8000 Create slmicro6 product by svet-se · Pull Request #13570 · ComplianceAsCode/content · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Create slmicro6 product #13570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 72 commits into
base: master
Choose a base branch
from
Draft

Create slmicro6 product #13570

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
72 commits
Select commit Hold shift + click to select a range
5ce4de9
Add definitions for support slmicro6 platform
teacup-on-rockingchair Jun 2, 2025
4318040
Add support for the installed os rule to support slmicro6
teacup-on-rockingchair Jun 2, 2025
cde245d
Add ability to build for slmicro6 platform
teacup-on-rockingchair Jun 2, 2025
28b01bc
Address review notes
teacup-on-rockingchair Jun 3, 2025
331cfa7
Rename standard profile to general
teacup-on-rockingchair Jun 3, 2025
aab1aad
Add oval check installed OS is slmicro6
svet-se Jun 3, 2025
db15920
Add oval check if installed OS is slmicro6
svet-se Jun 3, 2025
3202952
Updated templates and rules to support SLEM6
rumch-se Jun 4, 2025
a2741be
Fixed small bugs. Updated few rules to support SLEM 6
rumch-se Jun 4, 2025
ff28bf2
Exclude accounts_passwords_pam_tally2 rules
svet-se Jun 5, 2025
7952bc9
Fix no_shelllogin_for_systemaccounts: /etc/login.defs replaced to /us…
teacup-on-rockingchair Jun 5, 2025
a0997c2
accounts_have_homedir_login_defs: /etc/login.defs replaced to /usr/et…
teacup-on-rockingchair Jun 5, 2025
a98bc15
Fix for no_empty_passwords: renamed slmicro5.yml to slmicro.yml shoul…
teacup-on-rockingchair Jun 5, 2025
5872dc0
Add fix for accounts_logon_fail_delay - /etc/login.defs moved to /usr…
teacup-on-rockingchair Jun 4, 2025
fff5042
Add feed url for security patches
teacup-on-rockingchair Jun 4, 2025
b1d3b8e
Fix display_login_attempts to match latest pam lastlog2 lib
teacup-on-rockingchair Jun 4, 2025
70790f6
Add support for slmicro6 of accounts_authorized_local_users rule
teacup-on-rockingchair Jun 4, 2025
12c5689
/etc/login.defs replaced to /usr/etc/login.defs in OVAL, BASH, ANSIBL…
teacup-on-rockingchair Jun 5, 2025
1aec679
Fix for audit_rules_enable_syscall_auditing ansible throws exception …
teacup-on-rockingchair Jun 5, 2025
0ceb3b5
Add var_user_initialization_files_regex=all_dotfiles needed for accou…
teacup-on-rockingchair Jun 6, 2025
e941c22
Drop gnome_gdm_disable_unattended_automatic_login not relevant for sl…
teacup-on-rockingchair Jun 6, 2025
9486eab
Added file with available CCE numbers for SLEM 6
rumch-se Jun 6, 2025
79f3e80
Assigned CCE numbers to SLEM 6 rules - part 1
rumch-se Jun 6, 2025
f61e7ff
Update sysctl template to support slmicro6
svet-se Jun 6, 2025
a632a4e
Update oval feed url
svet-se Jun 6, 2025
c2887e3
Update rule encrypt_partitions to support slmicro6
svet-se Jun 6, 2025
60687b0
Assigned CCE numbers to SLEM 6 rules - part 2
rumch-se Jun 6, 2025
8a146ee
Assigned CCE numbers to SLEM 6 rules - part 3
rumch-se Jun 6, 2025
f7b8b31
Assigned CCE numbers to SLEM 6 rules - part 4
rumch-se Jun 6, 2025
b617b7c
Update rule sshd_use_approved_kex_ordered_stig to support slmicro6
svet-se Jun 6, 2025
c2a25c9
Remove rule smartcard_configure_cert_checking from slmicro6 general p…
svet-se Jun 6, 2025
ab10d7c
Update kernel_module_disabled template to support slmicro6
svet-se Jun 6, 2025
3ffd3ab
Update rule clean_components_post_updating to support slmicro6
svet-se Jun 6, 2025
f13ca36
Update rule aide_scan_notification to support slmicro6
svet-se Jun 6, 2025
4dc7f22
Add CCEs for slmicro6
teacup-on-rockingchair Jun 6, 2025
cde82c9
Update rule install_smartcard_packages to support slmicro6
svet-se Jun 6, 2025
4791abe
Update slmicro6 general profile
svet-se Jun 6, 2025
88aa2d1
Update rule audit_rules_unsuccessful_file_modification_rename to supp…
svet-se Jun 9, 2025
d8409d9
Update rule audit_rules_suid_privilege_function to support slmicro6
svet-se Jun 9, 2025
35a2a18
Update file_permissions_sshd_private_key to support slmicro6
svet-se Jun 9, 2025
5903a61
Update rule sshd_use_approved_kex_ordered_stig to support slmicro6
svet-se Jun 9, 2025
1aa5f4c
Update rule sshd_use_approved_macs to support slmicro6
svet-se Jun 9, 2025
9a96acf
Update rule banner_etc_issue to support slmicro6
svet-se Jun 9, 2025
dab83ac
Update rule file_groupowner_etc_issue tu support slmicro6
svet-se Jun 9, 2025
869a633
Update rule accounts_passwords_pam_faildelay_delay to support slmicro6
