diff --git a/linux_os/guide/services/dns/service_dnsmasq_disabled/rule.yml b/linux_os/guide/services/dns/service_dnsmasq_disabled/rule.yml index b030a645a893..51fe990a7a8f 100644 --- a/linux_os/guide/services/dns/service_dnsmasq_disabled/rule.yml +++ b/linux_os/guide/services/dns/service_dnsmasq_disabled/rule.yml @@ -13,6 +13,9 @@ rationale: |- severity: medium identifiers: + cce@rhel8: CCE-90720-4 + cce@rhel9: CCE-90721-2 + cce@rhel10: CCE-90722-0 cce@sle15: CCE-92602-2 platform: system_with_kernel diff --git a/products/rhel10/controls/cis_rhel10.yml b/products/rhel10/controls/cis_rhel10.yml index 8269196f2993..f6abf020f44a 100644 --- a/products/rhel10/controls/cis_rhel10.yml +++ b/products/rhel10/controls/cis_rhel10.yml @@ -817,6 +817,8 @@ controls: - l1_workstation status: automated rules: + - service_dnsmasq_disabled + related_rules: - package_dnsmasq_removed - id: 2.1.7 diff --git a/products/rhel10/profiles/default.profile b/products/rhel10/profiles/default.profile index 4d9b46867bc6..3be6b3d8376a 100644 --- a/products/rhel10/profiles/default.profile +++ b/products/rhel10/profiles/default.profile @@ -45,3 +45,4 @@ selections: - file_etc_security_opasswd - sshd_use_strong_macs - configure_ssh_crypto_policy + - package_dnsmasq_removed diff --git a/products/rhel8/controls/cis_rhel8.yml b/products/rhel8/controls/cis_rhel8.yml index cbe5d4d6454e..57ff2e16abc4 100644 --- a/products/rhel8/controls/cis_rhel8.yml +++ b/products/rhel8/controls/cis_rhel8.yml @@ -860,6 +860,8 @@ controls: - l1_workstation status: automated rules: + - service_dnsmasq_disabled + related_rules: - package_dnsmasq_removed - id: 2.1.7 diff --git a/products/rhel8/profiles/default.profile b/products/rhel8/profiles/default.profile index 6865a9615f79..7e7401a04ac7 100644 --- a/products/rhel8/profiles/default.profile +++ b/products/rhel8/profiles/default.profile @@ -738,3 +738,4 @@ selections: - configure_openssl_tls_crypto_policy - sshd_use_approved_kex_ordered_stig - accounts_user_dot_no_world_writable_programs + - package_dnsmasq_removed diff --git a/products/rhel9/controls/cis_rhel9.yml b/products/rhel9/controls/cis_rhel9.yml index f73fbd1f6d79..2ded1b128c92 100644 --- a/products/rhel9/controls/cis_rhel9.yml +++ b/products/rhel9/controls/cis_rhel9.yml @@ -819,6 +819,8 @@ controls: - l1_workstation status: automated rules: + - service_dnsmasq_disabled + related_rules: - package_dnsmasq_removed - id: 2.1.6 diff --git a/products/rhel9/profiles/default.profile b/products/rhel9/profiles/default.profile index 876e5516b32a..f817322dbdab 100644 --- a/products/rhel9/profiles/default.profile +++ b/products/rhel9/profiles/default.profile @@ -592,3 +592,4 @@ selections: - audit_rules_login_events_tallylog - configure_ssh_crypto_policy - accounts_user_dot_no_world_writable_programs + - package_dnsmasq_removed diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index 19129c0f0065..3681684fcdf0 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -2341,6 +2341,3 @@ CCE-90706-3 CCE-90707-1 CCE-90710-5 CCE-90715-4 -CCE-90720-4 -CCE-90721-2 -CCE-90722-0 diff --git a/tests/data/profile_stability/rhel10/cis.profile b/tests/data/profile_stability/rhel10/cis.profile index acb21b876b66..be281650fc10 100644 --- a/tests/data/profile_stability/rhel10/cis.profile +++ b/tests/data/profile_stability/rhel10/cis.profile @@ -322,7 +322,6 @@ package_audit_installed package_bind_removed package_cron_installed package_cyrus-imapd_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -369,6 +368,7 @@ service_bluetooth_disabled service_cockpit_disabled service_crond_enabled service_cups_disabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_rpcbind_disabled diff --git a/tests/data/profile_stability/rhel10/cis_server_l1.profile b/tests/data/profile_stability/rhel10/cis_server_l1.profile index 1a8d4a413244..40d910b58ee9 100644 --- a/tests/data/profile_stability/rhel10/cis_server_l1.profile +++ b/tests/data/profile_stability/rhel10/cis_server_l1.profile @@ -226,7 +226,6 @@ package_aide_installed package_bind_removed package_cron_installed package_cyrus-imapd_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -262,6 +261,7 @@ service_avahi-daemon_disabled service_bluetooth_disabled service_crond_enabled service_cups_disabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_rpcbind_disabled diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l1.profile b/tests/data/profile_stability/rhel10/cis_workstation_l1.profile index 63186a34c258..f2f820c05c60 100644 --- a/tests/data/profile_stability/rhel10/cis_workstation_l1.profile +++ b/tests/data/profile_stability/rhel10/cis_workstation_l1.profile @@ -222,7 +222,6 @@ package_aide_installed package_bind_removed package_cron_installed package_cyrus-imapd_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -253,6 +252,7 @@ rsyslog_files_permissions selinux_not_disabled selinux_policytype service_crond_enabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_rpcbind_disabled diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile index 221ffac17557..68ed725b2d73 100644 --- a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile @@ -322,7 +322,6 @@ package_audit_installed package_bind_removed package_cron_installed package_cyrus-imapd_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -365,6 +364,7 @@ service_avahi-daemon_disabled service_bluetooth_disabled service_cockpit_disabled service_crond_enabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_rpcbind_disabled diff --git a/tests/data/profile_stability/rhel8/cis.profile b/tests/data/profile_stability/rhel8/cis.profile index 40ef7718866d..f17b30ec001e 100644 --- a/tests/data/profile_stability/rhel8/cis.profile +++ b/tests/data/profile_stability/rhel8/cis.profile @@ -323,7 +323,6 @@ package_chrony_installed package_cron_installed package_cyrus-imapd_removed package_dhcp_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -376,6 +375,7 @@ service_bluetooth_disabled service_cockpit_disabled service_crond_enabled service_cups_disabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_rpcbind_disabled diff --git a/tests/data/profile_stability/rhel8/cis_server_l1.profile b/tests/data/profile_stability/rhel8/cis_server_l1.profile index c186914d253b..8acdac5b799c 100644 --- a/tests/data/profile_stability/rhel8/cis_server_l1.profile +++ b/tests/data/profile_stability/rhel8/cis_server_l1.profile @@ -237,7 +237,6 @@ package_chrony_installed package_cron_installed package_cyrus-imapd_removed package_dhcp_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -279,6 +278,7 @@ service_avahi-daemon_disabled service_bluetooth_disabled service_crond_enabled service_cups_disabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_rpcbind_disabled diff --git a/tests/data/profile_stability/rhel8/cis_workstation_l1.profile b/tests/data/profile_stability/rhel8/cis_workstation_l1.profile index f53d2e0dd714..3a115c19fbf6 100644 --- a/tests/data/profile_stability/rhel8/cis_workstation_l1.profile +++ b/tests/data/profile_stability/rhel8/cis_workstation_l1.profile @@ -234,7 +234,6 @@ package_chrony_installed package_cron_installed package_cyrus-imapd_removed package_dhcp_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -271,6 +270,7 @@ rsyslog_nolisten selinux_not_disabled selinux_policytype service_crond_enabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_rpcbind_disabled diff --git a/tests/data/profile_stability/rhel8/cis_workstation_l2.profile b/tests/data/profile_stability/rhel8/cis_workstation_l2.profile index f43c7d9ea9b5..c7700c1f700b 100644 --- a/tests/data/profile_stability/rhel8/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel8/cis_workstation_l2.profile @@ -323,7 +323,6 @@ package_chrony_installed package_cron_installed package_cyrus-imapd_removed package_dhcp_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -372,6 +371,7 @@ service_avahi-daemon_disabled service_bluetooth_disabled service_cockpit_disabled service_crond_enabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_rpcbind_disabled diff --git a/tests/data/profile_stability/rhel9/cis.profile b/tests/data/profile_stability/rhel9/cis.profile index 65f2ddc07f7e..398d9f9c3132 100644 --- a/tests/data/profile_stability/rhel9/cis.profile +++ b/tests/data/profile_stability/rhel9/cis.profile @@ -292,7 +292,6 @@ package_chrony_installed package_cron_installed package_cyrus-imapd_removed package_dhcp_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -339,6 +338,7 @@ service_avahi-daemon_disabled service_bluetooth_disabled service_crond_enabled service_cups_disabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_nftables_disabled diff --git a/tests/data/profile_stability/rhel9/cis_server_l1.profile b/tests/data/profile_stability/rhel9/cis_server_l1.profile index ac83e2c0a321..549ae2ca45b2 100644 --- a/tests/data/profile_stability/rhel9/cis_server_l1.profile +++ b/tests/data/profile_stability/rhel9/cis_server_l1.profile @@ -201,7 +201,6 @@ package_chrony_installed package_cron_installed package_cyrus-imapd_removed package_dhcp_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -238,6 +237,7 @@ service_avahi-daemon_disabled service_bluetooth_disabled service_crond_enabled service_cups_disabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_nftables_disabled diff --git a/tests/data/profile_stability/rhel9/cis_workstation_l1.profile b/tests/data/profile_stability/rhel9/cis_workstation_l1.profile index fb685c741479..fc3d0e7e594a 100644 --- a/tests/data/profile_stability/rhel9/cis_workstation_l1.profile +++ b/tests/data/profile_stability/rhel9/cis_workstation_l1.profile @@ -198,7 +198,6 @@ package_chrony_installed package_cron_installed package_cyrus-imapd_removed package_dhcp_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -230,6 +229,7 @@ rsyslog_files_permissions selinux_not_disabled selinux_policytype service_crond_enabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_nftables_disabled diff --git a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile index 3fc4bebf0c4a..ac08a0eb2e05 100644 --- a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile @@ -292,7 +292,6 @@ package_chrony_installed package_cron_installed package_cyrus-imapd_removed package_dhcp_removed -package_dnsmasq_removed package_dovecot_removed package_firewalld_installed package_ftp_removed @@ -335,6 +334,7 @@ service_autofs_disabled service_avahi-daemon_disabled service_bluetooth_disabled service_crond_enabled +service_dnsmasq_disabled service_firewalld_enabled service_nfs_disabled service_nftables_disabled