Update ubuntu2404 CIS control 2.1.3 and fix var overrides

ComplianceAsCode · Nov 25, 2024 · a3af908 · a3af908
1 parent 5d3b804
commit a3af908
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
@@ -662,10 +662,11 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    related_rules:
+    rules:
       - package_dhcp_removed
-    status: planned
-    notes: TODO. Partial/incorrect implementation exists.See related rules. Analogous to ubuntu2204/2.2.4.
+      - service_dhcpd_disabled
+      - service_dhcpd6_disabled
+    status: automated
 
   - id: 2.1.4
     title: Ensure dns server services are not in use (Automated)

diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
@@ -1,6 +1,5 @@
 documentation_complete: true
 
-
 title: 'Uninstall DHCP Server Package'
 
 description: |-
@@ -59,5 +58,6 @@ template:
         pkgname@ubuntu1804: isc-dhcp-server
         pkgname@ubuntu2004: isc-dhcp-server
         pkgname@ubuntu2204: isc-dhcp-server
+        pkgname@ubuntu2404: isc-dhcp-server
         pkgname@sle12: dhcp-server
         pkgname@sle15: dhcp-server
diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml
@@ -1,12 +1,15 @@
 documentation_complete: true
 
-
 title: 'Disable DHCP Service'
 
 description: |-
     The <tt>dhcpd</tt> service should be disabled on
     any system that does not need to act as a DHCP server.
+    {{% if product in ['ubuntu2404'] %}}
+    {{{ describe_service_disable(service="isc-dhcp-server") }}}
+    {{% else %}}
     {{{ describe_service_disable(service="dhcpd") }}}
+    {{% endif %}}
 
 rationale: |-
     Unmanaged or unintentionally activated DHCP servers may provide faulty information
@@ -45,6 +48,8 @@ template:
     name: service_disabled
     vars:
         servicename: dhcpd
+        servicename@ubuntu2404: isc-dhcp-server
         packagename: dhcp
         packagename@rhel8: dhcp-server
         packagename@rhel9: dhcp-server
+        packagename@ubuntu2404: isc-dhcp-server