Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add package_dnsmasq_removed rule #10293

Merged
merged 1 commit into from
Mar 7, 2023
Merged

Add package_dnsmasq_removed rule #10293

merged 1 commit into from
Mar 7, 2023

Conversation

cortesana
Copy link
Contributor

@cortesana cortesana commented Mar 6, 2023
edited

Description:

The new package_dnsmasq_removed rule is created in order to meet the following CIS requirement for RHEL9:

  • 2.2.14 - Ensure dnsmasq is not installed. (Automated)

Rationale:

Unless the system is specifically designated to act as a DNS caching, DNS forwarding and/or DHCP server, the package should be removed to reduce the potential attack surface.

@cortesana cortesana added RHEL9 Red Hat Enterprise Linux 9 product related. CIS CIS Benchmark related. labels Mar 6, 2023
@cortesana cortesana requested a review from a team as a code owner March 6, 2023 16:20
@marcusburghardt marcusburghardt added this to the 0.1.67 milestone Mar 6, 2023
@cortesana cortesana force-pushed the create-rule-package-dnsmasq-removed branch from 1a2d04a to cb28972 Compare March 6, 2023 16:31
@github-actions
Copy link

github-actions bot commented Mar 6, 2023

Start a new ephemeral environment with changes proposed in this pull request:

rhel9 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@Mab879 Mab879 self-assigned this Mar 6, 2023
@Mab879 Mab879 added the New Rule Issues or pull requests related to new Rules. label Mar 6, 2023
Mab879
Mab879 requested changes Mar 6, 2023
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! I found a few items that need to be addressed. Let me know if you have any questions.

linux_os/guide/services/dns/package_dnsmasq_removed/rule.yml Outdated Show resolved Hide resolved
controls/cis_rhel9.yml Show resolved Hide resolved
linux_os/guide/services/dns/package_dnsmasq_removed/rule.yml Outdated Show resolved Hide resolved
linux_os/guide/services/dns/package_dnsmasq_removed/rule.yml Outdated Show resolved Hide resolved
linux_os/guide/services/dns/package_dnsmasq_removed/rule.yml Outdated Show resolved Hide resolved
@cortesana cortesana force-pushed the create-rule-package-dnsmasq-removed branch from cb28972 to f396a5c Compare March 6, 2023 17:48
@cortesana cortesana requested a review from Mab879 March 6, 2023 17:48
marcusburghardt
marcusburghardt requested changes Mar 6, 2023
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this rule @cortesana . There is only a possible typo in the rule id.

controls/cis_rhel9.yml Outdated Show resolved Hide resolved
@cortesana cortesana force-pushed the create-rule-package-dnsmasq-removed branch from f396a5c to cebf58d Compare March 7, 2023 08:29
@cortesana
Add package_dnsmasq_removed rule
bb8254a 
The new package_dnsmasq_removed rule is created in order to meet the following CIS requirement for RHEL9:
- 2.2.14 - Ensure dnsmasq is not installed. (Automated)
@cortesana cortesana force-pushed the create-rule-package-dnsmasq-removed branch from cebf58d to bb8254a Compare March 7, 2023 10:10
@codeclimate
Copy link

codeclimate bot commented Mar 7, 2023

Code Climate has analyzed commit bb8254a and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 51.7% (0.0% change).

View more on Code Climate.

marcusburghardt
marcusburghardt approved these changes Mar 7, 2023
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @cortesana

@marcusburghardt
Copy link
Member

The Automatus CS8 failure is expected since the rule is restricted to rhel9.
The PR LGTM but we should wait @Mab879 to double-check since he is currently assigned to this PR.

Mab879
Mab879 approved these changes Mar 7, 2023
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, was just doing some testing on my end.

@Mab879 Mab879 merged commit 960b8a2 into master Mar 7, 2023
@Mab879 Mab879 deleted the create-rule-package-dnsmasq-removed branch March 7, 2023 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

@marcusburghardt marcusburghardt marcusburghardt approved these changes

Assignees

@Mab879 Mab879

Labels
CIS CIS Benchmark related. New Rule Issues or pull requests related to new Rules. RHEL9 Red Hat Enterprise Linux 9 product related.
Projects
None yet
Milestone
0.1.67
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cortesana @marcusburghardt @Mab879