colin
/
UBUNTU24-CIS-Audit
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS-Audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
UBUNTU24-CIS-Audit/section_7/cis_7.2/cis_7.2.9.yml

65 lines
1.8 KiB
YAML
Raw Permalink Blame History

{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_7_2_9 }}
command:
home_dirs_exist:
title: 7.2.9 | Ensure local interactive user home directories are configured | Directories exist
exec: for i in `cat /etc/passwd | grep -Ev "halt|sync|shutdown|nfsnobody|nologin|false" | cut -d ':' -f6`; do if [ ! -d $i ]; then echo "homedir missing $i"; fi; done
exit-status:
or:
- 0
- 1
- 2
stdout:
- '!/./'
meta:
server: 1
workstation: 1
CIS_ID:
- 7.2.9
CISv8: 3.3
CISv8_IG1: True
CISv8_IG2: True
CISv8_IG3: True
NIST800-53R5: NA
home_dirs_ownership:
title: 7.2.9 | Ensure local interactive user home directories are configured | Directory ownership
exec: "getent passwd {1000..60000} | awk -F: '{ print $1 \" \" $7 }' | while read user dir; do if [ $user != 'ftpd' ]; then owner=$(stat -L -c \"%U\" \"$dir\"); if [ \"$owner\" != \"$user\" ]; then echo \"home dir for $user owned by $owner\"; fi; fi; done"
exit-status:
or:
- 0
- 1
- 2
stdout:
- '!/./'
meta:
server: 1
workstation: 1
CIS_ID:
- 7.2.9
CISv8: 3.3
CISv8_IG1: True
CISv8_IG2: True
CISv8_IG3: True
NIST800-53R5: NA
home_dirs_permissions:
title: 7.2.9 | Ensure local interactive user home directories are configured | Directory permissions
exec: export def_home=`grep "^HOME=" /etc/default/useradd |cut -d= -f2` && for i in `ls $def_home`; do stat -c "%a %n" $def_home/$i | grep -Ev "7[0-5]0|syslog"; done
exit-status:
or:
- 0
- 1
stdout:
- '!/.*/'
meta:
server: 1
workstation: 1
CIS_ID:
- 7.2.9
CISv8: 3.3
CISv8_IG1: True
CISv8_IG2: True
CISv8_IG3: True
NIST800-53R5: NA
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink