63 lines
1.3 KiB
YAML
63 lines
1.3 KiB
YAML
|
|
---
|
|
|
|
{{ if .Vars.ubtu24cis_level_1 }}
|
|
{{ if .Vars.ubtu24cis_rule_6_1_3_7 }}
|
|
{{ if not .Vars.ubtu24cis_remote_log_server }}
|
|
command:
|
|
local_syslog_module:
|
|
title: 6.1.3.7 | Ensure rsyslog is not configured to recieve logs from a remote client | module
|
|
exec: grep "imtcp" /etc/rsyslog.conf /etc/rsyslog.d/*.conf | grep -Ev ":#|port="
|
|
exit-status:
|
|
or:
|
|
- 0
|
|
- 1
|
|
- 2
|
|
stdout:
|
|
- '!/.*/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 6.1.3.7
|
|
CISv8:
|
|
- 4.8
|
|
- 8.2
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5:
|
|
- AU-2
|
|
- AU-7
|
|
- AU-12
|
|
- CM-6
|
|
local_syslog_input:
|
|
title: 6.1.3.7 | Ensure rsyslog is not configured to recieve logs from a remote client | server/port
|
|
exec: grep -E "imtcp\" port|InputTCPServerRun" /etc/rsyslog.conf /etc/rsyslog.d/*.conf | grep -v ":#"
|
|
exit-status:
|
|
or:
|
|
- 0
|
|
- 1
|
|
- 2
|
|
stdout:
|
|
- '!/.*/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 6.1.3.7
|
|
CISv8:
|
|
- 4.8
|
|
- 8.2
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5:
|
|
- AU-2
|
|
- AU-7
|
|
- AU-12
|
|
- CM-6
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ end }}
|