Merge pull request #12310 from svet-se/slmicro5-stig-add-audit-servic…

…es-rules--rules-support Slmicro5 stig add audit services rules rules support
ComplianceAsCode · Aug 19, 2024 · e186984 · e186984
2 parents d0b210e + 810959e
commit e186984
Show file tree

Hide file tree

Showing 28 changed files with 49 additions and 40 deletions.
diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
@@ -108,8 +108,9 @@ controls:
       levels:
           - high
       title: The SLEM 5 tool zypper must have gpgcheck enabled.
-      rules: []
-      status: pending
+      rules:
+          - ensure_gpgcheck_globally_activated
+      status: automated
 
     - id: SLEM-05-214020
       levels:
@@ -1250,8 +1251,9 @@ controls:
       title:
           Advanced Intrusion Detection Environment (AIDE) must verify the baseline
           SLEM 5 configuration at least weekly.
-      rules: []
-      status: pending
+      rules:
+          - aide_periodic_cron_checking
+      status: automated
 
     - id: SLEM-05-651035
       levels:
@@ -1313,8 +1315,12 @@ controls:
           SLEM 5 auditd service must notify the system administrator (SA) and information
           system security officer (ISSO) immediately when audit storage capacity is 75 percent
           full.
-      rules: []
-      status: pending
+      rules:
+          - auditd_data_retention_space_left_percentage
+          - var_auditd_space_left_percentage=25pc
+          - auditd_data_retention_space_left_action
+          - var_auditd_space_left_action=email
+      status: automated
 
     - id: SLEM-05-653035
       levels:
@@ -1370,17 +1376,19 @@ controls:
       levels:
           - low
       title: SLEM 5 audit event multiplexor must be configured to use Kerberos.
-      rules: []
-      status: pending
+      rules:
+          - auditd_audispd_encrypt_sent_records
+      status: automated
 
     - id: SLEM-05-653070
       levels:
           - medium
       title:
           Audispd must offload audit records onto a different system or media from
           SLEM 5 being audited.
-      rules: []
-      status: pending
+      rules:
+          - auditd_audispd_configure_remote_server
+      status: automated
 
     - id: SLEM-05-653075
       levels:
@@ -1719,8 +1727,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of privileged functions.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_suid_privilege_function
+      status: automated
 
     - id: SLEM-05-654200
       levels:

diff --git a/...de/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/...de/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
 # reboot = false
 # strategy = restrict
 # complexity = low
@@ -62,7 +62,7 @@
   register: auditctl_audit_rules_privilege_function_update_result
   with_items: "{{ suid_audit_rules }}"
 
-{{%- if product in ['sle12', 'sle15'] %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5'] %}}
 - name: Restart auditd.service
   ansible.builtin.systemd:
     name: auditd.service

diff --git a/.../guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh b/.../guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
@@ -46,6 +46,7 @@ identifiers:
     cce@rhel10: CCE-88933-7
     cce@sle12: CCE-83200-6
     cce@sle15: CCE-85611-2
+    cce@slmicro5: CCE-93705-2
 
 references:
     cis@ubuntu2004: 4.1.15

diff --git a/...configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/...configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
 # reboot = false
 # strategy = configure
 # complexity = low

diff --git a/...ing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/...ing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 
 {{{ bash_instantiate_variables("var_audispd_remote_server") }}}
 

diff --git a/.../auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/.../auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
@@ -28,6 +28,7 @@ identifiers:
     cce@rhel10: CCE-87973-4
     cce@sle12: CCE-83155-2
     cce@sle15: CCE-85615-3
+    cce@slmicro5: CCE-93707-8
 
 references:
     disa: CCI-001851

diff --git a/...ng/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/ansible/shared.yml b/...ng/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 7,Red Hat Virtualization 4,multi_platform_sle
+# platform = Oracle Linux 7,Red Hat Virtualization 4,multi_platform_sle,multi_platform_slmicro
 # reboot = false
 # complexity = low
 # disruption = low

diff --git a/...ide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/...ide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
@@ -28,6 +28,7 @@ identifiers:
     cce@rhel10: CCE-90160-3
     cce@sle12: CCE-83063-8
     cce@sle15: CCE-85614-6
+    cce@slmicro5: CCE-93706-0
 
