From b8e2ec0ff39576a8b46fb13eaaa2c57b6bd6223f Mon Sep 17 00:00:00 2001 From: svet-se Date: Wed, 21 Aug 2024 17:20:26 +0300 Subject: [PATCH 01/10] Add rule audit_rules_session_events_utmp to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 3 ++- .../audit_rules_session_events_utmp/ansible/shared.yml | 2 +- .../audit_rules_session_events_utmp/bash/shared.sh | 2 +- .../audit_rules_session_events_utmp/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 47450c4bd1c..0958fe00afe 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1828,7 +1828,8 @@ controls: levels: - medium title: SLEM 5 must generate audit records for the "/run/utmp file". - rules: [] + rules: + - audit_rules_session_events_utmp status: pending - id: SLEM-05-654235 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/ansible/shared.yml index 245b84d6ce8..50a684c5655 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/ansible/shared.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_slmicro # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/bash/shared.sh index 82904057dc6..e5cec34d7af 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/bash/shared.sh +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/run/utmp", "wa", "session") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml index 2503f97dfc2..e1e6581ef21 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml @@ -25,6 +25,7 @@ severity: medium identifiers: cce@sle15: CCE-85714-4 + cce@slmicro5: CCE-93723-5 references: disa: CCI-000172 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 85fa5fde1a9..2b3a55bb2fc 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -34,7 +34,6 @@ CCE-93711-0 CCE-93712-8 CCE-93721-9 CCE-93722-7 -CCE-93723-5 CCE-93724-3 CCE-93725-0 CCE-93726-8 From c566cee7af2ba38c772d466ee71bb3f56a7a7c7b Mon Sep 17 00:00:00 2001 From: svet-se Date: Wed, 21 Aug 2024 17:29:35 +0300 Subject: [PATCH 02/10] Add rule audit_rules_session_events_wtmp to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 7 ++++--- .../audit_rules_session_events_wtmp/ansible/shared.yml | 2 +- .../audit_rules_session_events_wtmp/bash/shared.sh | 2 +- .../audit_rules_session_events_wtmp/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 0958fe00afe..ddc41b83bf6 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1830,7 +1830,7 @@ controls: title: SLEM 5 must generate audit records for the "/run/utmp file". rules: - audit_rules_session_events_utmp - status: pending + status: automated - id: SLEM-05-654235 levels: @@ -1843,8 +1843,9 @@ controls: levels: - medium title: SLEM 5 must generate audit records for the "/var/log/wtmp" file. - rules: [] - status: pending + rules: + - audit_rules_session_events_wtmp + status: automated - id: SLEM-05-654245 levels: diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/ansible/shared.yml index 136307737f8..64fb60e4890 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/ansible/shared.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_slmicro # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/bash/shared.sh index a67b62fb117..26af9ac81f7 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/bash/shared.sh +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/var/log/wtmp", "wa", "session") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml index bc2becd6129..9875f553b22 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml @@ -25,6 +25,7 @@ severity: medium identifiers: cce@sle15: CCE-85757-3 + cce@slmicro5: CCE-93724-3 references: disa: CCI-000172 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 2b3a55bb2fc..50e8ec665d9 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -34,7 +34,6 @@ CCE-93711-0 CCE-93712-8 CCE-93721-9 CCE-93722-7 -CCE-93724-3 CCE-93725-0 CCE-93726-8 CCE-93727-6 From dece1c8d9a6f92517dca8f64bd8ca45ad0b3361f Mon Sep 17 00:00:00 2001 From: svet-se Date: Wed, 21 Aug 2024 17:33:32 +0300 Subject: [PATCH 03/10] Add rule audit_rules_session_events_btmp to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../audit_rules_session_events_btmp/ansible/shared.yml | 2 +- .../audit_rules_session_events_btmp/bash/shared.sh | 2 +- .../audit_rules_session_events_btmp/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index ddc41b83bf6..47ab9597ef1 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1836,8 +1836,9 @@ controls: levels: - medium title: SLEM 5 must generate audit records for the "/var/log/btmp" file. - rules: [] - status: pending + rules: + - audit_rules_session_events_btmp + status: automated - id: SLEM-05-654240 levels: diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/ansible/shared.yml index 952ff597020..acf83cfc9e7 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/ansible/shared.