svet-se Jun 9, 2025
e9ae333
Update rule accounts_tmout to support slmicro6
svet-se Jun 9, 2025
adab2ae
Update rule grub2_password to support slmicro6
svet-se Jun 9, 2025
87e915a
Update rule grub2_uefi_password to support slmicro6
svet-se Jun 9, 2025
3f90dbf
Update rule permissions_local_var_log to support slmicro6
svet-se Jun 9, 2025
7409ce3
Update rule selinux_state to support slmicro6
svet-se Jun 9, 2025
55d3ea2
Update rule installed_OS_is_vendor_supported to support slmicro6
svet-se Jun 9, 2025
dd3b07c
Update rule aide_build_database to support slmicro6
svet-se Jun 9, 2025
95cbae7
Update rule security_patches_up_to_date to support slmicro6
svet-se Jun 9, 2025
168c83e
Update sysctl_kernel_ipv6_disable to support slmicro6
svet-se Jun 9, 2025
006d6fa
Update describe_arpc to support slmicro6
svet-se Jun 9, 2025
2d24ea7
Update sysctl to support slmicro6
svet-se Jun 9, 2025
0f9a001
Update var_accounts_authorized_local_users_regex
svet-se Jun 9, 2025
8c1c376
Update rule aide_build_database to support slmicro6
svet-se Jun 9, 2025
9e85398
Update rule file_permissions_local_var_log_messages to support slmicro
svet-se Jun 9, 2025
74da16f
Add slmicro6 CCEs
svet-se Jun 12, 2025
6c0b964
Move login_defs_path to use /usr/etc/login.defs for slmicro6 for set_…
teacup-on-rockingchair Jun 10, 2025
35231f5
Fix authorized users for slmicro6
svet-se Jun 12, 2025
1d03e83
Update rule chronyd_or_ntpd_set_maxpoll to support slmicro6
svet-se Jun 12, 2025
75a54af
Drop partition_for_var_log_audit from General profile for SLMicro 6
teacup-on-rockingchair Jun 12, 2025
7fe8256
Drop non-functional/broken rules from the general profile for slmicro…
teacup-on-rockingchair Jun 12, 2025
9d27452
Grub2 pkg installed check for slmicro6
teacup-on-rockingchair Jun 12, 2025
d22e534
Drop non-crucial rules from general
teacup-on-rockingchair Jun 12, 2025
9b58267
Fix CCE id for slmicro6
teacup-on-rockingchair Jun 12, 2025
db6aea5
Make sure that opnessh-clients patch changes from /usr/lib/ssh to /us…
teacup-on-rockingchair Jun 14, 2025
d35f0db
Drop aide rules due to incompatability with slmicro6 for now
teacup-on-rockingchair Jun 15, 2025
112ebd2
Adopt more elegant way to edit ini config file for systemd_journal_u…
teacup-on-rockingchair Jun 16, 2025
20c42bf
Enable AIDE rules
teacup-on-rockingchair Jun 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
5 changes: 5 additions & 0 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@ option(SSG_PRODUCT_RHV4 "If enabled, the RHV4 SCAP content will be built" ${SSG_
option(SSG_PRODUCT_SLE12 "If enabled, the SLE12 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_SLE15 "If enabled, the SLE15 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_SLMICRO5 "If enabled, the SLE Micro 5 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_SLMICRO6 "If enabled, the SLE Micro 6 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_TENCENTOS4 "If enabled, the TencentOS Server 4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_UBUNTU2204 "If enabled, the Ubuntu 22.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_UBUNTU2404 "If enabled, the Ubuntu 24.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
Expand Down Expand Up @@ -358,6 +359,7 @@ message(STATUS "RHV 4: ${SSG_PRODUCT_RHV4}")
message(STATUS "SUSE 12: ${SSG_PRODUCT_SLE12}")
message(STATUS "SUSE 15: ${SSG_PRODUCT_SLE15}")
message(STATUS "SLE Micro 5: ${SSG_PRODUCT_SLMICRO5}")
message(STATUS "SLE Micro 6: ${SSG_PRODUCT_SLMICRO6}")
message(STATUS "TencentOS Server 4: ${SSG_PRODUCT_TENCENTOS4}")
message(STATUS "Ubuntu 22.04: ${SSG_PRODUCT_UBUNTU2204}")
message(STATUS "Ubuntu 24.04: ${SSG_PRODUCT_UBUNTU2404}")
Expand Down Expand Up @@ -479,6 +481,9 @@ endif()
if(SSG_PRODUCT_SLMICRO5)
add_subdirectory("products/slmicro5" "slmicro5")
endif()
if(SSG_PRODUCT_SLMICRO6)
add_subdirectory("products/slmicro6" "slmicro6")
endif()
if(SSG_PRODUCT_TENCENTOS4)
add_subdirectory("products/tencentos4" "tencentos4")
endif()
Expand Down
1 change: 1 addition & 0 deletions build_product
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -384,6 +384,7 @@ all_cmake_products=(
SLE12
SLE15
SLMICRO5
SLMICRO6
TENCENTOS4
UBUNTU2204
UBUNTU2404
Expand Down
1 change: 1 addition & 0 deletions ...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ identifiers:
cce@sle12: CCE-83133-9
cce@sle15: CCE-85694-8
cce@slmicro5: CCE-93653-4
cce@slmicro6: CCE-94634-3

