From da98666c638c09663ed8a346a4133cb8997f1c27 Mon Sep 17 00:00:00 2001
From: rchikov <rumen.chikov@suse.com>
Date: Mon, 26 Aug 2024 10:47:23 +0200
Subject: [PATCH] Updated rules to support SLE Micro

---
 controls/stig_slmicro5.yml                    | 30 +++++++++++--------
 .../rule.yml                                  |  1 +
 .../rule.yml                                  |  1 +
 .../rule.yml                                  |  1 +
 .../rule.yml                                  |  1 +
 .../rule.yml                                  |  1 +
 .../rule.yml                                  |  1 +
 shared/references/cce-slmicro5-avail.txt      |  6 ----
 8 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index b2b930dd10a8..73e039a0655d 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1023,29 +1023,33 @@ controls:
       levels:
           - medium
       title: SLEM 5 must enforce passwords that contain at least one uppercase character.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_ucredit
+      status: automated
     
     - id: SLEM-05-611015
       levels:
           - medium
       title: SLEM 5 must enforce passwords that contain at least one lowercase character.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_lcredit
+      status: automated
     
     - id: SLEM-05-611020
       levels:
           - medium
       title: SLEM 5 must enforce passwords that contain at least one numeric character.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_dcredit
+      status: automated
     
     - id: SLEM-05-611025
       levels:
           - medium
       title: SLEM 5 must enforce passwords that contain at least one special character.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_ocredit
+      status: automated
     
     - id: SLEM-05-611030
       levels:
@@ -1058,8 +1062,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must employ passwords with a minimum of 15 characters.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_minlen
+      status: automated
     
     - id: SLEM-05-611040
       levels:
@@ -1067,8 +1072,9 @@ controls:
       title:
           SLEM 5 must require the change of at least eight of the total number of characters
           when passwords are changed.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_difok
+      status: automated
     
     - id: SLEM-05-611045
       levels:
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
index 972c2eba75da..48aef5296bc2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
@@ -20,6 +20,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83168-5
     cce@sle15: CCE-85564-3
+    cce@slmicro5: CCE-93764-9
 
 references:
     cis@sle12: 5.3.1
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml
index 365aef86f598..b5b91a9b302a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml
@@ -24,6 +24,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83170-1
     cce@sle15: CCE-85677-3
+    cce@slmicro5: CCE-93765-6
 
 references:
     disa: CCI-000195
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
index 1ffde434e257..b7e0b1c79a67 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
@@ -21,6 +21,7 @@ severity: medium
 identifiers:
    cce@sle12: CCE-83167-7
    cce@sle15: CCE-85676-5
+   cce@slmicro5: CCE-93763-1
 
 references:
     cis@sle12: 5.3.1
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
index 94cc54e44e6d..088802421a2d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
@@ -19,6 +19,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83188-3
     cce@sle15: CCE-85573-4
+    cce@slmicro5: CCE-93766-4
 
 references:
     cis@sle12: 5.3.1
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml
index 9883209bc78e..53584d284dca 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml
@@ -21,6 +21,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83169-3
     cce@sle15: CCE-85574-2
+    cce@slmicro5: CCE-93767-2
 
 references:
     cis@sle12: 5.3.1
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
index 914a98826a6d..f8ac4f61854f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
@@ -21,6 +21,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83166-9
     cce@sle15: CCE-85675-7
+    cce@slmicro5: CCE-93762-3
 
 references:
     cis@sle12: 5.3.1
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 836e2a29b3a3..0d304e33d7aa 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -55,12 +55,6 @@ CCE-93756-5
 CCE-93757-3
 CCE-93759-9
 CCE-93760-7
-CCE-93762-3
-CCE-93763-1
-CCE-93764-9
-CCE-93765-6
-CCE-93766-4
-CCE-93767-2
 CCE-93768-0
 CCE-93769-8
 CCE-93770-6