-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add package_dnsmasq_removed rule #10293
Conversation
1a2d04a
to
cb28972
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! I found a few items that need to be addressed. Let me know if you have any questions.
cb28972
to
f396a5c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this rule @cortesana . There is only a possible typo in the rule id.
f396a5c
to
cebf58d
Compare
The new package_dnsmasq_removed rule is created in order to meet the following CIS requirement for RHEL9: - 2.2.14 - Ensure dnsmasq is not installed. (Automated)
cebf58d
to
bb8254a
Compare
Code Climate has analyzed commit bb8254a and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 51.7% (0.0% change). View more on Code Climate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @cortesana
The Automatus CS8 failure is expected since the rule is restricted to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, was just doing some testing on my end.
Description:
The new package_dnsmasq_removed rule is created in order to meet the following CIS requirement for RHEL9:
Rationale:
Unless the system is specifically designated to act as a DNS caching, DNS forwarding and/or DHCP server, the package should be removed to reduce the potential attack surface.