Merge pull request #10233 from marcusburghardt/cis_rhel_avahi

Include avahi related rules in RHEL CIS control files
ComplianceAsCode · Feb 20, 2023 · 55d064f · 55d064f
2 parents 2657bcb + d272356
commit 55d064f
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 18 deletions.
diff --git a/controls/cis_rhel7.yml b/controls/cis_rhel7.yml
@@ -636,9 +636,12 @@ controls:
     levels:
     - l1_server
     - l2_workstation
-    status: partial # rule for package removal is missing
+    status: automated
     rules:
-    - service_avahi-daemon_disabled
+      - package_avahi_removed
+      - package_avahi-autoipd_removed
+    related_rules:
+      - service_avahi-daemon_disabled
 
   - id: 2.2.4
     title: Ensure CUPS is not installed (Automated)

diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
@@ -692,13 +692,15 @@ controls:
     rules:
       - package_xorg-x11-server-common_removed
 
-  # NEEDS RULE
   - id: 2.2.3
     title: Ensure Avahi Server is not installed (Automated)
     levels:
       - l1_server
-      - l1_workstation
-    status: planned
+      - l2_workstation
+    status: automated
+    rules:
+      - package_avahi_removed
+      - package_avahi-autoipd_removed
     related_rules:
       - service_avahi-daemon_disabled
 

diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
@@ -700,13 +700,15 @@ controls:
     rules:
       - package_xorg-x11-server-common_removed
 
-  # NEEDS RULE
   - id: 2.2.2
     title: Ensure Avahi Server is not installed (Automated)
     levels:
       - l1_server
       - l2_workstation
-    status: planned
+    status: automated
+    rules:
+      - package_avahi_removed
+      - package_avahi-autoipd_removed
     related_rules:
       - service_avahi-daemon_disabled
 

diff --git a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle12,sle15
+prodtype: rhel7,rhel8,rhel9,sle12,sle15
 
 title: 'Uninstall avahi-autoipd Server Package'
 
@@ -17,11 +17,17 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel7: CCE-86514-7
+    cce@rhel8: CCE-86515-4
+    cce@rhel9: CCE-86516-2
     cce@sle12: CCE-92310-2
     cce@sle15: CCE-92465-4
 
 references:
     cis-csc: 11,14,3,9
+    cis@rhel7: 2.2.3
+    cis@rhel8: 2.2.3
+    cis@rhel9: 2.2.2
     cis@sle12: 2.2.3
     cis@sle15: 2.2.3
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06

diff --git a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle12,sle15
+prodtype: rhel7,rhel8,rhel9,sle12,sle15
 
 title: 'Uninstall avahi Server Package'
 
@@ -17,11 +17,17 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel7: CCE-86511-3
+    cce@rhel8: CCE-86512-1
+    cce@rhel9: CCE-86513-9
     cce@sle12: CCE-92314-4
     cce@sle15: CCE-92464-7
 
 references:
     cis-csc: 11,14,3,9
+    cis@rhel7: 2.2.3
+    cis@rhel8: 2.2.3
+    cis@rhel9: 2.2.2
     cis@sle12: 2.2.3
     cis@sle15: 2.2.3
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06

diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
@@ -26,9 +26,6 @@ references:
     cis-csc: 11,14,3,9
     cis@alinux2: 2.1.3
     cis@alinux3: 2.2.4
-    cis@rhel7: 2.2.3
-    cis@rhel8: 2.2.3
-    cis@rhel9: 2.2.2
     cis@sle12: 2.2.3
     cis@sle15: 2.2.3
     cis@ubuntu2004: 2.2.3

diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
@@ -309,12 +309,6 @@ CCE-86503-0
 CCE-86504-8
 CCE-86508-9
 CCE-86509-7
-CCE-86511-3
-CCE-86512-1
-CCE-86513-9
-CCE-86514-7
-CCE-86515-4
-CCE-86516-2
 CCE-86517-0
 CCE-86518-8
 CCE-86520-4