From 39acc03806b49a9da23e2d1687ab1ea1a229d689 Mon Sep 17 00:00:00 2001 From: rchikov Date: Thu, 22 Aug 2024 13:55:06 +0200 Subject: [PATCH] Updated 10 rules to support SLE Micro --- controls/stig_slmicro5.yml | 50 +++++++++++-------- .../r_services/no_host_based_files/rule.yml | 1 + .../no_user_host_based_files/rule.yml | 1 + .../disable_ctrlaltdel_reboot/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../file_permission_user_init_files/rule.yml | 1 + .../rule.yml | 1 + .../aide/aide_verify_acls/rule.yml | 1 + .../aide/aide_verify_ext_attributes/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 9 ---- 12 files changed, 40 insertions(+), 29 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index b2b930dd10a..3095e57136d 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -39,8 +39,9 @@ controls: levels: - high title: SLEM 5 must disable the x86 Ctrl-Alt-Delete key sequence. - rules: [] - status: pending + rules: + - disable_ctrlaltdel_reboot + status: automated - id: SLEM-05-212010 levels: @@ -250,15 +251,17 @@ controls: title: All SLEM 5 local interactive user home directories must have mode 750 or less permissive. - rules: [] - status: pending + rules: + - file_permissions_home_directories + status: automated - id: SLEM-05-232035 levels: - medium title: All SLEM 5 local initialization files must have mode 740 or less permissive. - rules: [] - status: pending + rules: + - file_permission_user_init_files + status: automated - id: SLEM-05-232040 levels: @@ -363,8 +366,9 @@ controls: title: All SLEM 5 local interactive user home directories must be group-owned by the home directory owner's primary group. - rules: [] - status: pending + rules: + - file_groupownership_home_directories + status: automated - id: SLEM-05-232105 levels: @@ -729,15 +733,17 @@ controls: levels: - high title: There must be no .shosts files on SLEM 5. - rules: [] - status: pending + rules: + - no_user_host_based_files + status: automated - id: SLEM-05-255095 levels: - high title: There must be no shosts.equiv files on SLEM 5. - rules: [] - status: pending + rules: + - no_host_based_files + status: automated - id: SLEM-05-272010 levels: @@ -798,8 +804,9 @@ controls: title: All SLEM 5 local interactive users must have a home directory assigned in the /etc/passwd file. - rules: [] - status: pending + rules: + - accounts_user_interactive_home_directory_defined + status: automated - id: SLEM-05-411030 levels: @@ -807,8 +814,9 @@ controls: title: All SLEM 5 local interactive user home directories defined in the /etc/passwd file must exist. - rules: [] - status: pending + rules: + - accounts_user_interactive_home_directory_exists + status: automated - id: SLEM-05-411035 levels: @@ -1268,15 +1276,17 @@ controls: title: SLEM 5 file integrity tool must be configured to verify Access Control Lists (ACLs). - rules: [] - status: pending + rules: + - aide_verify_acls + status: automated - id: SLEM-05-651020 levels: - medium title: SLEM 5 file integrity tool must be configured to verify extended attributes. - rules: [] - status: pending + rules: + - aide_verify_ext_attributes + status: automated - id: SLEM-05-651025 levels: diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml index b4965fe1176..8ea49101f57 100644 --- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml @@ -22,6 +22,7 @@ identifiers: cce@rhel10: CCE-89350-3 cce@sle12: CCE-83022-4 cce@sle15: CCE-85622-9 + cce@slmicro5: CCE-93741-7 references: disa: CCI-000366 diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml index fd5d72b8702..e6cce8607b5 100644 --- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml @@ -25,6 +25,7 @@ identifiers: cce@rhel10: CCE-89341-2 cce@sle12: CCE-83021-6 cce@sle15: CCE-85621-1 + cce@slmicro5: CCE-93740-9 references: disa: CCI-000366 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml index 7ab3a0ed0b9..f4e1442e490 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml @@ -58,6 +58,7 @@ identifiers: cce@rhel10: CCE-90035-7 cce@sle12: CCE-83018-2 cce@sle15: CCE-85625-2 + cce@slmicro5: CCE-93744-1 references: cis-csc: 12,13,14,15,16,18,3,5 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml index dd739297e85..4cc4bd31d8c 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml @@ -24,6 +24,7 @@ identifiers: cce@rhel10: CCE-89933-6 cce@sle12: CCE-83075-2 cce@sle15: CCE-85627-8 + cce@slmicro5: CCE-93745-8 references: disa: CCI-000366 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml index 4fbbcb182e8..a05675fbf5d 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml @@ -24,6 +24,7 @@ identifiers: cce@rhel10: CCE-86659-0 cce@sle12: CCE-83074-5 cce@sle15: CCE-85628-6 + cce@slmicro5: CCE-93746-6 references: cis@sle12: 6.2.5 diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml index 04bdb64a950..efd83d032de 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml @@ -27,6 +27,7 @@ identifiers: cce@rhel10: CCE-87946-0 cce@sle12: CCE-83096-8 cce@sle15: CCE-85711-0 + cce@slmicro5: CCE-93748-2 references: cis@sle12: 6.2.7 diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml index bcc5e26896d..0fc7f9aa2ad 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml @@ -21,6 +21,7 @@ identifiers: cce@rhel10: CCE-87771-2 cce@sle12: CCE-83097-6 cce@sle15: CCE-85630-2 + cce@slmicro5: CCE-93749-0 references: disa: CCI-000366 diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml index 035a9df8500..e3df0021c91 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml @@ -21,6 +21,7 @@ identifiers: cce@rhel10: CCE-86605-3 cce@sle12: CCE-83076-0 cce@sle15: CCE-85629-4 + cce@slmicro5: CCE-93747-4 references: cis@sle12: 6.2.6 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml index 2045a14d238..d47284cd4b4 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml @@ -27,6 +27,7 @@ identifiers: cce@rhel10: CCE-89640-7 cce@sle12: CCE-83150-3 cce@sle15: CCE-85623-7 + cce@slmicro5: CCE-93742-5 references: cis-csc: 2,3 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml index 075ba7c3df9..ea58dc6a3b9 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml @@ -27,6 +27,7 @@ identifiers: cce@rhel10: CCE-89625-8 cce@sle12: CCE-83151-1 cce@sle15: CCE-85624-5 + cce@slmicro5: CCE-93743-3 references: cis-csc: 2,3 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 836e2a29b3a..a5b1622d5b7 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -35,16 +35,7 @@ CCE-93736-7 CCE-93737-5 CCE-93738-3 CCE-93739-1 -CCE-93740-9 -CCE-93741-7 -CCE-93742-5 CCE-93743-3 -CCE-93744-1 -CCE-93745-8 -CCE-93746-6 -CCE-93747-4 -CCE-93748-2 -CCE-93749-0 CCE-93750-8 CCE-93751-6 CCE-93752-4