diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/rule.yml
index d816a0428b17..73892895915f 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/rule.yml
@@ -20,6 +20,7 @@ severity: medium
identifiers:
cce@sle12: CCE-83119-8
cce@sle15: CCE-85706-0
+ cce@sle16: CCE-96314-0
cce@slmicro5: CCE-93739-1
references:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
index ea210aeab6ff..ca4b044f4428 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
@@ -31,6 +31,7 @@ identifiers:
cce@rhel10: CCE-89816-3
cce@sle12: CCE-91554-6
cce@sle15: CCE-85831-6
+ cce@sle16: CCE-96491-6
cce@slmicro5: CCE-93869-6
references:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_etc_selinux/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_etc_selinux/rule.yml
index 65bb2a6c1b3f..5fd0a94fe92b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_etc_selinux/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_etc_selinux/rule.yml
@@ -15,6 +15,7 @@ severity: medium
identifiers:
cce@rhel10: CCE-90737-8
cce@sle15: CCE-92694-9
+ cce@sle16: CCE-96212-6
references:
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e)
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
index 3bd3fa882e3a..6c5ecb7c051b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
@@ -45,6 +45,7 @@ identifiers:
cce@rhel10: CCE-88933-7
cce@sle12: CCE-83200-6
cce@sle15: CCE-85611-2
+ cce@sle16: CCE-96482-5
cce@slmicro5: CCE-93705-2
cce@slmicro6: CCE-94704-4
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
index bcd7a8d986c2..62eed4eb5e45 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
@@ -44,6 +44,7 @@ identifiers:
cce@rhel10: CCE-89542-5
cce@sle12: CCE-92355-7
cce@sle15: CCE-92551-1
+ cce@sle16: CCE-96660-6
cce@slmicro5: CCE-93863-9
references:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
index 150d969053de..b2413fcf698e 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
@@ -20,6 +20,7 @@ identifiers:
cce@rhel10: CCE-87480-0
cce@sle12: CCE-91605-6
cce@sle15: CCE-85810-0
+ cce@sle16: CCE-96232-4
references:
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
index 0387f647b5ea..a6e4c9f82536 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
@@ -31,6 +31,7 @@ identifiers:
cce@rhel10: CCE-90129-8
cce@sle12: CCE-92450-6
cce@sle15: CCE-85811-8
+ cce@sle16: CCE-96185-4
references:
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
index 984800cb6d33..b0142a0ae32f 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
@@ -25,6 +25,7 @@ identifiers:
cce@rhel10: CCE-86673-1
cce@sle12: CCE-83026-5
cce@sle15: CCE-85616-1
+ cce@sle16: CCE-96576-4
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
index 888582110079..7c4f709566f9 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel9: CCE-83686-6
cce@rhel10: CCE-87429-7
cce@sle15: CCE-92696-4
+ cce@sle16: CCE-95743-1
references:
nist: CM-6,AU-3
diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
index cb38601ce570..ac20125661b3 100644
--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
+++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
@@ -20,6 +20,7 @@ identifiers:
cce@rhel10: CCE-90062-1
cce@sle12: CCE-91691-6
cce@sle15: CCE-91321-0
+ cce@sle16: CCE-96290-2
cce@slmicro5: CCE-93930-6
references:
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
index b2b9219cdad5..f3c2bacd8fcd 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-89321-4
cce@sle12: CCE-92275-7
cce@sle15: CCE-91391-3
+ cce@sle16: CCE-95765-4
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
index 07c4e8b65b21..e3c3d2cbaa1d 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-90342-7
cce@sle12: CCE-92269-0
cce@sle15: CCE-91385-5
+ cce@sle16: CCE-96377-7
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
index 3312250c8b3c..9cb0ece4f6c9 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-88140-9
cce@sle12: CCE-92266-6
cce@sle15: CCE-91382-2
+ cce@sle16: CCE-95783-7
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
index 695f27229c9c..3696ad41147e 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-88986-5
cce@sle12: CCE-92272-4
cce@sle15: CCE-91388-9
+ cce@sle16: CCE-95763-9
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
index 39e1a06c984e..5922d937d641 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-89080-6
cce@sle12: CCE-92270-8
cce@sle15: CCE-91386-3
+ cce@sle16: CCE-96695-2
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
index 6900e7904881..bd0805853daa 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-89062-4
cce@sle12: CCE-92264-1
cce@sle15: CCE-91380-6
+ cce@sle16: CCE-96579-8
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
index aa5129fbcdf5..8a04eb4fa769 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-88741-4
cce@sle12: CCE-92274-0
cce@sle15: CCE-91390-5
+ cce@sle16: CCE-96323-1
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
index f89413ae2e05..22694ae62275 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-87499-0
cce@sle12: CCE-92268-2
cce@sle15: CCE-91384-8
+ cce@sle16: CCE-96295-1
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
index 7f7dd422e83b..728ccc68d778 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-89705-8
cce@sle12: CCE-92267-4
cce@sle15: CCE-91383-0
+ cce@sle16: CCE-96634-1
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
index 902dccb1414f..e7af181bc580 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-90753-5
cce@sle12: CCE-92273-2
cce@sle15: CCE-91389-7
+ cce@sle16: CCE-96169-8
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
index 52bbea1c637c..b59be0baebe7 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-88943-6
cce@sle12: CCE-92271-6
cce@sle15: CCE-91387-1
+ cce@sle16: CCE-96286-0
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
index dd7d32940a07..fe08637eda1b 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-87294-5
cce@sle12: CCE-92265-8
cce@sle15: CCE-91381-4
+ cce@sle16: CCE-96500-4
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml
index 64d413451515..dab4b88bba9d 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-86651-7
cce@sle12: CCE-91672-6
cce@sle15: CCE-91304-6
+ cce@sle16: CCE-96654-9
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml
index f30bb6cced69..797a90489c7f 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-88919-6
cce@sle12: CCE-91669-2
cce@sle15: CCE-91301-2
+ cce@sle16: CCE-96385-0
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
index 28a771f2eead..92cfa6f57dd6 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-88664-8
cce@sle12: CCE-91668-4
cce@sle15: CCE-91300-4
+ cce@sle16: CCE-96279-5
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml
index 38198c2488fa..245c56bd6db6 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-86632-7
cce@sle12: CCE-91671-8
cce@sle15: CCE-91303-8
+ cce@sle16: CCE-96611-9
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml
index d7645630be3a..2180912a5f36 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-89733-0
cce@sle12: CCE-91670-0
cce@sle15: CCE-91302-0
+ cce@sle16: CCE-96284-5
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml
index 1ab4d6570d02..bdef8c601a0c 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-90078-7
cce@sle12: CCE-91667-6
cce@sle15: CCE-91299-8
+ cce@sle16: CCE-96012-0
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml
index 8f04309f8fc8..a9d91057a564 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-89507-8
cce@sle12: CCE-91683-3
cce@sle15: CCE-91313-7
+ cce@sle16: CCE-95851-2
cce@slmicro5: CCE-93929-8
references:
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml
index b657376ae889..9e0e18159646 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml
@@ -20,6 +20,7 @@ identifiers:
cce@rhel10: CCE-88579-8
cce@sle12: CCE-91684-1
cce@sle15: CCE-91314-5
+ cce@sle16: CCE-95821-5
references:
cis@sle12: 5.1.8
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml
index c59119017a5e..45c6efc9bc8d 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml
@@ -18,6 +18,7 @@ identifiers:
cce@rhel10: CCE-90598-4
cce@sle12: CCE-91685-8
cce@sle15: CCE-91315-2
+ cce@sle16: CCE-96128-4
cce@slmicro5: CCE-93928-0
references:
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml
index cf732e5b4bdf..02dc67f90de5 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml
@@ -25,6 +25,7 @@ identifiers:
cce@rhel10: CCE-90094-4
cce@sle12: CCE-91686-6
cce@sle15: CCE-91316-0
+ cce@sle16: CCE-95921-3
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml
index 5f4ffab35201..c8e4f4f0e707 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-88524-4
cce@sle12: CCE-91687-4
cce@sle15: CCE-91317-8
+ cce@sle16: CCE-96215-9
cce@slmicro5: CCE-93927-2
references:
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml
index 2868b4db1b6e..71992141c351 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-88914-7
cce@sle12: CCE-91688-2
cce@sle15: CCE-91318-6
+ cce@sle16: CCE-96350-4
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml
index 603b8c5fa196..235e3a81182f 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml
@@ -23,6 +23,7 @@ identifiers:
cce@rhel10: CCE-90283-3
cce@sle12: CCE-91689-0
cce@sle15: CCE-91319-4
+ cce@sle16: CCE-96646-5
cce@slmicro5: CCE-93926-4
references:
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml
index 672f6a0c551f..c690dffc5f1b 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml
@@ -24,6 +24,7 @@ identifiers:
cce@rhel10: CCE-89121-8
cce@sle12: CCE-91690-8
cce@sle15: CCE-91320-2
+ cce@sle16: CCE-96522-8
references:
cis@sle12: 5.1.8
diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
index 01d2bd4f182c..cf13c4a31c11 100644
--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
+++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
@@ -25,6 +25,7 @@ identifiers:
cce@rhel10: CCE-87013-9
cce@sle12: CCE-91453-1
cce@sle15: CCE-85759-9
+ cce@sle16: CCE-96301-7
cce@slmicro5: CCE-93924-9
references:
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
index 417a1240aa87..f56a21e51dd2 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-87280-4
cce@sle12: CCE-91595-9
cce@sle15: CCE-91280-8
+ cce@sle16: CCE-96218-3
cce@slmicro5: CCE-93912-4
references:
diff --git a/linux_os/guide/services/mask_nonessential_services/rule.yml b/linux_os/guide/services/mask_nonessential_services/rule.yml
index e5f3dff19063..5a1108124ec1 100644
--- a/linux_os/guide/services/mask_nonessential_services/rule.yml
+++ b/linux_os/guide/services/mask_nonessential_services/rule.yml
@@ -26,6 +26,7 @@ identifiers:
cce@rhel10: CCE-86933-9
cce@sle12: CCE-92309-4
cce@sle15: CCE-92463-9
+ cce@sle16: CCE-96276-1
references:
cis@sle12: "2.4"
diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml
index 6690120b1572..47c308d62203 100644
--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml
@@ -24,6 +24,7 @@ identifiers:
cce@rhel10: CCE-88459-3
cce@sle12: CCE-91682-5
cce@sle15: CCE-91312-9
+ cce@sle16: CCE-96434-6
references:
cis@sle12: 2.2.8
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
index 6e8c82091e02..e3f69d6e7717 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
@@ -43,6 +43,7 @@ identifiers:
cce@rhel10: CCE-89296-8
cce@sle12: CCE-92240-1
cce@sle15: CCE-91360-8
+ cce@sle16: CCE-96673-9
cce@slmicro5: CCE-93907-4
references:
diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml
index c01369feda87..465285221d2c 100644
--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml
@@ -40,6 +40,7 @@ identifiers:
cce@rhel10: CCE-86811-7
cce@sle12: CCE-91631-2
cce@sle15: CCE-85833-2
+ cce@sle16: CCE-96509-5
cce@slmicro5: CCE-93803-5
references:
diff --git a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
index 8b2edeaf9bfc..6359e23c76f3 100644
--- a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
+++ b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-89591-2
cce@sle12: CCE-91594-2
cce@sle15: CCE-91229-5
+ cce@sle16: CCE-96123-5
cce@slmicro5: CCE-93909-0
references:
diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
index e311bd3e02b1..f22d242850fd 100644
--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
+++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
@@ -20,7 +20,9 @@ description: |-
{{% elif product == "ol8" %}}
{{{ weblink(link="https://docs.oracle.com/en/operating-systems/oracle-linux/8/network/network-ConfiguringNetworkTime.html#ol-nettime") }}}
{{% elif product in ["sle12", "sle15"] %}}
- {{{ weblink(link="https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-ntp.html") }}}
+ {{{ weblink(link="https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha-ntp.html") }}}
+ {{% elif product in ["sle16"] %}}
+ {{{ weblink(link="https://documentation.suse.com/sles/16.0/html/SLES-ntp-time-synchronization/index.html") }}}
{{% elif "rhel" in product %}}
{{{ weblink(link="https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/configuring_basic_system_settings/index#proc_migrating-to-chrony_configuring-time-synchronization") }}}
{{% endif %}}
@@ -47,6 +49,7 @@ identifiers:
cce@rhel10: CCE-89185-3
cce@sle12: CCE-91629-6
cce@sle15: CCE-85835-7
+ cce@sle16: CCE-96451-0
references:
cis-csc: 1,14,15,16,3,5,6
diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
index 62fbca927af8..1db77bb04a7a 100644
--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
+++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
@@ -20,6 +20,7 @@ identifiers:
cce@rhel10: CCE-88179-7
cce@sle12: CCE-91673-4
cce@sle15: CCE-91305-3
+ cce@sle16: CCE-95769-6
cce@slmicro5: CCE-94077-5
references:
diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
index f993532e57c8..bba598123a34 100644
--- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
@@ -27,6 +27,7 @@ identifiers:
cce@rhel10: CCE-89287-7
cce@sle12: CCE-91596-7
cce@sle15: CCE-91227-9
+ cce@sle16: CCE-96578-0
references:
cis-csc: 11,12,14,15,3,8,9
diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml
index 943d5e78dc55..d949e3041021 100644
--- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-88586-3
cce@sle12: CCE-91465-5
cce@sle15: CCE-91158-6
+ cce@sle16: CCE-96201-9
references:
srg: SRG-OS-000074-GPOS-00042
diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
index 8234b7bb0a23..d03b49ce0829 100644
--- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
+++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
@@ -25,6 +25,7 @@ identifiers:
cce@rhel10: CCE-89193-7
cce@sle12: CCE-91645-2
cce@sle15: CCE-91288-1
+ cce@sle16: CCE-96226-6
cce@slmicro5: CCE-93891-0
references:
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
index 45a060359dce..f36678bf6753 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
@@ -20,6 +20,7 @@ identifiers:
cce@rhel10: CCE-86264-9
cce@sle12: CCE-91674-2
cce@sle15: CCE-91306-1
+ cce@sle16: CCE-96442-9
cce@slmicro5: CCE-93887-8
references:
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
index 805d54544796..12abf9b815e0 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
@@ -32,6 +32,7 @@ identifiers:
cce@rhel10: CCE-88018-7
cce@sle12: CCE-83058-8
cce@sle15: CCE-85644-3
+ cce@sle16: CCE-96360-3
cce@slmicro5: CCE-93751-6
cce@slmicro6: CCE-95070-9
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
index 5659e10eaafe..3b9cbd89a694 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
@@ -16,6 +16,7 @@ identifiers:
cce@rhel10: CCE-87454-5
cce@sle12: CCE-83057-0
cce@sle15: CCE-85643-5
+ cce@sle16: CCE-95850-4
cce@slmicro5: CCE-93663-3
cce@slmicro6: CCE-95069-1
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml
index 89ad3f368ca2..e31f0ccb8c93 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml
@@ -27,6 +27,7 @@ identifiers:
cce@rhel10: CCE-87777-9
cce@sle12: CCE-91676-7
cce@sle15: CCE-91307-9
+ cce@sle16: CCE-96598-8
cce@slmicro5: CCE-93885-2
references:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml
index 9f0bed89eac8..69702f268155 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-89027-7
cce@sle12: CCE-92204-7
cce@sle15: CCE-91334-3
+ cce@sle16: CCE-96591-3
cce@slmicro5: CCE-93884-5
references:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
index 5c9e87c8bc87..1d33a6010b04 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
@@ -30,6 +30,7 @@ identifiers:
cce@rhel10: CCE-89476-6
cce@sle12: CCE-91675-9
cce@sle15: CCE-85707-8
+ cce@sle16: CCE-96661-4
cce@slmicro5: CCE-93648-4
cce@slmicro6: CCE-95072-5
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml
index 05d712c33a6d..46103457dfd4 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml
@@ -26,6 +26,7 @@ identifiers:
cce@rhel10: CCE-87045-1
cce@sle12: CCE-92203-9
cce@sle15: CCE-91333-5
+ cce@sle16: CCE-96090-6
cce@slmicro5: CCE-93883-7
references:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
index dce1c91241d4..45268c1823fc 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
@@ -49,6 +49,7 @@ identifiers:
cce@rhel10: CCE-90003-5
cce@sle12: CCE-92212-0
cce@sle15: CCE-91343-4
+ cce@sle16: CCE-96002-1
cce@slmicro5: CCE-93882-9
references:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
index e051a6d3b068..544ce16bf731 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
@@ -31,6 +31,7 @@ identifiers:
cce@rhel10: CCE-90362-5
cce@sle12: CCE-83027-3
cce@sle15: CCE-83281-6
+ cce@sle16: CCE-96381-9
cce@slmicro5: CCE-93692-2
cce@slmicro6: CCE-94681-4
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml
index be1e20e14dd9..c772e004a5ae 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-87290-3
cce@sle12: CCE-92281-5
cce@sle15: CCE-91397-0
+ cce@sle16: CCE-96213-4
cce@slmicro5: CCE-93881-1
references:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
index a7d308433aab..43da92e7c0b8 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
@@ -26,6 +26,7 @@ identifiers:
cce@rhel10: CCE-86241-7
cce@sle12: CCE-83077-8
cce@sle15: CCE-83270-9
+ cce@sle16: CCE-95866-0
cce@slmicro5: CCE-93643-5
cce@slmicro6: CCE-94627-7
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
index c834534fc248..f385f033a0c4 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
@@ -20,6 +20,7 @@ identifiers:
cce@rhel10: CCE-90071-2
cce@sle12: CCE-92202-1
cce@sle15: CCE-91332-7
+ cce@sle16: CCE-96262-1
cce@slmicro5: CCE-93880-3
references:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml
index bf468f5f38df..f5144f51203d 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml
@@ -20,6 +20,7 @@ identifiers:
cce@rhel10: CCE-89659-7
cce@sle12: CCE-91679-1
cce@sle15: CCE-91309-5
+ cce@sle16: CCE-96007-0
cce@slmicro5: CCE-93879-5
references:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml
index 705c0890d35b..e9602910e026 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-89624-1
cce@sle12: CCE-91678-3
cce@sle15: CCE-91308-7
+ cce@sle16: CCE-95911-4
cce@slmicro5: CCE-93878-7
references:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml
index d98af3e6692a..fb8be1eb934c 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml
@@ -23,6 +23,7 @@ identifiers:
cce@rhel10: CCE-87009-7
cce@sle12: CCE-92339-1
cce@sle15: CCE-92626-1
+ cce@sle16: CCE-96467-6
cce@slmicro5: CCE-93876-1
references:
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
index c0b7e0567f6f..c3727b485821 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-88343-9
cce@sle12: CCE-92236-9
cce@sle15: CCE-91358-2
+ cce@sle16: CCE-95885-0
cce@slmicro5: CCE-94059-3
references:
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
index e4781e26bffd..99d45b395dda 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-86969-3
cce@sle12: CCE-92237-7
cce@sle15: CCE-91359-0
+ cce@sle16: CCE-96310-8
cce@slmicro5: CCE-94056-9
references:
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
index cd8cae9ab879..d2c52797b41b 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-87831-4
cce@sle12: CCE-92235-1
cce@sle15: CCE-91357-4
+ cce@sle16: CCE-95961-9
cce@slmicro5: CCE-94053-6
references:
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
index 1eb09a43265d..3a3d8a90382b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
@@ -20,6 +20,7 @@ severity: medium
identifiers:
cce@sle12: CCE-83168-5
cce@sle15: CCE-85564-3
+ cce@sle16: CCE-96207-6
cce@slmicro5: CCE-93764-9
cce@slmicro6: CCE-94639-2
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
index e98586611807..ba21d26c306c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
@@ -21,6 +21,7 @@ severity: medium
identifiers:
cce@sle12: CCE-83167-7
cce@sle15: CCE-85676-5
+ cce@sle16: CCE-95874-4
cce@slmicro5: CCE-93763-1
cce@slmicro6: CCE-94638-4
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
index e66158f401a0..9dcca5707ea8 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
@@ -19,6 +19,7 @@ severity: medium
identifiers:
cce@sle12: CCE-83188-3
cce@sle15: CCE-85573-4
+ cce@sle16: CCE-96567-3
cce@slmicro5: CCE-93766-4
cce@slmicro6: CCE-94642-6
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
index 42adbc56685b..f0c3ceeafffb 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
@@ -17,6 +17,7 @@ severity: medium
identifiers:
cce@sle12: CCE-83174-3
cce@sle15: CCE-85575-9
+ cce@sle16: CCE-96501-2
cce@slmicro5: CCE-93729-2
cce@slmicro6: CCE-94741-6
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml
index 01c48ff9a1a3..34b4754a9757 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml
@@ -34,6 +34,7 @@ severity: medium
identifiers:
cce@sle12: CCE-91647-8
cce@sle15: CCE-85754-0
+ cce@sle16: CCE-96131-8
references:
nist: IA-7,IA-7.1
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
index 48f43ce86e78..ba6db029b603 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
@@ -23,6 +23,7 @@ identifiers:
cce@rhel10: CCE-89508-6
cce@sle12: CCE-83029-9
cce@sle15: CCE-83279-0
+ cce@sle16: CCE-96020-3
cce@slmicro5: CCE-93689-8
references:
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/ansible/shared.yml
index f025bf5f8a50..8351e3bd4242 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/ansible/shared.yml
@@ -4,7 +4,7 @@
# complexity = low
# disruption = medium
-{{% if product in ["sle15", "sle12", "slmicro5", "slmicro6"] -%}}
+{{% if 'sle' in product or 'slmicro' in product -%}}
{{%- set pam_file="/etc/pam.d/common-password" %}}
{{%- set control="required" %}}
{{%- else -%}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml
index 5eaee2754723..0136422e7812 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml
@@ -1,4 +1,4 @@
-{{% if product in ['sle12', 'sle15', 'slmicro5', 'slmicro6'] %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
{{% set pam_file = "/etc/pam.d/common-password" %}}
{{% set line_pattern = "^[\s]*password[\s]+(?:(?:required))[\s]+pam_unix\.so[\s]+" %}}
{{% elif 'ubuntu' in product or 'debian' in product %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
index 08e754feb42d..8d6623d17811 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
title: "Set PAM Password Hashing Algorithm - system-auth"
-{{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'debian' in product or 'sle' in product or 'slmicro' in product or 'ubuntu' in product %}}
{{% set pam_passwd_file_path = "/etc/pam.d/common-password" %}}
{{% else %}}
{{% set pam_passwd_file_path = "/etc/pam.d/system-auth" %}}
@@ -17,7 +17,7 @@ description: |-
{{{ xccdf_value("var_password_hashing_algorithm_pam") }}} and no other hashing
algorithms as shown below:
- {{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
+ {{% if 'sle' in product or 'slmicro' in product %}}
password required pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}} other arguments...
{{% elif 'ubuntu' in product or 'debian' in product %}}
password [success=1 default=ignore] pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}} other arguments...
@@ -47,6 +47,7 @@ identifiers:
cce@rhel10: CCE-88697-8
cce@sle12: CCE-83184-2
cce@sle15: CCE-85565-0
+ cce@sle16: CCE-96172-2
cce@slmicro5: CCE-93681-5
cce@slmicro6: CCE-94659-0
@@ -75,7 +76,7 @@ ocil: |-
{{{ xccdf_value("var_password_hashing_algorithm_pam") }}}:
$ sudo grep "^password.*pam_unix\.so.*{{{ xccdf_value("var_password_hashing_algorithm_pam") }}}" {{{ pam_passwd_file_path }}}
- {{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] -%}}
+ {{% if 'sle' in product or 'slmicro' in product -%}}
password required pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
{{% elif 'ubuntu' in product or 'debian' in product %}}
password [success=1 default=ignore] pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
@@ -95,7 +96,7 @@ fixtext: |-
Edit/modify the following line in the "{{{ pam_passwd_file_path }}}" file to include the {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
option for pam_unix.so:
- {{% if product in ['sle12', 'sle15', 'slmicro5', 'slmicro6'] -%}}
+ {{% if 'sle' in product or 'slmicro' in product -%}}
password required pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
{{% elif 'ubuntu' in product %}}
password [success=1 default=ignore] pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
index 3c7c48fc7b7c..25e02f369671 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
@@ -30,6 +30,7 @@ identifiers:
cce@rhel10: CCE-88966-7
cce@sle12: CCE-83051-3
cce@sle15: CCE-85558-5
+ cce@sle16: CCE-95739-9
cce@slmicro5: CCE-93688-0
cce@slmicro6: CCE-94675-6
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml
index 52b45dd8b9e2..88bd5c2f1dab 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-90323-7
cce@sle12: CCE-91550-4
cce@sle15: CCE-85845-6
+ cce@sle16: CCE-96457-7
cce@slmicro5: CCE-94045-2
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml
index 05cd4efeef41..67cdd8fc62ae 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml
@@ -20,6 +20,7 @@ severity: medium
identifiers:
cce@sle12: CCE-92213-8
cce@sle15: CCE-91344-2
+ cce@sle16: CCE-95795-1
cce@slmicro5: CCE-94044-5
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
index e94a793c8f38..72635c289207 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
@@ -15,6 +15,7 @@ identifiers:
cce@rhel10: CCE-89811-4
cce@sle12: CCE-83196-6
cce@sle15: CCE-83277-4
+ cce@sle16: CCE-96516-0
cce@slmicro5: CCE-93780-5
cce@slmicro6: CCE-94673-1
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
index c3c3627e0367..e6c35ed0c6e4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
@@ -15,6 +15,7 @@ identifiers:
cce@rhel10: CCE-86908-1
cce@sle12: CCE-92206-2
cce@sle15: CCE-91339-2
+ cce@sle16: CCE-96019-5
cce@slmicro5: CCE-94047-8
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
index 461099b208e3..bea17734098f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
@@ -15,6 +15,7 @@ identifiers:
cce@rhel10: CCE-88449-4
cce@sle12: CCE-92207-0
cce@sle15: CCE-91340-0
+ cce@sle16: CCE-96063-3
cce@slmicro5: CCE-94046-0
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
index af8ee84f0e3f..638bb17ea5c8 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
@@ -28,6 +28,7 @@ identifiers:
cce@rhel10: CCE-87961-9
cce@sle12: CCE-83050-5
cce@sle15: CCE-85570-0
+ cce@sle16: CCE-95721-7
cce@slmicro5: CCE-93685-6
cce@slmicro6: CCE-94670-7
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
index a0d1c11913e7..95404ee16bd3 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
@@ -16,7 +16,7 @@
{{% if product in ["ol7"] %}}
ansible.builtin.command:
cmd: chage -M {{ var_accounts_maximum_age_login_defs }} {{ item }}
-{{% elif product in ["sle12","sle15","slmicro6"] %}}
+{{% elif 'sle' in product or 'slmicro' in product %}}
ansible.builtin.command:
cmd: passwd -q -x {{ var_accounts_maximum_age_login_defs }} {{ item }}
{{% else %}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
index fdd7c1cf8486..104a0e6e8aa2 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
@@ -7,7 +7,7 @@
{{{ bash_instantiate_variables("var_accounts_maximum_age_login_defs") }}}
{{% call iterate_over_command_output("i", "awk -v var=\"$var_accounts_maximum_age_login_defs\" -F: '(/^[^:]+:[^!*]/ && ($5 > var || $5 == \"\")) {print $1}' /etc/shadow") -%}}
-{{% if product in ["sle12", "sle15", "slmicro6"] %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
passwd -q -x $var_accounts_maximum_age_login_defs $i
{{% else %}}
chage -M $var_accounts_maximum_age_login_defs $i
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
index c54bac04fe82..d7d3318a2c51 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
@@ -6,7 +6,11 @@ title: 'Set Existing Passwords Maximum Age'
description: |-
Configure non-compliant accounts to enforce a {{{ xccdf_value("var_accounts_maximum_age_login_defs") }}}-day maximum password lifetime
restriction by running the following command:
+ {{% if 'sle' in product or 'slmicro' in product %}}
+ $ sudo passwd -x {{{ xccdf_value("var_accounts_maximum_age_login_defs") }}} USER
+ {{% else %}}
$ sudo chage -M {{{ xccdf_value("var_accounts_maximum_age_login_defs") }}} USER
+ {{% endif %}}
rationale: |-
Any password, no matter how complex, can eventually be cracked. Therefore,
@@ -23,6 +27,7 @@ identifiers:
cce@rhel10: CCE-87137-6
cce@sle12: CCE-83041-4
cce@sle15: CCE-85571-8
+ cce@sle16: CCE-96606-9
cce@slmicro5: CCE-93686-4
cce@slmicro6: CCE-94662-4
@@ -47,14 +52,10 @@ ocil: |-
fixtext: |-
Configure non-compliant accounts to enforce a 60-day maximum password lifetime restriction.
- {{% if product not in ["sle12", "sle15", "slmicro6"] %}}
- passwd -q -x {{{ xccdf_value("var_accounts_maximum_age_login_defs") }}} [user]
+ {{% if 'sle' in product or 'slmicro' in product %}}
+ $ sudo passwd -x {{{ xccdf_value("var_accounts_maximum_age_login_defs") }}} USER
{{% else %}}
- usrs_max_pass_age=( "$(awk -F: '$5 > $var_accounts_maximum_age_login_defs || $5 == "" {print $1}' /etc/shadow)" )
- for i in "${usrs_max_pass_age[@]}"
- do
- passwd -q -x $((var_accounts_maximum_age_login_defs)) $i
- done
+ $ sudo chage -M {{{ xccdf_value("var_accounts_maximum_age_login_defs") }}} USER
{{% endif %}}
srg_requirement: |-
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
index f17d6cbe48ce..d347a7c80d22 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-87604-5
cce@sle12: CCE-92321-9
cce@sle15: CCE-92479-5
+ cce@sle16: CCE-96239-9
cce@slmicro5: CCE-94043-7
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
index 0d7056311b6b..434e6c60e6ff 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-89628-2
cce@sle12: CCE-92205-4
cce@sle15: CCE-91335-0
+ cce@sle16: CCE-96437-9
cce@slmicro5: CCE-94042-9
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
index c4e242a08293..a6088384388d 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
@@ -20,6 +20,7 @@ identifiers:
cce@rhel10: CCE-86554-3
cce@sle12: CCE-92322-7
cce@sle15: CCE-92480-3
+ cce@sle16: CCE-95968-4
cce@slmicro5: CCE-94041-1
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml
index 26adb9cef398..1cbc152d507e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-87644-1
cce@sle12: CCE-91551-2
cce@sle15: CCE-85846-4
+ cce@sle16: CCE-96334-8
cce@slmicro5: CCE-94040-3
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml
index ac008338255d..547627ee895c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-90359-1
cce@sle12: CCE-92330-0
cce@sle15: CCE-92504-0
+ cce@sle16: CCE-96077-3
cce@slmicro5: CCE-94039-5
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml
index ba354e075421..a49c4f129924 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml
@@ -17,6 +17,7 @@ identifiers:
cce@rhel10: CCE-87466-9
cce@sle12: CCE-91552-0
cce@sle15: CCE-85847-2
+ cce@sle16: CCE-96328-0
cce@slmicro5: CCE-94038-7
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/oval/shared.xml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/oval/shared.xml
index 16001fe3e244..ddbde376b499 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/oval/shared.xml
@@ -12,7 +12,7 @@
-{{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
^/etc/pam.d/.*$
{{% elif 'ubuntu' in product %}}
^/etc/pam.d/common-password
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
index eb79676097a3..746e729b1057 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
@@ -7,7 +7,7 @@ description: |-
but does not have an assigned password, it may be possible to log
into the account without authentication. Remove any instances of the
nullok in
- {{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
+ {{% if 'sle' in product or 'slmicro' in product%}}
password authentication configurations in /etc/pam.d/
{{% elif 'ubuntu' in product %}}
/etc/pam.d/common-password
@@ -35,7 +35,7 @@ identifiers:
cce@sle15: CCE-85576-7
cce@sle16: CCE-96342-1
cce@slmicro5: CCE-93738-3
- cce@slmicro6: CCE-95047-7
+ cce@slmicro6: CCE-95047-7
references:
cis-csc: 1,12,13,14,15,16,18,3,5
@@ -60,7 +60,7 @@ ocil_clause: 'NULL passwords can be used'
ocil: |-
To verify that null passwords cannot be used, run the following command:
- {{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
+ {{% if 'sle' in product or 'slmicro' in product %}}
$ grep pam_unix.so /etc/pam.d/* | grep nullok
{{% elif 'ubuntu' in product %}}
grep nullok /etc/pam.d/common-password
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
index 5e5cfd7a74b1..c6801ba6a896 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
@@ -29,6 +29,7 @@ identifiers:
cce@rhel10: CCE-90491-2
cce@sle12: CCE-83249-3
cce@sle15: CCE-91155-2
+ cce@sle16: CCE-96014-6
cce@slmicro5: CCE-93737-5
cce@slmicro6: CCE-95046-9
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
index ed35152e76b1..091ca1a70df8 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
@@ -28,6 +28,7 @@ identifiers:
cce@rhel10: CCE-87552-6
cce@sle12: CCE-83020-8
cce@sle15: CCE-85664-1
+ cce@sle16: CCE-96388-4
cce@slmicro5: CCE-93734-2
cce@slmicro6: CCE-95041-0
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
index 6fd443fff306..311cddcf4f68 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
@@ -16,6 +16,7 @@ identifiers:
cce@rhel10: CCE-90244-5
cce@sle12: CCE-91635-3
cce@sle15: CCE-91289-9
+ cce@sle16: CCE-96631-7
cce@slmicro5: CCE-94033-8
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
index 39597f935c91..f24139d6927e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
@@ -23,6 +23,7 @@ identifiers:
cce@rhel10: CCE-89099-6
cce@sle12: CCE-92353-2
cce@sle15: CCE-92528-9
+ cce@sle16: CCE-96616-8
cce@slmicro5: CCE-94032-0
references:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
index 8f737049d773..3d00846e44a7 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-87119-4
cce@sle12: CCE-92351-6
cce@sle15: CCE-92522-2
+ cce@sle16: CCE-96325-6
cce@slmicro5: CCE-94029-6
references:
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/sle12.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/sle.yml
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/sle12.yml
rename to linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/sle.yml
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/sle15.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/sle15.yml
deleted file mode 100644
index c9adfec2dacd..000000000000
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/sle15.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-# platform = multi_platform_sle
-# reboot = false
-# strategy = restrict
-# complexity = low
-# disruption = low
-{{{ ansible_instantiate_variables("var_accounts_tmout") }}}
-
-{{{ ansible_set_config_file(file='/etc/profile.d/autologout.sh', parameter='TMOUT', separator='=', separator_regex='=', value='{{ var_accounts_tmout }}', create='yes', rule_title=rule_title) }}}
-{{{ ansible_set_config_file(file='/etc/profile.d/autologout.sh', parameter='readonly', separator=' ', value='TMOUT', create='yes', rule_title=rule_title) }}}
-{{{ ansible_set_config_file(file='/etc/profile.d/autologout.sh', parameter='export', separator=' ', value='TMOUT', create='yes', rule_title=rule_title) }}}
-
-- name: Set the permission for /etc/profile.d/autologout.sh
- ansible.builtin.file:
- path: /etc/profile.d/autologout.sh
- mode: '0755'
- when: lookup('ansible.builtin.file', '/etc/profile.d/autologout.sh', errors='warn')
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/slmicro5.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/slmicro.yml
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/slmicro5.yml
rename to linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/slmicro.yml
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/slmicro6.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/slmicro6.yml
deleted file mode 100644
index 003cd304a5e0..000000000000
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/slmicro6.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-# platform = multi_platform_slmicro
-# reboot = false
-# strategy = restrict
-# complexity = low
-# disruption = low
-{{{ ansible_instantiate_variables("var_accounts_tmout") }}}
-
-{{{ ansible_set_config_file(file='/etc/profile.d/autologout.sh', parameter='TMOUT', separator='=', separator_regex='=', value='{{ var_accounts_tmout }}', create='yes', rule_title=rule_title) }}}
-{{{ ansible_set_config_file(file='/etc/profile.d/autologout.sh', parameter='readonly', separator=' ', value='TMOUT', create='yes', rule_title=rule_title) }}}
-{{{ ansible_set_config_file(file='/etc/profile.d/autologout.sh', parameter='export', separator=' ', value='TMOUT', create='yes', rule_title=rule_title) }}}
-
-- name: Set the permission for /etc/profile.d/autologout.sh
- ansible.builtin.file:
- path: /etc/profile.d/autologout.sh
- mode: '0755'
- when: lookup('ansible.builtin.file', '/etc/profile.d/autologout.sh', errors='warn')
