colin
/
UBUNTU24-CIS-Audit
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS-Audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
UBUNTU24-CIS-Audit/section_1/cis_1.5/cis_1.5.1.yml

41 lines
949 B
YAML
Raw Blame History

---
{{ if .Vars.ubtu24cis_level_1 }}
{{ if .Vars.ubtu24cis_rule_1_5_1 }}
kernel-param:
kernel.randomize_va_space:
title: 1.5.1 | Ensure address space layout randomization (ASLR) is enabled | sysctl_live
value: '2'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.5.1
CISv8: 10.5
CISv8_IG1: false
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5: CM-6
command:
aslr_enabled_2:
title: 1.5.1 | Ensure address space layout randomization (ASLR) is enabled | sysctl_configured
exit-status:
or:
- 0
- 2
exec: 'grep "^kernel\.randomize_va_space" /etc/sysctl.conf /etc/sysctl.d/* | cut -d ":" -f2'
stdout:
- '/kernel.randomize_va_space(\s|)=(\s|)2/'
meta:
server: 1
workstation: 1
CIS_ID:
- 1.5.1
CISv8: 10.5
CISv8_IG1: false
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5: CM-6
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink