Update several controls and variables for Ubuntu 24.04 CIS

[mpurg]

Description:

Update several controls for Ubuntu 24.04 CIS, adding missing rules and fixing variable overrides:

• 2.1.2 - Ensure avahi daemon services are not in use
• 2.1.4 - Ensure dns server services are not in use
• 2.1.6 - Ensure ftp server services are not in use
• 2.1.7 - Ensure ldap server services are not in use
• 2.1.8 - Ensure message access server services are not in use
• 2.1.9 - Ensure network file system services are not in use
• 2.1.10 - Ensure nis server services are not in use
• 2.1.11 - Ensure print server services are not in use
• 2.1.12 - Ensure rpcbind services are not in use
• 2.1.13 - Ensure rsync services are not in use
• 2.1.14 - Ensure samba file server services are not in use
• 2.1.15 - Ensure snmp services are not in use
• 2.1.16 - Ensure tftp server services are not in use
• 2.1.17 - Ensure web proxy server services are not in use
• 2.1.19 - Ensure xinetd services are not in use
• 2.1.20 - Ensure X window server services are not in use

[openshift-ci]

Hi @mpurg. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_slapd_disabled'.
--- xccdf_org.ssgproject.content_rule_service_slapd_disabled
+++ xccdf_org.ssgproject.content_rule_service_slapd_disabled
@@ -3,11 +3,12 @@
 Disable LDAP Server (slapd)
 
 [description]:
-The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database.
+The Lightweight Directory Access Protocol (LDAP) is a service that
+provides a method for looking up information from a central database.
 
 [rationale]:
-If the system will not need to act as an LDAP server, it is recommended that the software be
-disabled to reduce the potential attack surface.
+If the system will not need to act as an LDAP server, it is recommended
+that the software be disabled to reduce the potential attack surface.
 
 [ident]:
 CCE-87262-2

[codeclimate]

Code Climate has analyzed commit f9d3661 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.

[dodys]

lgtm, thanks!