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/sle12.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/sle.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/sle12.sh
rename to linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/sle.sh
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/sle15.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/sle15.sh
deleted file mode 100644
index 6768e497f579..000000000000
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/sle15.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-# platform = multi_platform_sle
-
-{{{ bash_instantiate_variables("var_accounts_tmout") }}}
-
-if [ -f /etc/profile.d/autologout.sh ]; then
- if grep --silent '^\s*TMOUT' /etc/profile.d/autologout.sh ; then
- sed -i -E "s/^(\s*)TMOUT\s*=\s*(\w|\$)*(.*)$/\1TMOUT=$var_accounts_tmout\3/g" /etc/profile.d/autologout.sh
- fi
-else
- echo -e "\n# Set TMOUT to $var_accounts_tmout per security requirements" >> /etc/profile.d/autologout.sh
- echo "TMOUT=$var_accounts_tmout" >> /etc/profile.d/autologout.sh
-fi
-if ! grep --silent '^\s*readonly TMOUT' /etc/profile.d/autologout.sh ; then
- echo "readonly TMOUT" >> /etc/profile.d/autologout.sh
-fi
-
-if ! grep --silent '^\s*export TMOUT' /etc/profile.d/autologout.sh ; then
- echo "export TMOUT" >> /etc/profile.d/autologout.sh
-fi
-chmod +x /etc/profile.d/autologout.sh
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/slmicro5.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/slmicro.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/slmicro5.sh
rename to linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/slmicro.sh
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/slmicro6.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/slmicro6.sh
deleted file mode 100644
index 19aba33e6eba..000000000000
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/slmicro6.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-# platform = multi_platform_slmicro
-
-{{{ bash_instantiate_variables("var_accounts_tmout") }}}
-
-if [ -f /etc/profile.d/autologout.sh ]; then
- if grep --silent '^\s*TMOUT' /etc/profile.d/autologout.sh ; then
- sed -i -E "s/^(\s*)TMOUT\s*=\s*(\w|\$)*(.*)$/\1TMOUT=$var_accounts_tmout\3/g" /etc/profile.d/autologout.sh
- fi
-else
- echo -e "\n# Set TMOUT to $var_accounts_tmout per security requirements" >> /etc/profile.d/autologout.sh
- echo "TMOUT=$var_accounts_tmout" >> /etc/profile.d/autologout.sh
-fi
-if ! grep --silent '^\s*readonly TMOUT' /etc/profile.d/autologout.sh ; then
- echo "readonly TMOUT" >> /etc/profile.d/autologout.sh
-fi
-
-if ! grep --silent '^\s*export TMOUT' /etc/profile.d/autologout.sh ; then
- echo "export TMOUT" >> /etc/profile.d/autologout.sh
-fi
-chmod +x /etc/profile.d/autologout.sh
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml
index 6ae42ecb04c8..c56ef3f9ba9f 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml
@@ -38,7 +38,7 @@
{{% if filepath %}}
{{{ filepath }}}
{{% endif %}}
- {{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] or "ubuntu" in product %}}
+ {{% if 'sle' in product or 'slmicro' in product or "ubuntu" in product %}}
^[\s]*TMOUT=([\w$]+)[\s]*readonly TMOUT[\s]*export TMOUT$
{{% else %}}
^[\s]*(?:typeset|declare)[\s]+-xr[\s]+TMOUT=([\w$]+).*$
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index 2a9fb7784bfc..573e8902d6da 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -9,7 +9,7 @@ description: |-
disables the automatic logout feature and is therefore not a compliant setting.
The value of TMOUT should be a positive integer, exported, and read only.
The TMOUT
- {{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
+ {{% if 'sle' in product or 'slmicro' in product %}}
setting in /etc/profile.d/autologout.sh should read as follows:
TMOUT={{{ xccdf_value("var_accounts_tmout") }}}
readonly TMOUT
@@ -44,6 +44,7 @@ identifiers:
cce@rhel10: CCE-88163-1
cce@sle12: CCE-83011-7
cce@sle15: CCE-83269-1
+ cce@sle16: CCE-95793-6
cce@slmicro5: CCE-93805-0
cce@slmicro6: CCE-94645-9
@@ -70,7 +71,7 @@ ocil_clause: 'the TMOUT value is not configured, is set to 0, or is not less tha
ocil: |-
Run the following command to ensure the TMOUT value is configured for all users
on the system:
- {{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
+ {{% if 'sle' in product or 'slmicro' in product %}}
$ sudo grep TMOUT /etc/profile.d/autologout.sh
{{% elif "ubuntu" in product %}}
$ sudo grep TMOUT /etc/bash.bashrc /etc/profile /etc/profile.d/*.sh
@@ -79,7 +80,7 @@ ocil: |-
{{% endif %}}
The output should return the following:
TMOUT={{{ xccdf_value("var_accounts_tmout") }}}
- {{% if product in ["sle12", "sle15", "slmicro5", "slmicro6", "ubuntu2204", "ubuntu2404"] %}}
+ {{% if 'sle' in product or 'slmicro' in product or product in ["ubuntu2204", "ubuntu2404"] %}}
readonly TMOUT
export TMOUT
{{% endif %}}
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
index 9ec2cd89c195..3625f5ab1972 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
@@ -34,6 +34,7 @@ identifiers:
cce@rhel10: CCE-90074-6
cce@sle12: CCE-91508-2
cce@sle15: CCE-85838-1
+ cce@sle16: CCE-96584-8
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
index d697cc4cc165..c67cbdae8818 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
@@ -48,6 +48,7 @@ identifiers:
cce@rhel10: CCE-88780-2
cce@sle12: CCE-91509-0
cce@sle15: CCE-85839-9
+ cce@sle16: CCE-96698-6
references:
cis-csc: 12,13,14,15,16,18,3,5
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
index 1a4a8272eb29..2e82a978a800 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
@@ -27,6 +27,7 @@ identifiers:
cce@rhel10: CCE-89058-2
cce@sle12: CCE-91510-8
cce@sle15: CCE-85837-3
+ cce@sle16: CCE-95840-5
references:
cis@sle12: 4.2.1.3
diff --git a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
index 6f4b17baa97a..74ae024ddbad 100644
--- a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
@@ -15,6 +15,7 @@ identifiers:
cce@rhel10: CCE-88423-9
cce@sle12: CCE-92386-2
cce@sle15: CCE-92561-0
+ cce@sle16: CCE-96604-4
cce@slmicro5: CCE-94015-5
references:
diff --git a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
index 52df9e518fc8..4091b38f7d48 100644
--- a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
@@ -27,6 +27,7 @@ identifiers:
cce@rhel10: CCE-87463-6
cce@sle12: CCE-92401-9
cce@sle15: CCE-92585-9
+ cce@sle16: CCE-95835-5
cce@slmicro5: CCE-94013-0
references:
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
index 8da1967221d2..0b974a275b36 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
@@ -25,6 +25,7 @@ identifiers:
cce@rhel10: CCE-88164-9
cce@sle12: CCE-91461-4
cce@sle15: CCE-85698-9
+ cce@sle16: CCE-95828-0
cce@slmicro5: CCE-94010-6
references:
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index a5eeea53709f..2ae1eb0991d0 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-88110-2
cce@sle12: CCE-91466-3
cce@sle15: CCE-85751-6
+ cce@sle16: CCE-95796-9
cce@slmicro5: CCE-93769-8
cce@slmicro6: CCE-94672-3
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml
index 83acc2c5e019..47cfba2d3228 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml
@@ -15,6 +15,7 @@ severity: medium
identifiers:
cce@sle15: CCE-91411-9
+ cce@sle16: CCE-96458-5
references:
cis@sle15: 3.5.3.2.4,3.5.3.3.4
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
index a067f501a970..905a5d985bb6 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
@@ -26,6 +26,7 @@ identifiers:
cce@rhel9: CCE-84023-1
cce@rhel10: CCE-87823-1
cce@sle15: CCE-91410-1
+ cce@sle16: CCE-96479-1
cce@slmicro5: CCE-94009-8
references:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
index 289cf374b753..d85dc0121fc2 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
@@ -24,6 +24,7 @@ identifiers:
cce@rhel10: CCE-89135-8
cce@sle12: CCE-83227-9
cce@sle15: CCE-85653-4
+ cce@sle16: CCE-96234-0
cce@slmicro5: CCE-93632-8
cce@slmicro6: CCE-95076-6
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
index fb2800ca618c..62095aa6d5e2 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-88689-5
cce@sle12: CCE-91533-0
cce@sle15: CCE-91218-8
+ cce@sle16: CCE-96435-3
cce@slmicro5: CCE-93992-6
references:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
index 9edba789d418..3b5b48c6b241 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-87848-8
cce@sle12: CCE-91535-5
cce@sle15: CCE-91220-4
+ cce@sle16: CCE-96010-4
cce@slmicro5: CCE-93991-8
references:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
index 552a5a694371..ab07f2c78520 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-86820-8
cce@sle12: CCE-83081-0
cce@sle15: CCE-85652-6
+ cce@sle16: CCE-96155-7
cce@slmicro5: CCE-93634-4
cce@slmicro6: CCE-95078-2
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
index 0027b05349a9..71639e823eb7 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-86918-0
cce@sle12: CCE-83080-2
cce@sle15: CCE-91243-6
+ cce@sle16: CCE-95801-7
cce@slmicro5: CCE-93987-6
references:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
index 226c919432ee..1723727a2842 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
@@ -18,6 +18,7 @@ identifiers:
cce@rhel10: CCE-87841-3
cce@sle12: CCE-91539-7
cce@sle15: CCE-91224-6
+ cce@sle16: CCE-96341-3
cce@slmicro5: CCE-93986-8
references:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
index f43d98d3ef4f..762c418e453b 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-88084-9
cce@sle12: CCE-83179-2
cce@sle15: CCE-83283-2
+ cce@sle16: CCE-95992-4
cce@slmicro5: CCE-93626-0
cce@slmicro6: CCE-94684-8
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
index d09a520e7dd8..ac926343a9f9 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-88360-3
cce@sle12: CCE-83089-3
cce@sle15: CCE-85655-9
+ cce@sle16: CCE-95931-2
cce@slmicro5: CCE-93638-5
cce@slmicro6: CCE-95082-4
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
index 755424d6c102..30280a66307a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-89177-0
cce@sle12: CCE-83086-9
cce@sle15: CCE-85654-2
+ cce@sle16: CCE-96422-1
cce@slmicro5: CCE-93637-7
cce@slmicro6: CCE-95081-6
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
index 96691414b111..240192691c53 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-87377-8
cce@sle12: CCE-83088-5
cce@sle15: CCE-85709-4
+ cce@sle16: CCE-95846-2
cce@slmicro5: CCE-93639-3
cce@slmicro6: CCE-95083-2
diff --git a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
index 982bc2955c10..35552c4b3530 100644
--- a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel9: CCE-86378-7
cce@rhel10: CCE-87358-8
cce@sle15: CCE-92469-6
+ cce@sle16: CCE-96650-7
cce@slmicro5: CCE-93985-0
references:
diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
index ed62300164c7..107f11d5c0a1 100644
--- a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel9: CCE-88429-6
cce@rhel10: CCE-88523-6
cce@sle15: CCE-92529-7
+ cce@sle16: CCE-96683-8
cce@slmicro5: CCE-93982-7
references:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
index 63ae470818cc..12f7c4e6fb4b 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-89435-2
cce@sle12: CCE-91599-1
cce@sle15: CCE-91241-0
+ cce@sle16: CCE-95889-2
cce@slmicro5: CCE-93975-1
references:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
index 4a87ab592ce9..f8683b5b4c2a 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
@@ -23,6 +23,7 @@ identifiers:
cce@rhel10: CCE-90489-6
cce@sle12: CCE-91600-7
cce@sle15: CCE-91242-8
+ cce@sle16: CCE-96254-8
cce@slmicro5: CCE-93974-4
references:
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index 21be7efdb187..ae3153889f0d 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -41,6 +41,7 @@ identifiers:
cce@rhel10: CCE-88576-4
cce@sle12: CCE-83148-7
cce@sle15: CCE-83286-5
+ cce@sle16: CCE-95778-7
cce@slmicro5: CCE-93704-5
cce@slmicro6: CCE-94703-6
diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
index 17b9cd142138..02203bf1fc40 100644
--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
@@ -31,6 +31,7 @@ identifiers:
cce@rhel10: CCE-88985-7
cce@sle12: CCE-83147-9
cce@sle15: CCE-85656-7
+ cce@sle16: CCE-96433-8
cce@slmicro5: CCE-93752-4
cce@slmicro6: CCE-95086-5
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
index 20778351f4c4..975a75074f48 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
@@ -32,6 +32,7 @@ identifiers:
cce@rhel10: CCE-88397-5
cce@sle12: CCE-83047-1
cce@sle15: CCE-83282-4
+ cce@sle16: CCE-95771-2
cce@slmicro5: CCE-93693-0
cce@slmicro6: CCE-94682-2
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
index 3d7b92eac6d7..9107f88141fb 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-87656-5
cce@sle12: CCE-91583-5
cce@sle15: CCE-91233-7
+ cce@sle16: CCE-96142-5
cce@slmicro5: CCE-93973-6
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml
index f64185705b42..2a48e487acd0 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml
@@ -17,6 +17,7 @@ identifiers:
cce@rhel10: CCE-89477-4
cce@sle12: CCE-91699-9
cce@sle15: CCE-91329-3
+ cce@sle16: CCE-96681-2
cce@slmicro5: CCE-93972-8
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml
index 0f39aa703a26..2fe5acf7244d 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml
@@ -17,6 +17,7 @@ identifiers:
cce@rhel10: CCE-89914-6
cce@sle12: CCE-91693-2
cce@sle15: CCE-91323-6
+ cce@sle16: CCE-96376-9
cce@slmicro5: CCE-93970-2
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml
index 9675d929eebb..3ec4e9521279 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml
@@ -23,6 +23,7 @@ identifiers:
cce@rhel10: CCE-88235-7
cce@sle12: CCE-91697-3
cce@sle15: CCE-91327-7
+ cce@sle16: CCE-96420-5
cce@slmicro5: CCE-93969-4
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
index 436807bb2a89..576426248976 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
@@ -16,6 +16,7 @@ identifiers:
cce@rhel10: CCE-90261-9
cce@sle12: CCE-91626-2
cce@sle15: CCE-85801-9
+ cce@sle16: CCE-95805-8
cce@slmicro5: CCE-93968-6
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
index af9eba88b2f3..726bad1e134e 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
@@ -16,6 +16,7 @@ identifiers:
cce@rhel10: CCE-89210-9
cce@sle12: CCE-91627-0
cce@sle15: CCE-85809-2
+ cce@sle16: CCE-96188-8
cce@slmicro5: CCE-93966-0
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
index d4768de96798..5fd150ca6ada 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
@@ -22,6 +22,7 @@ identifiers:
cce@rhel10: CCE-87579-9
cce@sle12: CCE-91628-8
cce@sle15: CCE-85808-4
+ cce@sle16: CCE-96016-1
cce@slmicro5: CCE-93965-2
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml
index e2aef727b1ba..3855846f5c3a 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml
@@ -17,6 +17,7 @@ identifiers:
cce@rhel10: CCE-89017-8
cce@sle12: CCE-91700-5
cce@sle15: CCE-91330-1
+ cce@sle16: CCE-95837-1
cce@slmicro5: CCE-93964-5
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml
index 826a10507eef..097a25043564 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml
@@ -17,6 +17,7 @@ identifiers:
cce@rhel10: CCE-90377-3
cce@sle12: CCE-91694-0
cce@sle15: CCE-91324-4
+ cce@sle16: CCE-96068-2
cce@slmicro5: CCE-93962-9
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml
index d0a9fd9771d7..b8f043da065b 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml
@@ -17,6 +17,7 @@ identifiers:
cce@rhel10: CCE-87502-1
cce@sle12: CCE-91696-5
cce@sle15: CCE-91326-9
+ cce@sle16: CCE-96300-9
cce@slmicro5: CCE-93961-1
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
index 62c73d270504..d40e5d54fabd 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
@@ -16,6 +16,7 @@ identifiers:
cce@rhel10: CCE-86870-3
cce@sle12: CCE-91665-0
cce@sle15: CCE-85802-7
+ cce@sle16: CCE-95900-7
cce@slmicro5: CCE-93960-3
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
index 7fbc711b044d..1e52a940b0f2 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
@@ -16,6 +16,7 @@ identifiers:
cce@rhel10: CCE-87827-2
cce@sle12: CCE-91666-8
cce@sle15: CCE-85806-8
+ cce@sle16: CCE-96152-4
cce@slmicro5: CCE-93958-7
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
index e138772d1a29..ed765a69fc4a 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-86857-0
cce@sle12: CCE-83259-2
cce@sle15: CCE-85807-6
+ cce@sle16: CCE-96465-0
cce@slmicro5: CCE-93957-9
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml
index c2bdb77875e5..a20ab58ceab6 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml
@@ -18,6 +18,7 @@ identifiers:
cce@rhel10: CCE-86579-0
cce@sle12: CCE-92201-3
cce@sle15: CCE-91331-9
+ cce@sle16: CCE-95895-9
cce@slmicro5: CCE-93956-1
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml
index 8c91fa184e67..80af9c4a6608 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml
@@ -18,6 +18,7 @@ identifiers:
cce@rhel10: CCE-86854-7
