Merge pull request #12675 from mpurg/ubuntu2404_cis_rules1

Add rules to several ubuntu2404 CIS controls
ComplianceAsCode · Dec 10, 2024 · 93ba08a · 93ba08a
2 parents 8f7ac0f + 3dd04b6
commit 93ba08a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
@@ -1762,10 +1762,9 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    related_rules:
+    rules:
       - sudo_add_use_pty
-    status: planned
-    notes: TODO. Partial/incorrect implementation exists.See related rules. Analogous to ubuntu2204/5.3.2.
+    status: automated
 
   - id: 5.2.3
     title: Ensure sudo log file exists (Automated)
@@ -1836,8 +1835,9 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile.
+    rules:
+      - package_pam_pwquality_installed
+    status: automated
 
   - id: 5.3.2.1
     title: Ensure pam_unix module is enabled (Automated)
@@ -2289,20 +2289,18 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    related_rules:
+    rules:
       - journald_compress
-    status: planned
-    notes: TODO. Partial/incorrect implementation exists.See related rules. Analogous to ubuntu2204/4.2.1.3.
+    status: automated
 
   - id: 6.1.2.4
     title: Ensure journald Storage is configured (Automated)
     levels:
       - l1_server
       - l1_workstation
-    related_rules:
+    rules:
       - journald_storage
-    status: planned
-    notes: TODO. Partial/incorrect implementation exists.See related rules. Analogous to ubuntu2204/4.2.1.4.
+    status: automated
 
   - id: 6.1.3.1
     title: Ensure rsyslog is installed (Automated)
@@ -2327,8 +2325,9 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented. Analogous to ubuntu2204/4.2.2.3.
+    rules:
+      - journald_forward_to_syslog
+    status: automated
 
   - id: 6.1.3.4
     title: Ensure rsyslog log file creation mode is configured (Automated)

diff --git a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
@@ -47,6 +47,7 @@ template:
         pkgname: libpwquality
         pkgname@ubuntu2004: libpam-pwquality
         pkgname@ubuntu2204: libpam-pwquality
+        pkgname@ubuntu2404: libpam-pwquality
         pkgname@debian12: libpam-pwquality
 
 platform: package[pam]