From 4d9849743f86711f486da1feb101bfb15c80adc6 Mon Sep 17 00:00:00 2001
From: Mirco Santori <mirco.santori@roche.com>
Date: Mon, 3 Jun 2024 14:24:26 +0200
Subject: [PATCH] Revert "remove not needed controls from cis profiles - fix
 chronyd conf by pointing to aws servers"

This reverts commit e745325648f56fa2b74c04352549790d4deb38a9.
---
 build/.gitkeep                                 | 0
 controls/cis_al2023.yml                        | 2 +-
 products/al2023/profiles/cis.profile           | 3 +++
 products/al2023/profiles/cis_server_l1.profile | 3 +++
 4 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 build/.gitkeep

diff --git a/build/.gitkeep b/build/.gitkeep
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/controls/cis_al2023.yml b/controls/cis_al2023.yml
index acbccf81a14f..9e9f09070cd0 100644
--- a/controls/cis_al2023.yml
+++ b/controls/cis_al2023.yml
@@ -550,7 +550,7 @@ controls:
     rules:
       - chronyd_specify_remote_server
       - chronyd_run_as_chrony_user
-      - var_multiple_time_servers=amazon
+      - var_multiple_time_servers=rhel
 
   - id: 2.2.1
     title: Ensure xorg-x11-server-common is not installed (Automated)
diff --git a/products/al2023/profiles/cis.profile b/products/al2023/profiles/cis.profile
index 10bd27080c02..039dfd9f1ec2 100644
--- a/products/al2023/profiles/cis.profile
+++ b/products/al2023/profiles/cis.profile
@@ -19,3 +19,6 @@ description: |-
 
 selections:
     - cis_al2023:all:l2_server
+    - '!file_ownership_home_directories'
+    - '!group_unique_name'
+    - '!file_owner_at_allow'
diff --git a/products/al2023/profiles/cis_server_l1.profile b/products/al2023/profiles/cis_server_l1.profile
index f9e9e4879d75..9bc38700b845 100644
--- a/products/al2023/profiles/cis_server_l1.profile
+++ b/products/al2023/profiles/cis_server_l1.profile
@@ -19,3 +19,6 @@ description: |-
 
 selections:
     - cis_al2023:all:l1_server
+    - '!file_ownership_home_directories'
+    - '!group_unique_name'
+    - '!file_owner_at_allow'