cce@sle12: CCE-91695-7
cce@sle15: CCE-91325-1
+ cce@sle16: CCE-95893-4
cce@slmicro5: CCE-93954-6
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml
index 67be35c3c2cc..c2080fde3fcd 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml
@@ -26,6 +26,7 @@ identifiers:
cce@rhel10: CCE-87423-0
cce@sle12: CCE-91698-1
cce@sle15: CCE-91328-5
+ cce@sle16: CCE-95820-7
cce@slmicro5: CCE-93953-8
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
index 1657f31d84a9..96a2cfc1c1f2 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
@@ -17,6 +17,7 @@ identifiers:
cce@rhel10: CCE-88868-5
cce@sle12: CCE-91451-5
cce@sle15: CCE-85803-5
+ cce@sle16: CCE-96364-5
cce@slmicro5: CCE-93952-0
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
index ed891a8b28bb..d42c430c4c3b 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
@@ -19,6 +19,7 @@ identifiers:
cce@rhel10: CCE-90644-6
cce@sle12: CCE-91452-3
cce@sle15: CCE-85805-0
+ cce@sle16: CCE-96477-5
cce@slmicro5: CCE-93950-4
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
index d9f7240be81b..e52241f482f1 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
@@ -28,6 +28,7 @@ identifiers:
cce@rhel10: CCE-88433-8
cce@sle12: CCE-91479-6
cce@sle15: CCE-85804-3
+ cce@sle16: CCE-96247-2
cce@slmicro5: CCE-93949-6
references:
diff --git a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
index fedcf3676b6c..af819ea482cb 100644
--- a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
@@ -28,6 +28,7 @@ severity: medium
identifiers:
cce@sle12: CCE-92224-5
cce@sle15: CCE-85755-7
+ cce@sle16: CCE-96135-9
cce@slmicro5: CCE-93660-9
cce@slmicro6: CCE-94687-1
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
index 24d5abb190ff..99fbd8321d5d 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
@@ -29,6 +29,7 @@ identifiers:
cce@rhel10: CCE-88825-5
cce@sle12: CCE-92209-6
cce@sle15: CCE-85745-8
+ cce@sle16: CCE-95746-4
cce@slmicro5: CCE-93938-9
references:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
index 6cefe2d8b527..bd826b199009 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
@@ -26,6 +26,7 @@ identifiers:
cce@rhel10: CCE-88732-3
cce@sle12: CCE-92210-4
cce@sle15: CCE-85746-6
+ cce@sle16: CCE-95954-4
cce@slmicro5: CCE-93937-1
references:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
index 743314a37d59..9f457c1f838b 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
@@ -23,6 +23,7 @@ identifiers:
cce@rhel10: CCE-88330-6
cce@sle12: CCE-92208-8
cce@sle15: CCE-85740-9
+ cce@sle16: CCE-96506-1
cce@slmicro5: CCE-93936-3
references:
diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/oval/shared.xml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/oval/shared.xml
index 0ebc1f6eda9d..c8b324ce368a 100644
--- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/oval/shared.xml
+++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/oval/shared.xml
@@ -13,7 +13,7 @@
- {{% if product in ['sle12', 'sle15', 'sle16'] %}}
+ {{% if 'sle' in product %}}
/etc/dconf/profile/gdm
^user-db:user\nsystem-db:gdm$
{{% else %}}
diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
index f6bca5f19051..a6e661bccf2d 100644
--- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
+++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
@@ -8,7 +8,7 @@ description: |-
highest priority. As such the DConf User profile should always exist and be
configured correctly.
- {{% if product in ["sle12", "sle15"] %}}
+ {{% if 'sle' in product %}}
To make sure that the user profile is configured correctly, the /etc/dconf/profile/gdm
should be set as follows:
user-db:user
@@ -45,6 +45,7 @@ identifiers:
cce@rhel9: CCE-88767-9
cce@sle12: CCE-83006-7
cce@sle15: CCE-83267-5
+ cce@sle16: CCE-96032-8
references:
cis@sle12: '1.10'
@@ -57,7 +58,7 @@ ocil_clause: 'DConf User profile does not exist or is not configured correctly'
ocil: |-
To verify that the DConf User profile is configured correctly, run the following
command:
- {{% if product in ["sle12", "sle15"] %}}
+ {{% if 'sle' in product %}}
$ cat /etc/dconf/profile/gdm
The output should show the following:
user-db:user
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml
index 84343965f822..bab08ccef959 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml
@@ -22,6 +22,7 @@ severity: high
identifiers:
cce@sle12: CCE-83245-1
cce@sle15: CCE-85723-5
+ cce@sle16: CCE-96531-9
cce@slmicro5: CCE-93754-0
references:
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
index e59beafdda28..d4c138569ff3 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
@@ -30,6 +30,7 @@ identifiers:
cce@rhel9: CCE-87734-0
cce@rhel10: CCE-89756-1
cce@sle15: CCE-92491-0
+ cce@sle16: CCE-96691-1
references:
cis-csc: 12,16
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
index 6a9efaada0d7..1e0636944e3a 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
@@ -31,6 +31,7 @@ identifiers:
cce@rhel9: CCE-90128-0
cce@rhel10: CCE-86628-5
cce@sle15: CCE-92492-8
+ cce@sle16: CCE-96617-6
references:
cis-csc: 12,16
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
index 55e58652554a..c2d48df41ac4 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
@@ -36,6 +36,7 @@ identifiers:
cce@rhel10: CCE-89964-1
cce@sle12: CCE-92219-5
cce@sle15: CCE-85783-9
+ cce@sle16: CCE-96436-1
references:
cis-csc: 1,12,15,16
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
index 7d45cacf6455..7eceaf8c48ce 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
@@ -28,6 +28,7 @@ identifiers:
cce@rhel10: CCE-87170-7
cce@sle12: CCE-83010-9
cce@sle15: CCE-85669-0
+ cce@sle16: CCE-96134-2
references:
cis-csc: 1,12,15,16
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
index 3fa572153358..8c3d9b000416 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
@@ -23,6 +23,7 @@ identifiers:
cce@rhel9: CCE-86954-5
cce@rhel10: CCE-88417-1
cce@sle15: CCE-92495-1
+ cce@sle16: CCE-96075-7
references:
cis-csc: 1,12,15,16
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
index be41fd211e2b..7ba4dfea377c 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
@@ -36,6 +36,7 @@ identifiers:
cce@rhel10: CCE-89684-5
cce@sle12: CCE-83222-0
cce@sle15: CCE-85766-4
+ cce@sle16: CCE-96353-8
references:
cis-csc: 1,12,15,16
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
index 59a0b013c3ca..08105969028c 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
@@ -51,6 +51,7 @@ identifiers:
cce@rhel10: CCE-88476-7
cce@sle12: CCE-83221-2
cce@sle15: CCE-85715-1
+ cce@sle16: CCE-96271-2
references:
cis-csc: 1,12,15,16
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
index c8cc77eed455..467ac938fae9 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
@@ -26,6 +26,7 @@ identifiers:
cce@rhel10: CCE-88587-1
cce@sle12: CCE-91636-1
cce@sle15: CCE-91245-1
+ cce@sle16: CCE-95843-9
references:
cis-csc: 1,12,15,16
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
index 574655aaf5c0..7844c8991ce8 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
@@ -16,6 +16,7 @@ identifiers:
cce@rhel10: CCE-90477-1
cce@sle12: CCE-83067-9
cce@sle15: CCE-83289-9
+ cce@sle16: CCE-96273-8
cce@slmicro5: CCE-93758-1
cce@slmicro6: CCE-94712-7
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
index 2010d094fb4e..1e01026870da 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
@@ -27,6 +27,7 @@ identifiers:
cce@rhel10: CCE-90421-9
cce@sle12: CCE-91649-4
cce@sle15: CCE-91290-7
+ cce@sle16: CCE-96088-0
references:
cis-csc: 1,11,12,13,14,15,16,18,3,5,6,9
diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
index 1742718647bb..9fa248ae5d3f 100644
--- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
+++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-87100-4
cce@sle12: CCE-91491-1
cce@sle15: CCE-91183-4
+ cce@sle16: CCE-95845-4
cce@slmicro5: CCE-94075-9
references:
diff --git a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
index d423ad7e5d2b..d376f21ee0ff 100644
--- a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
@@ -21,6 +21,7 @@ identifiers:
cce@rhel10: CCE-89073-1
cce@sle12: CCE-91499-4
cce@sle15: CCE-91190-9
+ cce@sle16: CCE-96329-8
cce@slmicro5: CCE-94074-2
references:
diff --git a/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml b/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
index dbb276384a5f..c6a2a6463ef7 100644
--- a/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