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...ditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ identifiers:
cce@sle12: CCE-83138-8
cce@sle15: CCE-85686-4
cce@slmicro5: CCE-93651-8
cce@slmicro6: CCE-94632-7

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ identifiers:
cce@sle12: CCE-83135-4
cce@sle15: CCE-85691-4
cce@slmicro5: CCE-93652-6
cce@slmicro6: CCE-94633-5

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...ng/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ identifiers:
cce@sle12: CCE-83219-6
cce@sle15: CCE-91250-1
cce@slmicro5: CCE-93655-9
cce@slmicro6: CCE-94636-8

references:
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
Expand Down
1 change: 1 addition & 0 deletions .../auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ identifiers:
cce@sle12: CCE-83190-9
cce@sle15: CCE-85595-7
cce@slmicro5: CCE-93618-7
cce@slmicro6: CCE-94619-4

references:
cis@ubuntu2204: 4.1.3.17
Expand Down
1 change: 1 addition & 0 deletions .../auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ identifiers:
cce@sle12: CCE-83214-7
cce@sle15: CCE-85593-2
cce@slmicro5: CCE-93616-1
cce@slmicro6: CCE-94617-8

references:
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
Expand Down
1 change: 1 addition & 0 deletions ...uditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ identifiers:
cce@sle12: CCE-83189-1
cce@sle15: CCE-85594-0
cce@slmicro5: CCE-93617-9
cce@slmicro6: CCE-94618-6

references:
cis@ubuntu2204: 4.1.3.16
Expand Down
1 change: 1 addition & 0 deletions ...itd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83215-4
cce@sle15: CCE-85716-9
cce@slmicro5: CCE-93619-5
cce@slmicro6: CCE-94620-2

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ identifiers:
cce@sle12: CCE-83216-2
cce@sle15: CCE-85596-5
cce@slmicro5: CCE-93620-3
cce@slmicro6: CCE-94621-0

references:
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
Expand Down
1 change: 1 addition & 0 deletions ..._configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ identifiers:
cce@rhel10: CCE-89541-7
cce@sle15: CCE-85819-1
cce@slmicro5: CCE-94098-1
cce@slmicro6: CCE-95095-6

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ..._configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ identifiers:
cce@rhel9: CCE-83736-9
cce@rhel10: CCE-88818-0
cce@slmicro5: CCE-94099-9
cce@slmicro6: CCE-95097-2

references:
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
Expand Down
1 change: 1 addition & 0 deletions ...configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ identifiers:
cce@rhel10: CCE-87741-5
cce@sle15: CCE-85818-3
cce@slmicro5: CCE-94100-5
cce@slmicro6: CCE-95098-0

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...re_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ identifiers:
cce@sle12: CCE-83131-3
cce@sle15: CCE-85680-7
cce@slmicro5: CCE-93666-6
cce@slmicro6: CCE-94649-1

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
5 changes: 3 additions & 2 deletions ..._rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ identifiers:
cce@sle12: CCE-83251-9
cce@sle15: CCE-85701-1
cce@slmicro5: CCE-93667-4
cce@slmicro6: CCE-94731-7

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down Expand Up @@ -78,14 +79,14 @@ template:
syscall_grouping:
- rename
- renameat
{{% if product in ['sle15', 'slmicro5'] %}}
{{% if product in ['sle15', 'slmicro5', 'slmicro6'] %}}
- renameat2
{{% endif %}}
- unlink
- unlinkat

fixtext: |-
{{%- if product in ['sle15' ,'slmicro5'] %}}
{{%- if product in ['sle15' ,'slmicro5', 'slmicro6'] %}}
{{{ fixtext_audit_rules_unsuccessful_file_modification("rename", ["renameat", "renameat2", "unlink", "unlinkat"]) | indent(4) }}}
{{%- else %}}
{{{ fixtext_audit_rules_unsuccessful_file_modification("rename", ["renameat", "unlink", "unlinkat"]) | indent(4) }}}
Expand Down
1 change: 1 addition & 0 deletions ...igure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ identifiers:
cce@sle12: CCE-83128-9
cce@sle15: CCE-85748-2
cce@slmicro5: CCE-93675-7
cce@slmicro6: CCE-94653-3

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...figure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ identifiers:
cce@sle12: CCE-83129-7
cce@sle15: CCE-85749-0
cce@slmicro5: CCE-93676-5
cce@slmicro6: CCE-94654-1

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...iting/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ identifiers:
cce@sle12: CCE-83108-1
cce@sle15: CCE-85598-1
cce@slmicro5: CCE-93665-8
cce@slmicro6: CCE-94629-3

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...ting/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ identifiers:
cce@sle12: CCE-83107-3
cce@sle15: CCE-85597-3
cce@slmicro5: CCE-93664-1
cce@slmicro6: CCE-94628-5

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ..._configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83110-7
cce@sle15: CCE-85587-4
cce@slmicro5: CCE-93607-0
cce@slmicro6: CCE-94611-1

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...d_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ identifiers:
cce@sle12: CCE-83187-5
cce@sle15: CCE-85589-0
cce@slmicro5: CCE-93610-4
cce@slmicro6: CCE-94614-5

references:
cis@ubuntu2204: 4.1.3.6
Expand Down
1 change: 1 addition & 0 deletions ...d_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83163-6
cce@sle15: CCE-85586-6
cce@slmicro5: CCE-93605-4
cce@slmicro6: CCE-94609-5

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...onfigure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83126-3
cce@sle15: CCE-85588-2
cce@slmicro5: CCE-93608-8
cce@slmicro6: CCE-94612-9

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...onfigure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83161-0
cce@sle15: CCE-85584-1
cce@slmicro5: CCE-93603-9
cce@slmicro6: CCE-94607-9

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ identifiers:
cce@sle12: CCE-92258-3
cce@sle15: CCE-85744-1
cce@slmicro5: CCE-93612-0
cce@slmicro6: CCE-94650-9

references:
cis@sle12: 4.1.16
Expand Down
1 change: 1 addition & 0 deletions ...d_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ identifiers:
cce@sle12: CCE-83207-1
cce@sle15: CCE-85591-6
cce@slmicro5: CCE-93615-3
cce@slmicro6: CCE-94616-0

references:
nist: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv)AU-12(c),MA-4(1)(a)
Expand Down
1 change: 1 addition & 0 deletions ...nfigure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
< 629A div role="none" class="dropdown-divider">
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ identifiers:
cce@sle12: CCE-92257-5
cce@sle15: CCE-85731-8
cce@slmicro5: CCE-93614-6
cce@slmicro6: CCE-94652-5

references:
cis@sle12: 4.1.16
Expand Down
1 change: 1 addition & 0 deletions ...configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83162-8
cce@sle15: CCE-85585-8
cce@slmicro5: CCE-93604-7
cce@slmicro6: CCE-94608-7

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
5 changes: 3 additions & 2 deletions ...es/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{% if product in ["sle12", "sle15", "slmicro5"] %}}
{{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
{{% set pam_bin_path = "/sbin/pam_timestamp_check" %}}
{{% else %}}
{{% set pam_bin_path = "/usr/sbin/pam_timestamp_check" %}}
Expand Down Expand Up @@ -33,6 +33,7 @@ identifiers:
cce@sle12: CCE-83127-1
cce@sle15: CCE-85601-3
cce@slmicro5: CCE-93622-9
cce@slmicro6: CCE-94623-6

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand All @@ -51,7 +52,7 @@ references:
stigid@sle15: SLES-15-030510
stigid@ubuntu2204: UBTU-22-654075