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_slmicro # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/bash/shared.sh index c3468b6cf45..f9986e7cf0a 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/bash/shared.sh +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/var/log/btmp", "wa", "session") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml index 111f44d4443..4386a92474e 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml @@ -25,6 +25,7 @@ severity: medium identifiers: cce@sle15: CCE-85758-1 + cce@slmicro5: CCE-93725-0 references: disa: CCI-000172 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 50e8ec665d9..db9451d3e8e 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -34,7 +34,6 @@ CCE-93711-0 CCE-93712-8 CCE-93721-9 CCE-93722-7 -CCE-93725-0 CCE-93726-8 CCE-93727-6 CCE-93728-4 From 184e9f56aea1d985807be7d723e09c8de521f7a8 Mon Sep 17 00:00:00 2001 From: svet-se Date: Thu, 22 Aug 2024 11:17:26 +0300 Subject: [PATCH 04/10] Add rule cracklib_accounts_password_pam_retry to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 6 ++++-- .../cracklib_accounts_password_pam_retry/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 47ab9597ef1..59835ed93f7 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1039,8 +1039,10 @@ controls: levels: - medium title: SLEM 5 must prevent the use of dictionary words for passwords. - rules: [] - status: pending + rules: + - cracklib_accounts_password_pam_retry + - var_password_pam_retry=3 + status: automated - id: SLEM-05-611035 levels: diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml index c64de3eb65d..c67a693774b 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml @@ -17,6 +17,7 @@ severity: medium identifiers: cce@sle12: CCE-83174-3 cce@sle15: CCE-85575-9 + cce@slmicro5: CCE-93729-2 references: cis@sle12: 5.3.1 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index db9451d3e8e..ab6f5036032 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -37,7 +37,6 @@ CCE-93722-7 CCE-93726-8 CCE-93727-6 CCE-93728-4 -CCE-93729-2 CCE-93730-0 CCE-93731-8 CCE-93732-6 From c4c1202644ec76e52b9632c17ffa07be7826953f Mon Sep 17 00:00:00 2001 From: svet-se Date: Thu, 22 Aug 2024 14:08:22 +0300 Subject: [PATCH 05/10] Add rule display_login_attempts to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../accounts-pam/display_login_attempts/ansible/shared.yml | 6 +++--- .../accounts-pam/display_login_attempts/bash/shared.sh | 6 +++--- .../accounts-pam/display_login_attempts/oval/shared.xml | 2 +- .../accounts/accounts-pam/display_login_attempts/rule.yml | 5 +++-- .../display_login_attempts/tests/commented_line.fail.sh | 4 ++-- .../display_login_attempts/tests/correct_value.pass.sh | 2 +- .../display_login_attempts/tests/no_silent_all.pass.sh | 2 +- .../tests/no_space_before_showfailed.fail.sh | 4 ++-- .../tests/no_space_before_silent.pass.sh | 2 +- .../display_login_attempts/tests/silent_present.fail.sh | 4 ++-- .../display_login_attempts/tests/wrong_value.fail.sh | 4 ++-- shared/references/cce-slmicro5-avail.txt | 1 - 13 files changed, 24 insertions(+), 23 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 59835ed93f7..e30ae66d0f8 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -877,8 +877,9 @@ controls: title: SLEM 5 must display the date and time of the last successful account logon upon logon. - rules: [] - status: pending + rules: + - display_login_attempts + status: automated - id: SLEM-05-412015 levels: diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml index 428fbd7fac0..ad3b4429075 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml @@ -1,10 +1,10 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,Red Hat Virtualization 4 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4 # reboot = false # strategy = configure # complexity = low # disruption = low -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{%- set pam_lastlog_path = "/etc/pam.d/login" %}} {{%- set after_match = "^\s*session.*include\s+common-session$" %}} {{%- else %}} @@ -12,7 +12,7 @@ {{%- set after_match = "^\s*session\s+.*pam_succeed_if\.so.*" %}} {{%- endif %}} -{{%- if "ol" in product or "ubuntu" in product %}} +{{%- if "ol" in product or "slmicro" in product or "ubuntu" in product %}} {{%- set control = "required" %}} {{%- elif "sle" in product %}} {{%- set control = "optional" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh index badc79bff86..891d516d571 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh @@ -1,6 +1,6 @@ -# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu +# platform = multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{%- set pam_lastlog_path = "/etc/pam.d/login" %}} {{%- set after_match = "^\s*session.*include\s+common-session$" %}} {{%- else %}} @@ -8,7 +8,7 @@ {{%- set after_match = "^\s*session\s+.*pam_succeed_if\.so.*" %}} {{%- endif %}} -{{%- if "ol" in product or "ubuntu" in product %}} +{{%- if "ol" in product or "slmicro" in product or "ubuntu" in product %}} {{%- set control = "required" %}} {{%- elif "sle" in product %}} {{%- set control = "optional" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml index a505a74d8cd..422af7a38d7 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml @@ -1,4 +1,4 @@ -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{% set pam_lastlog_path = "/etc/pam.d/login" %}} {{% else %}} {{% set pam_lastlog_path = "/etc/pam.d/postlogin" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml index ea6e1c5daad..b16fdaee4ba 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml @@ -1,10 +1,10 @@ -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{%- set pam_lastlog_path = "/etc/pam.d/login" %}} {{%- else %}} {{%- set pam_lastlog_path = "/etc/pam.d/postlogin" %}} {{%- endif %}} -{{%- if "ol" in product or "ubuntu" in product %}} +{{%- if "ol" in product or "slmicro" in product or "ubuntu" in product %}} {{%- set control = "required" %}} {{%- elif "sle" in product %}} {{%- set control = "optional" %}} @@ -37,6 +37,7 @@ identifiers: cce@rhel10: CCE-88650-7 cce@sle12: CCE-83149-5 cce@sle15: CCE-85560-1 + cce@slmicro5: CCE-93730-0 references: cis-csc: 1,12,15,16 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/commented_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/commented_line.fail.sh index 565664230a8..2220d022cc6 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/commented_line.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/commented_line.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash -# platform = multi_platform_sle,multi_platform_ubuntu,Oracle Linux 7 +# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,Oracle Linux 7 -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{% set pam_lastlog_path = "/etc/pam.d/login" %}} {{% else %}} {{% set pam_lastlog_path = "/etc/pam.d/postlogin" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/correct_value.pass.sh index ba7eebaa909..9c68290692d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/correct_value.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/correct_value.pass.sh @@ -1,7 +1,7 @@ #!/bin/bash # platform = multi_platform_all -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{% set pam_lastlog_path = "/etc/pam.d/login" %}} {{% else %}} {{% set pam_lastlog_path = "/etc/pam.d/postlogin" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_silent_all.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_silent_all.pass.sh index 92492a86b7b..ed8f41216ca 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_silent_all.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_silent_all.pass.sh @@ -1,7 +1,7 @@ #!/bin/bash # platform = multi_platform_all -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{% set pam_lastlog_path = "/etc/pam.d/login" %}} {{% else %}} {{% set pam_lastlog_path = "/etc/pam.d/postlogin" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh index ae52dc89c56..5d93e1fb519 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash -# platform = multi_platform_sle,multi_platform_ubuntu,Oracle Linux 7 +# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,Oracle Linux 7 -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{% set pam_lastlog_path = "/etc/pam.d/login" %}} {{% else %}} {{% set pam_lastlog_path = "/etc/pam.d/postlogin" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh index 41e256313dd..b77fdb02551 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh @@ -1,7 +1,7 @@ #!/bin/bash # platform = multi_platform_all -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{% set pam_lastlog_path = "/etc/pam.d/login" %}} {{% else %}} {{% set pam_lastlog_path = "/etc/pam.d/postlogin" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/silent_present.