Updated 10 rules to support SLE Micro

rumch-se · Aug 22, 2024 · 39acc03 · 39acc03
1 parent feda873
commit 39acc03
Show file tree

Hide file tree

Showing 12 changed files with 40 additions and 29 deletions.
diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
@@ -39,8 +39,9 @@ controls:
       levels:
           - high
       title: SLEM 5 must disable the x86 Ctrl-Alt-Delete key sequence.
-      rules: []
-      status: pending
+      rules: 
+          - disable_ctrlaltdel_reboot
+      status: automated
 
     - id: SLEM-05-212010
       levels:
@@ -250,15 +251,17 @@ controls:
       title:
           All SLEM 5 local interactive user home directories must have mode 750 or
           less permissive.
-      rules: []
-      status: pending
+      rules: 
+          - file_permissions_home_directories
+      status: automated
 
     - id: SLEM-05-232035
       levels:
           - medium
       title: All SLEM 5 local initialization files must have mode 740 or less permissive.
-      rules: []
-      status: pending
+      rules: 
+          - file_permission_user_init_files
+      status: automated
 
     - id: SLEM-05-232040
       levels:
@@ -363,8 +366,9 @@ controls:
       title:
           All SLEM 5 local interactive user home directories must be group-owned by
           the home directory owner's primary group.
-      rules: []
-      status: pending
+      rules: 
+          - file_groupownership_home_directories
+      status: automated
 
     - id: SLEM-05-232105
       levels:
@@ -729,15 +733,17 @@ controls:
       levels:
           - high
       title: There must be no .shosts files on SLEM 5.
-      rules: []
-      status: pending
+      rules: 
+          - no_user_host_based_files
+      status: automated
 
     - id: SLEM-05-255095
       levels:
           - high
       title: There must be no shosts.equiv files on SLEM 5.
-      rules: []
-      status: pending
+      rules: 
+          - no_host_based_files  
+      status: automated
 
     - id: SLEM-05-272010
       levels:
@@ -798,17 +804,19 @@ controls:
       title:
           All SLEM 5 local interactive users must have a home directory assigned in
           the /etc/passwd file.
-      rules: []
-      status: pending
+      rules: 
+          - accounts_user_interactive_home_directory_defined
+      status: automated
 
     - id: SLEM-05-411030
       levels:
           - medium
       title:
           All SLEM 5 local interactive user home directories defined in the /etc/passwd
           file must exist.
-      rules: []
-      status: pending
+      rules: 
+          - accounts_user_interactive_home_directory_exists
+      status: automated
 
     - id: SLEM-05-411035
       levels:
@@ -1268,15 +1276,17 @@ controls:
       title:
           SLEM 5 file integrity tool must be configured to verify Access Control Lists
           (ACLs).
-      rules: []
-      status: pending
+      rules: 
+          - aide_verify_acls
+      status: automated
 
     - id: SLEM-05-651020
       levels:
           - medium
       title: SLEM 5 file integrity tool must be configured to verify extended attributes.
-      rules: []
-      status: pending
+      rules: 
+          - aide_verify_ext_attributes
+      status: automated
 
     - id: SLEM-05-651025
       levels:

diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
@@ -22,6 +22,7 @@ identifiers:
     cce@rhel10: CCE-89350-3
     cce@sle12: CCE-83022-4
     cce@sle15: CCE-85622-9
+    cce@slmicro5: CCE-93741-7
 
 references:
     disa: CCI-000366

diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
@@ -25,6 +25,7 @@ identifiers:
     cce@rhel10: CCE-89341-2
     cce@sle12: CCE-83021-6
     cce@sle15: CCE-85621-1
+    cce@slmicro5: CCE-93740-9
 
 references:
     disa: CCI-000366

diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
@@ -58,6 +58,7 @@ identifiers:
     cce@rhel10: CCE-90035-7
     cce@sle12: CCE-83018-2
     cce@sle15: CCE-85625-2
+    cce@slmicro5: CCE-93744-1
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5

diff --git a/...ystem/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/...ystem/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
@@ -24,6 +24,7 @@ identifiers:
     cce@rhel10: CCE-89933-6
     cce@sle12: CCE-83075-2
     cce@sle15: CCE-85627-8
+    cce@slmicro5: CCE-93745-8
 
 references:
     disa: CCI-000366

diff --git a/...system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/...system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
@@ -24,6 +24,7 @@ identifiers:
     cce@rhel10: CCE-86659-0
     cce@sle12: CCE-83074-5
     cce@sle15: CCE-85628-6
+    cce@slmicro5: CCE-93746-6
 
 references:
     cis@sle12: 6.2.5

diff --git a/...x_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/...x_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
@@ -27,6 +27,7 @@ identifiers:
     cce@rhel10: CCE-87946-0
     cce@sle12: CCE-83096-8
     cce@sle15: CCE-85711-0
+    cce@slmicro5: CCE-93748-2
 
 references:
     cis@sle12: 6.2.7

diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
@@ -21,6 +21,7 @@ identifiers:
     cce@rhel10: CCE-87771-2
     cce@sle12: CCE-83097-6
     cce@sle15: CCE-85630-2
+    cce@slmicro5: CCE-93749-0
 
 references:
     disa: CCI-000366

diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
@@ -21,6 +21,7 @@ identifiers:
     cce@rhel10: CCE-86605-3
     cce@sle12: CCE-83076-0
     cce@sle15: CCE-85629-4
+    cce@slmicro5: CCE-93747-4
 
 references:
     cis@sle12: 6.2.6

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
@@ -27,6 +27,7 @@ identifiers:
     cce@rhel10: CCE-89640-7
     cce@sle12: CCE-83150-3
     cce@sle15: CCE-85623-7
+    cce@slmicro5: CCE-93742-5
 
 references:
     cis-csc: 2,3

diff --git a/...ide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/...ide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
@@ -27,6 +27,7 @@ identifiers:
     cce@rhel10: CCE-89625-8
     cce@sle12: CCE-83151-1
     cce@sle15: CCE-85624-5
+    cce@slmicro5: CCE-93743-3
 
 references:
     cis-csc: 2,3

diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
@@ -35,16 +35,7 @@ CCE-93736-7
 CCE-93737-5
 CCE-93738-3
 CCE-93739-1
-CCE-93740-9
-CCE-93741-7
-CCE-93742-5
 CCE-93743-3
-CCE-93744-1
-CCE-93745-8
-CCE-93746-6
-CCE-93747-4
-CCE-93748-2
-CCE-93749-0
 CCE-93750-8
 CCE-93751-6
 CCE-93752-4