Merge pull request #12701 from ericeberry/u2404_1311

Ubuntu 24.04 1.3.1.1 Ensure AppArmor is installed
ComplianceAsCode · Dec 18, 2024 · 51f51fe · 51f51fe
2 parents 93573ab + 33ac711
commit 51f51fe
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 4 deletions.
diff --git a/components/apparmor-utils.yml b/components/apparmor-utils.yml
@@ -0,0 +1,7 @@
+groups:
+- apparmor-utils
+name: apparmor-utils
+packages:
+- apparmor-utils
+rules:
+- package_apparmor-utils_installed
diff --git a/components/apparmor.yml b/components/apparmor.yml
@@ -10,4 +10,5 @@ rules:
 - apparmor_configured
 - grub2_enable_apparmor
 - package_apparmor_installed
+- package_apparmor-utils_installed
 - package_pam_apparmor_installed
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
@@ -370,11 +370,11 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    related_rules:
+    rules:
       - package_apparmor_installed
-    status: planned
-    notes: TODO. Partial/incorrect implementation exists.See related rules. Analogous to ubuntu2204/1.6.1.1.
-
+      - package_apparmor-utils_installed
+    status: automated
+    
   - id: 1.3.1.2
     title: Ensure AppArmor is enabled in the bootloader configuration (Automated)
     levels:

diff --git a/linux_os/guide/system/apparmor/package_apparmor-utils_installed/rule.yml b/linux_os/guide/system/apparmor/package_apparmor-utils_installed/rule.yml
@@ -0,0 +1,17 @@
+documentation_complete: true
+
+title: 'Ensure AppArmor Utils is installed'
+
+description: |-
+    AppArmor provide Mandatory Access Controls.
+
+rationale: |-
+    Without a Mandatory Access Control system installed only the default
+    Discretionary Access Control system will be available.
+
+severity: medium
+
+template:
+    name: package_installed
+    vars:
+        pkgname: apparmor-utils