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/silent_present.fail.sh index b9b3f6f9030..cfb2236b4b0 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/silent_present.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/silent_present.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash -# platform = multi_platform_sle,multi_platform_ubuntu,Oracle Linux 7 +# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,Oracle Linux 7 -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{% set pam_lastlog_path = "/etc/pam.d/login" %}} {{% else %}} {{% set pam_lastlog_path = "/etc/pam.d/postlogin" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value.fail.sh index 5b2d97286f9..d8c7d064c83 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash -# platform = multi_platform_sle,multi_platform_ubuntu,Oracle Linux 7 +# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,Oracle Linux 7 -{{%- if "sle" in product or "ubuntu" in product %}} +{{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}} {{% set pam_lastlog_path = "/etc/pam.d/login" %}} {{% else %}} {{% set pam_lastlog_path = "/etc/pam.d/postlogin" %}} diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index ab6f5036032..6d12976bf4e 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -37,7 +37,6 @@ CCE-93722-7 CCE-93726-8 CCE-93727-6 CCE-93728-4 -CCE-93730-0 CCE-93731-8 CCE-93732-6 CCE-93733-4 From 4390a1a0351fb53f68cfc6f2336a68dcee4af595 Mon Sep 17 00:00:00 2001 From: svet-se Date: Thu, 22 Aug 2024 14:26:37 +0300 Subject: [PATCH 06/10] Add rule accounts_authorized_local_users to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 6 ++++-- .../accounts_authorized_local_users/rule.yml | 3 ++- .../var_accounts_authorized_local_users_regex.var | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index e30ae66d0f8..59bde16bca8 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -836,8 +836,10 @@ controls: levels: - medium title: SLEM 5 must not have unnecessary accounts. - rules: [] - status: pending + rules: + - accounts_authorized_local_users + - var_accounts_authorized_local_users_regex=slmicro5 + status: automated - id: SLEM-05-411060 levels: diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml index 552586cb555..de8bfee0fdb 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml @@ -30,6 +30,7 @@ identifiers: cce@rhel10: CCE-88135-9 cce@sle12: CCE-83195-8 cce@sle15: CCE-85561-9 + cce@slmicro5: CCE-93731-8 references: disa: CCI-000366 @@ -43,7 +44,7 @@ references: ocil_clause: 'there are unauthorized local user accounts on the system' -{{% if 'rhel' in product or 'ol' in product %}} +{{% if 'rhel' in product or 'ol' in product or 'slmicro5' in product %}} warnings: - general: |- Automatic remediation of this control is not available due to the unique diff --git a/linux_os/guide/system/accounts/accounts-restrictions/var_accounts_authorized_local_users_regex.var b/linux_os/guide/system/accounts/accounts-restrictions/var_accounts_authorized_local_users_regex.var index 7546f1d8617..df72672b698 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/var_accounts_authorized_local_users_regex.var +++ b/linux_os/guide/system/accounts/accounts-restrictions/var_accounts_authorized_local_users_regex.var @@ -30,4 +30,5 @@ options: rhel9: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|tss|systemd-coredump|dbus|polkitd|avahi|colord|rtkit|pipewire|clevis|sssd|geoclue|flatpak|setroubleshoot|libstoragemgmt|systemd-oom|gdm|cockpit-ws|cockpit-wsinstance|gnome-initial-setup|sshd|chrony|dnsmasq|tcpdump|admin)$" sle12: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd|systemd-resolve|systemd-coredump|sssd|rngd|man|systemd-timesync|scard|hacluster|statd|at|dockremap|vnc)$" sle15: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd|systemd-resolve|systemd-coredump|sssd|rngd|man|systemd-timesync|scard|hacluster|statd|at|dockremap|vnc|messagebus|nscd|flatpak|srvGeoClue|tftp|wsdd|dnsmasq|usbmux|brltty)$" + slmicro5: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd|systemd-resolve|systemd-coredump|sssd|rngd|man|systemd-timesync|scard|hacluster|statd|at|dockremap|vnc|messagebus|nscd|flatpak|srvGeoClue|tftp|wsdd|dnsmasq|usbmux|brltty|salt|cockpit-ws|cockpit-wsinstance)$" default: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|tss|systemd-coredump|dbus|polkitd|avahi|colord|rtkit|pipewire|clevis|sssd|geoclue|flatpak|setroubleshoot|libstoragemgmt|systemd-oom|gdm|cockpit-ws|cockpit-wsinstance|gnome-initial-setup|sshd|chrony|dnsmasq|tcpdump|admin)$" diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 