From 211101b31992d8565f3e514d93c4e2e95d5097dc Mon Sep 17 00:00:00 2001
From: Alex M <58046369+amalone-scwx@users.noreply.github.com>
Date: Sun, 4 Jun 2023 13:16:43 -0700
Subject: [PATCH] fix elevation required on a couple

---
 atomics/T1070.002/T1070.002.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/atomics/T1070.002/T1070.002.yaml b/atomics/T1070.002/T1070.002.yaml
index 75c07353..95d4744f 100644
--- a/atomics/T1070.002/T1070.002.yaml
+++ b/atomics/T1070.002/T1070.002.yaml
@@ -325,7 +325,16 @@ atomic_tests:
       description: Username of mail spool
       type: string
       default: root
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      target files must exist
+    prereq_command: |
+      stat /var/spool/mail/#{username}
+    get_prereq_command: |
+      touch /var/spool/mail/#{username}
   executor:
+    elevation_required: true
     command: |
       echo 0> /var/spool/mail/#{username}
     name: bash
@@ -344,3 +353,6 @@ atomic_tests:
     command: |
       echo 0> #{log_path}
     name: bash
+    elevation_required: true
+    cleanup_command: |
+      if [ "/var/log/secure" != "#{log_path}" ] ; then rm -f #{log_path} ; fi