70 lines
1.7 KiB
YAML
70 lines
1.7 KiB
YAML
---
|
|
|
|
{{ if .Vars.ubtu24cis_level_1 }}
|
|
{{ if .Vars.ubtu24cis_rule_1_6_1 }}
|
|
file:
|
|
etc_motd_content:
|
|
title: 1.6.1 | Ensure message of the day is configured properly | motd file correct
|
|
path: /etc/motd
|
|
exists: true
|
|
contents:
|
|
- {{ .Vars.ubtu24cis_warning_banner }}
|
|
- '!/(\\v|\\r|\\m|\\s)/'
|
|
- '!/\/etc\/os-release/'
|
|
- '!/(?i)ubuntu/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 1.6.1
|
|
CISv8: NA
|
|
CISv8_IG1: NA
|
|
CISv8_IG2: NA
|
|
CISv8_IG3: NA
|
|
NIST800-53R5:
|
|
- CM-6
|
|
- CM-1
|
|
- CM-3
|
|
{{ if .Vars.ubtu24cis_disable_dynamic_motd }}
|
|
disable_dyn_motd:
|
|
title: 1.6.1 | Ensure message of the day is configured properly | stop dynamic load
|
|
path: /etc/pam.d/sshd
|
|
exists: true
|
|
contents:
|
|
- '/#\s*session\s+optional\s+pam_motd.so\s+motd=/run/motd.dynamic/'
|
|
- '/#\s*session\s+optional\s+pam_motd.so noupdate/'
|
|
- '!/^session\s+optional\s+pam_motd.so noupdate/'
|
|
- '!/^session\s+optional\s+pam_motd.so\s+motd=/run/motd.dynamic/'
|
|
{{ end }}
|
|
{{ if not .Vars.ubtu24cis_disable_dynamic_motd }}
|
|
command:
|
|
check_motd_files:
|
|
title: 1.6.1 | Ensure message of the day is configured properly | dynamic motd files
|
|
exec: "grep -Eis \"(\\\v|\\\r|\\\m|\\\s|$(grep '^ID=' /etc/os-release | cut -d= -f2 | sed -e 's/\"//g'))\" /etc/update-motd.d/*"
|
|
exit-status:
|
|
or:
|
|
- 0
|
|
- 1
|
|
- 2
|
|
stdout:
|
|
- '!/.*/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 1.6.1
|
|
CISv8: NA
|
|
CISv8_IG1: NA
|
|
CISv8_IG2: NA
|
|
CISv8_IG3: NA
|
|
Mitre_Techniques:
|
|
- T1082
|
|
- T1082.000
|
|
- T1592
|
|
- T1592.004
|
|
Mitre_Tactics: TA0007
|
|
Mitre_Mitigations: NA
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ end }}
|