Add rule ensure_gpgcheck_globally_activated to sle micro 5 stig profile

ComplianceAsCode · Aug 16, 2024 · 67ffe29 · 67ffe29
1 parent 1ddb991
commit 67ffe29
Show file tree

Hide file tree

Showing 13 changed files with 15 additions and 15 deletions.
diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
@@ -108,8 +108,9 @@ controls:
       levels:
           - high
       title: The SLEM 5 tool zypper must have gpgcheck enabled.
-      rules: []
-      status: pending
+      rules:
+          - ensure_gpgcheck_globally_activated
+      status: automated
 
     - id: SLEM-05-214020
       levels:

diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
 
 {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}}
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml
@@ -4,7 +4,7 @@
     {{{ oval_metadata("The gpgcheck option should be used to ensure that checking
       of an RPM package's signature always occurs prior to its
       installation.") }}}
-    {{% if 'sle' in product %}} 
+    {{% if 'sle' in product or 'slmicro' in product %}} 
       <criteria operator="AND">
         <criterion comment="check value of gpgcheck in {{{ pkg_manager_config_file }}}" test_ref="test_ensure_gpgcheck_globally_activated" />
         <criterion comment="no value 0_off_no_false set in {{{ pkg_manager_config_file }}}" test_ref="test_ensure_gpgcheck_globally_no_deactivated" />
@@ -26,7 +26,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>  
 
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="no value 0 set in {{{ pkg_manager_config_file }}}" id="test_ensure_gpgcheck_globally_no_deactivated" version="1">
     <ind:object object_ref="object_test_ensure_gpgcheck_globally_no_deactivated" />

diff --git a/...s/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/comment.fail.sh b/...s/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/comment.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}} 
 # packages = python3-libselinux

diff --git a/...e/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value.pass.sh b/...e/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...tem/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_true.pass.sh b/...tem/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_true.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...stem/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_yes.pass.sh b/...stem/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_yes.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/.../system/software/updating/ensure_gpgcheck_globally_activated/tests/line_not_there.fail.sh b/.../system/software/updating/ensure_gpgcheck_globally_activated/tests/line_not_there.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...ide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value.fail.sh b/...ide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...stem/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_false.fail.sh b/...stem/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_false.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/.../system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_no.fail.sh b/.../system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_no.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_off.fail.sh b/...system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_off.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
@@ -41,7 +41,6 @@ CCE-93703-7
 CCE-93704-5
 CCE-93709-4
 CCE-93710-2
-CCE-93712-8
 CCE-93713-6
 CCE-93714-4
 CCE-93715-1