identity'
|
|
- '-w /etc/pam.d -p wa -k identity'
|
|
- '-w /etc/security/opasswd -p wa -k identity'
|
|
meta:
|
|
server: 2
|
|
workstation: 2
|
|
CIS_ID:
|
|
- 6.2.3.8
|
|
CISv8:
|
|
- 8.5
|
|
CISv8_IG1: false
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5:
|
|
- AU-3
|
|
auditd_identity_live:
|
|
title: 6.2.3.8 | Ensure events that modify user/group information are collected | Live
|
|
exec: auditctl -l | grep identity
|
|
exit-status: 0
|
|
stdout:
|
|
- '-w /etc/group -p wa -k identity'
|
|
- '-w /etc/passwd -p wa -k identity'
|
|
- '-w /etc/gshadow -p wa -k identity'
|
|
- '-w /etc/nsswitch.conf -p wa -k identity'
|
|
- '-w /etc/pam.conf -p wa -k identity'
|
|
- '-w /etc/pam.d -p wa -k identity'
|
|
- '-w /etc/shadow -p wa -k identity'
|
|
- '-w /etc/security/opasswd -p wa -k identity'
|
|
meta:
|
|
server: 2
|
|
workstation: 2
|
|
CIS_ID:
|
|
- 6.2.3.8
|
|
CISv8:
|
|
- 8.5
|
|
CISv8_IG1: false
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5:
|
|
- AU-3
|
|
{{ end }}
|
|
{{ end }}
|