@@ -18,6 +18,7 @@ identifiers:
cce@rhel10: CCE-89611-8
cce@sle12: CCE-91654-4
cce@sle15: CCE-91311-1
+ cce@sle16: CCE-96282-9
cce@slmicro5: CCE-94073-4
references:
diff --git a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml
index d96015a47ee5..9fb1274aa2b6 100644
--- a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml
@@ -24,6 +24,7 @@ identifiers:
cce@rhel9: CCE-83543-9
cce@rhel10: CCE-87457-8
cce@sle15: CCE-85673-2
+ cce@sle16: CCE-96096-3
cce@slmicro5: CCE-93713-6
cce@slmicro6: CCE-94716-8
diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
index 7721bd83d905..3584ee4f2b91 100644
--- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
@@ -28,6 +28,7 @@ identifiers:
cce@rhel10: CCE-88136-7
cce@sle12: CCE-83231-1
cce@sle15: CCE-85764-9
+ cce@sle16: CCE-96625-9
cce@slmicro5: CCE-93716-9
cce@slmicro6: CCE-94719-2
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
index 2589064f69b9..d62c8fb78029 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
@@ -6,7 +6,7 @@
- name: Grep for {{{ pkg_manager }}} repo section names
ansible.builtin.shell: |
set -o pipefail
-{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
+{{%- if 'sle' in product or 'slmicro' in product %}}
grep -HEr '^\[.+\]' -r /etc/zypp/repos.d/
{{%- else %}}
grep -HEr '^\[.+\]' -r /etc/yum.repos.d/
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
index 1b03ae054450..c3f1aee8c01a 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
@@ -1,5 +1,5 @@
# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_almalinux
-{{% if product in ["sle12", "sle15", "slmicro5"] %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/*
{{% else %}}
sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/oval/shared.xml
index 975e49d8ce5c..ad1730f4fdaf 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/oval/shared.xml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/oval/shared.xml
@@ -14,7 +14,7 @@
- {{%- if product in ["sle12", "sle15", "slmicro5"] %}}
+ {{%- if 'sle' in product or 'slmicro' in product %}}
/etc/zypp/repos.d
{{%- else %}}
/etc/yum.repos.d
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
index 9b4787db6504..37ac17d51f4e 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
+{{%- if 'sle' in product or 'slmicro' in product %}}
{{%- set pkg_manager_repos="/etc/zypp/repos.d" %}}
{{%- else %}}
{{%- set pkg_manager_repos="/etc/yum.repos.d" %}}
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
index 8c99dcfe22f1..d2a9be2dd48d 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_almalinux
-{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
+{{%- if 'sle' in product or 'slmicro' in product %}}
sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/zypp/repos.d/*
{{%- else %}}
sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
index 1869fbae6d60..36828f037d0f 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_almalinux
-{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
+{{%- if 'sle' in product or 'slmicro' in product %}}
sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/*
{{%- else %}}
sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
index ae7cc954dde5..609e377fdf8f 100644
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
@@ -21,7 +21,7 @@ description: |-
$ sudo yum update
If the system is not configured to use repos, updates (in the form of RPM packages)
can be manually downloaded from the repos and installed using rpm.
-{{% elif product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
+{{% elif 'sle' in product or 'slmicro' in product %}}
If the system is configured for online updates, invoking the following command will list available
security updates:
$ sudo zypper refresh && sudo zypper list-patches -g security
@@ -47,8 +47,9 @@ identifiers:
cce@rhel9: CCE-84185-8
cce@sle12: CCE-83002-6
cce@sle15: CCE-83261-8
+ cce@sle16: CCE-96484-1
cce@slmicro5: CCE-93804-3
- cce@slmicro6: CCE-95036-0
+ cce@slmicro6: CCE-95036-0
references:
cis-csc: 18,20,4
diff --git a/products/sle16/profiles/hipaa.profile b/products/sle16/profiles/hipaa.profile
index 94fc562559a9..3bdd3a05cd63 100644
--- a/products/sle16/profiles/hipaa.profile
+++ b/products/sle16/profiles/hipaa.profile
@@ -51,6 +51,7 @@ selections:
- '!libreswan_approved_tunnels'
- '!package_rsh_removed'
- '!package_rsh-server_removed'
+ - '!package_sequoia-sq_installed'
- '!package_talk_removed'
- '!package_talk-server_removed'
- '!package_xinetd_removed'
diff --git a/products/sle16/profiles/pci-dss-4.profile b/products/sle16/profiles/pci-dss-4.profile
new file mode 100644
index 000000000000..6b771a83155a
--- /dev/null
+++ b/products/sle16/profiles/pci-dss-4.profile
@@ -0,0 +1,85 @@
+---
+documentation_complete: true
+
+metadata:
+ version: '4.0.1'
+ SMEs:
+ - svet-se
+ - teacup-on-rockingchair
+
+reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0_1.pdf
+
+title: 'PCI-DSS v4.0.1 Control Baseline for SUSE Linux Enterprise 16'
+
+description: |-
+ Payment Card Industry - Data Security Standard (PCI-DSS) is a set of
+ security standards designed to ensure the secure handling of payment card
+ data, with the goal of preventing data breaches and protecting sensitive
+ financial information.
+
+ This profile ensures SUSE Linux Enterprise 16 is configured in alignment
+ with PCI-DSS v4.0.1 requirements.
+
+selections:
+ - pcidss_4:all:base
+ - ensure_pam_wheel_group_empty
+ - sshd_strong_kex=pcidss
+ - var_multiple_time_servers=suse
+ - var_multiple_time_pools=suse
+ - var_accounts_tmout=15_min
+ - audit_rules_enable_syscall_auditing
+ - '!ntpd_specify_multiple_servers'
+ - '!ntpd_specify_remote_server'
+ - '!service_ntp_enabled'
+ - '!service_ntpd_enabled'
+ - '!service_timesyncd_enabled'
+ - '!package_libreswan_installed'
+ - '!use_pam_wheel_for_su'
+ - '!aide_periodic_cron_checking'
+ - '!accounts_password_pam_dcredit'
+ - '!accounts_password_pam_pwhistory_remember_system_auth'
+ - '!sysctl_kernel_core_pattern'
+ - '!configure_firewalld_ports'
+ - '!accounts_passwords_pam_tally2'
+ - '!accounts_passwords_pam_tally2_unlock_time'
+ - '!audit_rules_login_events_tallylog'
+ - '!accounts_passwords_pam_faillock_deny'
+ - '!file_owner_user_cfg'
+ - '!accounts_passwords_pam_faillock_unlock_time'
+ - '!ensure_redhat_gpgkey_installed'
+ - '!package_sequoia-sq_installed'
+ - '!ensure_almalinux_gpgkey_installed'
+ - '!firewalld_loopback_traffic_restricted'
+ - '!accounts_password_pam_lcredit'
+ - '!file_group_ownership_var_log_audit'
+ - '!package_ftp_removed'
+ - '!gnome_gdm_disable_guest_login'
+ - '!accounts_password_pam_minlen'
+ - '!no_password_auth_for_systemaccounts'
+ - '!file_groupowner_user_cfg'
+ - '!ensure_root_password_configured'
+ - '!gnome_gdm_disable_automatic_login'
+ - '!accounts_password_pam_pwhistory_remember_password_auth'
+ - '!enable_authselect'
+ - '!file_permissions_user_cfg'
+ - '!package_audispd-plugins_installed'
+ - '!firewalld_loopback_traffic_trusted'
+ - '!network_nmcli_permissions'
+ - '!package_cryptsetup-luks_installed'
+ - '!audit_rules_dac_modification_fchmodat2'
+ - '!accounts_password_pam_unix_remember'
+ - '!package_rsh-server_removed'
+ - '!package_rsh_removed'
+ - '!package_talk-server_removed'
+ - '!package_talk_removed'
+ - '!package_xinetd_removed'
+ - '!package_ypbind_removed'
+ - '!package_ypserv_removed'
+ - '!rpm_verify_permissions'
+ - '!sshd_use_approved_ciphers'
+ - '!sshd_use_approved_macs'
+ - '!set_password_hashing_algorithm_libuserconf'
+ - '!set_ip6tables_default_rule'
+ - '!set_ipv6_loopback_traffic'
+ - '!set_loopback_traffic'
+ - '!nftables_ensure_default_deny_policy'
diff --git a/shared/applicability/oval/installed_env_has_login_defs.xml b/shared/applicability/oval/installed_env_has_login_defs.xml
index f2256f32e140..fdb8114c1b0a 100644
--- a/shared/applicability/oval/installed_env_has_login_defs.xml
+++ b/shared/applicability/oval/installed_env_has_login_defs.xml
@@ -17,7 +17,7 @@
{{% if pkg_system == "rpm" %}}
{{% else %}}
comment="system has package shadow-utils installed, which provides the /etc/login.defs file.">
@@ -25,7 +25,7 @@
- {{% if product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}shadow{{% else %}}shadow-utils{{% endif %}}
+ {{% if 'sle' in product or 'slmicro' in product %}}shadow{{% else %}}shadow-utils{{% endif %}}
{{% elif pkg_system == "dpkg" %}}