colin
/
UBUNTU24-CIS-Audit
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS-Audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
UBUNTU24-CIS-Audit/section_6/cis_6.2.3/cis_6.2.3.11.yml

48 lines
1.1 KiB
YAML
Raw Permalink Blame History

---
{{ if .Vars.ubtu24cis_level_2 }}
{{ if .Vars.ubtu24cis_rule_6_2_3_11 }}
command:
auditd_sessions_cnf:
title: 6.2.3.11 | Ensure session initiation information is collected | Config
exec: "grep -E '(session|logins)' /etc/audit/rules.d/*.rules"
exit-status: 0
stdout:
- '-w /var/run/utmp -p wa -k session'
- '-w /var/log/wtmp -p wa -k session'
- '-w /var/log/btmp -p wa -k session'
meta:
server: 2
workstation: 2
CIS_ID:
- 6.2.3.11
CISv8:
- 8.5
CISv8_IG1: false
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- AU-3
auditd_session_live:
title: 6.2.3.11 | Ensure session initiation information is collected | Live
exec: "auditctl -l | grep -E '(session|logins)'"
exit-status: 0
stdout:
- '-w /var/run/utmp -p wa -k session'
- '-w /var/log/wtmp -p wa -k session'
- '-w /var/log/btmp -p wa -k session'
meta:
server: 2
workstation: 2
CIS_ID:
- 6.2.3.11
CISv8:
- 8.5
CISv8_IG1: false
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- AU-3
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink