anku33/RHEL9-CIS-Audit
1
0
Fork 0
mirror of https://github.com/ansible-lockdown/RHEL9-CIS-Audit.git synced 2026-06-02 19:10:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

updated test

Browse Source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
2023-09-15 14:00:00 +01:00
parent 402b81c340
commit efc0f4967a
5 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
section_4/cis_4.2.1/cis_4.2.1.4.yml
+3 -3
View File
@@ -5,14 +5,14 @@ command:
exec: 'grep -s ^\$FileCreateMode /etc/rsyslog.conf /etc/rsyslog.d/*.conf | cut -f2 -d:'
exit-status: 0
stdout:
- '/\$FileCreateMode 06[0:4]0/'
- '!/\$FileCreateMode 06[6:7][0:7]/'
- '/\$FileCreateMode 06[0-4]0/'
- '!/\$FileCreateMode 06[6-7][0-7]/'
meta:
server: 1
workstation: 1
CIS_ID:
- 4.2.1.4
CISv8:
CISv8:
- 3.3
- 8.2
CISv8_IG1: true
section_5/cis_5.2/cis_5.2.16.yml
+4 -4
View File
@@ -8,8 +8,8 @@ command:
- 0
- 1
stdout:
- "/^MaxAuthTries [1:4]/"
- "!/^MaxAuthTries [5:9]/"
- "/^MaxAuthTries [1-4]/"
- "!/^MaxAuthTries [5-9]/"
meta:
server: 1
workstation: 1
@@ -27,8 +27,8 @@ command:
- 0
- 1
stdout:
- "/maxauthtries [1:4]/"
- "!/^maxauthtries [5:9]/"
- "/maxauthtries [1-4]/"
- "!/^maxauthtries [5-9]/"
meta:
server: 1
workstation: 1
section_5/cis_5.3/cis_5.3.7.yml
+1 -1
View File
@@ -4,7 +4,7 @@ file:
title: 5.3.7 | Ensure access to the su command is restricted
exists: true
contains:
- '/^auth.*required.*pam_wheel.so\suse_uid$\sgroup={{ .Vars.rhel9cis_sugroup }}/'
- '/^auth.*required.*pam_wheel.so\suse_uid\sgroup={{ .Vars.rhel9cis_sugroup }}/'
meta:
server: 1
workstation: 1
section_5/cis_5.6/cis_5.6.1.1.yml
+3 -3
View File
@@ -5,9 +5,9 @@ command:
exec: grep PASS_MAX_DAYS /etc/login.defs
exit-status: 0
stdout:
- '/^PASS_MAX_DAYS\s*{{ .Vars.rhel9cis_pass.max_days }}/'
- '!/^PASS_MAX_DAYS\s*(36[6-9]|[4-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9])/'
- '!/^PASS_MAX_DAYS\s*-1/'
- '/^PASS_MAX_DAYS\s+{{ .Vars.rhel9cis_pass.max_days }}/'
- '!/^PASS_MAX_DAYS\s+(36[6-9]|[4-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9])/'
- '!/^PASS_MAX_DAYS\s+-1/'
meta:
server: 1
workstation: 1
section_5/cis_5.6/cis_5.6.5.yml
+2 -2
View File
@@ -5,8 +5,8 @@ command:
exec: 'grep umask /etc/bashrc /etc/profile /etc/profile.d/*.sh | cut -d ":" -f 2'
exit-status: 0
stdout:
- '/umask 0[2-7][7]/'
- '!/umask[7][0-1][0-6]/'
- '/umask\s+0[2-7][7]/'
- '!/umask\s+[7][0-1][0-6]/'
meta:
server: 1
workstation: 1