From 134302915ba4da63ebc03afcbb337d3608178ebb Mon Sep 17 00:00:00 2001
From: mashitianxia <u202014662@hust.edu.cn>
Date: Wed, 26 Apr 2023 14:12:54 +0800
Subject: [PATCH] Change 3.22-uninstall-the-ypbind-server to
 3.22-ensure-NIS-Client-is-not-installed. Also modify the benchmark, scan,
 repair scripts and corresponding docs

Signed-off-by: mashitianxia <u202014662@hust.edu.cn>
---
 ...3.22-ensure-NIS-Client-is-not-installed.md | 38 +++++++++++++++++++
 .../3.22-uninstall-the-ypbind-server.md       | 33 ----------------
 docs/summary-of-rules.md                      |  2 +-
 ...3.22-ensure-NIS-Client-is-not-installed.sh |  1 +
 .../3.22-uninstall-the-ypbind-server.sh       |  1 -
 ....22-ensure-NIS-Client-is-not-installed.sh} |  1 +
 6 files changed, 41 insertions(+), 35 deletions(-)
 create mode 100644 benchmarks/services/3.22-ensure-NIS-Client-is-not-installed.md
 delete mode 100644 benchmarks/services/3.22-uninstall-the-ypbind-server.md
 create mode 100644 remediation-kits/services/3.22-ensure-NIS-Client-is-not-installed.sh
 delete mode 100644 remediation-kits/services/3.22-uninstall-the-ypbind-server.sh
 rename scanners/services/{3.22-uninstall-the-ypbind-server.sh => 3.22-ensure-NIS-Client-is-not-installed.sh} (89%)

diff --git a/benchmarks/services/3.22-ensure-NIS-Client-is-not-installed.md b/benchmarks/services/3.22-ensure-NIS-Client-is-not-installed.md
new file mode 100644
index 0000000..f9f9c8a
--- /dev/null
+++ b/benchmarks/services/3.22-ensure-NIS-Client-is-not-installed.md
@@ -0,0 +1,38 @@
+# 3.22 确保NIS客户端被卸载
+
+## 安全等级
+
+- Level 1
+
+## 描述
+
+Network Information Service（NIS）是一种采用客户端-服务器架构的目录服务协议，早期也被称为“黄页”服务。它用于分发系统配置文件。NIS客户端（ypbind）用于将设备连接到NIS服务器，并从服务器获取分发下来的配置文件。 
+
+NIS服务从本质上讲是一个不安全的系统，它很容易遭到DOS攻击、缓冲区溢出攻击等，而其用于查询NIS目录的身份认证机制也不可靠。一般来说，NIS服务已经被轻量级目录访问协议（LDAP）等替代。建议将其卸载。
+
+## 修复建议
+
+目标：确保ypbind被卸载
+
+1. 运行以下命令卸载 ypbind。
+
+```bash
+# dnf remove -y ypbind
+```
+
+## 扫描检测
+
+执行修复前检测ypbind是否安装
+
+1. 运行以下命令以检测是否安装 ypbind。
+
+```bash
+# rpm -q ypbind
+package ypbind is not installed
+```
+
+输出结果为`package ypbind is not installed`则表示未安装ypbind。
+
+## 参考
+
+- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
\ No newline at end of file
diff --git a/benchmarks/services/3.22-uninstall-the-ypbind-server.md b/benchmarks/services/3.22-uninstall-the-ypbind-server.md
deleted file mode 100644
index d218103..0000000
--- a/benchmarks/services/3.22-uninstall-the-ypbind-server.md
+++ /dev/null
@@ -1,33 +0,0 @@
-# 3.22 卸载 ypbind
-
-## 安全等级
-
-- Level 1
-
-## 描述
-
-NIS的全称是Network Information Service是sun Microsystem于1985年发布的一项目录服务，用来集中控制多个系统管理数据库的网络用品。ypbind是NIS（网络信息系统）客户机激活ypbind的服务进程。
-如对NIS没有需求，应卸载此服务，以减少潜在的攻击面。
-
-## 修复建议
-
-运行以下命令来卸载`ypbind`
-
-```bash
-# yum remove -y --noautoremove ypbind
-```
-
-## 扫描检测
-
-确保未安装 ypbind。
-
-1. 执行以下命令，检查 ypbind 软件包是否安装：
-
-```bash
-# rpm -q ypbind
-package ypbind is not installed
-```
-
-如输出结果符合预期，则视为通过此项检查。
-
-## 参考
diff --git a/docs/summary-of-rules.md b/docs/summary-of-rules.md
index 37816b3..4176a60 100644
--- a/docs/summary-of-rules.md
+++ b/docs/summary-of-rules.md
@@ -99,7 +99,7 @@
 | 3.19     | 3.19-uninstall-the-kexec-tools.md                            | 3.19 卸载 kexec-tools                                | benchmarks/services                 | 3     |
 | 3.20     | 3.20-uninstall-the-firstboot.md                              | 3.20 卸载 firstboot                                  | benchmarks/services                 | 1     |
 | 3.21     | 3.21-uninstall-the-wpa_supplicant.md                         | 3.21 卸载 wpa_supplicant                             | benchmarks/services                 | 1     |
-| 3.22     | 3.22-uninstall-the-ypbind-server.md                          | 3.22 卸载 ypbind                                     | benchmarks/services                 | 1     |
+| 3.22     | 3.22-ensure-NIS-Client-is-not-installed.md | 3.22 确保NIS客户端被卸载                          | benchmarks/services                 | 1     |
 | 3.23     | 3.23-disable-rsh.md                                          | 3.23 禁用rsh                                         | benchmarks/services                 | 1     |
 | 3.24     | 3.24-disable-ntalk.md                                        | 3.24 禁用ntalk                                       | benchmarks/services                 | 1     |
 | 3.25     | 3.25-ensure-xinetd-is-not-installed.md                       | 3.25 确保xinetd被卸载                                      | benchmarks/services                 | 1     |
diff --git a/remediation-kits/services/3.22-ensure-NIS-Client-is-not-installed.sh b/remediation-kits/services/3.22-ensure-NIS-Client-is-not-installed.sh
new file mode 100644
index 0000000..b3c39f7
--- /dev/null
+++ b/remediation-kits/services/3.22-ensure-NIS-Client-is-not-installed.sh
@@ -0,0 +1 @@
+dnf remove -y ypbind
\ No newline at end of file
diff --git a/remediation-kits/services/3.22-uninstall-the-ypbind-server.sh b/remediation-kits/services/3.22-uninstall-the-ypbind-server.sh
deleted file mode 100644
index 2f72bc7..0000000
--- a/remediation-kits/services/3.22-uninstall-the-ypbind-server.sh
+++ /dev/null
@@ -1 +0,0 @@
-yum remove -y --noautoremove ypbind
\ No newline at end of file
diff --git a/scanners/services/3.22-uninstall-the-ypbind-server.sh b/scanners/services/3.22-ensure-NIS-Client-is-not-installed.sh
similarity index 89%
rename from scanners/services/3.22-uninstall-the-ypbind-server.sh
rename to scanners/services/3.22-ensure-NIS-Client-is-not-installed.sh
index 483acc6..ca7f2e5 100644
--- a/scanners/services/3.22-uninstall-the-ypbind-server.sh
+++ b/scanners/services/3.22-ensure-NIS-Client-is-not-installed.sh
@@ -1,3 +1,4 @@
+#!/usr/bin/env bash
 result=false
 
 rpm -q ypbind | grep -Psiq "^package\s+ypbind\s+is\s+not\s+installed$" && result=true
-- 
Gitee