Merge pull request #12703 from ericeberry/u2404_226

Ubuntu 24.04 2.2.6 Ensure ftp client is not installed
ComplianceAsCode · Dec 11, 2024 · e8d46c2 · e8d46c2
2 parents c1cb8ef + 1095455
commit e8d46c2
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/components/ftp.yml b/components/ftp.yml
@@ -1,5 +1,7 @@
 name: ftp
 packages:
 - ftp
+- tnftp
 rules:
 - package_ftp_removed
+- package_tnftp_removed
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
@@ -928,8 +928,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile.
+    rules:
+      - package_ftp_removed
+      - package_tnftp_removed
+    status: automated
 
   - id: 2.3.1.1
     title: Ensure a single time synchronization daemon is in use (Automated)

diff --git a/linux_os/guide/services/ftp/package_tnftp_removed/rule.yml b/linux_os/guide/services/ftp/package_tnftp_removed/rule.yml
@@ -0,0 +1,25 @@
+documentation_complete: true
+
+
+
+title: 'Remove tnftp Package'
+
+description: |-
+    tnftp an enhanced FTP client, is the user interface to the Internet standard File
+    Transfer Protocol. The program allows a user to transfer files to and from a remote
+    network site.
+    {{{ describe_package_remove(package="ftp") }}}
+
+rationale: |-
+    Unless there is a need to run the system using Internet standard File Transfer Protocol
+    (for example, to allow anonymous downloads), it is recommended that the package be
+    removed to reduce the potential attack surface.
+
+severity: low
+
+ocil: '{{{ describe_package_remove(package="tnftp") }}}'
+
+template:
+    name: package_removed
+    vars:
+        pkgname: tnftp