Updated 10 rules to support SLE Micro 5

Author: rumch-se

controls/stig_slmicro5.yml

@@ -16,7 +16,7 @@ controls:
   title: SLEM 5 must be a vendor-supported release.
   rules:
   - installed_OS_is_vendor_supported
-  status: automated 
+  status: automated
 - id: SLEM-05-211015
   levels:
   - medium
@@ -1108,8 +1108,9 @@ controls:
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "chage" command.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_chage
+  status: automated
 - id: SLEM-05-654020
   levels:
   - medium
@@ -1120,8 +1121,9 @@ controls:
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "chfn" command.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_chfn
+  status: automated
 - id: SLEM-05-654030
   levels:
   - medium
@@ -1132,20 +1134,23 @@ controls:
   levels:
   - medium
   title: SLEM 5 must generate audit records for a uses of the "chsh" command.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_chsh
+  status: automated
 - id: SLEM-05-654040
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "crontab" command.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_crontab
+  status: automated
 - id: SLEM-05-654045
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "gpasswd" command.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_gpasswd
+  status: automated
 - id: SLEM-05-654050
   levels:
   - medium
@@ -1168,8 +1173,9 @@ controls:
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "newgrp" command.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_newgrp
+  status: automated
 - id: SLEM-05-654070
   levels:
   - medium
@@ -1181,8 +1187,9 @@ controls:
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "passwd" command.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_passwd
+  status: automated
 - id: SLEM-05-654080
   levels:
   - medium
@@ -1205,14 +1212,15 @@ controls:
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "ssh-agent" command.
-  rules: []
+  rules: [] 
   status: pending
 - id: SLEM-05-654100
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "ssh-keysign" command.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_ssh_keysign
+  status: automated
 - id: SLEM-05-654105
   levels:
   - medium
@@ -1229,15 +1237,17 @@ controls:
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "sudoedit" command.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_sudoedit
+  status: automated
 - id: SLEM-05-654120
   levels:
   - medium
   title: SLEM 5 must generate audit records for all uses of the "unix_chkpwd" or "unix2_chkpwd"
     commands.
-  rules: []
-  status: pending
+  rules: 
+  - audit_rules_privileged_commands_unix_chkpwd
+  status: automated
 - id: SLEM-05-654125
   levels:
   - medium

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-90143-9
     cce@sle12: CCE-83110-7
     cce@sle15: CCE-85587-4
+    cce@slmicro5: CCE-93607-0
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml

@@ -29,6 +29,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83187-5
     cce@sle15: CCE-85589-0
+    cce@slmicro5: CCE-93610-4
 
 references:
     cis@ubuntu2004: 4.1.11

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-89551-6
     cce@sle12: CCE-83163-6
     cce@sle15: CCE-85586-6
+    cce@slmicro5: CCE-93605-4
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-89029-3
     cce@sle12: CCE-83126-3
     cce@sle15: CCE-85588-2
+    cce@slmicro5: CCE-93608-8
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"]%}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-89403-0
     cce@sle12: CCE-83161-0
     cce@sle15: CCE-85584-1
+    cce@slmicro5: CCE-93603-9
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-88752-1
     cce@sle12: CCE-83162-8
     cce@sle15: CCE-85585-8
+    cce@slmicro5: CCE-93604-7
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-89215-8
     cce@sle12: CCE-83160-2
     cce@sle15: CCE-85583-3
+    cce@slmicro5: CCE-93602-1
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml

@@ -1,8 +1,8 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
-{{%- if product in ["sle12", "sle15"] %}}
+{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
   {{%- set ssh_keysign_path="/usr/lib/ssh/ssh-keysign" %}}
 {{%- elif 'ubuntu' in product %}}
   {{%- set ssh_keysign_path="/usr/lib/openssh/ssh-keysign" %}}
@@ -48,6 +48,7 @@ identifiers:
     cce@rhel10: CCE-88874-3
     cce@sle12: CCE-83159-4
     cce@sle15: CCE-85582-5
+    cce@susemicro5: CCE-93601-3
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
@@ -80,5 +81,6 @@ template:
         path: /usr/libexec/openssh/ssh-keysign
         path@sle12: /usr/lib/ssh/ssh-keysign
         path@sle15: /usr/lib/ssh/ssh-keysign
+        path@slmicro5: /usr/lib/ssh/ssh-keysign
         path@ubuntu2004: /usr/lib/openssh/ssh-keysign
         path@ubuntu2204: /usr/lib/openssh/ssh-keysign

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"] %}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -39,6 +39,7 @@ identifiers:
     cce@rhel9: CCE-83764-1
     cce@rhel10: CCE-89601-9
     cce@sle15: CCE-85717-7
+    cce@slmicro5: CCE-93609-6
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-89529-2
     cce@sle12: CCE-83109-9
     cce@sle15: CCE-85727-6
+    cce@slmicro5: CCE-93606-2
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
@@ -71,3 +72,4 @@ template:
         path: /usr/sbin/unix_chkpwd
         path@sle12: /sbin/unix_chkpwd
         path@sle15: /sbin/unix_chkpwd
+        path@slmicro5: /sbin/unix_chkpwd

shared/references/cce-slmicro5-avail.txt

@@ -1,13 +1,3 @@
-CCE-93601-3
-CCE-93602-1
-CCE-93603-9
-CCE-93604-7
-CCE-93605-4
-CCE-93606-2
-CCE-93607-0
-CCE-93608-8
-CCE-93609-6
-CCE-93610-4
 CCE-93611-2
 CCE-93612-0
 CCE-93613-8

shared/templates/audit_rules_privileged_commands/ansible.template

@@ -1,7 +1,7 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
   {{%- set perm_x=" -F perm=x" %}}
 {{%- endif %}}
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 # reboot = false
 # strategy = restrict
 # complexity = low

shared/templates/audit_rules_privileged_commands/bash.template

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204", "debian12"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204", "debian12"] %}}
   {{%- set perm_x=" -F perm=x" %}}
 {{%- endif %}}
 # platform = multi_platform_all

shared/templates/audit_rules_privileged_commands/oval.template

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204", "debian12"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204", "debian12"] %}}
   {{%- set perm_x="(?:[\s]+-F[\s]+perm=x)" %}}
 {{%- endif %}}
 <def-group>

shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 # packages = audit
 
 source common.sh

shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 
 source common.sh
 

shared/templates/audit_rules_privileged_commands/tests/common.sh

@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
 perm_x="-F perm=x"
 {{%- endif %}}