-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathtest_section_02_level1.yml
123 lines (98 loc) · 3.02 KB
/
test_section_02_level1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
---
# CIS Ubuntu Linux 20.04 LTS Benchmark v1.0.0
#
# 2 Services
# 2.2.1.2 Ensure systemd-timesyncd is configured (Manual): not implemented
# 2.2.1.4 Ensure ntp is configured (Automated): not implemented
# 2.4 Ensure nonessential services are removed or masked (Manual): not implemented
command:
# 2.2 Special Purpose Services
# 2.2.1 Time Synchronization
# 2.2.1.1 Ensure time synchronization is in use (Automated)
dpkg -s chrony:
exit-status: 0
systemctl is-enabled chrony:
exit-status: 0
stdout:
- "enabled"
# 2.2.1.3 Ensure chrony is configured (Automated)
grep -E "^(server|pool)" /etc/chrony/chrony.conf:
exit-status: 0
stdout:
- "server metadata.google.internal iburst"
# 2.2.15 Ensure mail transfer agent is configured for local-only mode (Automated)
ss -lntu | grep -E ':25\s' | grep -E -v '\s(127.0.0.1|::1):25\s':
exit-status: 1
stdout: []
package:
# 2.1 inetd Services
# 2.1.1 Ensure xinetd is not installed (Automated)
xinetd:
installed: false
# 2.1.2 Ensure openbsd-inetd is not installed (Automated)
openbsd-inetd:
installed: false
# 2.2.2 Ensure X Window System is not installed (Automated)
xserver-xorg*:
installed: false
# 2.2.3 Ensure Avahi Server is not installed (Automated)
avahi-daemon:
installed: false
# 2.2.4 Ensure CUPS is not installed (Automated)
cups:
installed: false
# 2.2.5 Ensure DHCP Server is not installed (Automated)
isc-dhcp-server:
installed: false
# 2.2.6 Ensure LDAP server is not installed (Automated)
slapd:
installed: false
# 2.2.7 Ensure NFS is not installed (Automated)
nfs-kernel-server:
installed: false
# 2.2.8 Ensure DNS Server is not installed (Automated)
bind9:
installed: false
# 2.2.9 Ensure FTP Server is not installed (Automated)
vsftpd:
installed: false
# 2.2.10 Ensure HTTP server is not installed (Automated)
apache2:
installed: false
# 2.2.11 Ensure IMAP and POP3 server are not installed (Automated)
dovecot-imapd:
installed: false
dovecot-pop3d:
installed: false
# 2.2.12 Ensure Samba is not installed (Automated)
samba:
installed: false
# 2.2.13 Ensure HTTP Proxy Server is not installed (Automated)
squid:
installed: false
# 2.2.14 Ensure SNMP Server is not installed (Automated)
snmpd:
installed: false
# 2.2.16 Ensure rsync service is not installed (Automated)
rsync:
installed: false
# 2.2.17 Ensure NIS Server is not installed (Automated)
# 2.3 Service Clients
# 2.3.1 Ensure NIS Client is not installed (Automated)
nis:
installed: false
# 2.3.2 Ensure rsh client is not installed (Automated)
rsh-client:
installed: false
# 2.3.3 Ensure talk client is not installed (Automated)
talk:
installed: false
# 2.3.4 Ensure telnet client is not installed (Automated)
telnet:
installed: false
# 2.3.5 Ensure LDAP client is not installed (Automated)
ldap-utils:
installed: false
# 2.3.6 Ensure RPC is not installed (Automated)
rpcbind:
installed: false