From f2024fe66e871a4f7dc54454065f59f4b2bf31db Mon Sep 17 00:00:00 2001

From: Vojtech Polasek <vpolasek@redhat.com>

Date: Thu, 19 Mar 2020 16:48:52 +0100

Subject: [PATCH] add rule

---

 .../obsolete/service_rsyncd_disabled/rule.yml | 33 +++++++++++++++++++

 shared/references/cce-redhat-avail.txt        |  2 --

 2 files changed, 33 insertions(+), 2 deletions(-)

 create mode 100644 linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml

diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml

new file mode 100644

index 0000000000..9cb9d15dcc

--- /dev/null

+++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml

@@ -0,0 +1,33 @@

+documentation_complete: true

+

+prodtype: rhel7,ol7,rhel8,ol8,fedora,rhv4,ocp4

+

+title: 'Ensure rsyncd service is diabled'

+

+description: |-

+    {{{ describe_service_disable("rsyncd") }}}

+

+rationale: |-

+    The rsyncd service presents a security risk as it uses unencrypted protocols for

+    communication.

+

+severity: medium

+

+identifiers:

+    cce@rhel7: 83334-3

+    cce@rhel8: 83335-0

+

+references:

+    cis@rhel7: 2.2.21

+    cis@rhel8: 2.2.3

+

+ocil_clause: 'the service is not disabled'

+

+ocil: |-

+    {{{ ocil_service_disabled("rsyncd") }}}

+

+template:

+    name: service_disabled

+    vars:

+        servicename: rsyncd

+        packagename: rsync

diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt

index a0b117a964..67fa853d75 100644

--- a/shared/references/cce-redhat-avail.txt

+++ b/shared/references/cce-redhat-avail.txt

@@ -45,8 +45,6 @@ CCE-83330-1

 CCE-83331-9

 CCE-83332-7

 CCE-83333-5

-CCE-83334-3

-CCE-83335-0

 CCE-83336-8

 CCE-83337-6

 CCE-83338-4