documentation_complete: true

{{% if 'ubuntu' in product %}}
{{% set service_name = "apache2" %}}
{{% else %}}
{{% set service_name = "httpd" %}}
{{% endif %}}

title: 'Disable {{{ service_name }}} Service'

description: |-
    {{{ describe_service_disable(service=service_name) }}}

rationale: |-
    Running web server software provides a network-based avenue
    of attack, and should be disabled if not needed.

severity: unknown

identifiers:
    cce@rhel8: CCE-82761-8
    cce@rhel9: CCE-84213-8
    cce@sle12: CCE-92247-6
    cce@sle15: CCE-91367-3
    cce@slmicro5: CCE-93917-3

references:
    cis-csc: 11,14,3,9
    cis@sle12: 2.2.11
    cis@sle15: 2.2.11
    cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
    isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
    isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
    iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
    nist: CM-7(a),CM-7(b),CM-6(a)
    nist-csf: PR.IP-1,PR.PT-3

ocil_clause: |-
    {{{ ocil_clause_service_disabled(service=service_name) }}}

ocil: |-
    {{{ ocil_service_disabled(service=service_name) }}}

platform: system_with_kernel

template:
    name: service_disabled
    vars:
        servicename: {{{ service_name }}}