138 lines
3.4 KiB
YAML
138 lines
3.4 KiB
YAML
---
|
|
|
|
- name: |
|
|
"6.2.4.1 | PATCH | Ensure audit log files mode is configured"
|
|
"6.2.4.2 | PATCH | Ensure audit log files owner is configured"
|
|
"6.2.4.3 | PATCH | Ensure audit log files group owner is configured"
|
|
when:
|
|
- ubtu24cis_rule_6_2_4_1 or
|
|
ubtu24cis_rule_6_2_4_2 or
|
|
ubtu24cis_rule_6_2_4_3
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- auditd
|
|
- rule_6.2.4.1
|
|
- rule_6.2.4.2
|
|
- rule_6.2.4.3
|
|
- NIST800-53R5_AU-3
|
|
ansible.builtin.file:
|
|
path: "{{ prelim_auditd_logfile.stdout }}"
|
|
owner: root
|
|
group: root
|
|
mode: 'u-x,g-wx,o-rwx'
|
|
|
|
- name: "6.2.4.4 | PATCH | Ensure the audit log file directory mode is configured"
|
|
when: ubtu24cis_rule_6_2_4_4
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- auditd
|
|
- rule_6.2.4.4
|
|
- NIST800-53R5_AU-3
|
|
block:
|
|
- name: "6.2.4.4 | AUDIT | Ensure the audit log file directory mode is configured | get current permissions"
|
|
ansible.builtin.stat:
|
|
path: "{{ prelim_auditd_logfile.stdout | dirname }}"
|
|
register: discovered_auditlog_dir
|
|
|
|
- name: "6.2.4.4 | PATCH | Ensure the audit log file directory mode is configured | set permissions"
|
|
ansible.builtin.file:
|
|
path: "{{ discovered_auditlog_dir.stat.path }}"
|
|
state: directory
|
|
mode: 'g-w,o-rwx'
|
|
|
|
- name: "6.2.4.5 | PATCH | Ensure audit configuration files mode is configured"
|
|
when: ubtu24cis_rule_6_2_4_5
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- auditd
|
|
- rule_6.2.4.5
|
|
- NIST800-53R5_AU-3
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
mode: 'u-x,g-wx,o-rwx'
|
|
loop: "{{ prelim_auditd_conf_files.files }}"
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
|
|
- name: "6.2.4.6 | PATCH | Ensure audit configuration files owner is configured"
|
|
when: ubtu24cis_rule_6_2_4_6
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- auditd
|
|
- rule_6.2.4.6
|
|
- NIST800-53R5_AU-3
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
owner: root
|
|
loop: "{{ prelim_auditd_conf_files.files }}"
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
|
|
- name: "6.2.4.7 | PATCH | Ensure audit configuration files group owner is configured"
|
|
when:
|
|
- ubtu24cis_rule_6_2_4_7
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- auditd
|
|
- rule_6.2.4.7
|
|
- NIST800-53R5_AU-3
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
group: root
|
|
loop: "{{ prelim_auditd_conf_files.files }}"
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
|
|
- name: "6.2.4.8 | PATCH | Ensure audit tools mode is configured"
|
|
when: ubtu24cis_rule_6_2_4_8
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- auditd
|
|
- rule_6.2.4.8
|
|
- NIST800-53R5_AU-3
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
mode: 'u+x,g-w,o-rwx'
|
|
loop: "{{ audit_bins }}"
|
|
|
|
- name: "6.2.4.9 | PATCH | Ensure audit tools owner is configured"
|
|
when: ubtu24cis_rule_6_2_4_9
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- auditd
|
|
- rule_6.2.4.9
|
|
- NIST800-53R5_AU-3
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: root
|
|
loop: "{{ audit_bins }}"
|
|
|
|
- name: "6.2.4.10 | PATCH | Ensure audit tools group owner is configured"
|
|
when: ubtu24cis_rule_6_2_4_10
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- auditd
|
|
- rule_6.2.4.10
|
|
- NIST800-53R5_AU-3
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
group: root
|
|
loop: "{{ audit_bins }}"
|