Update CIS RHEL10 so it doesn't contain wrong statuses.

ggbecker · ggbecker · commit 6675607bf776 · 2025-09-15T11:27:12.000+02:00
diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml
@@ -108,6 +108,8 @@ controls:
           - l1_server
           - l2_workstation
       status: automated
+      rules:
+          - kernel_module_firewire-core_disabled
 
     - id: 1.1.1.10
       title: Ensure usb-storage kernel module is not available (Automated)
@@ -1211,13 +1213,17 @@ controls:
           - l1_server
           - l1_workstation
       status: automated
+      rules:
+          - kernel_module_atm_disabled
 
     - id: 3.2.2
       title: Ensure can kernel module is not available (Automated)
       levels:
           - l1_server
           - l1_workstation
       status: automated
+      rules:
+          - kernel_module_can_disabled
 
     - id: 3.2.3
       title: Ensure dccp kernel module is not available (Automated)
@@ -2945,7 +2951,7 @@ controls:
       levels:
           - l2_server
           - l2_workstation
-      status: automated
+      status: pending
 
     - id: 6.3.3.36
       title: Ensure the audit configuration is immutable (Automated)
diff --git a/tests/data/profile_stability/rhel10/cis.profile b/tests/data/profile_stability/rhel10/cis.profile
@@ -237,8 +237,11 @@ has_nonlocal_mta
 inactivity_timeout_value=15_minutes
 journald_compress
 journald_storage
+kernel_module_atm_disabled
+kernel_module_can_disabled
 kernel_module_cramfs_disabled
 kernel_module_dccp_disabled
+kernel_module_firewire-core_disabled
 kernel_module_freevxfs_disabled
 kernel_module_hfs_disabled
 kernel_module_hfsplus_disabled
diff --git a/tests/data/profile_stability/rhel10/cis_server_l1.profile b/tests/data/profile_stability/rhel10/cis_server_l1.profile
@@ -157,8 +157,11 @@ has_nonlocal_mta
 inactivity_timeout_value=15_minutes
 journald_compress
 journald_storage
+kernel_module_atm_disabled
+kernel_module_can_disabled
 kernel_module_cramfs_disabled
 kernel_module_dccp_disabled
+kernel_module_firewire-core_disabled
 kernel_module_freevxfs_disabled
 kernel_module_hfs_disabled
 kernel_module_hfsplus_disabled
diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l1.profile b/tests/data/profile_stability/rhel10/cis_workstation_l1.profile
@@ -155,6 +155,8 @@ has_nonlocal_mta
 inactivity_timeout_value=15_minutes
 journald_compress
 journald_storage
+kernel_module_atm_disabled
+kernel_module_can_disabled
 kernel_module_cramfs_disabled
 kernel_module_dccp_disabled
 kernel_module_freevxfs_disabled
diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile
@@ -237,8 +237,11 @@ has_nonlocal_mta
 inactivity_timeout_value=15_minutes
 journald_compress
 journald_storage
+kernel_module_atm_disabled
+kernel_module_can_disabled
 kernel_module_cramfs_disabled
 kernel_module_dccp_disabled
+kernel_module_firewire-core_disabled
 kernel_module_freevxfs_disabled
 kernel_module_hfs_disabled
 kernel_module_hfsplus_disabled