6d12976bf4e..f6e638eb804 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -37,7 +37,6 @@ CCE-93722-7 CCE-93726-8 CCE-93727-6 CCE-93728-4 -CCE-93731-8 CCE-93732-6 CCE-93733-4 CCE-93734-2 From 5eba1c85545ab60dd1ca417555a520aa97c8374d Mon Sep 17 00:00:00 2001 From: svet-se Date: Thu, 22 Aug 2024 14:31:58 +0300 Subject: [PATCH 07/10] Add rule no_shelllogin_for_systemaccounts to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../no_shelllogin_for_systemaccounts/oval/shared.xml | 2 +- .../root_logins/no_shelllogin_for_systemaccounts/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 59bde16bca8..0495f61910f 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -845,8 +845,9 @@ controls: levels: - medium title: SLEM 5 must not have unnecessary account capabilities. - rules: [] - status: pending + rules: + - no_shelllogin_for_systemaccounts + status: automated - id: SLEM-05-411065 levels: diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/oval/shared.xml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/oval/shared.xml index e94897504b0..0b06384c666 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/oval/shared.xml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/oval/shared.xml @@ -71,7 +71,7 @@ /etc/passwd -{{% if "ubuntu" in product or "sle" in product %}} +{{% if "ubuntu" in product or "sle" in product or "slmicro" in product %}} ^(?!root).*:x:([\d]+):[\d]+:[^:]*:[^:]*:(?!\/usr\/sbin\/nologin|\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt|\/bin\/false|\/usr\/bin\/false).*$ {{% else %}} ^(?!root).*:x:([\d]+):[\d]+:[^:]*:[^:]*:(?!\/usr\/sbin\/nologin|\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$ diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml index a75f07946bc..94e6e7413b0 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml @@ -27,6 +27,7 @@ identifiers: cce@rhel10: CCE-87448-7 cce@sle12: CCE-83232-9 cce@sle15: CCE-85672-4 + cce@slmicro5: CCE-93732-6 references: cis-csc: 1,12,13,14,15,16,18,3,5,7,8 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index f6e638eb804..4550676921d 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -37,7 +37,6 @@ CCE-93722-7 CCE-93726-8 CCE-93727-6 CCE-93728-4 -CCE-93732-6 CCE-93733-4 CCE-93734-2 CCE-93735-9 From 15383e7bc411c1aa33522c2ddd9063fe398a2c40 Mon Sep 17 00:00:00 2001 From: svet-se Date: Thu, 22 Aug 2024 14:36:34 +0300 Subject: [PATCH 08/10] Add rule sudoers_default_includedir to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../system/software/sudo/sudoers_default_includedir/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 0495f61910f..aca1f3b9f95 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1008,8 +1008,9 @@ controls: title: SLEM 5 must specify the default "include" directory for the /etc/sudoers file. - rules: [] - status: pending + rules: + - sudoers_default_includedir + status: automated - id: SLEM-05-611010 levels: diff --git a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml index 0938731ec1e..00f7c6b01cc 100644 --- a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml +++ b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml @@ -27,6 +27,7 @@ identifiers: cce@rhel9: CCE-86477-7 cce@sle12: CCE-83255-0 cce@sle15: CCE-91151-1 + cce@slmicro5: CCE-93733-4 references: disa: CCI-000366 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 4550676921d..c091d9599dd 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -37,7 +37,6 @@ CCE-93722-7 CCE-93726-8 CCE-93727-6 CCE-93728-4 -CCE-93733-4 CCE-93734-2 CCE-93735-9 CCE-93736-7 From de349cf290143290cb209dfe18c89bccc7684d09 Mon Sep 17 00:00:00 2001 From: svet-se Date: Thu, 22 Aug 2024 14:39:33 +0300 Subject: [PATCH 09/10] Add rule accounts_no_uid_except_zero to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../root_logins/accounts_no_uid_except_zero/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index aca1f3b9f95..06a06c04f06 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -855,8 +855,9 @@ controls: title: SLEM 5 root account must be the only account with unrestricted access to the system. - rules: [] - status: pending + rules: + - accounts_no_uid_except_zero + status: automated - id: SLEM-05-411070 levels: diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml