From ccb58d24d4a6cd7548e787da1853eb41df8e7c0a Mon Sep 17 00:00:00 2001
From: Tim Smith <tsmith84@gmail.com>
Date: Sat, 16 Nov 2024 17:54:26 -0800
Subject: [PATCH] Add support for Debian/Ubuntu in the NIS check

Signed-off-by: Tim Smith <tsmith84@gmail.com>
---
 core/mondoo-linux-security.mql.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/mondoo-linux-security.mql.yaml b/core/mondoo-linux-security.mql.yaml
index 512a6fe1..ba8bcede 100644
--- a/core/mondoo-linux-security.mql.yaml
+++ b/core/mondoo-linux-security.mql.yaml
@@ -719,14 +719,19 @@ queries:
     mql: |
       service("ypserv").enabled == false
       service("ypserv").running == false
+      service("nis").enabled == false
+      service("nis").running == false
     docs:
       desc: The Network Information Service (NIS) (formally known as Yellow Pages) is a client-server directory service protocol for distributing system configuration files. The NIS server is a collection of programs that allow for the distribution of configuration files.
       remediation: |-
-        Run this command to stop and disable `ypserv`:
+        Run this command to stop and disable `ypserv` and `nis` services:
 
         ```
         systemctl stop ypserv
+        systemctl stop nis
+
         systemctl disable ypserv
+        systemctl disable nis
         ```
   - uid: mondoo-linux-security-rsh-server-is-not-enabled
     title: Ensure rsh server is stopped and not enabled