Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rule 2.2.19 - should be changed to mask rpcbind service and rpcbind.socket #236

Closed
areh opened this issue Nov 4, 2022 · 0 comments
Closed

rule 2.2.19 - should be changed to mask rpcbind service and rpcbind.socket #236

areh opened this issue Nov 4, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@areh
Copy link

areh commented Nov 4, 2022
edited
Loading

Describe the Issue
Similar to #235
ipa-client depends on rpcbind. Removing it in an enterprise environment would be catastrophic.

Expected Behavior
Securing rpcbind should not break the system.
ipa-client should never be allowed to be removed.

Actual Behavior
rpcbind and rpcbind.socket should be masked as per the CIS benchmark

Control(s) Affected
ipa-client could be removed, which would break an enterprise platform.

Environment (please complete the following information):
Not relevant

Possible Solution
Change code to something like this:

- name: "2.2.19 | PATCH | Ensure rpcbind and rpcbind.socket are masked"
  systemd:
    name: "{{ item }}"
    masked: yes
    state: stopped
  with_items:
    - rpcbind
    - rpcbind.socket
@areh areh added the bug Something isn't working label Nov 4, 2022
@areh areh mentioned this issue Nov 18, 2022
Closed
georgenalen added a commit that referenced this issue Nov 21, 2022
@georgenalen
fix for issue #235 and #236
764bd1e 
Signed-off-by: George Nalen <georgen@mindpointgroup.com>
@georgenalen georgenalen mentioned this issue Nov 21, 2022
Merged
@georgenalen georgenalen mentioned this issue Nov 29, 2022
Closed
uk-bolly pushed a commit that referenced this issue Feb 1, 2023
@georgenalen @uk-bolly
fix for issue #235 and #236
cf0bac7 
Signed-off-by: George Nalen <georgen@mindpointgroup.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly uk-bolly mentioned this issue Mar 1, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@areh @uk-bolly