Merge "Reworked 'unless' for adding ports to bridge"
diff --git a/linux/meta/fluentd.yml b/linux/meta/fluentd.yml
index a6f9cc4..f6d6720 100644
--- a/linux/meta/fluentd.yml
+++ b/linux/meta/fluentd.yml
@@ -77,6 +77,8 @@
record:
- name: severity_label
value: '${ {"TRACE"=>8,"DEBUG"=>7,"INFO"=>6,"NOTICE"=>5,"WARNING"=>4,"ERROR"=>3,"CRITICAL"=>2,"ALERT"=>1,"EMERGENCY"=>0}.key(record["Severity"].to_i) }'
+ - name: source
+ value: systemd
match:
rewrite_tag:
tag: systemd.source
@@ -84,9 +86,9 @@
rule:
- name: ident
regexp: '^(.*)$'
- result: __TAG__.$1
+ result: $1.systemd
push_to_default:
- tag: 'systemd.source.*'
+ tag: '*.systemd'
type: copy
store:
- type: relabel
diff --git a/linux/system/init.sls b/linux/system/init.sls
index cec6c18..20d39d9 100644
--- a/linux/system/init.sls
+++ b/linux/system/init.sls
@@ -3,6 +3,7 @@
include:
- linux.system.env
- linux.system.profile
+- linux.system.shell
{%- if system.login_defs is defined %}
- linux.system.login_defs
{%- endif %}
diff --git a/metadata/service/system/cis/cis-5-4-1-4.yml b/metadata/service/system/cis/cis-5-4-1-4.yml
deleted file mode 100644
index 97a86af..0000000
--- a/metadata/service/system/cis/cis-5-4-1-4.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-# CIS 5.4.1.4 Ensure inactive password lock is 30 days or less (Scored)
-#
-# Description
-# ===========
-# User accounts that have been inactive for over a given period of time can be
-# automatically disabled. It is recommended that accounts that are inactive
-# for 30 days after password expiration be disabled.
-#
-# Rationale
-# =========
-# Inactive accounts pose a threat to system security since the users are not
-# logging in to notice failed login attempts or other anomalies.
-#
-# Audit
-# =====
-# Run the following command and verify INACTIVE is 30 or less:
-#
-# # useradd -D | grep INACTIVE
-# INACTIVE=30
-#
-# Verify all users with a password have Password inactive no more than 30 days
-# after password expires:
-#
-# # egrep ^[^:]+:[^\!*] /etc/shadow | cut -d: -f1
-# <list of users>
-# # chage --list <user>
-# Password inactive: <date>
-#
-# Remediation
-# ===========
-# Run the following command to set the default password inactivity period to
-# 30 days:
-#
-# # useradd -D -f 30
-#
-# Modify user parameters for all users with a password set to match:
-#
-# # chage --inactive 30 <user>
-#
-# Notes
-# =====
-# You can also check this setting in /etc/shadow directly. The 7th field
-# should be 30 or less for all users with a password.
-#
-parameters:
- linux:
- system:
- login_defs:
- INACTIVE:
- value: 30
-
diff --git a/metadata/service/system/cis/init.yml b/metadata/service/system/cis/init.yml
index 26b7642..0c2626d 100644
--- a/metadata/service/system/cis/init.yml
+++ b/metadata/service/system/cis/init.yml
@@ -34,7 +34,6 @@
- service.linux.system.cis.cis-5-4-1-1
- service.linux.system.cis.cis-5-4-1-2
- service.linux.system.cis.cis-5-4-1-3
-- service.linux.system.cis.cis-5-4-1-4
- service.linux.system.cis.cis-5-4-4
- service.linux.system.cis.cis-6-1-2
- service.linux.system.cis.cis-6-1-3