From b04626e804e2a61017b4a46cd206bf86cd8e3edf Mon Sep 17 00:00:00 2001
From: Miha Purg <miha.purg@canonical.com>
Date: Sat, 14 Dec 2024 12:55:25 +0100
Subject: [PATCH] Add rules to ubuntu2404 CIS control 5.4.2.3

---
 controls/cis_ubuntu2404.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
index c72af22cb844..690818594628 100644
--- a/controls/cis_ubuntu2404.yml
+++ b/controls/cis_ubuntu2404.yml
@@ -2136,8 +2136,12 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile.
+    rules:
+      - groups_no_zero_gid_except_root
+    status: automated
+    notes: |
+      The remediation is not automated as the removal or modification
+      of group IDs from a system is too disruptive.
 
   - id: 5.4.2.4
     title: Ensure root account access is controlled (Automated)