From c516a1ab7892bdfc6b5756036bde239fcf70057c Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Tue, 1 Oct 2024 16:30:55 -0500 Subject: [PATCH] Remove ypbind rules from RHEL10 --- controls/cis_rhel10.yml | 3 +-- products/rhel10/profiles/anssi_bp28_enhanced.profile | 1 + products/rhel10/profiles/anssi_bp28_high.profile | 1 + products/rhel10/profiles/anssi_bp28_intermediary.profile | 1 + products/rhel10/profiles/anssi_bp28_minimal.profile | 1 + products/rhel10/profiles/hipaa.profile | 2 ++ 6 files changed, 7 insertions(+), 2 deletions(-) diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml index b70d0094dca..895aeb7e808 100644 --- a/controls/cis_rhel10.yml +++ b/controls/cis_rhel10.yml @@ -1046,8 +1046,7 @@ controls: - l1_server - l1_workstation status: automated - notes: Review the availability of this package when the product is out. - rules: + related_rules: - package_ypbind_removed - id: 2.2.4 diff --git a/products/rhel10/profiles/anssi_bp28_enhanced.profile b/products/rhel10/profiles/anssi_bp28_enhanced.profile index 49e359f7644..ca0a665c3c3 100644 --- a/products/rhel10/profiles/anssi_bp28_enhanced.profile +++ b/products/rhel10/profiles/anssi_bp28_enhanced.profile @@ -66,6 +66,7 @@ selections: - '!package_sendmail_removed' - '!package_talk_removed' - '!package_xinetd_removed' + - '!package_ypbind_removed' - '!package_ypserv_removed' # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed - '!accounts_password_pam_retry' diff --git a/products/rhel10/profiles/anssi_bp28_high.profile b/products/rhel10/profiles/anssi_bp28_high.profile index 57e5c02f1d1..bb3905a4a9e 100644 --- a/products/rhel10/profiles/anssi_bp28_high.profile +++ b/products/rhel10/profiles/anssi_bp28_high.profile @@ -70,6 +70,7 @@ selections: - '!package_sendmail_removed' - '!package_talk_removed' - '!package_xinetd_removed' + - '!package_ypbind_removed' - '!package_ypserv_removed' # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed - '!accounts_password_pam_retry' diff --git a/products/rhel10/profiles/anssi_bp28_intermediary.profile b/products/rhel10/profiles/anssi_bp28_intermediary.profile index 23bac4936e5..dde9275fb13 100644 --- a/products/rhel10/profiles/anssi_bp28_intermediary.profile +++ b/products/rhel10/profiles/anssi_bp28_intermediary.profile @@ -46,6 +46,7 @@ selections: - '!package_sendmail_removed' - '!package_talk_removed' - '!package_xinetd_removed' + - '!package_ypbind_removed' - '!package_ypserv_removed' # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed - '!accounts_password_pam_retry' diff --git a/products/rhel10/profiles/anssi_bp28_minimal.profile b/products/rhel10/profiles/anssi_bp28_minimal.profile index 16ef5e53bff..be3e707ce3b 100644 --- a/products/rhel10/profiles/anssi_bp28_minimal.profile +++ b/products/rhel10/profiles/anssi_bp28_minimal.profile @@ -44,6 +44,7 @@ selections: - '!package_sendmail_removed' - '!package_talk_removed' - '!package_xinetd_removed' + - '!package_ypbind_removed' - '!package_ypserv_removed' # these rules are failing when they are remediated with Ansible, removing then temporarily until they are fixed - '!accounts_password_pam_retry' diff --git a/products/rhel10/profiles/hipaa.profile b/products/rhel10/profiles/hipaa.profile index f89d90590b3..95a9a1f229d 100644 --- a/products/rhel10/profiles/hipaa.profile +++ b/products/rhel10/profiles/hipaa.profile @@ -32,6 +32,7 @@ selections: - '!ensure_fedora_gpgkey_installed' - '!grub2_uefi_admin_username' - '!grub2_uefi_pass' + - '!service_ypbind_disabled' - '!service_zebra_disabled' - '!package_talk-server_removed' - '!package_talk_removed' @@ -46,6 +47,7 @@ selections: - '!package_rsh_removed' - '!package_rsh-server_removed' - '!package_tcp_wrappers_removed' + - '!package_ypbind_removed' - '!package_xinetd_removed' - '!service_xinetd_disabled' - '!sshd_allow_only_protocol2'