 references:
     disa: CCI-001851

diff --git a/...onfigure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/...onfigure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
 # reboot = false
 # strategy = restrict
 # complexity = low

diff --git a/...ng/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/...ng/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 
 {{{ bash_instantiate_variables("var_auditd_space_left_action") }}}
 

diff --git a/...auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/...auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
@@ -35,6 +35,7 @@ identifiers:
     cce@rhel10: CCE-88897-4
     cce@sle12: CCE-91622-1
     cce@sle15: CCE-85823-3
+    cce@slmicro5: CCE-93788-8
 
 references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8

diff --git a/...ting/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/...ting/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
@@ -22,6 +22,7 @@ identifiers:
     cce@rhel8: CCE-86055-1
     cce@rhel9: CCE-87746-4
     cce@rhel10: CCE-88619-2
+    cce@slmicro5: CCE-93708-6
 
 references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8

diff --git a/...tem/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/...tem/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
 
 {{{ bash_package_install("aide") }}}
 

diff --git a/...de/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/...de/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-86738-2
     cce@sle12: CCE-91529-8
     cce@sle15: CCE-85671-6
+    cce@slmicro5: CCE-93711-0
 
 references:
     cis-csc: 1,11,12,13,14,15,16,2,3,5,7,8,9

diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
 
 {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}}
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/oval/shared.xml
@@ -4,7 +4,7 @@
     {{{ oval_metadata("The gpgcheck option should be used to ensure that checking
       of an RPM package's signature always occurs prior to its
       installation.") }}}
-    {{% if 'sle' in product %}} 
+    {{% if 'sle' in product or 'slmicro' in product %}} 
       <criteria operator="AND">
         <criterion comment="check value of gpgcheck in {{{ pkg_manager_config_file }}}" test_ref="test_ensure_gpgcheck_globally_activated" />
         <criterion comment="no value 0_off_no_false set in {{{ pkg_manager_config_file }}}" test_ref="test_ensure_gpgcheck_globally_no_deactivated" />
@@ -26,7 +26,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>  
 
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="no value 0 set in {{{ pkg_manager_config_file }}}" id="test_ensure_gpgcheck_globally_no_deactivated" version="1">
     <ind:object object_ref="object_test_ensure_gpgcheck_globally_no_deactivated" />

diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
@@ -35,6 +35,7 @@ identifiers:
     cce@rhel10: CCE-88404-9
     cce@sle12: CCE-83068-7
     cce@sle15: CCE-83290-7
+    cce@slmicro5: CCE-93712-8
 
 references:
     cis-csc: 11,2,3,9

diff --git a/...s/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/comment.fail.sh b/...s/guide/system/software/updating/ensure_gpgcheck_globally_activated/tests/comment.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}} 
 # packages = python3-libselinux

diff --git a/...e/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value.pass.sh b/...e/system/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...tem/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_true.pass.sh b/...tem/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_true.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...stem/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_yes.pass.sh b/...stem/software/updating/ensure_gpgcheck_globally_activated/tests/correct_value_yes.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/.../system/software/updating/ensure_gpgcheck_globally_activated/tests/line_not_there.fail.sh b/.../system/software/updating/ensure_gpgcheck_globally_activated/tests/line_not_there.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...ide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value.fail.sh b/...ide/system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...stem/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_false.fail.sh b/...stem/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_false.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/.../system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_no.fail.sh b/.../system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_no.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/...system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_off.fail.sh b/...system/software/updating/ensure_gpgcheck_globally_activated/tests/wrong_value_off.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or 'slmicro' in product %}}
 # packages = libselinux1
 {{% else %}}
 # packages = python3-libselinux

diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
@@ -39,14 +39,8 @@ CCE-93701-1
 CCE-93702-9
 CCE-93703-7
 CCE-93704-5
-CCE-93705-2
-CCE-93706-0
-CCE-93707-8
-CCE-93708-6
 CCE-93709-4
 CCE-93710-2
-CCE-93711-0
-CCE-93712-8
 CCE-93713-6
 CCE-93714-4
 CCE-93715-1
@@ -122,7 +116,6 @@ CCE-93784-7
 CCE-93785-4
 CCE-93786-2
 CCE-93787-0
-CCE-93788-8
 CCE-93789-6
 CCE-93790-4
 CCE-93791-2