From dbc16a9e41aaeb1dd267af9b62d8ca1418fa2a72 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Tue, 2 Dec 2025 11:18:33 -0600 Subject: [PATCH] Add firewalld-backend to RHEL 10 CIS profile --- controls/cis_rhel10.yml | 5 ++++- tests/data/profile_stability/rhel10/cis.profile | 1 + tests/data/profile_stability/rhel10/cis_server_l1.profile | 1 + .../data/profile_stability/rhel10/cis_workstation_l1.profile | 1 + .../data/profile_stability/rhel10/cis_workstation_l2.profile | 1 + 5 files changed, 8 insertions(+), 1 deletion(-) diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml index 691a5b6d74a8..40d1a60e1d77 100644 --- a/controls/cis_rhel10.yml +++ b/controls/cis_rhel10.yml @@ -1520,7 +1520,10 @@ controls: levels: - l1_server - l1_workstation - status: pending + status: automated + rules: + - firewalld-backend + - id: 4.1.3 title: Ensure firewalld.service is configured (Automated) diff --git a/tests/data/profile_stability/rhel10/cis.profile b/tests/data/profile_stability/rhel10/cis.profile index 353276de259e..e7c2f3313297 100644 --- a/tests/data/profile_stability/rhel10/cis.profile +++ b/tests/data/profile_stability/rhel10/cis.profile @@ -254,6 +254,7 @@ file_permissions_sshd_pub_key file_permissions_unauthorized_world_writable file_permissions_user_cfg file_permissions_var_log_audit +firewalld-backend firewalld_loopback_traffic_trusted gid_passwd_group_same group_unique_id diff --git a/tests/data/profile_stability/rhel10/cis_server_l1.profile b/tests/data/profile_stability/rhel10/cis_server_l1.profile index 914598916877..368ea32753dd 100644 --- a/tests/data/profile_stability/rhel10/cis_server_l1.profile +++ b/tests/data/profile_stability/rhel10/cis_server_l1.profile @@ -166,6 +166,7 @@ file_permissions_sshd_private_key file_permissions_sshd_pub_key file_permissions_unauthorized_world_writable file_permissions_user_cfg +firewalld-backend firewalld_loopback_traffic_trusted gid_passwd_group_same group_unique_id diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l1.profile b/tests/data/profile_stability/rhel10/cis_workstation_l1.profile index a0c73e821286..e11be34694c7 100644 --- a/tests/data/profile_stability/rhel10/cis_workstation_l1.profile +++ b/tests/data/profile_stability/rhel10/cis_workstation_l1.profile @@ -164,6 +164,7 @@ file_permissions_sshd_private_key file_permissions_sshd_pub_key file_permissions_unauthorized_world_writable file_permissions_user_cfg +firewalld-backend firewalld_loopback_traffic_trusted gid_passwd_group_same group_unique_id diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile index 7ec7962b67ec..fcec3b31b36e 100644 --- a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile @@ -254,6 +254,7 @@ file_permissions_sshd_pub_key file_permissions_unauthorized_world_writable file_permissions_user_cfg file_permissions_var_log_audit +firewalld-backend firewalld_loopback_traffic_trusted gid_passwd_group_same group_unique_id