From 269b56b04e9d6821d3aa9dcce883204460d50d6a Mon Sep 17 00:00:00 2001
From: Diana-Maria Dumitru <diana.dumitru.ext@siemens.com>
Date: Wed, 6 Dec 2023 15:02:57 +0200
Subject: [PATCH 1/2] Fixing issue
 https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/amazon2023-cis/-/issues/4
 by masking both the socket and the service!

Signed-off-by: Diana-Maria Dumitru <diana.dumitru.ext@siemens.com>
---
 tasks/section_2/cis_2.2.x.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tasks/section_2/cis_2.2.x.yml b/tasks/section_2/cis_2.2.x.yml
index 549600a..e1ea61a 100644
--- a/tasks/section_2/cis_2.2.x.yml
+++ b/tasks/section_2/cis_2.2.x.yml
@@ -308,7 +308,7 @@
         when:
             - amzn2023cis_rpc_server == "remove"
 
-      - name: "2.2.17 | PATCH | Ensure rpcbind is not installed or the rpcbind services are masked | mask service"
+      - name: "2.2.17 | PATCH | Ensure rpcbind is not installed or the rpcbind services are masked | mask socket"
         ansible.builtin.systemd:
             name: rpcbind.socket
             masked: true
@@ -316,6 +316,15 @@
             daemon_reload: true
         when:
             - amzn2023cis_rpc_server == "mask"
+            
+      - name: "2.2.17 | PATCH | Ensure rpcbind is not installed or the rpcbind services are masked | mask service"
+        ansible.builtin.systemd:
+            name: rpcbind.service
+            masked: true
+            state: stopped
+            daemon_reload: true
+        when:
+            - amzn2023cis_rpc_server == "mask"
   when:
       - "'rpcbind' in ansible_facts.packages"
       - amzn2023cis_rule_2_2_17

From 710425be1fc17c60c7dc72b48b692627d84fc1ac Mon Sep 17 00:00:00 2001
From: Diana-Maria Dumitru <diana.dumitru.ext@siemens.com>
Date: Tue, 30 Jan 2024 09:54:43 +0200
Subject: [PATCH 2/2] Removing trailing whitespaces

Signed-off-by: Diana-Maria Dumitru <diana.dumitru.ext@siemens.com>
---
 tasks/section_2/cis_2.2.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_2/cis_2.2.x.yml b/tasks/section_2/cis_2.2.x.yml
index e1ea61a..98677df 100644
--- a/tasks/section_2/cis_2.2.x.yml
+++ b/tasks/section_2/cis_2.2.x.yml
@@ -316,7 +316,7 @@
             daemon_reload: true
         when:
             - amzn2023cis_rpc_server == "mask"
-            
+
       - name: "2.2.17 | PATCH | Ensure rpcbind is not installed or the rpcbind services are masked | mask service"
         ansible.builtin.systemd:
             name: rpcbind.service