From 6515e346fa8d81bef3acb1a887e69d41227f675c Mon Sep 17 00:00:00 2001
From: rchikov <rumen.chikov@suse.com>
Date: Tue, 6 Dec 2022 12:22:29 +0100
Subject: [PATCH] Added a new SLE 12/15's rule package_rcpbind_removed

---
 controls/cis_sle12.yml                        |  5 +--
 controls/cis_sle15.yml                        |  5 +--
 .../package_rcpbind_removed/rule.yml          | 37 +++++++++++++++++++
 shared/references/cce-sle12-avail.txt         |  1 -
 shared/references/cce-sle15-avail.txt         |  1 -
 5 files changed, 41 insertions(+), 8 deletions(-)
 create mode 100644 linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/package_rcpbind_removed/rule.yml

diff --git a/controls/cis_sle12.yml b/controls/cis_sle12.yml
index 6d901a9b53e..b794bd66dd5 100644
--- a/controls/cis_sle12.yml
+++ b/controls/cis_sle12.yml
@@ -639,11 +639,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    automated: partially
-    notes: >-
-      Rule for package removal is missing!
+    status: automated
     rules:
       - service_rpcbind_disabled
+      - package_rcpbind_removed
 
   - id: 2.2.9
     title: Ensure DNS Server is not installed (Automated)
diff --git a/controls/cis_sle15.yml b/controls/cis_sle15.yml
index 8e4bbda265d..525cb8b2cec 100644
--- a/controls/cis_sle15.yml
+++ b/controls/cis_sle15.yml
@@ -620,11 +620,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    automated: partially
-    notes: >-
-      Rule for package removal is missing!
+    status: automated
     rules:
       - service_rpcbind_disabled
+      - package_rcpbind_removed
 
   - id: 2.2.9
     title: Ensure DNS Server is not installed (Automated)
diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/package_rcpbind_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/package_rcpbind_removed/rule.yml
new file mode 100644
index 00000000000..d391a6f18fa
--- /dev/null
+++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/package_rcpbind_removed/rule.yml
@@ -0,0 +1,37 @@
+documentation_complete: true
+
+prodtype: sle12,sle15
+
+title: 'Uninstall rcpbind Package'
+
+description: |-
+    The rpcbind utility maps RPC services to the ports on which they listen.
+    RPC processes notify rpcbind when they start, registering the ports they
+    are listening on and the RPC program numbers they expect to serve. The
+    rpcbind service redirects the client to the proper port number so it can
+    communicate with the requested service. If the system does not require RPC
+    (such as for NFS servers) then this service should be disabled.
+    {{{ describe_package_remove(package="rcpbind") }}}
+
+rationale: |-
+    If the system does not require rpc based services, it is recommended that
+    rpcbind be disabled to reduce the attack surface.
+
+severity: low
+
+identifiers:
+    cce@sle12: CCE-92312-8
+    cce@sle15: CCE-92467-0
+
+references:
+    cis@sle12: 2.2.8
+    cis@sle15: 2.2.8
+
+{{{ complete_ocil_entry_package(package="rcpbind") }}}
+
+fixtext: '{{{ fixtext_package_removed("rcpbind") }}}'
+
+template:
+    name: package_removed
+    vars:
+        pkgname: rcpbind
diff --git a/shared/references/cce-sle12-avail.txt b/shared/references/cce-sle12-avail.txt
index 9d0fbbfa6d5..fffeed2acd6 100644
--- a/shared/references/cce-sle12-avail.txt
+++ b/shared/references/cce-sle12-avail.txt
@@ -1,5 +1,4 @@
 CCE-92310-2
-CCE-92312-8
 CCE-92314-4
 CCE-92319-3
 CCE-92321-9
diff --git a/shared/references/cce-sle15-avail.txt b/shared/references/cce-sle15-avail.txt
index 06b1cc066e5..60abd51a6d2 100644
--- a/shared/references/cce-sle15-avail.txt
+++ b/shared/references/cce-sle15-avail.txt
@@ -1,6 +1,5 @@
 CCE-92464-7
 CCE-92465-4
-CCE-92467-0
 CCE-92477-9
 CCE-92479-5
 CCE-92481-1