index 6459341c432..3147b3e0d70 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml @@ -28,6 +28,7 @@ identifiers: cce@rhel10: CCE-87552-6 cce@sle12: CCE-83020-8 cce@sle15: CCE-85664-1 + cce@slmicro5: CCE-93734-2 references: cis-csc: 1,12,13,14,15,16,18,3,5 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index c091d9599dd..b7881958aaf 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -37,7 +37,6 @@ CCE-93722-7 CCE-93726-8 CCE-93727-6 CCE-93728-4 -CCE-93734-2 CCE-93735-9 CCE-93736-7 CCE-93737-5 From 77354aef988e055686d1b5c24a595bf81b6ff74d Mon Sep 17 00:00:00 2001 From: svet-se Date: Thu, 22 Aug 2024 14:44:00 +0300 Subject: [PATCH 10/10] Add rule sudoers_validate_passwd 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../system/software/sudo/sudoers_validate_passwd/rule.yml | 1 + .../tests/sudoers_d_duplicate.pass.sh | 2 +- .../tests/sudoers_validate_passwd.fail.sh | 2 +- .../tests/sudoers_validate_passwd.pass.sh | 2 +- .../tests/sudoers_validate_passwd_conflicting_values.fail.sh | 2 +- .../tests/sudoers_validate_passwd_duplicates.fail.sh | 2 +- .../tests/sudoers_validate_passwd_duplicates.pass.sh | 2 +- .../tests/sudoers_validate_passwd_multiple_files.pass.sh | 2 +- .../tests/sudoers_validate_rootpw.fail.sh | 2 +- .../tests/sudoers_validate_runaspw.fail.sh | 2 +- .../tests/sudoers_validate_targetpw.fail.sh | 2 +- shared/references/cce-slmicro5-avail.txt | 1 - 13 files changed, 14 insertions(+), 13 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 06a06c04f06..418483730b4 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -973,8 +973,9 @@ controls: title: SLEM 5 must use the invoking user's password for privilege escalation when using "sudo". - rules: [] - status: pending + rules: + - sudoers_validate_passwd + status: automated - id: SLEM-05-432015 levels: diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml index 1f3275e1dce..48c34329ec2 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml @@ -29,6 +29,7 @@ identifiers: cce@rhel10: CCE-88855-2 cce@sle12: CCE-83230-3 cce@sle15: CCE-85747-4 + cce@slmicro5: CCE-93735-9 references: disa: CCI-000366,CCI-002227 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh index a258d108a00..4cf3ce66172 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro # packages = sudo echo 'Defaults !targetpw' >> /etc/sudoers diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh index cdd8174d2a4..ee448e5311e 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro # packages = sudo touch /etc/sudoers.d/empty diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh index 093f9dd80bf..ef3750b2f3f 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro # packages = sudo echo 'Defaults !targetpw' >> /etc/sudoers diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh index 3372c20b7e3..ebbcef34de2 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro # packages = sudo echo 'Defaults !targetpw' >> /etc/sudoers diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh index ef0abd449bd..3794bb64709 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh @@ -1,4 +1,4 @@ -# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_slmicro # packages = sudo echo 'Defaults !targetpw' >> /etc/sudoers diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh index 6247b5230e4..81b218e1a6a 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro # packages = sudo echo 'Defaults !targetpw' >> /etc/sudoers diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh index 071e3a0ab14..60354bba576 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro # packages = sudo echo 'Defaults !targetpw' >> /etc/sudoers diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh index 273fb4529aa..c8e38ccd018 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro # packages = sudo touch /etc/sudoers.d/empty diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh index d477b5972d5..4454ed38e1c 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro # packages = sudo touch /etc/sudoers.d/empty diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh index a4c5bde624e..1de6b3bbb73 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro # packages = sudo touch /etc/sudoers.d/empty diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index b7881958aaf..7b6b41d5817 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -37,7 +37,6 @@ CCE-93722-7 CCE-93726-8 CCE-93727-6 CCE-93728-4 -CCE-93735-9 CCE-93736-7 CCE-93737-5 CCE-93738-3