Skip to content

[stabilization] Move to service_dnsmasq_disabled for CIS in RHEL #14526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jan-cerny merged 4 commits into from
Mar 4, 2026
Merged

[stabilization] Move to service_dnsmasq_disabled for CIS in RHEL #14526

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
544b1ca
Move to service_dnsmasq_disabled for CIS in RHEL
Mab879 Mar 3, 2026
585678e
update profile stability tests
vojtapolasek Mar 4, 2026
e6ae4f5
add cces to service_dnsmasq_disabled
vojtapolasek Mar 4, 2026
5f34268
add package_dnsmasq_removed to default profiles for rhels
vojtapolasek Mar 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions linux_os/guide/services/dns/service_dnsmasq_disabled/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ rationale: |-
severity: medium

identifiers:
cce@rhel8: CCE-90720-4
cce@rhel9: CCE-90721-2
cce@rhel10: CCE-90722-0
cce@sle15: CCE-92602-2

platform: system_with_kernel
Expand Down
2 changes: 2 additions & 0 deletions products/rhel10/controls/cis_rhel10.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -817,6 +817,8 @@ controls:
- l1_workstation
status: automated
rules:
- service_dnsmasq_disabled
related_rules:
- package_dnsmasq_removed

- id: 2.1.7
Expand Down
1 change: 1 addition & 0 deletions products/rhel10/profiles/default.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,4 @@ selections:
- file_etc_security_opasswd
- sshd_use_strong_macs
- configure_ssh_crypto_policy
- package_dnsmasq_removed
2 changes: 2 additions & 0 deletions products/rhel8/controls/cis_rhel8.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -860,6 +860,8 @@ controls:
- l1_workstation
status: automated
rules:
- service_dnsmasq_disabled
related_rules:
- package_dnsmasq_removed

- id: 2.1.7
Expand Down
1 change: 1 addition & 0 deletions products/rhel8/profiles/default.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -738,3 +738,4 @@ selections:
- configure_openssl_tls_crypto_policy
- sshd_use_approved_kex_ordered_stig
- accounts_user_dot_no_world_writable_programs
- package_dnsmasq_removed
2 changes: 2 additions & 0 deletions products/rhel9/controls/cis_rhel9.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -819,6 +819,8 @@ controls:
- l1_workstation
status: automated
rules:
- service_dnsmasq_disabled
related_rules:
- package_dnsmasq_removed

- id: 2.1.6
Expand Down
1 change: 1 addition & 0 deletions products/rhel9/profiles/default.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -592,3 +592,4 @@ selections:
- audit_rules_login_events_tallylog
- configure_ssh_crypto_policy
- accounts_user_dot_no_world_writable_programs
- package_dnsmasq_removed
3 changes: 0 additions & 3 deletions shared/references/cce-redhat-avail.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2341,6 +2341,3 @@ CCE-90706-3
CCE-90707-1
CCE-90710-5
CCE-90715-4
CCE-90720-4
CCE-90721-2
CCE-90722-0
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel10/cis.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,6 @@ package_audit_installed
package_bind_removed
package_cron_installed
package_cyrus-imapd_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -369,6 +368,7 @@ service_bluetooth_disabled
service_cockpit_disabled
service_crond_enabled
service_cups_disabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_rpcbind_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel10/cis_server_l1.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,6 @@ package_aide_installed
package_bind_removed
package_cron_installed
package_cyrus-imapd_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -262,6 +261,7 @@ service_avahi-daemon_disabled
service_bluetooth_disabled
service_crond_enabled
service_cups_disabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_rpcbind_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel10/cis_workstation_l1.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,6 @@ package_aide_installed
package_bind_removed
package_cron_installed
package_cyrus-imapd_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -253,6 +252,7 @@ rsyslog_files_permissions
selinux_not_disabled
selinux_policytype
service_crond_enabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_rpcbind_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel10/cis_workstation_l2.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,6 @@ package_audit_installed
package_bind_removed
package_cron_installed
package_cyrus-imapd_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -365,6 +364,7 @@ service_avahi-daemon_disabled
service_bluetooth_disabled
service_cockpit_disabled
service_crond_enabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_rpcbind_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel8/cis.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,7 +323,6 @@ package_chrony_installed
package_cron_installed
package_cyrus-imapd_removed
package_dhcp_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -376,6 +375,7 @@ service_bluetooth_disabled
service_cockpit_disabled
service_crond_enabled
service_cups_disabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_rpcbind_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel8/cis_server_l1.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,6 @@ package_chrony_installed
package_cron_installed
package_cyrus-imapd_removed
package_dhcp_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -279,6 +278,7 @@ service_avahi-daemon_disabled
service_bluetooth_disabled
service_crond_enabled
service_cups_disabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_rpcbind_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel8/cis_workstation_l1.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,6 @@ package_chrony_installed
package_cron_installed
package_cyrus-imapd_removed
package_dhcp_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -271,6 +270,7 @@ rsyslog_nolisten
selinux_not_disabled
selinux_policytype
service_crond_enabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_rpcbind_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel8/cis_workstation_l2.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,7 +323,6 @@ package_chrony_installed
package_cron_installed
package_cyrus-imapd_removed
package_dhcp_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -372,6 +371,7 @@ service_avahi-daemon_disabled
service_bluetooth_disabled
service_cockpit_disabled
service_crond_enabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_rpcbind_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel9/cis.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,6 @@ package_chrony_installed
package_cron_installed
package_cyrus-imapd_removed
package_dhcp_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -339,6 +338,7 @@ service_avahi-daemon_disabled
service_bluetooth_disabled
service_crond_enabled
service_cups_disabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_nftables_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel9/cis_server_l1.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,6 @@ package_chrony_installed
package_cron_installed
package_cyrus-imapd_removed
package_dhcp_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -238,6 +237,7 @@ service_avahi-daemon_disabled
service_bluetooth_disabled
service_crond_enabled
service_cups_disabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_nftables_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel9/cis_workstation_l1.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,6 @@ package_chrony_installed
package_cron_installed
package_cyrus-imapd_removed
package_dhcp_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -230,6 +229,7 @@ rsyslog_files_permissions
selinux_not_disabled
selinux_policytype
service_crond_enabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_nftables_disabled
Expand Down
2 changes: 1 addition & 1 deletion tests/data/profile_stability/rhel9/cis_workstation_l2.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,6 @@ package_chrony_installed
package_cron_installed
package_cyrus-imapd_removed
package_dhcp_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
Expand Down Expand Up @@ -335,6 +334,7 @@ service_autofs_disabled
service_avahi-daemon_disabled
service_bluetooth_disabled
service_crond_enabled
service_dnsmasq_disabled
service_firewalld_enabled
service_nfs_disabled
service_nftables_disabled
Expand Down
Loading