search

ansible-lockdown / RHEL8-CIS

Ansible role for Red Hat 8 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
274 stars 169 forks source link

Several cis_2.2.x.yml sections seem to be removing the wrong packages #390

Closed txdavec closed 3 months ago

txdavec commented 5 months ago

Greetings, It seems like there may be a few copy/paste mistakes in this file: https://github.com/ansible-lockdown/RHEL8-CIS/blob/a4d11fafbdb6e1c7c7292013636d69c4f13d0e0c/tasks/section_2/cis_2.2.x.yml#L1

I've added a patch diff file from my local environment to help show the line numbers and my recommended solution. Thanks for considering these updates.

diff --git a/roles/RHEL8-CIS/tasks/section_2/cis_2.2.x.yml b/roles/RHEL8-CIS/tasks/section_2/cis_2.2.x.yml
index 7d559a1..3860862 100644
--- a/roles/RHEL8-CIS/tasks/section_2/cis_2.2.x.yml
+++ b/roles/RHEL8-CIS/tasks/section_2/cis_2.2.x.yml
@@ -393,7 +393,7 @@
             - not rhel8cis_rpc_server
             - not rhel8cis_rpc_mask
         ansible.builtin.package:
-            name: cups
+            name: rpcbind
             state: absent

       - name: "2.2.12 | PATCH | Ensure rpcbind services are not in use | Mask service"
@@ -464,7 +464,7 @@
             - not rhel8cis_net_snmp_server
             - not rhel8cis_net_snmp_mask
         ansible.builtin.package:
-            name: rsync-daemon
+            name: net-snmp
             state: absent

       - name: "2.2.14 | PATCH | Ensure snmp services are not in use | Mask service"
@@ -565,7 +565,7 @@
             - not rhel8cis_squid_server
             - not rhel8cis_squid_mask
         ansible.builtin.package:
-            name: tftp-server
+            name: squid
             state: absent

       - name: "2.2.17 | PATCH | Ensure web proxy server services are not in use | Mask service"
@@ -653,7 +653,7 @@
             - not rhel8cis_xinetd_server
             - not rhel8cis_xinetd_mask
         ansible.builtin.package:
-            name: tftp-server
+            name: xinetd
             state: absent

       - name: "2.2.19 | PATCH | Ensure xinetd services are not in use | Mask service"
uk-bolly commented 5 months ago

hi @txdavec

Thank you for raising this issue. I have raised the relevant PR for this work, hoping to get this merged to devel later today.

Many thanks again

uk-bolly

uk-bolly commented 3 months ago

hi @txdavec

Thank you again for your time regarding this issue. You should find that this fix was merged into devel and is now in the main branch. I will close this issue, please feel free to reopen if this is not resolved as expected.

Many thanks

uk-bolly