Uninstall bind Package

An XCCDF Rule

Description

The named service is provided by the bind package. The bind package can be removed with the following command:

$ apt-get remove bind

Rationale

If there is no need to make DNS server software available, removing it provides a safeguard against its activation.

ID: xccdf_org.ssgproject.content_rule_package_bind_removed
Severity: Low
References: 11 14 3 9

BAI10.01 BAI10.02 BAI10.03 BAI10.05 DSS05.02 DSS05.05 DSS06.06

CCI-000366

4.3.3.5.1 4.3.3.5.2 4.3.3.5.3 4.3.3.5.4 4.3.3.5.5 4.3.3.5.6 4.3.3.5.7 4.3.3.5.8 4.3.3.6.1 4.3.3.6.2 4.3.3.6.3 4.3.3.6.4 4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8 4.3.3.6.9 4.3.3.7.1 4.3.3.7.2 4.3.3.7.3 4.3.3.7.4 4.3.4.3.2 4.3.4.3.3

SR 1.1 SR 1.10 SR 1.11 SR 1.12 SR 1.13 SR 1.2 SR 1.3 SR 1.4 SR 1.5 SR 1.6 SR 1.7 SR 1.8 SR 1.9 SR 2.1 SR 2.2 SR 2.3 SR 2.4 SR 2.5 SR 2.6 SR 2.7 SR 7.6

A.12.1.2 A.12.5.1 A.12.6.2 A.14.2.2 A.14.2.3 A.14.2.4 A.9.1.2

CM-6(a) CM-7(a) CM-7(b)

PR.IP-1 PR.PT-3

2.2.7
Updated: about 1 year ago

- name: Ensure bind9 is removed
  package:
    name: bind9
    state: absent
  tags:
  - NIST-800-53-CM-6(a)  - NIST-800-53-CM-7(a)
  - NIST-800-53-CM-7(b)
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_bind_removed

include remove_bind9

class remove_bind9 {
  package { 'bind9':
    ensure => 'purged',
  }}


# CAUTION: This remediation script will remove bind9
#	   from the system, and may remove any packages
#	   that depend on bind9. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
DEBIAN_FRONTEND=noninteractive apt-get remove -y "bind9"

Uninstall bind Package

Description

Rationale

Remediation - Ansible

Remediation - Puppet

Remediation - Shell Script