Merge pull request #11338 from vojtapolasek/remove_nonsens_pcidss_rules

Remove irrelevant rules from PCI-DSS profiles
ComplianceAsCode · Dec 5, 2023 · b37a70a · b37a70a
2 parents f1937a7 + 545ecd5
commit b37a70a
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 1 deletion.
diff --git a/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml
@@ -52,3 +52,10 @@ template:
         packagename: ntp
 
 platform: package[ntp]
+
+{{% if prodtype in ["rhel8", "rhel9", "sle15"] %}}
+warnings:
+    - general:
+        The <pre>ntp</pre> package is not available in {{{ full_name }}}. Please
+        consider the <pre>chrony</pre> package instead together with the respective <pre>service_chronyd_enabled</pre> rule.
+{{% endif %}}
diff --git a/products/rhel8/profiles/pci-dss.profile b/products/rhel8/profiles/pci-dss.profile
@@ -32,3 +32,4 @@ selections:
     - '!ntpd_specify_multiple_servers'
     - '!set_ipv6_loopback_traffic'
     - '!set_loopback_traffic'
+    - '!service_ntpd_enabled'
diff --git a/products/rhel9/profiles/pci-dss.profile b/products/rhel9/profiles/pci-dss.profile
@@ -35,3 +35,4 @@ selections:
     - '!ntpd_specify_multiple_servers'
     - '!set_ipv6_loopback_traffic'
     - '!set_loopback_traffic'
+    - '!service_ntpd_enabled'
diff --git a/tests/data/profile_stability/rhel8/pci-dss.profile b/tests/data/profile_stability/rhel8/pci-dss.profile
@@ -232,7 +232,6 @@ selections:
 - audit_rules_sysadmin_actions
 - display_login_attempts
 - file_permissions_backup_etc_shadow
-- service_ntpd_enabled
 - audit_rules_dac_modification_fremovexattr
 - sshd_disable_x11_forwarding
 - file_at_deny_not_exist