44 lines
1021 B
YAML
44 lines
1021 B
YAML
---
|
|
|
|
{{ if .Vars.ubtu24cis_level_2 }}
|
|
{{ if .Vars.ubtu24cis_rule_6_2_4_3 }}
|
|
command:
|
|
audit_logfile_group_setting:
|
|
title: 6.2.4.3 | Ensure audit log files group owner is configured
|
|
exec: grep log_group /etc/audit/audit* | awk '{ print $NF }'
|
|
exit-status: 0
|
|
stdout:
|
|
- '/^(adm|root)$/'
|
|
meta:
|
|
server: 2
|
|
workstation: 2
|
|
CIS_ID:
|
|
- 6.2.4.3
|
|
CISv8:
|
|
- 3.3
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5:
|
|
- AU-3
|
|
audit_logfile_group:
|
|
title: 6.2.4.3 | Ensure only authorized groups are assigned ownership of audit log files
|
|
exec: for file in `grep ^log_file /etc/audit/auditd.conf | awk '{ print $NF }'`; do stat -Lc " %n_%G" $file; done
|
|
exit-status: 0
|
|
stdout:
|
|
- '/.*_(adm|root)$/'
|
|
meta:
|
|
server: 2
|
|
workstation: 2
|
|
CIS_ID:
|
|
- 6.2.4.3
|
|
CISv8:
|
|
- 3.3
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5:
|
|
- AU-3
|
|
{{ end }}
|
|
{{ end }}
|