From c3156a7e3caf8f18e61b627f409b854186a33a9f Mon Sep 17 00:00:00 2001
From: rchikov <rumen.chikov@suse.com>
Date: Tue, 13 Feb 2024 09:35:24 +0100
Subject: [PATCH] HIPAA profile for SLE 15 - update

---
 .../auditing/package_audit-audispd-plugins_installed/rule.yml   | 1 +
 linux_os/guide/system/auditing/package_audit_installed/rule.yml | 1 +
 products/sle15/profiles/hipaa.profile                           | 2 ++
 3 files changed, 4 insertions(+)

diff --git a/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml
index 052deab171c..4b0d0affc0a 100644
--- a/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml
@@ -18,6 +18,7 @@ ocil_clause: 'the package is not installed'
 
 references:
     disa: CCI-001851
+    hipaa: 164.308(a)(1)(ii)(D),164.308(a)(5)(ii)(C),164.310(a)(2)(iv),164.310(d)(2)(iii),164.312(b)
     nist@sle12: AU-4(1)
     pcidss: Req-10.5.3
     pcidss4: "10.3.3"
diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
index 9e0cbba5976..a6e155fc53e 100644
--- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
@@ -22,6 +22,7 @@ references:
     cis@ubuntu2004: 4.1.1.1
     cis@ubuntu2204: 4.1.1.1
     disa: CCI-000130,CCI-000131,CCI-000132,CCI-000133,CCI-000134,CCI-000135,CCI-000154,CCI-000158,CCI-000172,CCI-001464,CCI-001487,CCI-001814,CCI-001875,CCI-001876,CCI-001877,CCI-001878,CCI-001879,CCI-001880,CCI-001881,CCI-001882,CCI-001889,CCI-001914,CCI-002884,CCI-000169
+    hipaa: 164.308(a)(1)(ii)(D),164.308(a)(5)(ii)(C),164.310(a)(2)(iv),164.310(d)(2)(iii),164.312(b)
     nerc-cip: CIP-004-6 R3.3,CIP-007-3 R6.5
     nist: AC-7(a),AU-7(1),AU-7(2),AU-14,AU-12(2),AU-2(a),CM-6(a)
     nist@sle12: AU-7(a),AU-7(b),AU-8(b),AU-12.1(iv),AU-12(3),AU-12(c),CM-5(1)
diff --git a/products/sle15/profiles/hipaa.profile b/products/sle15/profiles/hipaa.profile
index d8850db82ba..e87a9bedacd 100644
--- a/products/sle15/profiles/hipaa.profile
+++ b/products/sle15/profiles/hipaa.profile
@@ -36,6 +36,8 @@ selections:
     - sshd_disable_empty_passwords
     - sshd_disable_root_login
     - no_rsh_trust_files
+    - package_audit_installed
+    - package_audit-audispd-plugins_installed
     - package_talk_removed
     - package_telnet_removed
     - package_telnet-server_removed