{{% if product not in ["sle12", "sle15", "slmicro5"] %}}
{{% if product not in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
{{{ ocil_fix_srg_privileged_command("pam_timestamp_check", &qu F438 ot;/usr/sbin/") }}}
{{% endif %}}

Expand Down
1 change: 1 addition & 0 deletions ...configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83160-2
cce@sle15: CCE-85583-3
cce@slmicro5: CCE-93602-1
cce@slmicro6: CCE-94606-1

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ..._configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ identifiers:
cce@sle12: CCE-92256-7
cce@sle15: CCE-85732-6
cce@slmicro5: CCE-93613-8
cce@slmicro6: CCE-94651-7

references:
cis@sle12: 4.1.16
Expand Down
1 change: 1 addition & 0 deletions ...figure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
View file
Open in desktop
Original file line 10000 number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ identifiers:
cce@sle12: CCE-83199-0
cce@sle15: CCE-85590-8
cce@slmicro5: CCE-93611-2
cce@slmicro6: CCE-94615-2

references:
cis@ubuntu2204: 4.1.3.6
Expand Down
3 changes: 3 additions & 0 deletions ...gure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
{{%- set ssh_keysign_path="/usr/lib/ssh/ssh-keysign" %}}
{{%- elif 'slmicro6' in product %}}
{{%- set ssh_keysign_path="/usr/libexec/ssh/ssh-keysign" %}}
{{%- elif 'ubuntu' in product %}}
{{%- set ssh_keysign_path="/usr/lib/openssh/ssh-keysign" %}}
{{%- else %}}
Expand Down Expand Up @@ -36,6 +38,7 @@ identifiers:
cce@sle12: CCE-83159-4
cce@sle15: CCE-85582-5
cce@slmicro5: CCE-94071-8
cce@slmicro6: CCE-94605-3

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...itd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83143-8
cce@sle15: CCE-85602-1
cce@slmicro5: CCE-93623-7
cce@slmicro6: CCE-94624-4

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...d_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83144-6
cce@sle15: CCE-85603-9
cce@slmicro5: CCE-93624-5
cce@slmicro6: CCE-94625-1

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...nfigure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ identifiers:
cce@rhel10: CCE-89601-9
cce@sle15: CCE-85717-7
cce@slmicro5: CCE-93609-6
cce@slmicro6: CCE-94613-7

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down
4 changes: 3 additions & 1 deletion ...gure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{%- set unix_chkpwd_binary="/usr/sbin/unix_chkpwd" %}}
{{%- if product in ["fedora", "rhcos4", "sle12", "sle15", "slmicro5", "ubuntu2204", "ubuntu2404"] or 'ol' in families or 'rhel' in product %}}
{{%- if product in ["fedora", "rhcos4", "sle12", "sle15", "slmicro5", "slmicro6", "ubuntu2204", "ubuntu2404"] or 'ol' in families or 'rhel' in product %}}
{{%- set unix_chkpwd_binary="/sbin/unix_chkpwd" %}}
{{%- endif %}}

Expand Down Expand Up @@ -33,6 +33,7 @@ identifiers:
cce@sle12: CCE-83109-9
cce@sle15: CCE-85727-6
cce@slmicro5: CCE-93606-2
cce@slmicro6: CCE-94610-3

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
Expand Down Expand Up @@ -61,3 +62,4 @@ template:
path@sle12: /sbin/unix_chkpwd
path@sle15: /sbin/unix_chkpwd
path@slmicro5: /sbin/unix_chkpwd
path@slmicro6: /sbin/unix_chkpwd
1 change: 1 addition & 0 deletions ...onfigure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@sle12: CCE-83191-7
cce@sle15: CCE-85600-5
cce@slmicro5: CCE-93621-1
cce@slmicro6: CCE-94622-8

references:
cis@ubuntu2204: 4.1.3.18
Expand Down
4 changes: 2 additions & 2 deletions ...de/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/ansible/shared.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
- name: Enable syscall auditing (augenrules)
lineinfile:
path: "{{ item.path }}"
regex: ^(?i)(\s*-a\s+task,never)\s*$
regex: (?i)^(\s*-a\s+task,never)\s*$
line: '#-a task,never'
with_items: "{{ find_audit_rules_result.files }}"
when:
Expand All @@ -45,7 +45,7 @@
- name: Enable syscall auditing (auditctl)
lineinfile:
path: /etc/audit/audit.rules
regex: ^(?i)(\s*-a\s+task,never)\s*$
regex: (?i)^(\s*-a\s+task,never)\s*$
line: '#-a task,never'
when:
- '"auditd.service" in ansible_facts.services'
Expand Down
Loading
Loading
0